1. Who we are
Brippa (“we”, “us”, “our”) is a small UK-based creative studio specialising in personalised gifts, cake toppers, signs, and keepsakes. We are the data controller for the personal data we collect through our website at brippa.co.uk.
If you have questions about this policy or your data, contact us at our contact page.
2. What data we collect
We may collect the following information:
- Account information — name, email address, and profile picture when you sign in with Google or create an account.
- Order information — delivery address, phone number, items ordered, personalisation details, and payment information (processed securely by Stripe; we never see or store your full card number).
- Communications — messages you send via our contact form.
- Reviews — product reviews and ratings you submit.
- Technical data — IP address, browser type, and pages visited, collected automatically for site security and analytics.
3. How we use your data
We use your information to:
- Fulfil and deliver your orders.
- Process payments securely via Stripe.
- Send order confirmations, dispatch notifications, and respond to enquiries.
- Display reviews you choose to leave.
- Improve our website, products, and customer experience.
- Send marketing emails, but only if you explicitly opt in. You can unsubscribe at any time.
We will never sell or rent your personal data to third parties.
4. Legal basis for processing
Under UK GDPR, we process your data on the following bases:
- Contract — to fulfil orders you place with us.
- Legitimate interest — to improve our service and prevent fraud.
- Consent — for marketing communications and optional cookies.
5. Third-party services
We share data only with trusted providers who help us run our business:
- Stripe — payment processing. See Stripe's privacy policy.
- Google — sign-in authentication (if you choose to sign in with Google). See Google's privacy policy.
- Amazon Web Services (AWS) — secure hosting and data storage within the UK/EU region.
- Royal Mail / courier partners — name and delivery address to ship your order.
6. Cookies
Our website uses cookies for:
- Essential cookies — keeping you signed in and remembering your shopping cart. These are strictly necessary and cannot be disabled.
- Analytics cookies — anonymous, privacy-friendly analytics to understand how visitors use our site. No personal data is collected by our analytics provider.
We do not use advertising or tracking cookies.
7. Data retention
We keep your data only as long as necessary for its purpose:
- Order records — 6 years (UK tax and legal requirements).
- Account data — until you delete your account or ask us to remove it.
- Marketing preferences — until you unsubscribe.
8. Your rights
Under UK GDPR, you have the right to:
- Access your personal data.
- Correct inaccurate information.
- Delete your data (subject to legal retention requirements).
- Object to processing based on legitimate interest.
- Withdraw consent at any time for marketing.
- Data portability — receive a copy of your data in a common format.
To exercise any of these rights, please contact us. We aim to respond within 30 days.
9. Children's privacy
Our website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will remove it.
10. Security
We take reasonable measures to protect your data, including encrypted connections (HTTPS), secure payment processing via Stripe, and restricted access to personal information. However, no method of transmission over the internet is 100% secure.
11. Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with an updated “last updated” date. We encourage you to check this page periodically.