Privacy notice
Last updated: 2026-05-30
This privacy notice explains how The Foil Vault collects and uses personal data through this website. Final business address and registration details should be added before launch.
1. Controller
The Foil Vault is the controller for personal data processed through this website.
Privacy and support contact: enquiries@thefoilvault.co.uk.
Postal address: add your UK business/contact address before launch.
Privacy and support contact: enquiries@thefoilvault.co.uk.
Postal address: add your UK business/contact address before launch.
2. Personal data we collect
Account data: email address, name, password hash, account settings, verification status, account role, balances/rewards, order history and account activity.
Order and delivery data: items ordered, quantities, prices, order number, order status, payment status, delivery option, name, email, phone number, shipping address, packed/sent fulfilment status, and order communications.
Payment data: payment status, Stripe checkout/session identifiers, payment confirmation and chargeback/fraud information. We do not store full card numbers.
Customer support and email data: messages you send to us, replies to order emails, support emails, forwarded messages, and any information you choose to include.
Security and technical data: IP address or IP hashes, browser/device information, timestamps, rate-limit events, stock/checkout events, audit logs, bot-protection results and other data needed to protect the website.
Cookies and similar technologies: essential cookies for sign-in, basket, checkout, security and preferences, plus optional cookies where consent is required. See our Cookies page.
3. Proven Fan applications and uploads
If you submit a Proven Fan or fair-access application, we process the title, description, status, decision notes, account details, and any images/evidence you choose to upload.
Please avoid uploading special category personal data, unnecessary documents, or personal data of other people. We keep a minimal application decision record for audit, security and abuse-prevention purposes.
4. Why we use personal data and lawful bases
Contract: to create accounts, process orders, take payment, arrange delivery, provide order confirmations, show order history and provide customer support.
Legitimate interests: to prevent fraud, bots, abuse, duplicate accounts and scalping; manage stock; run admin fulfilment workflows; improve site reliability; and protect the business and customers.
Legal obligation: to keep accounting/tax records, respond to lawful requests and comply with consumer, tax and regulatory obligations.
Consent: for optional cookies or direct marketing where consent is required. You can withdraw consent where applicable.
5. Payments
We use Stripe to process card payments and help prevent payment fraud. Stripe receives payment details directly and returns payment status and transaction/session information to us. We do not store full card numbers.
6. Transactional emails and email forwarding
We use Resend to send transactional emails such as order confirmations, account verification emails, admin order notifications, support/service emails and application decision emails. Emails sent to our support or order addresses may be forwarded to our admin Gmail inbox so we can respond and fulfil orders.
7. Delivery and fulfilment
We use order and delivery data to pack, dispatch and support orders. Admin users can view customer/order details and mark orders as packed or sent. We may share necessary delivery details with couriers or postal services.
8. Who we share data with
We share personal data only where needed to run the store, including with:
- Stripe for payment processing and fraud checks
- Resend for transactional email delivery
- Namecheap or email forwarding providers for domain/email forwarding
- Vercel for hosting and deployment
- Neon/Postgres for database hosting
- Vercel Blob or storage providers for uploaded images/files where used
- Cloudflare Turnstile or similar services for bot protection where enabled
- delivery/postal providers where needed to ship your order
- professional advisers, accountants, insurers, regulators or authorities where necessary
We do not sell your personal data.
9. International transfers
Some providers may process data outside the UK. Where this happens, we rely on appropriate safeguards such as adequacy regulations, UK International Data Transfer Addendum/standard contractual clauses, or other lawful transfer mechanisms.
10. How long we keep data
We keep personal data only for as long as needed for the purposes above, including legal, accounting, fraud-prevention and customer-service purposes.
- Order and accounting records: retained for the period needed for tax/accounting and dispute handling.
- Account data: retained while your account exists, unless deletion is required or permitted.
- Support emails: retained for as long as needed to handle your enquiry and related disputes.
- Security/anti-abuse logs: retained for a limited period suitable for investigation and site protection.
- Uploaded Proven Fan evidence: retained only as needed for review unless a longer period is justified for security/audit reasons.
11. Your rights
You may have rights to request access, correction, deletion, restriction, portability, or to object to certain processing. You may also withdraw consent where we rely on consent. To exercise rights, contact enquiries@thefoilvault.co.uk.
12. Complaints
You can complain to the UK Information Commissioner’s Office if you believe your personal data has been handled improperly. We would appreciate the chance to address your concern first.
13. Security
We use technical and organisational measures designed to protect personal data, including access controls, secure providers, hashing where appropriate, and monitoring for abuse. No online service can be guaranteed completely secure.
14. Changes to this notice
We may update this notice when our website, suppliers, features or legal requirements change. The latest version will be posted on this page.
15. Contact
For privacy, support, order or returns queries, contact enquiries@thefoilvault.co.uk.
