Privacy notice

Account data: email address, password (stored as a hash), account settings, and optional profile fields you provide.

Order and delivery data: items ordered, prices, delivery option selected, delivery name and address, contact email, and order communications.

Customer support: messages you send us and any information you choose to include.

Security and technical logs: activity logs used to protect the site (for example rate limiting events, stock/checkout activity, time stamps, and IP address hashes). We use these to prevent abuse and automated buying.

Cookies and similar technologies: essential cookies for sign-in and site functionality, and optional cookies where you have provided consent. See our Cookies policy for details.

If you choose to submit a Proven Fan application, we process the information you provide (including any images or evidence you upload) for the purpose of reviewing eligibility for early-access/fair-drop features and preventing automated buying.

Evidence images are stored temporarily while your application is being reviewed. Once your application is approved or denied, we delete the evidence images from our storage.

We retain a minimal record of the application outcome (for example: your account identifier, application title, submission date, decision status, and any admin note) for audit, security, and abuse-prevention purposes.

Please avoid uploading images that contain special category personal data (for example health information) or personal data of other people.

Provide accounts and the store service (Contract): to let you register, sign in, manage your account, and use site features.

Process orders and delivery (Contract): to accept orders, prepare items, arrange shipping, and send order/service communications.

Payments (Contract / Legitimate interests): to take payment and manage chargebacks/fraud checks via our payment provider.

Fraud prevention, security, and anti-bot controls (Legitimate interests): to protect the website and customers, prevent automated buying, enforce purchase limits, and investigate abuse.

Legal and accounting (Legal obligation): to keep records required for tax/accounting and respond to lawful requests.

Optional cookies (Consent): where we use any non-essential cookies, we rely on your consent and you can change your preferences at any time.

We use Stripe to process card payments. Stripe acts as an independent controller (or in some cases a processor) for payment data.

We do not store full card numbers. Stripe receives your payment details and returns us confirmation and transaction identifiers.

To deliver your order, we share the necessary information with delivery providers (for example your name, delivery address, and parcel contents/weight where needed for shipping).

Delivery providers may send tracking updates. We may store shipment status and tracking identifiers so you can view order progress and so we can handle delivery issues.

If you choose delivery options or services that require additional information (for example delivery instructions), we will process that information to complete the delivery.

We share personal data only where necessary to run the store, including:

We do not sell your personal data.

Some of our service providers may process data outside the UK. Where this happens, we use appropriate safeguards such as UK Addendum/Standard Contractual Clauses or equivalent protections.

We retain personal data for as long as needed to provide the service and meet legal requirements.

Typical retention examples:

You may have rights to request access, correction, deletion, restriction, portability, and to object in some circumstances. You can also withdraw consent for optional cookies at any time.

You can complain to the UK Information Commissioner’s Office (ICO) if you believe your data has been handled improperly.

We use appropriate technical and organisational measures designed to protect personal data, including access controls and security monitoring. No method of transmission or storage is completely secure.