LoopedinGames

Legal · Privacy

Privacy notice

Last updated ·

Working draft.

This document is a clear-language draft and will be reviewed by a UK solicitor before live payments are accepted. The substance reflects our intent and current operating practice.

Who is the controller?

Julian Coles, trading as Looped In Games. Sole trader registered in the United Kingdom. Email address and trading address appear in the site footer.

What data we collect, and why

If you order without an account

  • Email address — to send order confirmations and tracking
  • Recipient name and shipping address — to despatch your order
  • Card details — handled by Stripe; we receive only the last four digits and card brand
  • A cart cookie (lig_cart_key) so your basket survives page refreshes

If you create an account

  • Email address and password (stored hashed, never plain text)
  • Optional: your name, marketing preference, saved addresses
  • Order history, tied to your user record

What we do not collect

  • No analytics or tracking pixels
  • No third-party advertising
  • No social-network share buttons that load before consent

Lawful bases

  • Contract — to fulfil your order and provide the account services you asked for
  • Legal obligation — to keep records HMRC requires us to keep
  • Legitimate interests — to detect fraud and to keep the site secure
  • Consent — for marketing email, which you can opt in or out of any time in your account

Who we share data with

We work with these processors:

  • Stripe Payments UK Ltd — handles your card payment
  • MongoDB Atlas (Ireland) — stores our database
  • Vercel Inc. — hosts the application; UK / EU edge regions
  • Cloudflare Inc. — DNS, CDN, image hosting
  • Resend — sends transactional emails
  • Royal Mail / DPD — carriers for parcels you order

We do not sell your data and we do not share it for advertising.

Where data is held

Your data sits inside the European Economic Area (UK and Ireland) wherever possible. Some processors operate globally with appropriate transfer safeguards (Standard Contractual Clauses or UK adequacy decisions).

How long we keep data

  • Order records — six years, to meet HMRC retention rules
  • Account data — until you ask us to delete your account
  • Cart cookies — 30 days from your last activity
  • Email logs (Resend) — 7 days on the free tier

Your rights

Under UK GDPR you can ask us to:

  • Show you a copy of the data we hold about you
  • Correct anything that's wrong
  • Delete your account and any data we no longer need to keep for legal reasons
  • Restrict or object to specific processing
  • Take your data elsewhere in a portable format

To exercise any of these, email us at the address in the footer. We will respond within one month.

Complaints

You can complain to the UK Information Commissioner's Office at ico.org.uk if you believe we have mishandled your data — but we'd appreciate the chance to put things right first.