← Back to Rosie Gifts

Privacy Policy

Last updated: 31 March 2026

1. Introduction

Rosie Gifts (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at rosiegifts.com and related services. We are a UK-based business and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We collect the following categories of personal data:

  • Account information: Email address, display name, and authentication data when you create an account
  • Photos you upload: The images you submit for AI illustration processing
  • Order details: Shipping address, product selections, design preferences, and order history
  • Payment information: Payment is processed by Stripe. We do not store your full card number or CVV. We may receive a partial card number (last 4 digits), card type, and billing address from Stripe for record-keeping
  • Usage data: Pages visited, features used, browser type, device information, IP address, and referring URLs
  • Communications: Any messages you send to our support team

3. How We Use Your Data

We use your personal data to:

  • Fulfil your orders: Process your photos through our AI, produce your custom merchandise, and ship it to you or your chosen recipient
  • Process payments: Charge for orders and handle refunds
  • Communicate with you: Send order confirmations, shipping updates, and respond to support requests
  • Improve our service: Analyse usage patterns to enhance performance, fix bugs, and develop new features
  • Prevent fraud and abuse: Detect and prevent unauthorised or fraudulent activity
  • Comply with legal obligations: Meet our tax, accounting, and regulatory requirements

4. Legal Basis for Processing

Under the UK GDPR, we process your data on the following legal bases:

  • Contract: Processing necessary to fulfil our contract with you (e.g. producing and delivering your order)
  • Consent: Where you have given explicit consent, such as when you upload a photo for AI processing or opt in to marketing communications
  • Legitimate interest: Processing necessary for our legitimate business interests, such as improving our service, preventing fraud, and understanding how customers use Rosie Gifts, provided this does not override your rights
  • Legal obligation: Processing required to comply with applicable laws, such as tax regulations

5. Third-Party Services

We work with trusted third-party service providers to deliver our service. These providers only receive the data necessary to perform their function:

  • Payment processor (Stripe):Handles payment card processing securely. Stripe’s privacy policy applies to data they process. See stripe.com/privacy
  • Fulfilment partner: Our printing and shipping partner receives your shipping address and design file to produce and deliver your order. They do not receive your account details or payment information
  • AI processing: Your uploaded photos are processed by AI services to generate illustrations. Photos are used solely for this purpose and are not shared with other users
  • Cloud infrastructure: We use cloud services (Firebase/Google Cloud) to store data securely
  • Analytics: We may use analytics tools to understand how our service is used. This data is aggregated and does not personally identify you
  • Email services: We use email providers to send transactional emails such as order confirmations and shipping updates

6. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services and fulfil your orders
  • Comply with legal, accounting, and tax obligations (typically 6 years)
  • Resolve disputes and enforce our agreements

Uploaded photos and generated illustrations are retained for a reasonable period to allow you to reorder or reuse designs. You may request deletion of your photos at any time by contacting us. When you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to object: Object to processing based on legitimate interest or for direct marketing purposes
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at support@rosiegifts.com. We will respond within one month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

8. Cookies

We use cookies and similar technologies to operate our service. These include:

  • Essential cookies: Required for the website to function, including authentication and session management. These cannot be disabled
  • Analytics cookies: Help us understand how visitors use our site. This data is aggregated and anonymous

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using parts of our service.

9. Children’s Privacy

Rosie Gifts is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child under 16 has provided us with personal data, please contact us at support@rosiegifts.com.

10. International Data Transfers

Some of our third-party service providers operate outside the UK. When your data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK government, or transfers to countries deemed to have an adequate level of data protection. Your shipping address may be shared with fulfilment facilities in the country closest to your delivery address to enable efficient production and shipping.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

For data protection enquiries, please address your email to the attention of our Data Protection Officer.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email or by posting a prominent notice on our website. The “Last updated” date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.