Privacy Policy
Effective Date: 06-May-2026
1. Identity & Data Controller
This Privacy Policy describes the policies of Gavin Gallivan, trading as GG Digital Creations.
2. How We Use Information, Lawful Basis & Retention
We process your Name, Email, Address, and Payment Info for order management and customer support.
- Contractual Requirement: Providing shipping data is a requirement; without it, we cannot fulfil your art print orders through our production partners. Our lawful basis for this processing is Contractual Necessity.
- Analytics: Our analytics tools collect anonymised usage data such as pages visited, device type, and approximate location to improve our service. Our lawful basis for this is our Legitimate Interest in maintaining and improving our website.
- Data Retention: We retain your order and payment history for 7 years to comply with UK tax and accounting laws, after which it is securely deleted. General customer queries are retained for 2 years.
3. Coffee Compass App Data
If you use our AI Barista tool ("Coffee Compass"), we process data specifically to provide this service in a highly secure, privacy-first manner:
- Camera & Image Data (Vision AI): When you scan a coffee bag, the image is sent securely to our third-party AI provider to extract the text. These images are not permanently stored and are not linked to your personal identity.
- Location Data (Water Hardness): We may ask for the "Outward Code" of your UK postcode (e.g., SW1A) to calculate local water hardness for coffee brewing. This is processed anonymously and cannot be linked to your physical address.
- Local Storage (Taste Memory & Vault): Your saved recipes and taste preferences are stored entirely locally on your own device's browser (via `localStorage`), not on our servers. Clearing your browser cache will permanently delete this data.
- Automated Decision-Making: Our AI tools are used solely to provide coffee-related advice and do not engage in automated decision-making or profiling that would have a legal or significant effect on you.
4. Third-Party Data Processors & International Transfers
We share information with specific service providers to operate our business and fulfil your orders:
- Production & Logistics: We use Gelato as our Print-on-Demand service. Your name and shipping address are shared with them and their courier partners solely to print and deliver your art.
- AI & Infrastructure: We use Google Gemini (via Vercel) to process coffee bag images and generate AI advice. We also use Squarespace (Hosting) and Cloudflare (Web security).
- Payments: Squarespace Payments, Apple Pay, and PayPal (Secure transaction processing).
- Marketing/Ads: Meta Pixel and Pinterest Pixel. These are active only with your explicit Consent, which serves as our lawful basis for this tracking.
- International Data Transfers: Some of our processors (such as Google, Squarespace, and Meta) are based outside the UK. We ensure your data remains fully protected under UK law by relying on legally approved transfer mechanisms, such as the UK Extension to the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).
- Business Transfers: If our business is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
- Sale of Data: We do not sell your personal information to third parties.
5. Security & Data Breaches
We use reasonable security measures to prevent the loss or misuse of your information. However, no electronic transmission over the internet can be guaranteed as 100% secure.
6. Your Legal Rights
You have the right to access, rectify, erase, or port your data. You may also object to processing based on our legitimate interests.
- Our Commitment: We will acknowledge and provide a substantive response to any privacy complaint or request within 30 days.
- Right to Complain: If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk).
7. Children's Privacy
Our website and the Coffee Compass app are not intended for children under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it.
8. Cookie Policy & Local Storage
Our website utilises tracking technologies and local browser storage. The Coffee Compass app relies on local storage to remember your saved recipes (much like a strictly necessary functional cookie). For a detailed breakdown, please view our Cookie Policy Page.
9. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you by updating the "Effective Date" at the top of this page or by placing a prominent notice on our website.
Contact Information
Email: [email protected]