Your Privacy Matters

Privacy Policy

We are committed to protecting your personal data and being transparent about how we use it.

Last updated: 8 April 2026

1. Introduction

Tosin's Angels (“we”, “our”, “us”) is a UK-based online jewelry retailer operating at www.tosinsangels.com. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

2. Data We Collect

We collect the following personal data when you interact with our website:

Account Information

Your name and email address when you create an account or sign in via our authentication provider (Supabase).

Order Information

Your full name, shipping address, email address, and order details when you place an order.

Payment Information

Payment details are processed securely by Stripe. We do not store your full card number, CVV, or other sensitive payment data on our servers. Stripe may collect your card details, billing address, and other information necessary to process payments.

Newsletter Subscription

Your email address if you subscribe to our newsletter. You can unsubscribe at any time using the link in any of our emails.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To process and fulfil your orders
  • To manage your account and provide customer support
  • To send order confirmations and shipping updates
  • To send marketing emails if you have opted in (you can unsubscribe at any time)
  • To improve our website and services
  • To comply with legal obligations

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract performance: processing orders and managing your account
  • Legitimate interest: improving our website, preventing fraud, and providing customer support
  • Consent: sending marketing communications and newsletter emails
  • Legal obligation: retaining transaction records for tax and accounting purposes

5. Cookies

Our website uses cookies to provide essential functionality and improve your experience. Cookies are small text files stored on your device when you visit our site.

Essential Cookies

Required for the website to function, including authentication sessions (managed by Supabase) and shopping cart data. These cannot be disabled.

Analytics Cookies

Help us understand how visitors use our site so we can improve it. These are only set with your consent.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect site functionality.

6. Third-Party Services

We use the following third-party services to operate our business. Each has its own privacy policy governing how they handle your data:

Stripe

Processes payments securely. Stripe collects payment card details and billing information directly. See Stripe's Privacy Policy.

Supabase

Provides authentication and database services. Stores your account information (email, name) and order data. See Supabase's Privacy Policy.

Vercel

Hosts our website and may collect basic server logs (IP address, browser type) for performance and security purposes. See Vercel's Privacy Policy.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: retained until you delete your account
  • Order data: retained for 6 years to comply with UK tax and accounting regulations
  • Marketing preferences: retained until you unsubscribe

8. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete data.

Right to Erasure

You can request that we delete your personal data, subject to legal retention requirements.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interest or direct marketing at any time.

Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@tosinsangels.com. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. All data transmitted between your browser and our website is encrypted using SSL/TLS. Payment data is handled entirely by Stripe and never touches our servers.

10. Children's Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

Questions About Your Privacy?

If you have any questions about this privacy policy or how we handle your data, please get in touch.

Contact Us