Privacy Policy

Last updated: 22 May 2026

1. Who we are

CraftPixel3D ("we", "us", "our") designs and sells artisan 3D-printed homeware. This policy explains how we process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

Data controller: CraftPixel3D — hello@craftpixel3d.com

2. Data we collect

  • Account data: email address, name, password hash.
  • Order data: shipping & billing address, items ordered, order history.
  • Payment data: processed directly by Stripe; we receive only a payment reference, last 4 digits and brand of the card, never full card numbers.
  • Cart & browsing: items in your cart, products viewed.
  • Support messages: any content you send us via the contact form or email.
  • Technical data: IP address, browser, device, pages visited (when analytics consent is granted).

3. Purposes and legal bases

  • Provide the service & fulfil orders — Art. 6(1)(b) GDPR (contract).
  • Account management & security — Art. 6(1)(b) and 6(1)(f) (legitimate interest in keeping accounts secure).
  • Legal & tax obligations (invoicing, accounting) — Art. 6(1)(c).
  • Customer support — Art. 6(1)(b)/(f).
  • Analytics & marketing cookies — Art. 6(1)(a) consent, granted via our cookie banner.

4. Cookies

We use strictly necessary cookies to run the site (session, authentication, cart, CSRF). Functional, analytics, and marketing cookies are only set if you opt in. You can change your choices at any time:

5. Sharing your data — processors

We share the minimum data needed with vetted processors under data-processing agreements:

  • Lovable Cloud (Supabase) — application hosting, database, authentication.
  • Stripe — payment processing.
  • Email delivery provider — transactional emails (order confirmations, password resets).
  • Shipping carriers — to deliver your order.

6. International transfers

Some processors may store or process data outside the EEA/UK. Where they do, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or an adequacy decision.

7. Retention

  • Account data — kept while your account is active, deleted on request.
  • Order & invoice data — retained for up to 10 years to comply with accounting law.
  • Support messages — up to 3 years.
  • Consent records — up to 2 years from withdrawal.

8. Your rights

Under the GDPR you have the right to:

  • Access your data and obtain a copy;
  • Rectify inaccurate or incomplete data;
  • Erase your data ("right to be forgotten");
  • Restrict or object to processing;
  • Data portability;
  • Withdraw consent at any time;
  • Lodge a complaint with your local data-protection authority.

To exercise these rights, email hello@craftpixel3d.com.

9. Security

We apply technical and organisational measures (encryption in transit, access control, regular updates) appropriate to the risk. No system is 100% secure; please use a strong, unique password.

10. Children

Our service is not directed to children under 16. We do not knowingly collect data from them.

11. Changes

We may update this policy. Material changes will be announced on the site. The "Last updated" date above always reflects the current version.

12. Contact

Questions? Contact us at hello@craftpixel3d.com or visit our contact page.