Skip to main content
Keepsy
← Back to Keepsy

Your Privacy

Privacy Policy

Last updated: 8 March 2026

This policy explains how Keepsy ("we", "us", "our") collects, uses, and protects your personal data when you use our website and purchase products. We are committed to handling your information transparently and in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is Keepsy (trading as Keepsy). Our contact email for all data privacy matters is privacy@keepsy.co.

If you have a complaint about how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

2. What Personal Data We Collect

When you place an order:

  • • Name and email address
  • • Delivery address (street, city, postcode, country)
  • • Payment information (processed directly by Stripe — we never see or store your card details)
  • • Order details (products, quantities, design specifications)

When you use the AI design generator:

  • • Photos and images you choose to upload
  • • Text prompts and design descriptions you enter
  • • Generated design images created during your session

Automatically collected:

  • • Region preference (UK or US) stored in a cookie and browser local storage
  • • Session data necessary for the website to function

If you subscribe to our mailing list:

  • • Email address

3. Lawful Basis for Processing

We process your personal data on the following legal bases under UK GDPR Article 6:

Contract performance (Art. 6(1)(b))

Processing your name, address, email, and order details to fulfil your order, arrange delivery, and provide customer support.

Legitimate interests (Art. 6(1)(f))

Processing session data and region preferences to provide a functional website experience. Sending transactional emails (order confirmations, dispatch notifications) to customers who have placed orders.

Consent (Art. 6(1)(a))

Sending marketing emails to subscribers who have opted in. You may withdraw consent at any time by clicking "Unsubscribe" in any email or emailing privacy@keepsy.co.

Legal obligation (Art. 6(1)(c))

Retaining financial records and order data to comply with tax and accounting obligations.

4. How We Use Your Data

  • • To process and fulfil your order and arrange delivery
  • • To send order confirmation, dispatch, and tracking emails
  • • To handle returns, refunds, and customer support queries
  • • To generate AI designs using your uploaded photos and prompts (via OpenAI)
  • • To maintain a secure session on our website
  • • To send marketing emails if you have subscribed and consented
  • • To comply with our legal and financial obligations

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

5. Third-Party Data Processors

We use the following third-party services to operate our business. Each acts as a data processor on our behalf and is subject to data processing agreements and their own privacy policies:

Stripe (Payment Processing)

Processes your payment card data. Located in the USA. Stripe is certified under the UK-US Data Bridge. We never receive or store your card details. Stripe Privacy Policy.

OpenAI (AI Design Generation)

Receives your uploaded photos and text prompts to generate custom designs. Located in the USA. OpenAI is certified under the UK-US Data Bridge. Your photos are processed solely for the purpose of generating your requested design and are not used to train AI models (under the API terms). OpenAI Privacy Policy.

Printify (Print & Fulfilment)

Receives your shipping address, product specifications, and design files to print and dispatch your order. Located in the USA and EU. Printify Privacy Policy.

Supabase (Database)

Stores order records, session data, and design history. Located in the EU. Supabase Privacy Policy.

Resend (Transactional Email)

Sends order confirmation and dispatch notification emails. Receives your email address and order information for this purpose. Located in the USA. Resend Privacy Policy.

6. International Data Transfers

Some of our processors (Stripe, OpenAI, Resend, Printify) are based in the United States. When we transfer your personal data to the USA, we rely on the UK-US Data Bridge adequacy framework, Standard Contractual Clauses (UK IDTA addendum), or other appropriate safeguards as applicable. Details of the transfer mechanism for each processor are available in their respective privacy policies.

7. How Long We Keep Your Data

Order records

7 years (HMRC tax record requirement)

Uploaded photos & designs

90 days after order, then deleted unless you have saved them to your vault

Marketing email list

Until you unsubscribe or withdraw consent

Session / preference cookies

12 months from last visit

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any of these rights, you can submit a Subject Access Request or email privacy@keepsy.co. We will respond within one month.

Right of access (Art. 15)

Request a copy of the personal data we hold about you.

Right to rectification (Art. 16)

Ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17)

Ask us to delete your personal data. You can use the "Delete My Data" button on the Create page, or email us directly. Note: we may need to retain certain records for legal/financial compliance (e.g., order records for tax purposes).

Right to restrict processing (Art. 18)

Ask us to limit how we use your data in certain circumstances.

Right to data portability (Art. 20)

Request your data in a structured, machine-readable format.

Right to object (Art. 21)

Object to our processing of your data where we rely on legitimate interests, including for direct marketing.

Right to withdraw consent

Where we process your data based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of prior processing.

Right to lodge a complaint

You have the right to complain to the ICO at ico.org.uk/concerns or by calling 0303 123 1113.

9. Cookies

We use a small number of cookies to make our website function. For full details of the cookies we set, their purpose, and how to manage them, please see our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, secure API authentication, and access controls. Payment data is handled entirely by Stripe and never passes through our systems. In the event of a data breach that affects your rights and freedoms, we will notify the ICO within 72 hours and you directly where required.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

For any privacy-related questions or to exercise your rights, contact us at privacy@keepsy.co.