Privacy Policy

Thintent ("we", "us", or "our") is the data controller responsible for your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use the Thintent platform, including our website, storefront builder, order management tools, and related services.

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy is provided for transparency purposes and should be reviewed by qualified legal counsel before being treated as a binding legal document.

Personal Information

• Name and contact information (email, phone, address)
• Account credentials and profile information
• Payment and billing information
• Order history and preferences
• Customer service communications

Business Information

• Business name, address, and branding details
• Store configuration and product catalogue data
• End-customer data processed on your behalf (names, addresses, order details)

Uploaded Content

• Artwork, designs, logos, and images uploaded for products or orders
• Files attached to orders or quotes

Automatically Collected Information

• Device information and IP addresses
• Usage data and analytics
• Cookies and similar technologies
• Log files and server data

We use the information we collect to:

• Provide, maintain, and improve our services
• Process orders and manage your account
• Send you technical notices and support messages
• Respond to your comments and questions
• Develop new products and services
• Protect against fraud and ensure security
• Comply with legal obligations

Legal Bases for Processing (UK GDPR)

• Contract performance — processing your account, orders, and payments
• Legitimate interest — analytics, fraud prevention, and service improvement
• Consent — marketing emails and optional cookies
• Legal obligation — tax records, accounting, and regulatory compliance

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below. We share data with the following service providers to operate the platform:

• Stripe — payment processing (PCI-DSS compliant)
• Xero — accounting and invoicing
• Royal Mail, DPD, Evri, DHL — shipping label generation, address sharing for delivery
• Hosting and infrastructure providers — secure data storage and service delivery
• Analytics tools — aggregated usage data to improve our services

We may also share information with legal authorities when required by law or to protect our rights.

Artwork, designs, and files you upload to Thintent are stored securely and used solely for the purposes of order fulfilment, product display, and service operation.

Uploaded content is retained for the lifetime of your account plus 30 days after account deletion to allow for data recovery requests. After this period, uploaded content is permanently deleted.

You are responsible for ensuring you have the necessary rights and permissions for all content you upload. Thintent does not claim ownership of your uploaded content.

We use cookies and similar technologies to enhance your experience and analyse usage patterns. The cookies we use fall into the following categories:

• Essential cookies — required for authentication, session management, and core functionality
• Functional cookies — remember your preferences and settings
• Analytics cookies — help us understand how the service is used so we can improve it

We do not currently use advertising or third-party tracking cookies. You can control cookie settings through your browser preferences, though disabling essential cookies may affect service functionality.

We retain your personal information for specific periods depending on the type of data and its purpose:

• Account data — lifetime of your account plus 90 days after deletion
• Order and transaction records — 7 years (UK tax and accounting requirements)
• Uploaded artwork and files — lifetime of your account plus 30 days after deletion
• Analytics data — 26 months
• Support tickets and communications — 3 years

When data is no longer needed, we securely delete or anonymise it.

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Under the UK GDPR, you have the following rights regarding your personal information:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest or for direct marketing

To exercise any of these rights, please contact us at privacy@thintent.com. We will respond to your request within 30 days.

Your information may be transferred to and processed in countries other than the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on UK adequacy decisions, to protect your information in accordance with this privacy policy and applicable data protection law.

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@thintent.com and we will take steps to delete such information.

We may update this privacy policy from time to time. We will notify you of any material changes at least 30 days in advance by posting the updated policy on this page, updating the "Last updated" date, and where appropriate, notifying you by email.

If you have any questions about this privacy policy or our data practices, please contact us at:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. You can contact the ICO at ico.org.uk.