Privacy Policy

Thintent ("we", "us", or "our") is the data controller responsible for your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use the Thintent platform, including our website, storefront builder, order management tools, and related services.

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy is provided for transparency purposes and should be reviewed by qualified legal counsel before being treated as a binding legal document.

Thintent acts in two capacities regarding personal data:

• As a Data Controller for the personal data of business account holders (our direct customers), including account information, billing data, and platform usage data.
• As a Data Processor on behalf of business account holders for end-customer personal data processed through the platform (names, addresses, order details, uploaded designs). In this capacity, we process end-customer data solely on the instructions of the business and for the purposes of providing the Service.

Business account holders are the Data Controllers for their end customers' data and are responsible for ensuring they have a lawful basis for processing that data, maintaining their own privacy policies, and responding to data subject requests from their end customers. Thintent will assist with such requests where reasonably practicable.

Personal Information

• Name and contact information (email, phone, address)
• Account credentials and profile information
• Payment and billing information
• Order history and preferences
• Customer service communications

Business Information

• Business name, address, and branding details
• Store configuration and product catalogue data
• End-customer data processed on your behalf (names, addresses, order details)

Uploaded Content

• Artwork, designs, logos, and images uploaded for products or orders
• Files attached to orders or quotes

AI Processing Data

• When AI features are enabled, design files and product information may be processed by our AI service provider (Anthropic) for purposes such as automated VAT classification
• AI analysis results, confidence scores, and processing metadata are stored in your account
• Token usage and processing costs are tracked for service operation purposes

Environmental Data

• Estimated carbon footprint calculations for orders, based on product dimensions, materials, printing methods, and finishing processes
• Carbon emission factors used in calculations (snapshot preserved per order for consistency)

Automatically Collected Information

• Device information and IP addresses
• Usage data and analytics
• Cookies and similar technologies
• Log files and server data

We use the information we collect to:

• Provide, maintain, and improve our services
• Process orders and manage your account
• Send you technical notices and support messages
• Respond to your comments and questions
• Develop new products and services
• Protect against fraud and ensure security
• Comply with legal obligations

Legal Bases for Processing (UK GDPR)

• Contract performance — processing your account, orders, and payments
• Legitimate interest — analytics, fraud prevention, and service improvement
• Consent — marketing emails and optional cookies
• Legal obligation — tax records, accounting, and regulatory compliance

Automated Profiling and Analytics

We use automated processing to generate business insights, including:

• Customer segmentation (recency, frequency, monetary analysis)
• Churn risk prediction based on order history patterns
• Revenue trend analysis and forecasting
• Anomaly detection in business metrics

These automated processes are used to provide analytics features within your dashboard and do not result in decisions that produce legal or similarly significant effects on individuals. You can access and review all analytics outputs through your business dashboard.

We do not sell, trade, or otherwise transfer your personal information to third parties except as described below. We share data with the following service providers to operate the platform:

• Stripe — payment processing (PCI-DSS compliant)
• Xero — accounting and invoicing
• Royal Mail, DPD, Evri, DHL — shipping label generation, address sharing for delivery
• Anthropic — AI processing for features such as VAT classification analysis (design files and product data transmitted for analysis)
• Amazon Web Services (AWS) — application hosting, database, file storage, and background processing, located in the EU (Frankfurt, Germany)
• Sentry — error tracking and application monitoring (may include technical context such as user agent and IP address)
• Hosting and infrastructure providers — all primary infrastructure is hosted within the European Union (AWS eu-central-1, Frankfurt, Germany)
• Analytics tools — aggregated usage data to improve our services

We may also share information with legal authorities when required by law or to protect our rights.

Artwork, designs, and files you upload to Thintent are stored securely and used solely for the purposes of order fulfilment, product display, and service operation.

While your account is active, uploaded content is retained for 1 year after upload to support reorders and reprints. Files older than 1 year may be automatically removed. Upon account deletion, all uploaded files are retained for 90 days (aligned with the account data retention period) to allow for data recovery requests, after which they are permanently deleted.

You are responsible for ensuring you have the necessary rights and permissions for all content you upload. Thintent does not claim ownership of your uploaded content.

We use cookies and similar technologies to enhance your experience and analyse usage patterns. The cookies we use fall into the following categories:

• Essential cookies — required for authentication, session management, and core functionality
• Functional cookies — remember your preferences and settings
• Analytics cookies — help us understand how the service is used so we can improve it

We do not currently use advertising or third-party tracking cookies. You can control cookie settings through your browser preferences, though disabling essential cookies may affect service functionality. For full details, please see our Cookie Policy.

We retain your personal information for specific periods depending on the type of data and its purpose:

• Account data — lifetime of your account plus 90 days after deletion
• Order and transaction records — 7 years (UK tax and accounting requirements)
• Uploaded artwork and files — 1 year after upload while account is active; 90 days after account deletion
• AI analysis results — lifetime of your account plus 90 days after deletion
• Analytics data — 26 months
• Support tickets and communications — 3 years

When data is no longer needed, we securely delete or anonymise it.

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Under the UK GDPR, you have the following rights regarding your personal information:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest or for direct marketing
• Rights related to automated decisions — request human review of automated profiling decisions that significantly affect you

To exercise any of these rights, please contact us at privacy@thintent.com. We will respond to your request within 30 days.

Our primary infrastructure, including application servers, databases, and file storage, is hosted in the European Union (Frankfurt, Germany). The EU has been granted a UK adequacy decision under UK GDPR, meaning your data benefits from equivalent data protection standards.

Certain third-party processors may process data outside the EU and UK. Specifically, when AI features are used, data may be processed by Anthropic in the United States. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or reliance on UK adequacy decisions, to protect your information in accordance with this privacy policy and applicable data protection law.

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@thintent.com and we will take steps to delete such information.

We may update this privacy policy from time to time. We will notify you of any material changes at least 30 days in advance by posting the updated policy on this page, updating the "Last updated" date, and where appropriate, notifying you by email.

If you have any questions about this privacy policy or our data practices, please contact us at:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. You can contact the ICO at ico.org.uk.