Effective Date: 2 July 2025

Privacy Policy

  • 1. Introduction

    Heartfelt Cards Ltd (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your data when you use our digital product, Heartfelt (“Service”). We comply with the UK GDPR and the Data Protection Act 2018.

  • 2. Information We Collect

    We may collect and process:

    • Personal Information: Name, email, phone number, billing details
    • Usage Data: IP address, browser details, device type, visited pages
    • Cookies: See our Cookie Policy for details

  • 3. How We Use Your Information

    • To provide and maintain our service
    • To process payments and manage subscriptions
    • To personalize your experience
    • To comply with legal obligations
    • To detect and prevent fraud

  • 4. Legal Basis for Processing

    • Consent
    • Contractual necessity
    • Legal obligation
    • Legitimate interests

  • 5. Sharing Your Information

    We may share your data with third-party service providers under strict confidentiality agreements. This includes payment processors, hosting providers, and legal authorities where required. We do not sell your personal data.

  • 6. Third-Party Data Processors

    We work with the following third-party processors:

    • Brevo - Analytics (UK/EU)
    • Datadog - Observability (UK/EU)
    • Google Analytics - Analytics (US with SCCs)
    • Resend - Email delivery (UK/EU)
    • Statsig - Analytics (US with SCCs)
    • Stripe - Payment processing (US with SCCs)
    • Vercel - Hosting (UK/EU)

    All processors are bound by Data Processing Agreements and must comply with UK GDPR.

  • 7. International Data Transfers

    When transferring data outside the UK, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and conduct risk assessments as needed.

  • 8. Data Retention

    We retain personal data only as long as necessary for legal or operational purposes. Once no longer needed, data is securely deleted or anonymized.

  • 9. Your Rights

    You have the right to:

    • Access your data
    • Correct inaccurate information
    • Request erasure (“right to be forgotten”)
    • Restrict or object to processing
    • Data portability
    • Withdraw consent

    Contact us at support@heartfelt.cards to exercise these rights. You can also contact the ICO at ico.org.uk.

  • 10. Security of Your Information

    We implement security measures such as encryption, access controls, and secure infrastructure. However, no system is completely secure. Please report any security concerns to us immediately.

  • 11. Children's Privacy

    Our service is not directed to children under 13. We do not knowingly collect data from minors. Contact us if you believe this has occurred.

  • 12. Changes to This Policy

    We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised effective date.

  • 13. Contact Us

    Heartfelt Cards Ltd
    First Floor, Swan Buildings, 20 Swan Street, Manchester, United Kingdom, M4 5JW
    Email: support@heartfelt.cards
    Company Number: 16558315