- We log basic website traffic data at scale that we cannot single-handedly use to identify each user, such as IP address, user agent, and the time and date of a page visit. Unlike other websites, we don't use third-party software such Google Analytics or equivalent from competitors, to do this.
- We use our minimal logs to guage an idea of general traffic, e.g. what product is viewed more often, which pages are most popular.
- We use open-source software to analyse these logs, and the contents of the logs are never exchanged with third-parties.
- We do not store any debit/credit card details after purchase; they are sent straight to our payment processor, then deleted.
- We only store basic information about each customer's past orders, such as billing address, and this is used to fulfill, refund, or check on, past orders.
- We only request data that is absolutely required to verify identity during payment, which is shared only with our payment processor.
- We never buy or sell data with 'data brokers' for profit, market research, or any other reason.
- All data sent to and from this website is done so via TLS v1.2 industry standard transport layer encrypted, and we do not support weaker forms with vulnerabilities. This protects data whilst it is physically travelling. This can be verified at SSL labs.
- We implement security headers such as HSTS, which ensures a device will always attempt to make an encrypted connection after it's first successful one, and a strict content-security-policy which prevents the injection of scrips or iframes by any potential hackers. This can be verified at securityheaders.com.