Skip to main content

PRIVACY POLICY

Last updated: 20 April 2026

1. Who We Are

Deadbeat Drip is a UK-based online store selling custom AI-generated t-shirts and posters. We’re the data controller for your personal information when you use our site at https://www.deadbeatdrip.co.uk.

If you have any questions about this policy or how we handle your data, you can reach us at hello@deadbeatdrip.co.uk.

2. What Data We Collect

We collect and process the following types of personal data:

  • Account information: Your name and email address, obtained via Microsoft account login (OAuth).
  • Order data: Shipping address, order history, and transaction records. Payment card details are processed directly by Stripe — we never see or store your full card number.
  • Generated content: The text prompts you submit and the AI-generated images produced, associated with your account.
  • Technical data: Session cookies, IP addresses (anonymised), browser type, and usage patterns collected via Azure Application Insights and Google Analytics.

3. How We Use Your Data

We use your personal data to:

  • Fulfil your orders: Process payments, send order confirmations, and ship products to you via our fulfilment partner.
  • Manage your account: Authenticate you, keep you logged in, and display your order history and generated images.
  • Improve our service: Understand how people use the site so we can make it better (via anonymised analytics).
  • Prevent fraud and abuse: Protect against bots, spam, and fraudulent transactions using reCAPTCHA and payment fraud checks.
  • Send transactional emails: Order confirmations, shipping updates, and account-related notifications. We do not send marketing emails.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract performance: Processing your account data, order details, and shipping information is necessary to fulfil our contract with you (i.e., making and delivering what you ordered).
  • Legitimate interests: We use anonymised analytics to improve the site and fraud prevention measures to protect our business. We’ve balanced these against your rights and believe they don’t override your interests.
  • Consent: For non-essential cookies (analytics and functional), we ask for your consent via our cookie banner. You can withdraw consent at any time through the cookie settings.

5. Cookies

We use cookies to make the site work and to understand how it’s used. Cookie consent is managed by Cookiebot — you can update your preferences at any time via the cookie icon or banner.

The main categories of cookies we use:

  • Essential / session cookies: Required for the site to function. Includes our session cookie (connect.sid, httpOnly, expires after 24 hours) which keeps you logged in.
  • Analytics cookies: Google Analytics and Azure Application Insights help us understand traffic patterns and site performance. These are only set with your consent.
  • Functional cookies: Used by services like reCAPTCHA to distinguish humans from bots.

6. Third Parties We Share Data With

We share your data with the following third parties, only as necessary to provide our service:

  • Stripe — Payment processing. They receive your payment details directly. See Stripe’s Privacy Policy.
  • Gelato — Print fulfilment. We share your shipping address and order details so they can print and deliver your products. See Gelato’s Privacy Policy.
  • Microsoft — Authentication (OAuth login) and cloud hosting (Azure, including Cosmos DB for data storage and Application Insights for analytics).
  • Google — reCAPTCHA v3 for bot protection and Google Analytics for usage tracking. See Google’s Privacy Policy.
  • Resend — Transactional email delivery (order confirmations, shipping notifications).
  • Cookiebot — Cookie consent management.

We do not sell your personal data to anyone. Ever.

7. Data Retention

We keep your data for as long as reasonably necessary:

  • Account data: Retained while your account is active. If you ask us to delete your account, we’ll remove it within 30 days.
  • Order records: Kept for 6 years after the transaction to comply with UK tax and accounting requirements.
  • Generated images and prompts: Retained while your account is active. Deleted upon account deletion unless associated with a completed order.
  • Session data: Automatically expires after 24 hours.
  • Analytics data: Retained in anonymised form for up to 90 days by our analytics providers.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure: Ask us to delete your personal data (subject to legal retention requirements).
  • Right to data portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where we rely on consent (e.g., analytics cookies), you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at hello@deadbeatdrip.co.uk. We’ll respond within one month.

9. Data Security

We take reasonable measures to protect your personal data, including:

  • HTTPS encryption on all connections to our site.
  • Secure, httpOnly session cookies that cannot be accessed by client-side scripts.
  • Payment data handled entirely by Stripe (PCI DSS compliant) — card details never touch our servers.
  • Data stored on Microsoft Azure infrastructure with enterprise-grade security controls.

No system is 100% secure, but we do our best to keep your data safe.

10. Children

Our service is not directed at anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@deadbeatdrip.co.uk and we’ll delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. When we do, we’ll update the “last updated” date at the top of this page. If we make significant changes that affect your rights, we’ll make reasonable efforts to notify you (e.g., via a banner on the site). Continued use of the site after changes constitutes acceptance of the updated policy.

12. Contact & Complaints

If you have questions, concerns, or complaints about how we handle your data:

Email: hello@deadbeatdrip.co.uk

Or use our contact form.

If you’re not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection: ico.org.uk/make-a-complaint.

Privacy Policy | Deadbeat Drip