Privacy Policy
How The Flour Pot collects, uses, and protects your personal data.
Last updated: May 2026
The Flour Pot ("we", "us", "our") is operated by Samantha, a sole trader based in Bakewell, Derbyshire, DE45. We are committed to protecting your personal information and your right to privacy. This policy explains what data we collect, why we collect it, and how we use it.
1. Data we collect
When you fill in a contact or enquiry form
- Your name, email address, and phone number
- Event details (date, type, number of guests)
- Design preferences and any inspiration images you upload
- Delivery address or postcode
When you place an order for edible prints
- Your name and email address
- Delivery address
- Payment details — these are handled entirely by Stripe and are never seen or stored by us. Please refer to Stripe's privacy policy for full details.
When you subscribe to our newsletter
- Your email address
Automatically collected data
When you visit our website, we may collect standard log data including your IP address, browser type, and the pages you visit. We use Google Analytics to help us understand how visitors use the site. This data is anonymised and aggregated; we cannot identify individuals from it.
2. How we use your data
- To fulfil your order or enquiry — contact you with quotes, updates, and delivery information
- To send our newsletter — only if you explicitly subscribed. You can unsubscribe at any time using the link in any email.
- To improve our website — using anonymised analytics data
- To keep records — for accounting and legal compliance purposes
We do not sell, rent, or trade your personal data to third parties.
3. Legal basis for processing
Under UK GDPR, we rely on the following legal bases:
- Contract — to process and fulfil orders you have placed
- Legitimate interests — to respond to enquiries and maintain business records
- Consent — to send marketing emails (newsletter subscribers only)
4. Data storage and retention
Your data is stored securely. Order and enquiry records are kept for up to 7 years for accounting purposes, in line with HMRC requirements. Newsletter subscription data is retained until you unsubscribe. We will delete your data on request, unless we are legally required to retain it.
5. Third-party services
We use the following third-party services that may process your data:
- Stripe — payment processing. Stripe's privacy policy
- Google Analytics — anonymised website analytics. Google's privacy policy
- Resend — transactional email delivery
All third-party processors are GDPR-compliant and operate under data processing agreements.
6. Cookies
We use a small number of cookies:
- Cart cookie — stores your shopping cart contents locally in your browser (localStorage). This data never leaves your device.
- Analytics cookies — set by Google Analytics to help us understand site usage. You can opt out by using a browser extension such as the Google Analytics Opt-out Add-on.
7. Your rights under UK GDPR
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data (the "right to be forgotten")
- Restrict how we process your data
- Object to processing based on legitimate interests
- Data portability — receive your data in a machine-readable format
- Withdraw consent at any time for marketing emails
To exercise any of these rights, please contact us at hello@theflourpot.co.uk. We will respond within 30 days.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Changes to this policy
We may update this policy from time to time. The date at the top of this page will reflect when it was last revised. Significant changes will be communicated by email to active customers.
9. Contact
For any privacy-related questions, please contact us at hello@theflourpot.co.uk.