Last updated · 20 June 2026
Privacy Policy
This policy explains how Stitch Happens MCR ("we", "us") collects, uses and protects your personal data when you use our website or services. We are the data controller under UK GDPR.
What we collect
Account details (name, email, phone, address), booking details (item photos and descriptions you upload), payment metadata (handled by Stripe — we do not store card numbers), and basic usage data (pages visited) for service improvement.
How we use it
To deliver the services you book, process payments, send service updates, manage your account and loyalty points, prevent fraud, and meet our legal obligations.
Legal basis
Contract (delivering your booking or order), legitimate interest (service operation, security, fraud prevention), and consent (marketing emails — opt-in only and revocable at any time).
Sharing
We share data only with the providers we need to run the service: Stripe (payments), Lovable Cloud / Supabase (hosting & database), our email provider (transactional emails), and couriers when posting items. We do not sell your data.
Retention
Booking and order records are kept for 7 years for tax and warranty purposes. Account details are kept while your account is active and for 1 year after closure. You can request deletion sooner — see "Your rights" below.
Your rights
You have the right to access, correct, port, restrict, object to processing, and erase your personal data. To exercise any of these rights, email hello@stitchhappensmcr.com. You also have the right to complain to the UK ICO.
Cookies
We use essential cookies to keep you signed in and to remember your basket. We do not currently use third-party advertising cookies.
Contact
Questions about this policy? Get in touch.
