Your connection to the site is made with an encrypted communications technology called TLS (padlock icon will show in your browser) which establishes an encrypted tunnel over the public internet encapsulating your data within it.
We store only the details needed to process your orders and do not store or even handle payment information at the server level - our payment processor partners are the only ones to see or handle your payment data, although we don't need to be PCI-DSS compliant we test our systems anyway and follow best practices where realistic. Passwords are not stored by us, we use an industry standard approach (many thousands of rounds of a key derivation function + HMAC) to compute a mathematical representation of your password that we can test against when you login without needing to know or store your actual password. Email addresses, telephone numbers and the personally identifiable portions of your address are encrypted in a unique way per record using industry standard algorithms (AES 256). Your data is stored in the UK and encrypted at-rest where feasible, however encrypted backups (by us) may be stored in the EU and USA by our upstream service providers through data redundancy & resilience operations.
We do not share your information with third parties except as described in this privacy policy. Your order details are shared with our email provider, to allow us to send order confirmation and shipment emails. your address details are shared with our delivery companies to enable them to deliver your order. We will never intentionally send you newsletters if you have specified that you would not like to be emailed, you can edit that preference during signup and from your account update screen. You will of course still receive confirmation emails when you place orders.
We use two cookies on the site, session cookies needed for essential operation of the site: SID_TC23 and ANYA_TC23, these are to link to basket storage, maintain login sessions and prevent form abuse, no tracking information is used or accessible to us, and they are automatically deleted some time after you have finished browsing, around 2 weeks - a length mainly to remember cart contents and logged in status, after that time your session is considered stale and it is purged from the system. Our session data is randomised and not accessible or usable for anything other than servicing your web browsing.