Daisy Co.

Privacy Policy

Last updated 30 June 2026.

This Privacy Policy explains what personal information Daisy Co. ("Daisy Co.", "we", "us") collects when you use this website, why we collect it, who we share it with, how long we keep it, and the rights you have over it. We are committed to handling your information lawfully and transparently.

Who is responsible for your data (data controller): Daisy Co., [insert registered business name, address, and ABN / company registration number]. For any privacy question or to exercise your rights, contact us at hello@daisyco.co.

1. The information we collect

(a) Account information. If you create an account, we store the following in our secure customer database (hosted on Cloudflare D1): your first and last name, email address, phone number (if provided), saved delivery addresses, your order history, product favourites, reviews you submit, and any "notify me when back in stock" requests. Your password is never stored in readable form, it is protected with scrypt, a strong one-way password-hashing algorithm with a unique per-user salt, so it cannot be recovered, even by us.

(b) Order and payment information. When you check out, your billing and shipping address, phone number, and card details are entered directly on Stripe's secure hosted checkout page. Card details never reach our website or our servers. Stripe processes the payment and shares order and contact details with us (through the Stripe dashboard) so we can fulfil and support your order. The price you are charged is always set by us server-side, never taken from your browser.

(c) Usage and analytics information. With your consent, we use PostHog (EU region) to understand how our shop is used, for example pages viewed, items added to cart, and checkouts started. This is tied to a random, anonymous identifier. If you are signed in, we link these events to your internal account ID (a random identifier) only: we do not send your name, email, or address to our analytics provider. We do not use session recording or advertising/tracking cookies.

(d) Communications. We send transactional emails (such as email verification, password reset, and restock alerts) via Resend. If you contact us by email, we keep that correspondence to handle your query.

(e) Technical information. Like all websites, our hosting and security provider (Cloudflare) processes technical data such as your IP address and request logs to deliver the site and protect it from abuse.

2. Why we use it, and our lawful basis

PurposeLawful basis (UK/EU GDPR)
Creating and managing your account; processing and delivering orders; customer supportPerformance of a contract
Securing the site and accounts; preventing fraud and abuseLegitimate interests
Product analytics to improve the shopConsent
Marketing emails (if any)Consent (you can opt out at any time)
Meeting legal, tax, and accounting obligationsLegal obligation

Where we rely on consent, you can withdraw it at any time without affecting processing that already took place.

3. Cookies and similar technologies

We keep cookie use to a minimum:

You can also clear or block cookies and local storage in your browser settings; blocking essential storage may stop you from staying signed in.

4. Who we share your information with

We do not sell your personal information. We share it only with the service providers ("processors") needed to run the shop, each acting under a data-processing agreement:

ProviderWhat they handleRegion
StripePayments, billing/shipping details (PCI-DSS Level 1)Global, with GDPR safeguards
CloudflareWebsite hosting, serverless functions, customer database, securityGlobal edge, with GDPR safeguards
PostHogProduct analytics (consent-based)European Union
ResendTransactional email deliveryGlobal, with GDPR safeguards

We may also disclose information where required by law, or to protect our rights, customers, or the safety of others.

5. International transfers

Our analytics data is stored in the European Union. Some providers (such as Stripe, Cloudflare, and Resend) may process data outside your country. Where personal data is transferred internationally, it is protected by appropriate safeguards such as Standard Contractual Clauses or an equivalent approved mechanism.

6. How long we keep it

We keep account information for as long as your account is active, and order records for as long as needed to fulfil legal, tax, and accounting obligations. Analytics data is retained for a limited period in line with our analytics provider's settings. If you close your account or ask us to erase your data, we will delete it unless we are legally required to keep certain records.

7. Security

We design the site to minimise the personal data it holds. Payment card data is handled entirely by Stripe and never touches our systems. Account passwords are stored only as salted scrypt hashes. Administrative functions are protected behind authentication, and all traffic is served over HTTPS. No method of transmission or storage is perfectly secure, but we take reasonable steps to protect your information.

8. Your rights

Depending on where you live (including under UK/EU GDPR and the Australian Privacy Principles), you may have the right to:

To exercise any of these, email hello@daisyco.co and we will respond within the time required by law. You also have the right to complain to a data protection authority, in the UK the Information Commissioner's Office (ICO), in the EU your local supervisory authority, or in Australia the Office of the Australian Information Commissioner (OAIC).

9. Children

This shop is not directed at children, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Links to other websites

Our website may link to other sites (for example, Stripe's checkout). We are not responsible for the privacy practices of other websites; please review their policies.

11. Changes to this policy

We may update this policy from time to time by updating this page, and will revise the "last updated" date above. Please check back periodically.

12. Contact us

Questions about this policy or your data? Email hello@daisyco.co.