Privacy Policy

Fruit Plug Ltd (“Fruit Plug”, “we”, “us”) respects your privacy. This policy explains what data we collect when you use fruitplug.co.uk, our PWA, and related services, why we collect it, and what rights you have over it. We follow the UK GDPR and the Data Protection Act 2018.

1. Who is the controller

Fruit Plug Ltd is the controller of your personal data. Contact us at info@fruitplug.co.uk.

2. What we collect

You give us

• Account data — name, email, password hash, phone (optional).
• Order data — delivery address, billing address, order history, saved boxes.
• Communications — messages you send us by email, WhatsApp, or form.

We collect automatically

• Device & usage — IP address, device type, browser, pages viewed, referrer.
• Cookies — see section 8 below.
• PWA state — cart token, nonce, auth session cookie (httpOnly).

From third parties

• Stripe/WooPayments — payment outcome (we never see your card number).
• TikTok or Instagram — if you log in via a social provider, basic profile info that you authorise.
• Couriers — delivery status updates.

3. Why we use your data (and on what legal basis)

• Fulfilling your order — delivery, returns, customer service. Basis: contract.
• Account management — login, order history, saved boxes, loyalty. Basis: contract.
• Marketing emails — only with your consent, and you can unsubscribe any time. Basis: consent.
• Analytics & site improvement — understanding how the site is used. Basis: legitimate interest (and consent where required by law for tracking cookies).
• Fraud prevention — payment checks, abuse mitigation. Basis: legitimate interest.
• Legal compliance — tax records, regulatory requests. Basis: legal obligation.

4. Who we share it with

• Payment processors — Stripe / WooPayments for card authorisation and settlement.
• Couriers — to deliver your order.
• Email service providers — transactional and (with consent) marketing email.
• Hosting & infrastructure — providers we use to run the site (WordPress host, CDN, analytics).
• Regulators or law enforcement — where we're legally required to disclose.

We do not sell your personal data.

5. International transfers

Some of our processors (e.g. TikTok, Instagram, analytics tools) are based outside the UK and EEA. Where your data leaves the UK we rely on the UK International Data Transfer Agreement or other appropriate safeguards.

6. How long we keep it

• Order records — 7 years for tax and accounting.
• Account — until you delete your account, then 30 days in backups.
• Support emails — 24 months.
• Analytics events — 14 months.

7. Your rights

Under UK GDPR you can:

• Request a copy of the data we hold on you.
• Ask us to correct or delete it.
• Ask us to restrict or object to our processing.
• Request your data in a portable format.
• Withdraw consent at any time (for processing based on consent).
• Complain to the ICO at ico.org.uk.

To exercise any of these, email info@fruitplug.co.uk. We'll respond within 30 days.

8. Cookies & similar technologies

We use a small set of cookies to make the Site work:

• fp_cart, fp_nonce — cart session identity (httpOnly, essential).
• fp_auth — your login session (httpOnly, essential).
• Analytics — optional, only active with consent.

9. Children

The Site is not intended for children under 16. If you believe we hold data on a child without parental consent, email us and we'll delete it.

10. Changes to this policy

We may update this policy to reflect changes in our practices or the law. Material updates will be announced on the Site or via email. The “Last updated” date at the top tells you when this version was published.

11. Contact & complaints

Questions, requests, or complaints about how we handle your data: info@fruitplug.co.uk. See also our Terms & Conditions and Refund Policy.