Privacy Policy

How we collect, use, and protect your information

Last updated: 2026

This Privacy Policy explains how Jack Capstaff ("we", "us", "our") collects, uses, and safeguards your personal data when you visit www.jackcapstaff.com or use our printing and publishing services.

We are committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

1. Who We Are

The data controller responsible for your personal data is Jack Capstaff. You can contact us at: jack@jackcapstaff.com

2. What Data We Collect

We may collect and process the following personal data:

  • Contact information: Your name and email address when you use the contact form or request a publishing quote.
  • Account information: Your name and email address if you register for an account on this site.
  • Order and payment information: Delivery address, email address, and order details when you place a printing order. We do not store your card details — payment is handled securely by Stripe.
  • Uploaded files: PDF files you upload when requesting a print quote or placing a print order. These are stored securely and used solely to fulfil your order.
  • Usage data: Standard technical information such as your IP address and browser type, collected automatically by our web hosting provider for security and performance purposes.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to enquiries sent via the contact form.
  • To calculate print quotes and process publishing print orders.
  • To send you a copy of your quote or order confirmation by email.
  • To manage your account if you register on the site.
  • To process payments securely through our payment processor, Stripe.
  • To fulfil printing orders and arrange delivery.

Our lawful bases for processing are: contract performance (processing orders), legitimate interests (responding to enquiries, operating the website), and consent where applicable.

4. Third-Party Services

We use the following trusted third-party services to operate this website:

  • Stripe — Payment processing. Stripe processes card payments on our behalf and is PCI-DSS compliant. We never see or store your full card details. Stripe's privacy policy: stripe.com/gb/privacy
  • Cloudinary — Secure cloud storage for uploaded PDF files and images. Files are stored securely and used only to fulfil your print order.
  • Brevo (formerly Sendinblue) — Transactional email delivery (quote emails, order confirmations). Brevo's privacy policy: brevo.com/legal/privacypolicy
  • Heroku — Web hosting. Our web application runs on Heroku's infrastructure.

5. Cookies

This website uses cookies to ensure essential functionality. Specifically, we use:

  • Session cookies: Required for user login, form security (CSRF protection), and shopping cart functionality. These are strictly necessary and cannot be disabled without breaking site features.
  • Preference cookies: We store your cookie consent choice in your browser's local storage so we don't ask again on each visit.

We do not currently use advertising cookies or third-party tracking cookies. We do not use Google Analytics or similar tracking services.

6. How Long We Keep Your Data

  • Contact messages: Retained for up to 2 years for reference.
  • Publishing orders and uploaded files: Retained for up to 7 years for accounting and legal compliance purposes.
  • Account data: Retained while your account is active. You may request deletion at any time.
  • Uploaded PDF files: Retained only as long as necessary to fulfil your order, after which they will be deleted.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate data.
  • Right to erasure: You can ask us to delete your personal data in certain circumstances.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to data portability: You can ask for your data in a machine-readable format.
  • Right to object: You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at jack@jackcapstaff.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. All data is transmitted over HTTPS. Payment data is handled exclusively by Stripe and never passes through our servers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. Please check back periodically.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: jack@jackcapstaff.com