Privacy policy.

Data we collect

We collect the data you give us: name, email, phone, delivery address, and uploaded identification documents. We collect order history, payment metadata (via Stripe), and limited device data for fraud prevention.

How we use it

To fulfil your orders, verify your eligibility to purchase age-restricted goods, and to satisfy our legal obligations under the Misuse of Drugs Act 2023 and Trading Standards requirements.

Retention

ID verification records are kept for 6 years after your last order, as required by regulatory audit. Order records are kept for 7 years for tax. You may request deletion of all other data at any time.

Third parties

We use Stripe (payments), Twilio (SMS), and Resend (email). Our infrastructure is hosted in the UK and EU. We do not sell your data.

Your rights

You have the right to access, correct, or delete your data, and to object to its processing. Contact privacy@dialawhip.com.