30 Reasons Why

Privacy Policy

Last updated: 27 February 2026

1. Who We Are

30 Reasons Why (“we”, “us”, “our”) operates the website 30reasonswhy.co.uk. We are the data controller for personal data collected through this Site. For any privacy-related enquiries, contact us at hello@30reasonswhy.co.uk.

2. What Data We Collect

When you place an order, we collect:

  • Your details: name, email address
  • Shipping address: recipient name, street address, city, postcode
  • Order details: product selected, recipient’s first name (printed on the mug), the 30 messages you approved
  • Payment information: processed securely by Stripe — we do not store card numbers

When you browse the Site, we may collect:

  • Browser type, device type, and operating system
  • Pages visited and time spent on the Site
  • Referring website or source

3. How We Use Your Data

We use your personal data to:

  • Process and fulfil your order
  • Send order confirmation and shipping updates
  • Provide customer support
  • Set up the digital QR code messaging experience via our third-party partner (Pept)
  • Improve our products and website
  • Send marketing communications (only with your consent, and you can unsubscribe at any time)

4. Legal Basis for Processing

We process your data under the following legal bases (UK GDPR):

  • Contract: to fulfil your order and deliver your product
  • Legitimate interest: to improve our service and prevent fraud
  • Consent: for marketing communications

5. Who We Share Data With

We share your data only with trusted third parties who help us operate our business:

  • Stripe — payment processing
  • Pept — QR code generation and digital message delivery to the recipient
  • Our printing partner — to produce and ship your mug (receives recipient name, shipping address, and artwork)
  • GoHighLevel — customer relationship management and email communications
  • Anthropic (Claude AI) — message generation (no personal data is stored by the AI provider beyond processing your request)

We do not sell your personal data to any third party.

6. Data Retention

We retain your order data for as long as necessary to fulfil our contractual obligations and comply with legal requirements (typically 6 years for tax and accounting purposes). Marketing contact data is retained until you unsubscribe or request deletion.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Object to or restrict processing of your data
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent for marketing at any time

To exercise any of these rights, email us at hello@30reasonswhy.co.uk. We will respond within 30 days.

8. Cookies

We use essential cookies to keep our Site functioning (e.g. remembering your cart contents). For full details, see our Cookie Policy.

9. Security

We take reasonable technical and organisational measures to protect your personal data. Payment data is handled entirely by Stripe and is never stored on our servers. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children

Our Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

12. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.