Privacy Policy

Last updated: 24 March 2026

This Privacy Policy explains how Preorda Ltd ("Preorda", "we", "us", "our") collects, uses, and protects your personal data when you use our platform. We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Preorda Ltd is the data controller for personal data collected through the Preorda platform. If you have questions about this policy or your data, contact our Data Protection contact at privacy@preorda.com.

2. Data we collect

Account data

When you create an account, we collect your name, email address, and (for Vendors) your shop name and country of operation. Vendors who connect a Stripe account will have their identity verified by Stripe directly; we receive only a reference ID.

Transaction data

For Customers: order details, delivery address, and payment method metadata (card type, last 4 digits). We do not store full card numbers — these are handled by Stripe. For Vendors: payout amounts, bank account reference, and campaign performance data.

Usage data

We collect standard server logs including IP addresses, browser type, pages visited, and referring URLs. This data is used for security monitoring and platform analytics.

Communications

If you contact us, we retain your communications to help resolve queries and improve our service.

3. How we use your data

  • To provide the service — processing orders, facilitating payments, sending order confirmations and fulfilment updates.
  • To operate the platform — detecting fraud, ensuring security, maintaining infrastructure.
  • To communicate with you — campaign notifications, policy updates, service announcements.
  • To improve Preorda — aggregated, anonymised analytics to understand how the platform is used.

4. Legal bases for processing

We process your data on the following legal bases: contract performance (to deliver the service you signed up for); legitimate interests (fraud prevention, platform security, improving our service); and legal obligation (complying with tax and financial regulations).

5. Data sharing

We share personal data only with:

  • Stripe — our payment processor, for collecting and disbursing payments.
  • Vendors — Customers' name and delivery address are shared with the Vendor fulfilling their order.
  • Infrastructure providers — hosting and email delivery providers who process data on our behalf under data processing agreements.
  • Law enforcement — when required by law or to protect the safety of our users.

We do not sell personal data to third parties.

6. Data retention

Account data is retained for the duration of your account and for 7 years following account closure (for tax and legal compliance). Transaction records are retained for 7 years. Usage logs are retained for 90 days.

7. Your rights

Under UK GDPR you have the right to: access your personal data; correct inaccurate data; request deletion of your data (subject to legal retention obligations); restrict or object to processing; and data portability. To exercise these rights, email privacy@preorda.com. We will respond within 30 days.

8. Cookies

We use cookies to operate the platform. See our Cookies Policy for details.

9. Security

We use industry-standard security measures including HTTPS encryption, access controls, and regular security reviews. No system is completely secure; in the event of a data breach we will notify affected users and the ICO as required by law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email. The current version is always available at preorda.com/legal/privacy.