Skip to main content

Free UK Shipping on all orders over £100

Levels Custom Apparel

Privacy Policy

Last updated: 17 May 2026

This policy explains how Levels Custom Apparel (“we”, “us”) collects, uses, and protects your personal data when you visit our website, place an order, contact us, or set up an account. We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.

Who we are

Levels Custom Apparel is a sole trader based in Somerset, UK. We are the data controller for the personal data described in this policy. You can reach us at info@levelscustomapparel.com or 07850 342245.

What we collect

  • Account & contact details: name, email address, delivery and billing address, and optionally phone number — provided when you create an account, place an order, or contact us.
  • Order history: products ordered, sizes, quantities, custom designs you upload, prices paid, and the Stripe or PayPal transaction reference (we do not see or store your full card number).
  • Your designs: any logos, photos, or text you upload to our customiser are stored against your account so we can fulfil the order and let you re-order.
  • Correspondence: emails and messages you send us via the contact form.
  • Cookies and session data: a small set of strictly necessary cookies (signed-in session, cart contents). We do not use third-party advertising or analytics cookies.

Why we use it (lawful bases)

  • To fulfil your order (contract) — taking payment, producing your garments, arranging delivery, and handling returns.
  • To run our business (legitimate interests) — replying to enquiries, preventing fraud, keeping a record of past orders so you can re-order, and improving our products and website.
  • To meet our legal obligations — keeping accounting records (HMRC requires us to retain transactional data for six years).
  • With your consent — sending you marketing emails (only when you have opted in; you can unsubscribe at any time using the link in any marketing email or by emailing us).

Who we share it with

We only share your personal data with third parties that help us run our service. We never sell your data. Our main processors are:

  • Stripe and PayPal — payment processing.
  • Supabase (EU) — secure database hosting.
  • Vercel and Cloudinary — website hosting and image delivery.
  • Resend — transactional email (order confirmations, magic-link sign-in).
  • Royal Mail and our courier partners — delivering your order.
  • HMRC and our accountant — to meet our tax and accounting obligations.

Some of these providers are based outside the UK. Where that is the case, we rely on the UK's adequacy decisions or on Standard Contractual Clauses to make sure your data is protected to the same standard as it would be in the UK.

How long we keep it

  • Order and payment records: six years from the end of the tax year in which the order was placed (HMRC requirement).
  • Your account and design history: for as long as your account is active. You can ask us to close it at any time.
  • Marketing contact details: until you unsubscribe.
  • Enquiries via the contact form: up to two years after our last reply, unless you ask us to delete them sooner.

Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • ask us to correct anything that is wrong;
  • ask us to delete your data (the right to be forgotten), subject to records we must keep for legal reasons;
  • ask us to restrict or object to how we use your data;
  • receive a copy of the data you have provided in a portable format;
  • withdraw consent at any time, where consent applies.

To exercise any of these rights, email us at info@levelscustomapparel.com. We will respond within one calendar month.

You also have the right to complain to the Information Commissioner's Office (ico.org.uk) if you think we have not handled your data properly. We would appreciate the chance to put things right first, so please contact us before you do.

Security

We use industry-standard security measures to protect your data: encrypted connections (HTTPS) for every page, hashed sign-in tokens rather than passwords, and access controls on our database. No system is perfectly secure, but if we ever suffer a personal-data breach that is likely to affect you, we will let you know and report it to the ICO within 72 hours as required by law.

Cookies

We only set strictly necessary cookies — the ones that keep you signed in and your cart contents in place while you browse. We do not use third-party advertising or analytics cookies, so there is no cookie banner to dismiss. If we ever add optional cookies, we will ask for your consent first.

Changes to this policy

We may update this policy from time to time as our service changes or the law changes. The “Last updated” date at the top tells you when. If we make a significant change, we will let you know by email or with a notice on the website.

Contact

Questions about this policy or your data? Email info@levelscustomapparel.com or call 07850 342245 during Monday to Friday — 8:00am to 6:00pm.