Privacy Policy

Last updated: June 2026 · UK GDPR

Colbcast (colbcast.co.uk) respects your privacy. This policy explains what personal data we collect, why we collect it, and your rights. For questions, email contact@colbcast.co.uk.

Who we are

Data controller: Colbcast (UK-based online diecast store). Contact: contact@colbcast.co.uk.

Data we collect

When you place an order (guest or signed in)

• Name, email address, and UK delivery address (line, city, county, postcode, country)
• Order items, prices, postage method, discounts, and order status
• Payment is handled by Stripe — we receive payment confirmation, not your full card number

When you create an account

• Email address, username, and authentication data (password is stored by Firebase Authentication, not in plain text)
• Profile data linked to your user ID (username, email)

When you contact us

• Contact form: name, email, reason, optional order number, and message
• Newsletter signup: email address only

When you leave a review

• Product ID, rating, review text, user ID, and display name

Stored on your device (browser)

• Shopping cart and wishlist in local storage until you check out or clear site data
• Selected postage option in local storage for convenience
• Firebase may store session tokens to keep you signed in

Usage data

We may use Firebase Analytics (Google) for aggregated site usage statistics if enabled in your browser. We do not sell your personal data.

Why we use your data

• Contract — to process orders, deliver goods, and provide account features
• Legitimate interests — to respond to enquiries, prevent fraud, and improve the shop
• Consent — where you opt in to marketing (e.g. newsletter)
• Legal obligation — where required for tax, accounting, or consumer law

Who we share data with

• Google Firebase — hosting, database, authentication, and analytics
• Stripe — payment processing
• Resend (or similar email provider) — order and contact notification emails sent from our backend
• Royal Mail — delivery of parcels (name and address on the label)

We only share data necessary to operate the store. We do not sell personal data to third parties.

How long we keep data

• Orders — kept for accounting, support, and legal requirements (typically up to 6 years for business records)
• Account data — while your account is active; you may request deletion subject to legal retention
• Contact messages — as long as needed to resolve your enquiry
• Newsletter emails — until you unsubscribe or we remove inactive subscribers

Your rights (UK)

You may have the right to access, correct, delete, or restrict use of your personal data, and to object to certain processing. To exercise these rights, contact contact@colbcast.co.uk. You may also complain to the ICO (ico.org.uk).

Security

We use industry-standard services (Firebase, Stripe) and HTTPS. No method of transmission over the internet is 100% secure; we work to protect your data but cannot guarantee absolute security.

See also Terms & Conditions and Returns Policy. Contact us · FAQ