your data, your rights
Privacy Notice
Last updated: 29 April 2026
This notice explains how Natural Tendrils Limited, trading as Natural Tendrils ("we", "us", "our"), collects and uses your personal data when you use naturaltendrils.com or buy from us. We are the data controller for the personal data described here.
1. What we collect and why
| Category | Purpose | Legal basis |
|---|---|---|
| Name, email | Order fulfilment, eBook delivery, customer support | Contract performance |
| Newsletter email (Tendrils Musings) | Sending updates you signed up for | Consent |
| Curl Scanner inputs (photo, hair details) | Generating your curl analysis (processed and discarded) | Consent |
| Device data, IP address, basic usage | Security, fraud prevention, site analytics | Legitimate interests |
| Support messages | Responding to your enquiries | Legitimate interests |
Payment card details are collected and processed by Stripe, our payment processor - we never see or store your full card number.
2. Who we share data with
- Stripe - payment processor for all sales, payments, and invoicing.
- Service providers / subprocessors - including hosting (Lovable Cloud, powered by Supabase), email delivery, and AI processing (for the Curl Scanner).
- Professional advisers - accountants and legal advisers, where needed.
- Authorities - where required by law.
We never sell your personal data.
3. International transfers
Some of our service providers (including Stripe and our hosting provider) may process data outside the UK or EEA. Where they do, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions to protect your data.
4. How long we keep data
- Order and customer records: 7 years (UK tax law requirement).
- Newsletter data: until you unsubscribe.
- Curl Scanner inputs: processed in real time, not stored after the result is delivered.
- Support messages: up to 2 years.
5. Your rights (UK GDPR)
You have the right to:
- access the data we hold about you;
- have inaccurate data corrected;
- request erasure ("right to be forgotten");
- restrict or object to processing;
- data portability;
- withdraw consent at any time (where consent is the basis);
- complain to the UK Information Commissioner's Office at ico.org.uk.
To exercise any of these rights, email hello@naturaltendrils.com. We'll respond within one month.
6. Security
We take appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls, and using reputable, GDPR-compliant service providers.
7. Cookies
We use a small number of essential cookies to keep the site working (e.g. session, security). We do not currently use third-party advertising or marketing cookies. If we add analytics cookies in future, we'll ask for your consent first.
8. Contact
Questions about your data, or want to exercise a right? Email hello@naturaltendrils.com.