Privacy Policy
Peppercord Limited — Last updated: 7 March 2026
1. Who we are
Peppercord Limited is the data controller responsible for your personal data across all Peppercord brands and services.
- Company name: Peppercord Limited
- Company number: 15954819
- Registered address: Suite 2552, 37 Westminster Buildings, Theatre Square, Nottingham, England, NG1 6LG
- ICO registration number: [TO BE INSERTED]
- Email: privacy@peppercord.co.uk
Peppercord Limited operates multiple consumer-facing brands, including but not limited to:
- Peppd (peppd.co.uk) — smart business cards
- Network Pal (networkpal.co.uk)
- 30 Reasons Why (30reasonswhy.co.uk)
- Go Parking (goparking.co.uk)
- NotLuck (notluck.co.uk)
- With Pleasure (withpleasure.co.uk)
- Sasha Leswank (sashaleswank.co.uk)
- All You Yoga (allyouyoga.co.uk)
All brands listed above are owned and operated by Peppercord Limited. When you use any of these services, Peppercord Limited is the data controller for your personal data.
2. What data we collect
We may collect and process the following personal data:
2.1 Account and identity data
- Full name
- Email address
- Password (stored securely using hashed encryption)
- Organisation name and membership details
2.2 Billing and transaction data
- Payment card details (processed securely by Stripe; we do not store full card numbers)
- Billing address
- Transaction history and invoices
- Subscription status
2.3 Usage data
- Pages visited and features used across our services
- Device type, browser type, and operating system
- IP address
- Referring website or link
2.4 Communication data
- Messages sent through contact forms
- Support requests and correspondence
- Email subscription preferences
2.5 Product-specific data
- Peppd: card designs, contact details stored on cards, page analytics
- Network Pal: networking event data, connection records
- 30 Reasons Why: personalised content and recipient details
- Go Parking: parking location and vehicle data
- With Pleasure: product customisation and order details
- Sasha Leswank: product customisation and order details
- All You Yoga: booking and class preference data
- Other brands: product customisation data as relevant to the service
3. How we use your data
We process your personal data for the following purposes, under the legal bases indicated:
| Purpose | Legal basis |
|---|---|
| To create and manage your account | Performance of a contract |
| To process payments and fulfil orders | Performance of a contract |
| To provide customer support | Performance of a contract |
| To send service-related communications (e.g. order confirmations, account updates) | Performance of a contract |
| To send marketing communications (where you have opted in) | Consent |
| To improve our services and fix bugs | Legitimate interest |
| To detect and prevent fraud | Legitimate interest |
| To comply with legal obligations (e.g. tax records) | Legal obligation |
4. Shared account system
Peppercord Limited operates a single account system across all of its brands. This means:
- You use one set of login credentials to access all Peppercord services.
- Your account profile (name, email, password) is shared across brands.
- Your billing information is shared where you make purchases across multiple brands.
- Product-specific data (e.g. your Smart Business Cards designs) is only accessible within the relevant brand’s service.
We do this to provide a seamless experience and to avoid you having to create separate accounts for each service. If you wish to understand which brands hold data about you, contact us at privacy@peppercord.co.uk.
5. Payment processing
All payments are processed securely by Stripe (stripe.com). Depending on which brand you are purchasing from, you may see a different trading name on your bank or card statement. All payments are ultimately received by Peppercord Limited.
We do not store your full payment card details. Stripe handles all card data in compliance with PCI DSS (Payment Card Industry Data Security Standard).
6. Who we share your data with
We may share your personal data with the following categories of recipients:
- Stripe — payment processing
- Supabase — database hosting and authentication (servers located in EU)
- Netlify — website hosting
- Royal Mail / courier services — order fulfilment for physical products
- Print partners — production of physical products (e.g. business cards, paper goods)
- Email service providers — for transactional and marketing emails
- HMRC — where required for tax compliance
- Law enforcement or regulatory bodies — where required by law
We do not sell your personal data to third parties.
7. International transfers
Your data is primarily stored and processed within the European Economic Area (EEA) and the United Kingdom. Where data is transferred outside the UK or EEA (for example, if a service provider is based in the United States), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office.
8. How long we keep your data
We retain your personal data only for as long as necessary for the purposes set out in this policy:
| Data type | Retention period |
|---|---|
| Account data | Duration of your account, plus 12 months after deletion |
| Transaction records | 7 years (HMRC requirement) |
| Marketing consent records | Duration of consent, plus 12 months |
| Support correspondence | 24 months from resolution |
| Usage/analytics data | 26 months |
9. Your rights
Under UK data protection law, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your data (subject to legal obligations).
- Right to restrict processing — request that we limit how we use your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at privacy@peppercord.co.uk. We will respond within one calendar month.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
10. Cookies
We use cookies and similar technologies on our websites. For full details, please see our Cookie Policy.
11. Children
Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@peppercord.co.uk.
12. Changes to this policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or by placing a notice on our website. The “last updated” date at the top of this policy indicates when it was last revised.
13. Contact us
If you have any questions about this privacy policy or how we handle your data:
- Email: privacy@peppercord.co.uk
- Post: Peppercord Limited, Suite 2552, 37 Westminster Buildings, Theatre Square, Nottingham, England, NG1 6LG