Privacy Policy : Veggie Patch Ideas
Last updated: 27 April 2026
Applies to: veggiepatchideas.co.uk · The Growers Academy app · YouTube · Substack · Amazon Associates
This privacy notice explains how Veggie Patch Ideas collects and uses personal information when you visit our website, use The Growers Academy web app, purchase from our shop, or engage with our content online. We are based in England and comply with UK data protection law including the UK GDPR and the Data Protection Act 2018.
1. Who we are and how to contact us
Controller: Veggie Patch Ideas, England (sole trader)
Contact: Please use the contact form at veggiepatchideas.co.uk
Data Protection Officer: Not applicable. We are a small sole trader business and are not required to appoint a DPO under UK GDPR.
ICO registration: As a small sole trader processing only basic personal data for our own business purposes, we are reviewing our ICO registration obligations. If you have a query relating to our ICO status please contact us via our website.
Our services include an e-commerce shop built with WordPress/WooCommerce, a progressive web app called The Growers Academy (hosted on Vercel, source code on GitHub), a newsletter on Substack, participation in the Amazon Associates and Amazon Influencer programmes, and a YouTube channel at youtube.com/@veggiepatchideas.
2. What personal information we collect
We only collect personal data for specified, legitimate purposes and only what is necessary for those purposes.
2.1 Information you provide directly
| Category | Examples | Purpose | Lawful basis |
|---|---|---|---|
| Contact and identity | Name, email address, username | Manage accounts, respond to enquiries, process orders | Contract; Legitimate interests |
| Billing and shipping | Billing address, delivery address, order notes | Fulfil and deliver purchases, calculate tax | Contract; Legal obligation |
| Payment data | Payment tokens (we do not store full card numbers) | Take payment, issue refunds, prevent fraud | Contract; Legitimate interests |
| Marketing preferences | Newsletter opt-in, email preferences | Send newsletters and promotional content | Consent |
| Mailing list data | Name, email address (MailPoet / Substack) | Send newsletters, maintain subscription records | Consent |
2.2 Information collected automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage data | Page views, clicks, referring pages, timestamps | Monitor performance, analyse traffic, improve content |
| Device data | Browser type, operating system, screen size, IP address (anonymised by IONOS) | Security, performance, bug detection |
| Server logs | IP address, request data, error logs | Maintain secure infrastructure, detect abuse |
| Approximate location | Country or region inferred from IP address | Customise content, shipping rates, fraud detection |
| Cookies and similar technologies | Session identifiers, analytics cookies, affiliate tracking cookies | Operate the shop, analytics, affiliate tracking — see Section 7 |
2.3 The Growers Academy app — important note
The Growers Academy app stores your learning progress, profile and preferences in your browser’s local storage only. This data is not transmitted to Veggie Patch Ideas or any server. It remains on your device and can be deleted at any time using the Reset option within the app.
If you choose to use the optional Frost Alert feature, you may enter your UK postcode. This postcode is stored only on your device and is sent solely to the publicly available Open-Meteo and postcodes.io weather services to retrieve local forecast data. It is never transmitted to or stored by Veggie Patch Ideas.
2.4 Information from third parties
We may receive personal data from payment providers (Stripe, PayPal), shipping partners (ShipStation), social login providers, and analytics services. We may also receive aggregated marketing metrics from Google and Reddit for WooCommerce.
3. How we use your information
- To provide products and services — process orders, manage accounts, deliver goods, provide support. Legal basis: contract; legitimate interests.
- To operate our website and app — manage performance, ensure security, detect bugs. Legal basis: legitimate interests; legal obligation.
- Analytics and improvement — understand how visitors use our site using Jetpack, Statify and Google Analytics (with IP anonymisation). Legal basis: legitimate interests; consent for non-essential cookies.
- Marketing and promotions — with your consent, send newsletters via MailPoet and Substack. You can unsubscribe at any time. Legal basis: consent.
- Affiliate marketing — we participate in Amazon Associates and Amazon Influencer programmes. When you click an affiliate link, Amazon uses cookies to track qualifying purchases. We earn commission but do not receive your personal data from Amazon. Legal basis: legitimate interests; consent (you may opt out via cookie settings).
- Payments and tax — share necessary order data with Stripe/WooPayments, PayPal and tax services. Legal basis: contract; legal obligation.
- Shipping — transmit your name, address and order details to shipping partners. Legal basis: contract.
- Security and anti-spam — use Antispam Bee, Jetpack Security and IONOS Security. Legal basis: legitimate interests.
- Legal compliance — comply with legal obligations, respond to lawful requests, enforce our terms. Legal basis: legal obligation; legitimate interests.
4. Who we share personal data with
We only share your personal information with third parties where necessary to operate our services. We do not sell your personal data.
| Recipient | Purpose |
|---|---|
| IONOS | Hosts our WordPress website and database |
| Vercel | Hosts The Growers Academy web app; collects usage telemetry for performance and security |
| GitHub | Stores app source code; processes developer account information |
| Stripe / WooPayments | Processes card payments, calculates sales tax, fraud prevention |
| PayPal | Processes PayPal transactions |
| ShipStation and carriers | Generates shipping labels, provides order tracking |
| MailPoet / SMTP providers | Sends newsletters and store emails |
| Substack | Delivers our Substack newsletter, manages subscriptions and analytics |
| Jetpack (Automattic) | Site statistics, security features and performance |
| Google Analytics | Aggregated usage statistics with anonymised IP addresses |
| Amazon | Affiliate and Influencer programmes — Amazon collects data under its own privacy policy; we receive commission reports only, not personal data |
| YouTube / Google | When you view embedded videos, YouTube collects interaction and device data under Google’s privacy policy |
| Stripe Tax / WooCommerce Tax | Tax calculation based on your location |
| Professional advisers and authorities | Legal, accounting and regulatory purposes where required |
5. International data transfers
Some third-party services (Vercel, GitHub, Google, Stripe, PayPal) operate globally and your data may be transferred outside the United Kingdom. Where we transfer data internationally we rely on adequacy decisions, Standard Contractual Clauses (UK addendum), the EU-US/UK-US Data Privacy Framework, and data processing agreements that require processors to protect your data in accordance with UK GDPR.
6. Data retention
- Order information — retained for 7 years for accounting, audit and tax purposes
- Customer accounts — retained while active and for 2 years after closure
- Newsletter subscriptions — retained until you unsubscribe; inactive addresses removed after 12 months
- Support communications — retained for 3 years after resolution
- Analytics data — Google Analytics configured to 14 months; Jetpack up to 28 days; Statify up to 2 weeks
- App data — stored locally on your device only; deleted when you use the Reset option or clear your browser storage
- Cookies — see Section 7 for specific expiry periods
7. Cookies and similar technologies
Our website uses cookies to provide core functionality and improve your experience. Under the Privacy and Electronic Communications Regulations (PECR) and the Data (Use and Access) Act 2025, certain analytics cookies no longer require consent as they are considered low-risk. We continue to obtain consent for marketing and profiling cookies.
| Cookie / Tool | Purpose | Consent required? | Duration |
|---|---|---|---|
| wordpress_logged_in_, wp_woocommerce_session_ | Essential session cookies — login and cart state | No — strictly necessary | Session |
| statify | Page view counts without identifying users | No — low-risk analytics | 2 weeks |
| _ga, _gid (Google Analytics) | Distinguish users and measure site usage. IP anonymisation enabled. | Yes — we seek consent | _ga: 2 years; _gid: 24 hours |
| jetpackState, tk_* | Statistics, security, performance; cart and checkout tracking | Legitimate interests; opt-out available for marketing use | Up to 13 months |
| _stripe_mid, _stripe_sid | Secure payment processing | No — strictly necessary | mid: 1 year; sid: 30 minutes |
| paypal-fp- | PayPal fraud prevention | No — strictly necessary | Up to 2 years |
| Amazon affiliate cookies | Track referrals and qualifying purchases via affiliate links | Yes — clicking the link constitutes consent | Up to 90 days |
| mailpoet_page_view | Aggregated page view counts for newsletter analytics | Legitimate interests — aggregated only | 1 month |
You can accept or reject non-essential cookies via our cookie banner, or adjust cookie settings in your browser at any time.
8. Lawful bases for processing
- Performance of a contract — to fulfil orders, manage accounts and provide support
- Legal obligation — to comply with tax, accounting and data protection law
- Legitimate interests — to run our business, improve services, prevent fraud and maintain security. We balance these interests against your rights.
- Consent — for marketing emails and non-essential cookies. You may withdraw consent at any time.
9. Your rights
Under the UK GDPR and Data Protection Act 2018 you have the right to:
- Access — obtain a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data in certain circumstances
- Restrict processing — limit how we use your data while we verify an objection
- Object — object to processing based on legitimate interests or direct marketing
- Data portability — receive your data in a commonly used format
- Withdraw consent — where processing relies on your consent, you can withdraw at any time
- Not be subject to automated decision-making — we do not carry out automated decision-making or profiling that produces legal or significant effects
To exercise your rights please contact us via the contact form at veggiepatchideas.co.uk. We may require proof of identity. If you are unhappy with our response you may complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.
10. Children’s privacy
Our website and services are aimed at adult gardeners. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, please contact us via our website so we can delete it. We follow the UK ICO’s Children’s Code and the Age-Appropriate Design Code.
11. Security
We implement appropriate technical and organisational measures to protect your personal data, including SSL encryption via IONOS, modern security practices via Vercel and GitHub, Jetpack Security, IONOS Security, and secure payment gateways (Stripe/WooPayments, PayPal) that meet PCI DSS requirements. We do not store full card details. Despite our efforts, no system is 100% secure. If we experience a data breach we will notify affected individuals and regulators where required by law.
12. Third-party links
Our site and app contain links to third-party websites and services including Amazon, Substack, YouTube and other platforms. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies when you leave our website.
13. Changes to this notice
We may update this notice from time to time to reflect changes in law or our services. We will post the updated version on our website and update the revision date above. If changes are significant we will provide a prominent notice. Your continued use of our services after changes are posted means you accept the updated notice.
14. Contact and further information
If you have any questions about this privacy notice or wish to exercise your rights, please contact us via the contact form at veggiepatchideas.co.uk.
For general information about your privacy rights visit the ICO at ico.org.uk.
© 2026 Veggie Patch Ideas · England · veggiepatchideas.co.uk