Privacy Policy

Urban Lines is a poster printing service operating from the United Kingdom. We sell personalised map posters via our website and Etsy shop. For questions about this policy, contact us at hello@urbanlines.co.uk.

When you place an order, we collect: your name, email address, shipping address, and payment reference (we never store card details — Stripe handles all payment processing). We also collect your poster configuration (city, colours, custom text) to fulfil your order. If you contact us, we store the correspondence.

We use your data solely to: (a) process and fulfil your order, (b) send order and shipping confirmation emails, (c) resolve any issues with your order, and (d) comply with legal obligations. We do not use your data for marketing without your consent.

We share the minimum necessary data with our service providers: Stripe (payment processing, PCI-DSS Level 1 compliant), Prodigi (print and fulfilment — your name and shipping address), Supabase (database, EU/US data centres), and Resend (transactional emails). We do not sell your data to any third party.

We retain order records for 7 years to comply with UK accounting requirements. After this period, personal data is deleted. You may request earlier deletion of your data by contacting us, subject to legal obligations.

You have the right to: access the personal data we hold about you, correct inaccurate data, request deletion (where no legal obligation prevents this), object to processing, and data portability. To exercise any right, email hello@urbanlines.co.uk. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

We use only essential cookies required for the website to function (session management, shopping cart state). We do not use tracking or advertising cookies. No cookie consent banner is required as we use only strictly necessary cookies.

We use industry-standard security measures including HTTPS/TLS encryption, secure database access controls, and we never store payment card details. Stripe's infrastructure is PCI-DSS Level 1 certified.

If we make material changes to this policy, we will update the date above and may notify you by email if you have an active order.