Data Handling

Where data lives

Customer accounts, orders, and email records are stored on managed, encrypted infrastructure provided by our backend (Lovable Cloud) and our e-commerce platform (Shopify). All data is encrypted in transit (TLS 1.2+) and at rest.

Access controls

Only authorised HOWDEN personnel can access customer records, and only for legitimate operational reasons, fulfilling orders, answering enquiries, or resolving issues. Access is logged and reviewed.

Retention

• Account data: kept while your account is active. Deleted within 30 days of account closure.
• Order records: kept for seven years for tax, warranty, and accounting compliance.
• Marketing lists: removed immediately upon unsubscribe.
• Support correspondence: kept for two years, then archived or deleted.

International transfers

Some of our service providers operate outside your country. Where this happens we rely on standard contractual clauses or equivalent safeguards to ensure your data is protected to the same standard.

Breach response

In the unlikely event of a data breach affecting your personal information, we will notify affected customers and the relevant supervisory authority within 72 hours of becoming aware, in line with GDPR and equivalent regulations.

Requests & deletion

To request export or deletion of your data, email hello@howden.diamonds. We respond within 30 days.