Captain Cyan's Privacy and Security Policy
Privacy Policy
We use the personal data you send us to fulfil your order, track sales and provide a great ongoing customer service to you. Our legal basis for handling your data in this way is our legitimate business interest; contract with you and legal requirements placed upon us by the government.
In addition we may occasionally send you direct marketing communications through email, social media or other communication channels. You can unsubscribe from these at any time, without affecting your ability to communicate with us or use our services.
Your data is retained securely on cloud services provided by AWS, IBM, Zendesk and Google, and directly managed servers hosted in-house and at Rackspace. We retain data for a minimum of 5 years except for order artwork files which are deleted after a maximum of 60 days, except where we have been requested to retain this by clients.
You can make a request to see details of the data we store on you. You can also request that Captain Cyan delete all of the personal data we hold about you at any time, but this will mean any pending orders will not be fulfilled, order history, follow-up customer service requests or after-sales support will be unavailable to you.
We’ll also be unable to issue any refunds, partial or otherwise. Data will only be erased where we are not required to retain this data for legal, accounting and auditing purposes.
Whilst the law allows for erasure and access requested to be made verbally or through other means; in order to ensure that personal data is only shared with the individual concerned we request that you send an email to [email protected] and attach a copy of valid photo ID.
We will respond to all access or erasure requests within 30 days.
Payments
Our payments are processed by Stripe
You can read more about their extensive security here.
Stripe is fast becoming the industry-standard for rapid, secure, eCommerce payments.
Your card details are not stored on our servers, nor do they ever touch them (so can't be logged inadvertently in log files). Instead they are sent directly to Stripe, who pass us a secure token. Only we can use the token to charge your card as it must be used in conjunction with a secret that only we (and Stripe) possess.
We store this card token for the duration of processing your order (in case you wish to add items to your order), after which it is destroyed.
The only card details we store permanently are pieces of card metadata such as the card brand, last four digits and expiry date.
This is so that we can tell you which card has been charged, and the information is useless on its own as it cannot be used to reveal any further details about your payment card.