Privacy policy

Last updated: 27 May 2026

This Privacy Policy explains how You Knead Sourdough Pty Ltd collects, uses, stores and shares personal information when you visit or buy from our United Kingdom website, use our services, contact us, subscribe to marketing, leave a review, or interact with our advertising.

This Privacy Policy applies to customers and visitors in the United Kingdom.

1. Who we are

The controller of your personal information is:

You Knead Sourdough Pty Ltd
ABN 29 653 787 832
Australia
Email: contact@youkneadsourdough.com.au
Alternative contact: admin@youkneadsourdough.com.au

In this Privacy Policy, “we”, “us” and “our” means You Knead Sourdough Pty Ltd.

If we appoint a UK representative under UK data protection law, their details will be listed here:

UK Representative: N/A.

2. The laws this policy is designed for

This policy is intended to help explain our handling of personal information under the UK General Data Protection Regulation, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations, known as PECR.

3. Personal information we collect

We collect personal information that you provide to us, personal information generated when you use our website, and personal information provided to us by service providers that help us operate our store.

The types of personal information we may collect include:

  • name;
  • billing address;
  • delivery address;
  • email address;
  • phone number;
  • order details;
  • payment and transaction details;
  • account login details, if you create an account;
  • customer support messages;
  • product review content, star ratings, photos or videos you choose to submit;
  • marketing preferences and consent records;
  • competition, survey or promotion responses;
  • fraud prevention and security information;
  • device information;
  • IP address;
  • browser type;
  • approximate location;
  • pages viewed;
  • products viewed;
  • cart and checkout activity;
  • referral source;
  • cookie, pixel and similar tracking information, where permitted.

We do not intentionally collect special category information, such as health information, biometric information, political opinions, religious beliefs or trade union membership.

4. How we collect personal information

We collect personal information when you:

  • visit our website;
  • create an account;
  • place an order;
  • add items to cart or begin checkout;
  • pay for an order;
  • contact us by email, website form, chat, social media or other channels;
  • subscribe to email or SMS marketing;
  • use a discount, promotion or referral offer;
  • leave a product or store review;
  • interact with our emails, ads or social media pages;
  • respond to a survey, competition or promotion.

We may also receive personal information from:

  • Shopify, which hosts and powers our online store;
  • payment providers;
  • fraud prevention and security providers;
  • fulfilment, warehouse, courier and delivery partners;
  • Klaviyo, for email/SMS marketing and customer communications;
  • Judge.me, for product reviews and review requests;
  • Meta, Google and other advertising or analytics platforms;
  • customer support, analytics and operational tools;
  • social media platforms, where you interact with us there.

5. How we use personal information and our lawful basis

We only use personal information where we have a lawful basis to do so.

Purpose

Examples

Lawful basis

To process and fulfil orders

Taking payment, confirming orders, shipping products, sending order updates, handling returns

Contract

To provide customer support

Responding to questions, troubleshooting orders, resolving complaints

Contract or legitimate interests

To manage customer accounts

Creating accounts, login, order history

Contract

To process payments

Card payments, PayPal, Shop Pay, Apple Pay, Google Pay and other available methods

Contract; legal obligation; legitimate interests for fraud prevention

To prevent fraud and protect the website

Security monitoring, fraud checks, chargeback handling

Legitimate interests; legal obligation

To send service messages

Order confirmations, delivery updates, account notices, policy updates

Contract; legal obligation; legitimate interests

To send marketing

Email, SMS, offers, new product announcements, abandoned cart messages, back-in-stock or preorder notices

Consent or legitimate interests where the UK soft opt-in applies

To personalise marketing and advertising

Audience building, campaign measurement, retargeting, conversion tracking

Consent for non-essential cookies/pixels; legitimate interests where permitted for related processing

To collect and display reviews

Review request emails, star ratings, written reviews, review photos/videos

Legitimate interests; consent where required for marketing or optional content

To improve our website and products

Analytics, product performance, website optimisation, customer experience improvements

Legitimate interests; consent where required for analytics cookies

To meet legal and tax obligations

Accounting records, tax records, regulatory requests

Legal obligation

To manage business operations

Supplier management, reporting, internal administration

Legitimate interests

To enforce our rights

Terms enforcement, debt recovery, legal claims

Legitimate interests; legal obligation

Where we rely on legitimate interests, we consider whether our interests are overridden by your privacy rights. You can object to processing based on legitimate interests, including direct marketing, using the contact details in this policy.

6. Shopify

Our store is hosted by Shopify. Shopify provides the ecommerce platform we use to sell products, process orders, manage checkout, store customer records, support fraud prevention and operate our website.

When you use our store, Shopify may process personal information such as your name, contact details, billing and delivery address, order details, payment-related information, device information and checkout activity.

Shopify may also process personal information for its own purposes where permitted by law. You can read Shopify’s consumer privacy information here:

https://www.shopify.com/legal/privacy

7. Payments

We use payment providers to process payments securely. Depending on the payment method you choose, your information may be processed by Shopify Payments, Shop Pay, PayPal, Apple Pay, Google Pay, card networks, banks and other payment service providers.

Payment providers may process information including your name, billing details, delivery details, payment details, fraud prevention information and transaction history.

We do not store full card numbers on our own systems. Payment information is handled by payment providers and their secure payment infrastructure.

8. Fulfilment and delivery partners

We share personal information with fulfilment partners, warehouses, courier companies and delivery partners so they can pick, pack, ship and deliver your order.

This may include your name, delivery address, phone number, email address, order contents, delivery instructions and tracking details.

9. Klaviyo email and SMS marketing

We use Klaviyo to manage email and SMS marketing, customer segments, automated messages and some customer communication flows.

Klaviyo may process information such as your name, email address, phone number, country, order history, products viewed, cart activity, checkout activity, marketing preferences, consent status and email/SMS engagement.

We may use Klaviyo to send:

  • newsletter emails;
  • product launches;
  • offers and promotions;
  • educational content;
  • abandoned cart or checkout reminders;
  • back-in-stock alerts;
  • preorder updates;
  • post-purchase flows;
  • win-back campaigns;
  • customer surveys.

You can unsubscribe from marketing emails by using the unsubscribe link in our emails. You can opt out of SMS marketing by following the instructions in the SMS message or contacting us.

We do not treat unsubscribing from marketing as opting out of essential service messages, such as order confirmations or delivery updates.

10. Judge.me reviews

We use Judge.me to collect, manage and display product and store reviews.

If you place an order, we may use your name, email address and order details to send a review request. If you submit a review, the review content, star rating, display name and any photo or video you provide may be published on our website.

Do not include personal information in a review that you do not want to be public.

We may also use reviews in marketing, advertising, Google Shopping, Meta, social media, email campaigns or product pages. Where review syndication or integrations are enabled, your review data may be shared with the relevant platform.

11. Meta, Google and advertising platforms

We use advertising and analytics tools, which may include Meta, Google Ads, Google Analytics, Google Merchant Center and related services.

These tools may help us:

  • measure website traffic and sales;
  • understand product and page performance;
  • show relevant ads;
  • measure ad conversions;
  • build advertising audiences;
  • retarget visitors who viewed products or started checkout;
  • limit irrelevant advertising;
  • improve our marketing.

These platforms may process information such as device information, IP address, browser information, page views, products viewed, cart activity, purchase events, hashed contact information, advertising identifiers and cookie or pixel identifiers.

Where required, we will only use non-essential advertising, analytics, retargeting and similar tracking technologies after you have given consent through our cookie banner or privacy settings.

You can manage cookie preferences through our website cookie controls, where available, and through your browser or device settings.

12. Cookies and similar technologies

We use cookies, pixels, tags, scripts, local storage and similar technologies.

Some of these are essential for the website to work. Others are used for analytics, marketing, personalisation and advertising.

Types of technologies we may use include:

  • essential cookies for checkout, cart, login, security and website functionality;
  • preference cookies to remember choices;
  • analytics cookies to understand website usage;
  • advertising cookies and pixels for Meta, Google and other ad platforms;
  • email tracking technologies to understand whether emails are opened or clicked.

We will not set non-essential cookies or similar tracking technologies unless we have a lawful basis to do so, including consent where required.

You can change cookie settings using our cookie banner or preference centre where available. You can also block or delete cookies in your browser settings. Blocking some cookies may affect website functionality.

13. Marketing communications

We may send marketing messages by email or SMS if:

  • you have consented; or
  • you bought or enquired about similar products from us, we gave you a clear chance to opt out, and you did not opt out.

Every marketing email and SMS will include a way to opt out.

You can also opt out by contacting us at contact@youkneadsourdough.com.au.

Opting out of marketing does not stop service messages relating to orders, payments, delivery, safety, legal notices or customer support.

14. Who we share personal information with

We may share personal information with:

  • Shopify;
  • Shopify apps and integrations used by our store;
  • Klaviyo;
  • Judge.me;
  • payment providers;
  • PayPal, Shop Pay, Apple Pay, Google Pay and other checkout providers;
  • banks, card networks and fraud prevention providers;
  • fulfilment centres, warehouses, couriers and shipping partners;
  • Meta, Google and other advertising or analytics providers;
  • email, SMS and communication providers;
  • customer support tools;
  • IT, hosting, security and analytics providers;
  • professional advisers, including accountants, lawyers and insurers;
  • regulators, government authorities, courts or law enforcement where required;
  • buyers or advisers if we sell, restructure or transfer part of our business.

We only share personal information where needed for the purposes described in this policy, where required by law, or where you have given consent.

15. International transfers

We are based in Australia and use service providers that may process personal information in the United Kingdom, Australia, New Zealand, the United States, Canada, Ireland, the European Economic Area, Singapore and other countries.

Some countries may not provide the same level of data protection as the United Kingdom.

Where personal information is transferred internationally, we use appropriate safeguards where required, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, contractual protections, data processing agreements, or other lawful transfer mechanisms.

16. How long we keep personal information

We keep personal information only for as long as reasonably needed for the purpose it was collected, including to meet legal, accounting, tax, reporting, fraud prevention and dispute-resolution requirements.

As a guide:

  • order and transaction records are usually kept for up to 7 years for tax, accounting and legal purposes;
  • customer support records are kept for as long as needed to manage the enquiry and maintain business records;
  • marketing records are kept until you unsubscribe, withdraw consent, or the information is no longer needed;
  • cookie consent records are kept for as long as needed to demonstrate consent and respect your preferences;
  • review content may remain published until removed by you, by us, or by the review platform;
  • fraud prevention records may be kept as long as needed to protect our business and customers.

We may keep anonymised or aggregated information that no longer identifies you.

17. Security

We use reasonable technical and organisational measures to protect personal information from unauthorised access, misuse, loss, alteration and disclosure.

These measures may include access controls, password protection, secure systems, staff access limitations, encryption where appropriate, secure payment processing, monitoring and supplier due diligence.

No online system is perfectly secure. You should keep your account login details confidential and contact us if you believe your account or personal information has been compromised.

18. Your UK privacy rights

Under UK data protection law, you may have the right to:

  • be informed about how your personal information is used;
  • access the personal information we hold about you;
  • correct inaccurate or incomplete personal information;
  • ask us to delete personal information;
  • restrict how we use personal information;
  • object to certain uses of personal information;
  • object to direct marketing at any time;
  • withdraw consent where processing is based on consent;
  • receive certain information in a portable format;
  • complain to the UK Information Commissioner’s Office.

Some rights are not absolute and depend on the lawful basis, the type of information and why we process it.

To exercise your rights, contact us at:

contact@youkneadsourdough.com.au

We may need to verify your identity before actioning a request.

19. Withdrawing consent

Where we rely on consent, you can withdraw that consent at any time.

You can:

  • unsubscribe from email marketing using the link in our emails;
  • opt out of SMS marketing using the instructions in the message;
  • change cookie preferences using our cookie settings;
  • contact us at contact@youkneadsourdough.com.au.

Withdrawing consent does not affect processing that happened before consent was withdrawn.

20. Complaints

If you have a privacy concern, contact us first so we can try to resolve it.

Email: contact@youkneadsourdough.com.au

You also have the right to complain to the UK Information Commissioner’s Office.

ICO website: https://ico.org.uk
ICO phone: 0303 123 1113

21. Children

Our website and products are not directed at children. We do not knowingly collect personal information from children.

22. Links to other websites

Our website may contain links to other websites, platforms or social media pages. We are not responsible for the privacy practices of those third parties. Their own privacy policies apply.

23. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be posted on this page with a new “Last updated” date. If changes are significant, we may take additional steps to notify you where appropriate.