Privacy Policy
We treat your personal information with the same care we bring to a single hand-stitched seam. This policy explains what we collect, why, and the choices you have.
Last updated · May 2026
Who we are
Ivory Whisper Ltd ("Ivory Whisper", "we", "our", "us") is the data controller for personal information collected through ivorywhisper.com and our connected commerce channels. Registered office: [REGISTERED ADDRESS]. Company number: [COMPANY NUMBER]. ICO registration: [ICO NUMBER].
Information we collect
We collect information in three ways:
- Given to us directly — name, delivery and billing address, email, phone, sizing notes, payment details (processed by our payment providers, not stored by us), and any messages you send.
- Collected automatically — device and browser data, IP address, pages viewed, referral source, and similar analytics gathered via cookies and pixels.
- Received from third parties — order, fulfilment and fraud-screening data from Shopify, payment providers, and authorised stockists.
How we use your information
- To fulfil orders, process payments, arrange shipping and handle returns.
- To manage your account and respond to enquiries.
- To send order confirmations and service-related messages (always sent).
- To send marketing — atelier letters, collection previews — only with your consent, which you may withdraw at any time.
- To prevent fraud, secure the site, and comply with legal obligations.
- To improve our products, fit, photography and shopping experience.
Legal bases (UK & EU)
We rely on the following lawful bases under the UK GDPR and EU GDPR:
- Contract — to fulfil your order.
- Consent — for marketing communications and non-essential cookies.
- Legitimate interests — to operate, secure and improve our business, balanced against your rights.
- Legal obligation — to retain financial records and respond to lawful requests.
International transfers
Some of our providers are based outside the UK and EEA. Where that is the case, transfers are protected by Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards.
How long we keep it
- Order and invoice records — 7 years for tax compliance.
- Account data — until you ask us to close your account.
- Marketing preferences — until you unsubscribe, then suppressed for compliance.
- Analytics — up to 26 months.
Your rights
Under UK and EU GDPR, you may request to:
- Access the personal data we hold about you.
- Correct anything inaccurate.
- Erase your data, where applicable.
- Restrict or object to certain processing.
- Receive a portable copy of your data.
- Withdraw consent at any time.
California residents (CCPA/CPRA), Quebec residents (Law 25), and residents of other jurisdictions have parallel rights. To exercise any right, write to privacy@ivorywhisper.com. You also have the right to complain to your local supervisory authority (in the UK, the ICO at ico.org.uk).
Security
We use TLS encryption, PCI-DSS compliant payment processing, access controls, and regular reviews to keep your data secure. No system is perfectly secure; if a breach occurs that affects your rights, we will notify you and the relevant authority without undue delay.
Children
Our products and site are intended for adults aged 18 and over. We do not knowingly collect data from children. If you believe we have, please contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. Material changes will be flagged at the top of the page and, where appropriate, notified by email.
Need clarity on this policy?
Our team responds to every enquiry, however small. Write to us at privacy@ivorywhisper.com or reach the atelier directly.
Contact the atelier →