Privacy Policy

Urban Lines is a poster printing service operating from the United Kingdom. We sell personalised map posters via our website and Etsy shop. For questions about this policy, contact us at hello@urbanlines.co.uk.

When you place an order, we collect: your name, email address, shipping address, and payment reference (we never store card details — Stripe handles all payment processing). We also collect your poster configuration (city, colours, custom text) to fulfil your order. If you contact us, we store the correspondence.

We use your data solely to: (a) process and fulfil your order, (b) send order and shipping confirmation emails, (c) resolve any issues with your order, and (d) comply with legal obligations. We do not use your data for marketing without your consent.

We share the minimum necessary data with our service providers: Stripe (payment processing, PCI-DSS Level 1 compliant), Prodigi (print and fulfilment — your name and shipping address), Supabase (database and operational storage), Resend (transactional emails), Vercel (website hosting and privacy-friendly analytics), Railway (backend hosting), and Sentry (error monitoring). We do not sell your data to any third party.

We retain order records for 7 years to comply with UK accounting requirements. After this period, personal data is deleted. You may request earlier deletion of your data by contacting us, subject to legal obligations.

You have the right to: access the personal data we hold about you, correct inaccurate data, request deletion (where no legal obligation prevents this), object to processing, and data portability. To exercise any right, email hello@urbanlines.co.uk. You also have the right to complain to the Information Commissioner's Office (ico.org.uk).

We use essential browser storage and cookies required for the configurator and checkout flow, including preserving an unfinished poster draft while you complete payment. We also use Vercel Web Analytics and Speed Insights to understand site performance and aggregate traffic, and Sentry to capture technical errors. We do not use third-party advertising cookies or behavioural ad tracking.

We use industry-standard security measures including HTTPS/TLS encryption, secure database access controls, and we never store payment card details. Stripe's infrastructure is PCI-DSS Level 1 certified.

If we make material changes to this policy, we will update the date above and may notify you by email if you have an active order.