Research use only · Not for human or veterinary consumption / Shipped from the United Kingdom / SOL · USDC · $PUMP
Pumptides Browse catalogue
Pumptides / Legal / Privacy Policy

Privacy Policy

Last updated · 25 May 2026

We collect the minimum data needed to ship a parcel and run the storefront. No tracking pixels, no ad networks, no email lists you didn't sign up for. This page explains exactly what we collect, why, and how to remove it.

01

Who controls your data

The data controller is Pumptides Ltd. We are registered in England and Wales. References below to "we" and "us" mean Pumptides Ltd. The data protection contact is privacy@pumptides.xyz.

02

What we collect

Pumptides is designed to require as little personal data as possible. The data we hold falls into four buckets.

Order data

  • Shipping name and full delivery address.
  • An email address or wallet-pushed messaging handle for tracking updates.
  • Phone number, only where required by the carrier (DHL Express to certain destinations).
  • Order ID, item, price, and order timestamp.

On-chain data (public)

  • Your Solana wallet address used to pay.
  • Transaction signature, amount and asset, and the unique reference key tied to the order.

Technical data

  • IP address (briefly, for fraud and abuse prevention).
  • Browser and device type from request headers.
  • Timestamps of page loads where logged at the edge for security.

Support data

  • Anything you send us in an email or contact-form message.
03

Why we collect it

  • Order data — to ship the parcel and confirm delivery, and to comply with carrier requirements at destination.
  • On-chain data — to reconcile a payment with an order, issue refunds when needed, and prevent double-spend. This data is public on the Solana blockchain regardless of our policy.
  • Technical data — to detect abuse, mitigate fraud, and run the site reliably.
  • Support data — to answer your messages.
05

On-chain data

Solana is a public blockchain. Every transaction — your wallet address, the amount you paid, the merchant address, the timestamp, and our unique order reference — is permanently visible on-chain. We cannot delete this data. It exists outside our control and outside the scope of erasure rights.

We don't link your wallet address to your shipping address in any public-facing way. That linkage exists only in our private order database and is treated as personal data.

06

Cookies and analytics

We don't use third-party advertising cookies, ad networks, or cross-site tracking pixels. The site uses one strictly-necessary local-storage entry to remember your selected payment method between checkout steps. That data never leaves your browser.

If we add server-side analytics in the future (Plausible or similar privacy-respecting tooling) we'll update this section. We will not introduce Google Analytics, Meta Pixel, or comparable trackers.

07

Who we share data with

We share the minimum personal data needed with the following processors:

  • Alluvi Labs (UK) — to fulfil and pack your order.
  • Royal Mail and DHL — to ship and track your parcel.
  • Our hosting provider — for site delivery and DDoS protection.
  • Our email provider — only when you contact us or opt in to updates.

We do not sell personal data and we do not share it for advertising. We will share data with law enforcement only where compelled by valid legal process.

08

International transfers

Most processing happens in the UK and EU. Where data must be transferred outside the UK or EU (for example, to a cloud region in the US), we rely on the UK International Data Transfer Agreement or the EU Standard Contractual Clauses, with additional safeguards as required.

09

How long we keep data

  • Order data — six years after the order, to meet UK tax-record requirements.
  • Support correspondence — two years from the last reply, then deleted.
  • Technical logs — thirty days at the edge, longer only if needed for an active security incident.
  • On-chain data — permanent, by the nature of public blockchains.
10

Your rights

Under UK GDPR you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Erase data we hold off-chain, where there is no overriding legal obligation to retain it.
  • Restrict or object to processing.
  • Receive your data in a machine-readable format (portability).
  • Withdraw consent at any time, where consent is the basis.

To exercise any of these rights, email privacy@pumptides.xyz. We respond within 30 days. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

11

Security

We hold personal data on infrastructure with encryption in transit and at rest. Access is restricted to staff who need it. We will never ask for your wallet seed phrase or private key. If anyone claims to be Pumptides and asks for either, treat it as a phishing attempt and report it to security@pumptides.xyz.

12

Children

Pumptides is not for users under 18. We do not knowingly collect personal data from children. If you believe a minor has provided us with personal data, contact privacy@pumptides.xyz and we will delete it.

13

Changes

If we make a material change to this policy we'll flag it on the home page and update the "Last updated" date here. We won't change the way we treat existing data without notifying you.

14

Contact

Questions about your data: privacy@pumptides.xyz.
Security issues: security@pumptides.xyz.

© 2026 Pumptides Ltd ← Terms Refunds →