TamysweetUK logo

TamysweetUK

Healthy kittens, happy homes

Privacy Policy

TamysweetUK privacy policy draft

This draft reflects the current audited website behaviour as at 18 July 2026. It should be reviewed and completed with the business owner before being treated as final.

1. Identity and contact details

[BUSINESS LEGAL NAME REQUIRED]

[BUSINESS CONTACT EMAIL REQUIRED]

[BUSINESS ADDRESS OR SERVICE ADDRESS REQUIRED]

2. Data collected

The public website currently collects personal data only when a visitor chooses to include it in a WhatsApp enquiry message generated from the contact form or by using direct contact methods such as email or WhatsApp links.

The website also processes limited technical data needed for page delivery, image hosting through Supabase public storage URLs, and administrator authentication.

3. Contact enquiries

The contact form collects: full name, email address, optional phone number, kitten or breed interest, subject, and message content.

In the current implementation, that form does not submit to the website server or a database. Instead, it prepares a message and opens WhatsApp on the user's device.

[OWNER CONFIRMATION REQUIRED: enquiry retention period]

4. Kitten enquiries and reservations

The current public codebase does not include an online reservation workflow, checkout, or payment submission form.

[OWNER CONFIRMATION REQUIRED: reservation data collected]

[OWNER CONFIRMATION REQUIRED: payment provider]

5. WhatsApp communication

If you use the contact form or WhatsApp buttons, you are redirected to WhatsApp using an outbound link. Any information you then send is processed by WhatsApp under its own terms and privacy practices.

TamysweetUK does not control WhatsApp's own tracking or retention practices. Please review WhatsApp's privacy information before sending sensitive information.

6. Customer records

The current codebase does not show a dedicated customer-records system on the public site beyond administrator-managed kitten and site settings content in Supabase.

[OWNER CONFIRMATION REQUIRED: customer records retained outside the website]

7. Website technical data

The audited public website does not currently run analytics, advertising pixels, chat widgets, social-media embeds, or optional tracking scripts.

Public pages use Next.js and Supabase-hosted images. If a visitor saves cookie preferences, the site stores only the consent decision itself in first-party browser storage.

8. Admin authentication

The protected admin area uses Supabase authentication with first-party HTTP-only cookies named tamysweetuk-admin-access-token and tamysweetuk-admin-refresh-token.

These cookies are used only for secure administrator sign-in and are not part of public analytics or marketing preferences.

9. Purposes of processing

  • To respond to enquiries initiated by the visitor.
  • To present kitten listings and site content.
  • To operate and secure the administrator area.
  • To record a visitor's cookie-preference choice if they save one.

10. Lawful bases

Likely lawful bases include steps taken at the request of the individual, legitimate interests in running and securing the website, and consent where optional technologies are introduced.

[OWNER CONFIRMATION REQUIRED: lawful bases by business process]

11. Data sharing

Based on the current codebase, website infrastructure involves Next.js hosting and Supabase services. WhatsApp may also process data when a user chooses to open a WhatsApp link.

[OWNER CONFIRMATION REQUIRED: any additional service providers or manual data sharing]

12. International transfers

Some website providers may process data outside the UK, depending on the services used and their infrastructure arrangements.

[OWNER CONFIRMATION REQUIRED: international data transfers]

13. Retention periods

The current codebase does not define business retention periods for enquiries, reservations, or customer communications.

[OWNER CONFIRMATION REQUIRED: enquiry retention period]

[OWNER CONFIRMATION REQUIRED: customer record retention period]

14. Security

The audited site uses server-side cookies for admin authentication, does not expose token values in the public UI, and keeps optional tracking technologies disabled by default.

15. Individual rights

Depending on the circumstances, individuals may have rights to access, correct, erase, restrict, object to, or request portability of personal data, and to withdraw consent where processing relies on consent.

16. Complaints

Individuals may raise concerns with TamysweetUK first and may also have the right to complain to the UK Information Commissioner's Office if they believe their data has been handled unlawfully.

17. Children

The website markets family-raised kittens but does not appear to offer services specifically to children. Parents or guardians should contact TamysweetUK on behalf of minors where appropriate.

18. Policy updates

This page should be updated whenever the business process changes materially, optional tracking technologies are introduced, or retention/contact details are confirmed.

Please also review the Cookie Policy.