§ 1 Who we are & how to contact us
Sentia Post Limited is the controller of personal data collected through our service. We are registered in England and Wales (company number 17140616) with our registered office at 124 City Road, London EC1V 2NX.
For any data protection question, including to exercise the rights described in section 7, contact us at support@sentiacards.com.
§ 2 The information we collect
Information you give us
- Your name, email address, postal address and (optionally) phone number
- The names of people you want to send cards to, the occasions you want to mark, and the dates of those occasions
- Optionally, the postal address of the recipient — if you give it to us, we include it on the info slip dispatched with your card so you have it to hand when posting
- Any preferences you set on your account, including the size of your card bundle
- Marketing preferences
- Any messages you send to us, for example by email
Information collected automatically
- Information about your visit to our Site, including pages viewed and the date and time of your visit, captured through essential session cookies
- Information about your device, including IP address and browser type
Information collected through payment
Payments are processed by Stripe. Stripe collects your card details directly — we do not see or store your card number. We receive from Stripe a confirmation of payment and a token that lets us charge your saved payment method for future renewals.
§ 3 Why we use your information
| Purpose | What this means | Legal basis |
|---|---|---|
| Provide the service | To select, personalise and dispatch cards to you for the occasions you have entered. | Performance of our contract with you |
| Take payment | To take payment for your subscription and any additional cards you order. | Performance of our contract with you |
| Renewals | To charge your renewal 30 days before each subscription anniversary and send you confirmations and reminders. | Performance of our contract with you |
| Customer service | To respond to your questions, complaints and requests. | Performance of our contract with you |
| Service improvements | To improve our card range, our recommendations and our website. | Our legitimate interest in running and improving the service |
| Marketing — soft opt-in | To email you occasionally about Sentia products and offers similar to your subscription, with an unsubscribe option in every message. | Our legitimate interest, under the PECR "soft opt-in" |
| Marketing — full consent | To email you about wider Sentia news, offers and product updates, where you have opted in. | Your consent |
| Legal compliance | To keep records we are required to keep by law, including for tax and accounting purposes. | Our legal obligations |
§ 4 Who we share your information with
We share your information only with the third parties we need to run the service. We do not sell your information to anyone.
| Service | What they do | Where data is processed | Security |
|---|---|---|---|
| Stripe | Payment processing | United States | Encrypted in transit and at rest, PCI DSS Level 1 |
| AWS (Amazon Web Services) | Database (Amazon RDS) and backend hosting (Amazon EC2) | Sweden (EU North region) | Encrypted at rest and in transit, AWS standard |
| Vercel | Front-end website hosting | United States (transient processing only — no customer data stored) | Encrypted in transit |
| SMTP2GO | Sending transactional and marketing emails | European Union | Encrypted in transit |
| Royal Mail | Dispatch of physical cards to your address | United Kingdom | Postal service standard |
We may also disclose your information where required by law, for example in response to a court order or to comply with HMRC requirements, or where it is necessary to protect our legal rights.
§ 5 International transfers
Most of your data is held within the United Kingdom or the European Economic Area (EEA). Transfers within the EEA are treated as equivalent to transfers within the UK under UK data protection law.
Where data is transferred outside the UK and EEA — currently to Stripe in the United States — we rely on the following safeguards as required by UK GDPR: the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, which forms part of Stripe's data processing agreement with us; and Stripe's certification under the EU-US and UK Extension Data Privacy Framework.
You can ask us for a copy of the safeguards in place by emailing support@sentiacards.com.
§ 6 How long we keep your information
We keep your information only as long as we need it for the purposes set out above.
| Type of data | How long we keep it |
|---|---|
| Account and occasion data | While your subscription is active, and for 18 months after cancellation, so that you can resubscribe without re-entering your details. |
| Marketing data and preferences | 18 months after cancellation, after which we delete your record from our marketing list. You can opt out at any time using the unsubscribe link in any marketing email. |
| Records required for tax and accounting | 6 years from the end of the relevant tax year, as required by HMRC. |
| Payment records (held by Stripe) | As set out in Stripe's privacy policy. |
| Customer service correspondence | Up to 3 years after the last contact, for service improvement and to handle any related queries. |
You can ask us to delete your data sooner than the periods above — see section 7.
§ 7 Your rights
Under UK GDPR you have the following rights in relation to your personal data:
- The right to be told how your data is used (this Privacy Policy)
- The right to ask for a copy of the personal data we hold about you
- The right to ask us to correct inaccurate data
- The right to ask us to delete your data (subject to some exceptions, for example where we need to keep records for tax purposes)
- The right to ask us to restrict how we use your data, or to object to certain uses
- The right to receive your data in a portable format and have it transferred to another service
- The right to withdraw your consent to marketing at any time
To exercise any of these rights, email support@sentiacards.com. We will respond within one month.
If you are unhappy with how we have handled your data, you can complain to the Information Commissioner's Office (ICO), the UK's data protection regulator, at ico.org.uk.
§ 8 Marketing
At signup you can tell us whether you want to receive marketing emails about Sentia. If you tick the marketing box you will receive occasional emails about our new card ranges, offers and updates.
Even if you do not tick the box, we may email you occasionally about Sentia products and offers similar to those you have already subscribed to, under the PECR "soft opt-in" rule. Every marketing email contains an unsubscribe link and you can opt out at any time.
Operational emails — such as renewal reminders, dispatch confirmations and account messages — are not marketing and you will receive these as long as your subscription is active.
§ 9 How we protect your information
We take reasonable technical and organisational measures to protect your personal data, including encryption of data in transit and at rest, access controls on our systems, and limiting access to your data to the small number of people who need it.
No system is perfectly secure. If we ever become aware of a personal data breach that is likely to affect your rights, we will notify you and the ICO as required by law.
§ 10 Cookies
We use a small number of essential cookies to make our Site work. We do not currently use analytics, advertising or other non-essential cookies. Our Cookie Policy is available on our website for the detail.
§ 11 Changes to this policy
We may update this Privacy Policy from time to time. If we make a material change we will tell you by email and post a notice on the Site before the change takes effect. This version of the policy is dated 14 May 2026.