🔒 Legal Document

Privacy Policy

Last updated: 30 June 2026
Effective: 30 June 2026
Applies to: shoplist.uk and all associated services
Data Controller: ShopList (shoplist.uk)

Plain English summary: We collect only what we need to run ShopList. We never sell your data. We never share it with advertisers. You can delete your account and all your data at any time.

1. Who We Are

ShopList is operated by ShopList (shoplist.uk), a UK-based service. We are the data controller for personal information collected through shoplist.uk.

For any privacy queries, contact us at: contact@shoplist.uk

2. What Data We Collect

2.1 Account Information

2.2 Shopping Data

2.3 Payment Data (Pro subscribers only)

2.4 Technical Data

2.5 Data We Do NOT Collect

3. Legal Basis for Processing (UK GDPR)

PurposeLegal Basis
Providing the ShopList service (account, lists, sync)Contract — necessary to perform the service you signed up for (Article 6(1)(b))
Processing Pro subscription paymentsContract — necessary to fulfil your paid subscription (Article 6(1)(b))
Security (session management, CSRF protection, server logs)Legitimate interests — protecting users and the service from attacks (Article 6(1)(f))
Sending transactional emails (welcome, password reset, subscription confirmation)Contract / Legitimate interests (Article 6(1)(b) and (f))
Complying with legal obligationsLegal obligation (Article 6(1)(c))

We do not process any special category data (health, religion, biometrics, etc.).

4. How We Use Your Data

We will never: sell your data, share it with advertisers, use it for behavioural profiling, or send you unsolicited marketing without your explicit consent.

5. Sharing Your Data

We share data only in these limited circumstances:

5.1 Service Providers

5.2 Shared Lists Feature

If you choose to share a list via a WhatsApp link, anyone with that link can view your list and add items. You control this — sharing is off by default and you can disable it at any time.

5.3 Legal Requirements

We may disclose your data if required to do so by law, court order, or to protect the rights, property, or safety of ShopList, our users, or the public.

5.4 We Do NOT Share With

6. Cookies

We use only essential cookies required to operate the service:

CookiePurposeDuration
PHPSESSIDKeeps you logged in during your session30 days
cf_clearanceCloudflare security (bot protection)1 year

We do not use analytics cookies, advertising cookies, or any non-essential cookies. You do not need to accept a cookie banner to use ShopList because we only use strictly necessary cookies.

7. Data Retention

8. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

To exercise any of these rights, email us at contact@shoplist.uk. We will respond within 30 days as required by UK GDPR.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk · Phone: 0303 123 1113

9. Data Security

Despite these measures, no internet transmission is 100% secure. We will notify you and the ICO within 72 hours in the event of a data breach that poses a risk to your rights and freedoms, as required by UK GDPR Article 33.

10. International Data Transfers

Our web hosting provider may store data outside the UK. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the ICO, in accordance with UK GDPR Chapter V.

11. Children's Privacy

ShopList is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at contact@shoplist.uk and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email and update the "Last updated" date at the top of this page. Continued use of ShopList after changes constitutes acceptance of the revised policy.

13. Contact Us

🔒 Data Controller Contact

ShopList
Email: contact@shoplist.uk
Website: shoplist.uk

For data protection queries, subject access requests, or to exercise your rights under UK GDPR, please email us with "Privacy Request" in the subject line. We aim to respond within 30 days.