Privacy Policy

Last updated: 9 May 2026

1. Who we are

Mythic LootLab (“we”, “us”, “our”) operates mythic-lootlab.com. We are the data controller for personal information collected through this website. Contact us at hello@mythic-lootlab.com.

2. What data we collect

  • Order data: name, email address, shipping address, and payment reference (via Stripe) when you place an order.
  • Newsletter: email address if you subscribe to our mailing list.
  • Images you upload: photos you choose to upload for AI generation. These are processed in memory and not permanently stored on our servers.
  • Generated images: AI-generated outputs are temporarily stored on Replicate's servers for delivery.
  • Usage data: IP address, browser type, pages visited, and referrer — collected automatically via our hosting provider (Netlify) and analytics tools.
  • Cookies: we use essential cookies for site operation and, with your consent, analytics cookies. See section 7.

3. How we use your data

  • Fulfilling and shipping your orders (via Printful).
  • Processing payments securely (via Stripe).
  • Sending order confirmation and shipping notification emails (via Resend).
  • Sending newsletter emails if you opted in (you can unsubscribe any time).
  • Improving the website and understanding how users interact with it.
  • Complying with legal obligations.

4. Legal bases (UK & EU GDPR)

  • Contract performance: processing orders, fulfilment, and transactional emails.
  • Legitimate interests: preventing fraud, improving our service, site security.
  • Consent: newsletter subscriptions and non-essential cookies.
  • Legal obligation: tax records and regulatory compliance.

5. Who we share data with

  • Stripe — payment processing. Stripe is PCI-DSS compliant and is the data controller for card data.
  • Printful — print-on-demand fulfilment. They receive your name, address and the design image to produce and ship your order.
  • Resend — transactional and marketing email delivery.
  • Replicate — AI image generation. Prompts and uploaded images are sent to Replicate's API for processing.
  • Netlify — website hosting and serverless functions.

We do not sell your data. All third parties are bound by data processing agreements.

6. International transfers

Some of our service providers are based in the United States. Where we transfer data outside the UK/EEA, we rely on standard contractual clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) approved by the ICO, or equivalent adequacy mechanisms.

7. Cookies

We use the following categories of cookies:

  • Essential cookies: required for the site to function (session, security). Always on.
  • Analytics cookies: help us understand site usage (e.g., page views). Only set with your consent.

You can change your cookie preference at any time using the banner at the bottom of the page. Your choice is stored in your browser.

8. How long we keep data

  • Order data: 7 years (UK tax / HMRC requirement).
  • Uploaded face photos: deleted immediately after generation — not persisted.
  • Generated images: temporarily cached on Replicate CDN for up to 24 hours.
  • Newsletter data: until you unsubscribe.
  • Analytics data: up to 26 months in aggregate form.

9. Your rights

Under UK GDPR and, where applicable, EU GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request erasure (“right to be forgotten”) where applicable.
  • Restrict or object to processing.
  • Data portability (receive your data in a machine-readable format).
  • Withdraw consent at any time (for consent-based processing such as newsletters and analytics cookies).

To exercise these rights, email us at hello@mythic-lootlab.com. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (UK) or your local supervisory authority.

10. Children

Our services are not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

11. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on this page with a revised date. Continued use of the site after changes constitutes acceptance.