Please note: A minimum order value of €10 applies to all orders. Learn more
Privacy Policy
Last updated: 4 July 2026
This Privacy Policy explains how Ómra Creative (“we”, “us”, “our”) collects, uses, shares and protects your personal information. It applies to our website omracreative.ie and to our Ómra Creative mobile apps for iOS and Android (together, the “Services”).
We are the data controller for the personal information described here.
1. Who we are and how to contact us
- Business: Ómra Creative
- Business type / registration: Registered company, CRO no. 738453
- Address: Wexford, Ireland
- Email (including all privacy requests): [email protected]
If you have any question about this policy or your data, email us at the address above.
2. What this policy covers
We are an Irish small business selling stickers, prints and related personalised products. This policy covers everything you do with us — browsing and buying on our website, using our mobile apps, contacting our support team, and receiving communications from us. Where a section applies only to the apps or only to the website, we say so.
3. The information we collect
(a) Account and identity
When you create an account or place an order: your name, email address, password (stored only in encrypted/”hashed” form — we never see it), and phone number.
(b) Orders, delivery and personalisation
Your billing and delivery address, the items you order, your order and returns history, and any personalisation you enter (for example a name or text for an engraved or custom product). This information is needed to process and deliver your order.
(c) Payments
Card payments (including Apple Pay and Google Pay) are processed securely by WooPayments, which is powered by Stripe. Your full card number is entered on Stripe’s secure payment page and is handled by Stripe — we do not receive or store your full card details. We receive confirmation of payment and limited details such as the card type and last four digits. If you pay using a gift card or store credit, that balance is held within our own store systems.
(d) Support chat and photos you upload
When you message our support team (in the app or on the site), we collect the content of your messages and any photos you choose to attach from your device’s photo library (for example a picture of a product or a design reference). We store these so we can answer your query and keep a record of the conversation. The apps only access photos you specifically select — we do not access your wider photo library, and the apps do not use your camera.
(e) Device, technical and usage data
Like most online services, we automatically receive some technical information: your IP address, device type, operating system, app version, and general (city/country-level) location inferred from your IP. At checkout we use Cloudflare Turnstile to tell humans from bots, which processes limited device and interaction signals to protect against fraud and abuse.
(f) Information stored on your device (apps)
Some information is kept only on your own device and is not sent to us: your recent searches, cached images and content (for faster loading), your wishlist cache, and your login tokens (stored in the secure iOS Keychain / Android Keystore). You can clear recent searches at any time in the app’s Settings, and clearing them or uninstalling the app removes this local data.
(g) Marketing preferences
If you choose to subscribe to our newsletter, we collect your name and email for that purpose. Your notification and marketing preferences are also stored so we only contact you the way you’ve asked.
(h) Website cookies and analytics
Our website uses a small number of essential cookies needed to run the shop — for example to remember your shopping cart and session (WooCommerce), to process payments (Stripe), and for security and performance (Cloudflare). We do not currently run third-party advertising or analytics trackers such as Google Analytics, Meta/Facebook Pixel or similar. Because we list our products on Google so they appear in Google Search and Shopping, some Google services and tags may be present on the website and may set cookies; these are governed by Google’s own privacy policy. See section 14 for more on cookies and how to control them.
The apps do not use tracking cookies and do not include any third-party analytics or advertising software. We do not track you across other companies’ apps or websites.
4. Face ID / Touch ID (biometric unlock)
The app lets you optionally lock your account behind Face ID or Touch ID. This uses Apple’s (or your Android device’s) built-in biometric system. Your biometric data never leaves your device and is never seen, collected or stored by us — the device simply tells the app “unlock” or “don’t”. You can turn this off in the app’s Settings.
5. Push notifications
If you allow notifications, we send updates about your orders and support messages using Apple Push Notification service (APNs) on iOS and Google Firebase Cloud Messaging (FCM) on Android. This involves a device notification token. You can turn notifications off at any time in your device settings or in the app.
6. How and why we use your information, and our legal bases
Under the GDPR we must have a lawful basis for using your information. We rely on:
- Performance of a contract — to create and manage your account, process and deliver your orders, handle returns and refunds, and provide customer support.
- Legitimate interests — to keep our Services secure and prevent fraud, to understand and improve our products and Services, and to respond to your enquiries. We balance these against your rights.
- Consent — to send you marketing/newsletter emails (where you’ve opted in) and to set non-essential cookies. You can withdraw consent at any time.
- Legal obligation — to keep records we’re required to keep, such as tax and accounting records.
7. Who we share your information with
We do not sell your personal information. We share it only with trusted providers who help us run the Services, and only as needed:
- Blacknight Internet Solutions — hosting of our website and app backend (servers located in Ireland/EU).
- Cloudflare, Inc. — content delivery, security, and bot protection (Turnstile).
- Stripe / WooPayments — payment processing (card, Apple Pay, Google Pay).
- Apple (App Store and Apple Push Notification service) and Google (Google Play and Firebase Cloud Messaging) — app distribution and notifications.
- Google — product listings so our products appear in Google Search and Shopping (this shares product information; see section 3(h)).
- An Post — delivery of your order (we share your name and delivery address). We will update this policy if we add other couriers.
- Our email/newsletter provider — to send transactional emails and, if you’ve opted in, marketing emails.
- Professional advisers and authorities — such as our accountant, or law enforcement/regulators where we are legally required to disclose information.
Each provider is only permitted to use your information to provide their service to us, under appropriate data-protection terms.
8. International data transfers
Our website and app backend are hosted in Ireland/the EU. Some of our providers (for example Stripe, Cloudflare, Apple and Google) are based in, or process data in, the United States. Where personal information is transferred outside the European Economic Area, it is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses and/or the EU–US Data Privacy Framework.
9. How long we keep your information
- Order and transaction records: retained for 6 years to meet Irish tax and accounting requirements.
- Account information: kept while your account is active. If you delete your account (or ask us to), we delete your personal data, except limited order/transaction records we must keep for the tax period above.
- Support messages and uploaded photos: kept for as long as needed to handle your query and maintain a reasonable support record, then deleted.
- Marketing subscription: kept until you unsubscribe.
- On-device app data (searches, caches, tokens): stays on your device until you clear it or uninstall the app.
10. Your rights
Under the GDPR you have the right to:
- access the personal information we hold about you;
- have inaccurate information corrected;
- have your information erased (“right to be forgotten”);
- restrict or object to how we use your information;
- receive your information in a portable, machine-readable format;
- withdraw consent at any time (for example to marketing).
To exercise any of these, email [email protected]. We will respond within one month, and there is no charge for making a request (unless it is manifestly unfounded, excessive or repetitive, as allowed by law).
11. Deleting your account and data
You can delete your account and associated personal data at any time:
- In the app: go to Account → Settings → Delete Account and confirm.
- On the website: go to My Account -> Account Details -> Delete account and confirm.
- By email: contact [email protected] and we’ll action it for you.
When you delete your account we remove your personal information from our active systems, except for the limited order and transaction records we are legally required to retain for tax purposes (see section 9).
12. Children
Our Services are intended for general audiences and are not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
13. How we protect your information
We use appropriate technical and organisational measures to protect your information, including HTTPS/TLS encryption in transit, hashed (irreversible) password storage, secure storage of login tokens in the iOS Keychain / Android Keystore, Cloudflare security and bot protection, and access controls that limit who can see your data. No method of transmission over the internet is 100% secure, but we work to protect your information and continually review our safeguards.
14. Cookies (website)
Cookies are small files stored by your browser. Our website uses:
- Strictly necessary cookies — to run the shop, e.g. WooCommerce cart and session cookies, Stripe payment cookies, and Cloudflare security cookies. These are required for the site to work.
- Third-party cookies that may be set by Google in connection with our product listings (see section 3(h)).
We do not currently use advertising or analytics cookies. You can control or block cookies through your browser settings; blocking strictly necessary cookies may stop parts of the shop from working. Our mobile apps do not use advertising or tracking cookies.
15. Changes to this policy
We may update this policy from time to time. When we do, we’ll change the “Last updated” date at the top, and for significant changes we’ll take reasonable steps to let you know.
16. Complaints
If you have a concern about how we handle your personal information, please contact us first at [email protected] so we can help. You also have the right to lodge a complaint with the Irish supervisory authority:
Data Protection Commission (Ireland)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie