Legal

Privacy
Notice.

Last updated: February 2026 Effective: 1 March 2024 Rombotics Ltd · London, UK

Contents

  1. Who we are
  2. Information we collect
  3. How we use your information
  4. Legal basis for processing
  5. Who we share data with
  6. How long we keep data
  7. Your rights
  8. Cookies & tracking
  9. Security
  10. Children's privacy
  11. Changes to this notice
  12. Contact & complaints

This notice explains how Rombotics Ltd collects, uses, and protects your personal information when you use our website, purchase products, or engage our services. We are committed to handling your data transparently and in compliance with UK GDPR and the Data Protection Act 2018.

01

Who We Are

Rombotics Ltd is the data controller responsible for your personal information. We operate the website at rombotics.com, selling electronics components and providing engineering services, 3D printing, and educational tutoring.

Rombotics Ltd

London, United Kingdom

Email: privacy@rombotics.com

02

Information We Collect

Information you provide directly

  • Account data: name, email address, password (stored as a one-way cryptographic hash), phone number (optional)
  • Delivery address: name, street address, city, postcode, country
  • Order data: products purchased, delivery preferences, 3D print specifications (STL files, material, infill settings)
  • Communications: messages sent via our contact form, including your name, email, and message content
  • Booking information: session type, preferred date and time when booking a consultation

Information collected automatically

  • Analytics data: pages visited, time on page, scroll depth, referral source — linked to a randomly generated visitor ID stored in your browser's localStorage (not a cookie)
  • Technical data: approximate IP address (used for country-level geolocation only), browser type, device type, operating system
  • UTM parameters: campaign source, medium, and name from URLs you visit from

Information from third-party services

  • OAuth providers: if you sign in with GitHub, Google, or LinkedIn, we receive your name, email, and provider user ID from that service
  • Payment processors: Stripe handles all card payments — we do not receive or store your full card details. We receive a transaction confirmation and order reference
03

How We Use Your Information

  • To process and fulfil your orders, including dispatching products and handling 3D print jobs
  • To manage your account and authenticate you securely
  • To respond to enquiries submitted via our contact form
  • To confirm and manage booked consultation sessions
  • To improve our website based on aggregated analytics data
  • To comply with legal obligations (e.g. tax records, fraud prevention)
  • To send transactional communications such as order confirmations and dispatch notifications

We do not use your personal information for automated decision-making or profiling. We do not sell your data to third parties. We do not send marketing emails unless you have explicitly opted in.

05

Who We Share Data With

We only share your personal data with third parties where necessary to provide our services:

  • Stripe (Stripe, Inc.): payment processing for product orders — governed by Stripe's own privacy policy
  • PayPal: payment processing for 3D printing orders via PayPal.me
  • Royal Mail / shipping carriers: name and delivery address shared to dispatch physical orders
  • Neon (database provider): our PostgreSQL database infrastructure, hosted in the EU
  • Netlify: our website and serverless functions host, based in the US — covered by Standard Contractual Clauses
  • OAuth providers (GitHub, Google, LinkedIn): if you use social sign-in, only necessary authentication data is exchanged
  • ip-api.com: IP addresses are queried for country-level geolocation for analytics — no personal data is retained by this service

We do not share data with advertisers, data brokers, or any unrelated third parties.

06

How Long We Keep Your Data

  • Account data: retained while your account is active, plus 2 years after last login
  • Order records: retained for 7 years to comply with HMRC requirements
  • Analytics data: page view records retained for up to 12 months in rolling logs
  • Contact form messages: retained for 2 years, or until your enquiry is resolved
  • STL files uploaded for 3D printing: retained for 90 days after order completion, then permanently deleted

You may request earlier deletion of your data at any time — see Section 7 below.

07

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you
  • Right to rectification: you can ask us to correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): you can ask us to delete your data, subject to legal obligations
  • Right to restriction: you can ask us to pause processing while a dispute is resolved
  • Right to portability: you can request your data in a structured, machine-readable format
  • Right to object: you can object to processing based on legitimate interests
  • Right to withdraw consent: where processing is consent-based, you may withdraw at any time

To exercise any of these rights, contact us at privacy@rombotics.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

08

Cookies & Tracking

Rombotics uses a zero-cookie analytics approach. We do not use cookies for tracking. Instead, our analytics system assigns a random visitor ID stored in your browser's localStorage. This ID is device-specific and contains no personal information.

We do not use advertising cookies, third-party tracking scripts, or social media pixels.

Third-party services embedded in our website (Stripe, MediaPipe for the live demo) may set their own cookies — please refer to their respective privacy policies.

You can clear your localStorage at any time through your browser settings, which will reset your visitor ID.

09

Security

We take the security of your data seriously. Our technical measures include:

  • Passwords hashed using PBKDF2 with a unique salt — we cannot recover your plain-text password
  • All data transmitted over HTTPS/TLS
  • Database access restricted to our serverless backend — never directly accessible from the browser
  • Authentication tokens are random, short-lived, and invalidated on sign-out
  • Payment processing handled entirely by Stripe — card data never touches our servers

Despite these measures, no system is completely immune to security breaches. If you suspect your account has been compromised, contact us immediately.

10

Children's Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11

Changes to This Notice

We may update this Privacy Notice from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this notice periodically. Continued use of our website after changes constitutes acceptance of the updated notice.

12

Contact & Complaints

For any questions about this Privacy Notice or to exercise your data rights, please contact our data controller:

Rombotics Ltd — Data Enquiries

Email: privacy@rombotics.com

Or use our contact form

We aim to respond to all data requests within 30 days. For complex requests, we may extend this by a further 60 days with notice.

Privacy Notice · Last updated February 2026