Privacy Policy

Last updated: January 2026

Our Commitment to Privacy

Hoodies for Good is committed to protecting the privacy and security of personal information, especially when it involves children. This privacy policy explains how we collect, use, store, and protect your personal data in compliance with GDPR, COPPA, and ISO 27001/27701 standards.

Information We Collect

School Administrator Information:

  • Name and email address
  • School name and address
  • Phone number (optional)

Student Information (with parental consent):

  • First name and last name
  • Year group and class
  • Hoodie size and personalization details

Parent/Guardian Information:

  • Name and email address
  • Delivery address
  • Payment information (processed securely by Stripe)

Data Minimization: We only collect information that is necessary to provide our service and fulfill hoodie orders.

Children's Privacy Protection

Special Protection for Children

We comply with COPPA (Children's Online Privacy Protection Act) and GDPR requirements for processing children's data. All student information is collected through schools with appropriate parental consent mechanisms in place.

  • Student data is only accessible to authorized school administrators
  • We do not market directly to children
  • Parents have the right to review, update, or delete their child's information
  • We do not share children's data with third parties for marketing purposes
How We Use Your Information

We use collected information solely for:

  • Processing and fulfilling hoodie orders
  • Creating personalized designs with student names and class information
  • Communicating order status and delivery information
  • Managing school campaigns and fundraising
  • Providing customer support
  • Improving our service quality
Security Measures (ISO 27001 Compliant)

We implement industry-standard security measures aligned with ISO 27001 requirements:

Access Control:

  • Multi-factor authentication for admin accounts
  • Role-based access control (schools can only access their own data)
  • Row Level Security (RLS) policies on all database tables

Data Encryption:

  • All data transmitted over HTTPS/TLS encryption
  • Passwords hashed using bcrypt
  • Database encryption at rest

Infrastructure:

  • Hosted on Vercel (ISO 27001 & SOC 2 Type II certified)
  • Database managed by Supabase (ISO 27001 & GDPR compliant)
  • Payment processing via Stripe (PCI DSS Level 1 compliant)
  • Automatic daily backups
Your Data Rights (GDPR/ISO 27701)

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of the data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@hoodiesforgood.co.uk

Data Retention
  • Student Data: Retained for the duration of the school campaign plus 1 year for customer support purposes, then automatically deleted
  • Order Data: Retained for 7 years for accounting and legal requirements
  • School Account Data: Retained while the account is active and for 2 years after closure
  • Payment Information: Not stored on our servers (processed by Stripe)
Third-Party Data Processors

We share data only with trusted third-party processors who are contractually bound to protect your data:

  • Vercel: Hosting infrastructure (ISO 27001 certified)
  • Supabase: Database management (ISO 27001 & GDPR compliant)
  • Stripe: Payment processing (PCI DSS Level 1 compliant)
  • Production Partners: Hoodie manufacturers (receive only necessary information for order fulfillment)

We do not sell, rent, or share personal data with third parties for marketing purposes.

Cookies and Tracking

We use essential cookies to maintain your session and ensure the website functions properly. We do not use tracking cookies or third-party analytics that collect personal information.

Changes to This Policy

We may update this privacy policy from time to time. We will notify schools of any significant changes via email and update the "Last updated" date at the top of this page.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact:

Data Protection Officer

Email: privacy@hoodiesforgood.co.uk

Address: [Your Company Address]

← Back to Home