Shop Now
Shop Now

Privacy policy

Last updated: 27 April 2026

This Privacy Policy explains how Neurostead ("we", "us", "our") collects, uses, shares and protects your personal data when you visit www.neurostead.co.uk (the "site"), buy our products, sign up to our emails, or contact us. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this policy, please contact us at info@neurostead.co.uk

1. Who we are

Neurostead is a trading name of Wingham Supplements Limited, a company registered in England and Wales under company number 17023182, with its registered office at 33 Church Street, Hartlepool, England, TS24 7DG.

For the purposes of UK data protection law, we are the "data controller" for the personal data we collect about you through this site.

2. The personal data we collect

We collect the following categories of personal data:

Information you give us

  • Identity and contact details: name, email address, delivery and billing address, phone number.

  • Order details: products ordered, order value, delivery preferences.

  • Account details (if you create one): login credentials and saved preferences.

  • Communications: messages you send us by email, contact form, or social media.

  • Marketing preferences: whether you have signed up to our emails or SMS.

Information collected automatically

  • Device and usage data: IP address, browser type, device type, operating system, referring URL, pages viewed, time on site, and similar analytics data.

  • Cookie and tracking data: see our Cookie Policy for full details.

Information from third parties

  • Payment information: handled by our payment processors (Shopify Payments and, where used, PayPal, Apple Pay, Google Pay, Shop Pay, Klarna, or similar). We do not store full card details.

  • Marketing and analytics partners: aggregated or pseudonymised data from Klaviyo, Google, Meta and TikTok about how you interact with our ads and emails.

We do not knowingly collect data about anyone under 18. Our products are intended for adults.

In the course of customer service correspondence, you may voluntarily share information about your health, medical conditions, pregnancy or breastfeeding status, medication use, or other health-related matters. This is special category data under Article 9 UK GDPR. Where we process this data, we rely on the lawful basis of explicit consent (provided when you share the information for the specific purpose of receiving advice or guidance) or, where applicable, the substantial public interest basis. We do not use special category data for marketing, profiling, or any purpose other than responding to your specific query. We retain special category data only for as long as needed to resolve the matter, and in any case no longer than 12 months unless you ask us to retain it longer.

3. Why we use your data and our legal basis

Under UK GDPR we must have a lawful basis for processing your personal data. The bases we rely on are:

  • Contract - to take orders, process payments, fulfil and deliver products, manage returns, and provide customer service.

  • Legitimate interests - to run and improve our business, secure the site against fraud and abuse, analyse site usage, send service emails about your order, and (where permitted) send marketing to existing customers about similar products.

  • Consent - to send marketing emails or SMS where required, and to set non-essential cookies (analytics and advertising). You can withdraw consent at any time.

  • Legal obligation - to keep accounting and tax records, respond to lawful requests from authorities, and comply with consumer law.

4. Marketing

If you sign up to our newsletter, place an order and opt in, or enter a competition, we may send you marketing emails (and, if you opt in, SMS) via Klaviyo about new products, offers and content.

You can opt out at any time by clicking the "unsubscribe" link in any marketing email, replying STOP to a marketing SMS, or emailing us at info@neurostead.co.uk. Opting out of marketing will not stop transactional messages such as order confirmations and shipping updates.

5. Cookies and similar technologies

We use cookies and similar technologies for site functionality, analytics and advertising. Some cookies are strictly necessary; others (analytics and marketing) only run with your consent.

For full details and how to manage your preferences, please see our Cookie Policy.

6. Who we share your data with

We share personal data only with trusted parties who help us run our business. These include:

  • Shopify Inc. and Shopify International Ltd - our e-commerce platform and payment processor.

  • Payment providers - including Shopify Payments, PayPal, Apple Pay, Google Pay, Shop Pay and (where offered) Klarna.

  • Fulfilment, warehousing and delivery partners - to pick, pack and ship your order (e.g. Royal Mail, Evri, DPD, DHL or international equivalents).

  • Klaviyo - email and SMS marketing platform.

  • Google (Analytics, Ads) - site analytics and advertising.

  • Meta (Facebook, Instagram) and TikTok - advertising and measurement.

  • Customer service tools - to respond to your enquiries.

  • Professional advisers, accountants, auditors and insurers - where reasonably required.

  • Law enforcement, regulators and courts - where we are legally required to do so.

We do not sell your personal data.

7. International transfers

Some of our service providers (including Shopify, Google, Meta, TikTok and Klaviyo) are based outside the UK, including in the United States. Where personal data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to countries the UK Government has determined provide an adequate level of protection.

8. How long we keep your data

We keep personal data only for as long as we need it for the purposes set out in this policy, or to meet legal, accounting or reporting requirements:

  • Order and customer records: typically 6 years from the end of the relevant tax year, to comply with HMRC requirements.

  • Marketing data: until you unsubscribe, plus a short period to suppress further marketing.

  • Website analytics: typically up to 14 months in Google Analytics, and up to 2 years for cookie identifiers.

  • Customer service correspondence: up to 3 years after the matter is resolved.

Once we no longer need your personal data, we delete or anonymise it.

9. How we keep your data secure

We use industry-standard technical and organisational measures to protect your personal data, including HTTPS encryption, restricted access controls, and trusted processors with their own security certifications. No method of transmission over the internet is 100% secure, but we work hard to protect your data and to notify you and the Information Commissioner's Office (ICO) where required if a personal data breach occurs.

10. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.

  • Have inaccurate or incomplete data corrected.

  • Have your data erased in certain circumstances.

  • Restrict or object to processing in certain circumstances.

  • Receive your data in a portable format.

  • Withdraw consent at any time, where we rely on consent.

  • Complain to the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email us at info@neurostead.co.uk. We will respond within one month.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when it was last revised. Material changes will be communicated through the site or by email where appropriate.

12. Contact us

Questions, complaints or requests about this Privacy Policy or your personal data:

Wingham Supplements Limited, 33 Church Street, Hartlepool, England, TS24 7DG
Email: info@neurostead.co.uk