Privacy Policy

At Wren & Rye, we are committed to protecting our customers privacy. This policy outlines when we collect data, what data we collect and why we collect it. It also provides information on your rights over that data.

This policy may change from time to time, so please check back every now and then to ensure you are comfortable with the information.

What data do we collect?

We collect two types of data; personal and anonymous.

We only collect personal data when it has been freely given to us by you for a specific purpose, such as; to fulfil a purchase, take a payment, deliver an order or to send marketing communications.

We collect anonymous data from all of our website visitors, such as pages that have been visited and time spent on the website. This data is not tied to you as an individual and is used to help us improve our service.

What is the legal basis for our processing of personal data?

When collecting personal data from you, we will only ask for data that we require to fulfil our service - such as your name and address for shipping orders, email address for sending receipts and credit/debit card details for processing payments.

We will never use your postal address for marketing communications and we will only ever send marketing communications to your email address if you have explicitly granted us consent to do so.

Will personal data be shared with 3rd parties?

At Wren & Rye, we use 3rd parties to provide services that we could not hope to provide ourselves, such as taking payments, collecting postal information and scheduling marketing emails.

Purchase and Payment

When making a purchase from, your payment, postal and contact information is collected and stored by Shopify Inc. Shopify provide us with the online e-commerce platform that allows us to sell our products and services to you.

If you choose a direct payment gateway to complete your purchase (i.e. not PayPal), then Shopify stores your credit/debit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify’s Terms of Service or Privacy Statement.

Marketing Emails

When opting in to receive marketing emails from Wren & Rye, your email address is stored by MailChimp. MailChimp provide us with a platform to store marketing lists and proof of consent information along with a way to send newsletters, promotions and updates to you.

You are always given the ability to unsubscribe from the email list that we store with MailChimp by clicking a link at the bottom of our emails.

For more information on how MailChimp handles data, please see their Privacy Policy.

What rights do you have over your data?

Your data is your data, regardless of whether it is stored on a piece of paper in your living room or in a database 2,000 miles away. As such, you have certain rights over the data that we collect.

If you would like to opt-out of marketing communications, correct, amend or remove any data that we hold on you or simply wish to understand more about the data that we hold, please feel free to get in touch with us by emailing


To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

All data sent using our website is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.