Template EmpireLegal
Privacy Policy
Effective 28 March 2026 · Last updated 28 March 2026
This privacy policy explains how Halbon Labs Ltd (Company No. 16608971), trading as Template Empire, collects, uses, stores, and protects your personal data when you use our website at templateempire.io and purchase our products.
We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).
1. Data Controller
The data controller responsible for your personal data is:
Halbon Labs Ltd
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Company No. 16608971 · Registered in England & Wales
ICO Registration: ZB957293
Email: privacy@templateempire.io
2. Information We Collect
2.1 Account Information
When you create an account, we collect your name, email address, and authentication credentials. Account authentication is managed by our identity provider, Clerk.
2.2 Payment Information
When you make a purchase, payment processing is handled entirely by Stripe. We do not store your full card number, CVV, or bank details on our servers. We receive from Stripe a transaction reference, the last four digits of your card, and billing address details necessary to fulfil your order and comply with tax obligations.
2.3 Usage Data
We automatically collect certain information when you visit our website, including:
- Pages visited and time spent on each page
- Browser type, operating system, and device category
- Referring website or source
- Country-level location (derived from IP address, not stored at city level)
- Interactions with site features (e.g. filters used, templates viewed)
This data is collected via Vercel Analytics, a privacy-friendly, first-party analytics service that does not use cookies for tracking and does not track users across websites.
2.4 Communications
If you contact us via email or a support form, we retain the content of your message, your email address, and any attachments to resolve your enquiry.
3. How We Use Your Information
We use your personal data for the following purposes:
- Fulfil orders — process purchases, deliver licence keys, and provide download access
- Manage your account — authenticate you, display purchase history, and manage licence keys
- Customer support — respond to enquiries and resolve technical issues
- Improve our products — analyse usage patterns to improve templates, the website, and user experience
- Legal compliance — comply with tax, accounting, and regulatory obligations
- Security — detect and prevent fraud, abuse, and unauthorised access
We do not sell your personal data. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.
4. Legal Bases for Processing
Under Article 6 of the UK GDPR, we process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Processing purchases and delivering digital content | Performance of a contract (Art. 6(1)(b)) |
| Account creation and management | Performance of a contract (Art. 6(1)(b)) |
| Tax records and financial reporting | Legal obligation (Art. 6(1)(c)) |
| Website analytics and product improvement | Legitimate interest (Art. 6(1)(f)) |
| Fraud prevention and security | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails (if opted in) | Consent (Art. 6(1)(a)) |
Where we rely on legitimate interest, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms.
5. Data Sharing & Third Parties
We share your personal data only with trusted third-party processors who act on our instructions under data processing agreements compliant with Article 28 UK GDPR:
| Processor | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, billing address, payment details |
| Clerk | Authentication & identity | Name, email, authentication tokens |
| Vercel | Website hosting & analytics | Usage data, IP address (anonymised) |
| Google Fonts | Font delivery | IP address (via browser request) |
We do not share your personal data with any other third parties except where required by law (e.g. in response to a lawful court order or regulatory request).
6. International Transfers
Some of our third-party processors are based in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
- The UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses
- The processor's participation in recognised certification frameworks
- Binding corporate rules where applicable
You may request a copy of the relevant transfer safeguards by contacting us at the address above.
7. Data Retention
We retain your personal data only for as long as necessary:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information | Duration of account + 2 years after deletion | Contract |
| Transaction records | 7 years from transaction date | HMRC requirements |
| Licence keys | Indefinite (tied to purchase) | Contract |
| Support correspondence | 2 years from resolution | Legitimate interest |
| Analytics data | 12 months (anonymised) | Legitimate interest |
After the retention period, personal data is securely deleted or anonymised so it can no longer be associated with you.
8. Your Rights
Under the UK GDPR and Data Protection Act 2018, you have the following rights:
- Right of access (Art. 15) — obtain a copy of the personal data we hold about you
- Right to rectification (Art. 16) — correct inaccurate or incomplete data
- Right to erasure (Art. 17) — request deletion of your data where there is no compelling reason for continued processing
- Right to restrict processing (Art. 18) — limit how we use your data in certain circumstances
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object (Art. 21) — object to processing based on legitimate interest, including direct marketing
- Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
To exercise any of these rights, email privacy@templateempire.io. We will respond within one calendar month of receiving your request, as required by Article 12(3) UK GDPR. We may extend this by a further two months for complex requests, but will inform you within the first month.
We will not charge a fee for exercising your rights unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.
9. Cookies
A cookie is a small text file placed on your device by a website. We use the following categories of cookies:
9.1 Strictly Necessary Cookies
These are essential for the website to function and cannot be disabled. They include session cookies for authentication (managed by Clerk) and security tokens. No consent is required under PECR Regulation 6 for strictly necessary cookies.
9.2 Analytics Cookies
Vercel Analytics is our primary analytics tool. It is privacy-friendly and does not use cookies for tracking purposes. It collects aggregated, anonymous usage statistics. Where we deploy any additional analytics tools in the future that use cookies, we will seek your consent before placing them.
9.3 Third-Party Cookies
Third-party services (such as Stripe for payment) may set their own cookies during the checkout process. These are governed by the respective provider's cookie policy. We do not control these cookies.
You can manage cookies through your browser settings. Blocking strictly necessary cookies may prevent parts of the website from functioning correctly.
10. Children's Privacy
Our products are intended for professional software developers and businesses. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. We will post the updated policy on this page with a revised “Last updated” date. For material changes, we will notify you via email or a prominent notice on our website before the changes take effect.
12. Contact & Complaints
If you have any questions about this policy or wish to exercise your data protection rights, contact us at:
Privacy Enquiries
Halbon Labs Ltd
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email: privacy@templateempire.io
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
We recommend contacting us first so we have the opportunity to resolve your concern directly.