Privacy Policy

Last updated: June 28, 2026

1. Introduction

Welcome to Goatly ("we", "us", "our"). We operate the website trygoatly.com and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit our website, place an order, or interact with us in any other way.

Goatly provides premium goat milk powder formulated for bone health. This policy applies to all visitors and customers of our website. By using our website, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We may collect the following types of personal information:

Personal information you provide directly:

  • Full name
  • Email address
  • Postal/delivery address
  • Phone number
  • Any information you include in messages sent to our support team

Payment information:

  • Payment transactions are processed securely by Stripe and Shopify Payments.
  • We do not store your full credit or debit card details on our servers. Payment processors handle card data in accordance with PCI-DSS standards.

Usage and device data:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited, time spent on pages, and navigation paths
  • Referring website or source
  • Device type (desktop, mobile, tablet)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Order fulfilment: processing and delivering your orders, sending order confirmations and shipping updates.
  • Customer service: responding to your enquiries, resolving issues, and providing support.
  • Marketing communications: sending promotional emails, offers, and product updates. We only do this with your explicit consent, and you can unsubscribe at any time.
  • Website improvement: analysing usage patterns to improve our website, product offerings, and overall customer experience.
  • Fraud prevention: detecting and preventing fraudulent transactions and other illegal activities.
  • Legal obligations: complying with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

  • Consent: where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing emails.
  • Contract performance: where processing is necessary to fulfil a contract with you, for example when you place an order.
  • Legitimate interests: where processing is necessary for our legitimate interests (such as improving our services or preventing fraud), provided those interests are not overridden by your rights.
  • Legal obligation: where processing is necessary to comply with a legal obligation, such as tax reporting or responding to lawful requests from authorities.

5. Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather information about how the site is used.

Types of cookies we use:

  • Essential cookies: required for the website to function properly. These include Shopify session cookies that allow you to browse and add items to your cart.
  • Analytics cookies: help us understand how visitors interact with our website by collecting information about page views, traffic sources, and user behaviour. We may use tools such as Google Analytics for this purpose.
  • Marketing cookies: used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

Shopify cookies: as our website is hosted on Shopify, Shopify places certain cookies that are necessary for the platform to operate. You can learn more about Shopify's cookie practices in their privacy policy.

Managing cookies: you can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse or delete cookies. The methods for doing so vary by browser, so please consult your browser's help documentation.

6. Sharing Your Information

We do not sell, rent, or trade your personal data to third parties. We may share your information with the following categories of service providers, strictly as needed to operate our business:

  • Shopify: our e-commerce platform, which hosts our website and processes order data.
  • Stripe and Shopify Payments: our payment processors, which handle payment transactions securely.
  • Shipping providers: such as Royal Mail and other courier services, to deliver your orders. We share your name, delivery address, and contact details for this purpose.
  • Analytics providers: such as Google Analytics, to help us understand website usage patterns.
  • Email service providers: to send transactional and marketing communications on our behalf.

We may also disclose your information if required to do so by law or in response to valid requests by public authorities.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

  • Order data: retained for a minimum of 6 years to comply with tax and accounting obligations.
  • Marketing data: retained until you withdraw your consent or unsubscribe.
  • Website usage data: typically retained for up to 26 months.

When your data is no longer needed, we will securely delete or anonymise it.

8. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct any inaccurate or incomplete data.
  • Right to erasure: you can request that we delete your personal data, subject to certain legal exceptions.
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability: you can request that we transfer your data to another organisation in a structured, commonly used, machine-readable format.
  • Right to object: you can object to the processing of your personal data where we rely on legitimate interests as our legal basis.
  • Right to withdraw consent: where processing is based on consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at support@trygoatly.com. We will respond to your request within one month, as required by law.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO through their website at ico.org.uk or by calling their helpline.

9. International Data Transfers

Some of our service providers (including Shopify and Stripe) may process your data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place to protect your personal data, in accordance with UK GDPR requirements. These safeguards may include Standard Contractual Clauses approved by the UK Government, or transfers to countries that have been deemed to provide an adequate level of data protection.

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption across our entire website.
  • Secure payment processing through PCI-DSS compliant providers (Stripe and Shopify Payments).
  • Restricted access to personal data on a need-to-know basis.
  • Regular review of our data collection, storage, and processing practices.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

11. Children's Privacy

Our website and products are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information promptly. If you believe we may have collected data from a child, please contact us at support@trygoatly.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify you by email or through a prominent notice on our website. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us: