This Privacy Policy explains how Velsia Limited (“we”, “us”, “our”) collects, uses, and protects your personal data when you use axismelt.com.

Who we are: Velsia Limited is registered in England and Wales (Company No. 17140721). Registered address: Studio No. 4, 264 Lavender Hill, London, England, SW11 1LJ. Email: info@axismelt.com

What data we collect: When you make a purchase, we collect your name, email address, billing address, and payment information. Payment data is processed securely by our payment provider and we do not store card details. We also collect basic technical data (IP address, browser type, pages visited) via cookies.

Why we collect it: We use your data to process orders, send download links and receipts, handle customer support queries, and comply with our legal obligations under UK law.

Legal basis (UK GDPR): We process your data on the following grounds: performance of a contract (processing your order), compliance with a legal obligation (tax and accounting records), and legitimate interests (fraud prevention, site security).

How long we keep it: Order records are kept for 7 years as required by UK tax law (HMRC). Account data is kept as long as your account is active. You can request deletion at any time, subject to our legal retention obligations.

Your rights: Under UK GDPR you have the right to access, correct, or delete your personal data; restrict or object to processing; and data portability. To exercise any of these rights, email us at info@axismelt.com. You also have the right to lodge a complaint with the ICO (ico.org.uk).

Third parties: We use WooCommerce to run our store, and a payment processor to handle transactions. These providers process data on our behalf and are bound by their own privacy policies. We do not sell your data to third parties.

Cookies: See our Cookie Policy for details.

Changes: We may update this policy from time to time. The current version is always available on this page.

Card Data and PCI DSS Compliance

VELSIA LIMITED does not store, process, or transmit raw cardholder data on its own servers. All card payments are handled exclusively by our PCI DSS Level 1 certified payment service provider — the highest tier of compliance defined by the Payment Card Industry Security Standards Council (PCI SSC).

When you submit card details on our checkout page, the data is transmitted directly to the payment processor over an encrypted TLS 1.2+ connection, tokenized at the gateway, and never reaches our infrastructure. The only payment-related information we retain on our side is:

  • the transaction reference (provided by the gateway);
  • the last four digits of the card and the card brand (Visa, Mastercard, etc.) — for order-management, refunds, and chargeback evidence;
  • the billing name, address, and email address you provided at checkout — for invoicing and customer-support purposes.

If you exercise your right to access, rectify, or delete your data under the UK GDPR or the EU GDPR (see Your Rights section above), the order metadata may be retained for up to seven (7) years after the transaction in compliance with anti-money-laundering, accounting, and tax-record-keeping obligations applicable to VELSIA LIMITED.

For details on how the payment provider itself handles your data, please consult the privacy notice of the gateway disclosed at the moment of checkout.