Last update: 23/10/2023, with an updated email address.

The Mystery Agency Ltd., 8th Floor Imperial House, 8 Kean Street, London, WC2B 4AS (“We”, “our”, “us”) manage and administer the Website. For the purposes of the Data Protection Act 1988 (as amended) and the General Data Protection Regulation 2016/679 (the “GDPR”), we are the “data controller” in respect of the Personal Data (as defined in the GDPR) submitted by you when you visit our website (the “Website”).

This Privacy Policy sets out the fair and lawful basis upon which we collect and process your Personal Data, with details as to how your information and data is protected ) and sets out your privacy rights and how the law protects you. We are committed to protecting your privacy and take all reasonable steps to ensure this, including an SSL certificate.

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.

What type of information do we collect?

We receive, collect and store information about you, including Personal Data, in the course of you visiting the Website (including  collecting the Internet protocol (IP) address used to connect your computer to the Internet) through the use of Cookies (as explained further below).

Personal data is also received, collected and stored through sign up to our mailing list – when you consent to receive marketing concerning The Mystery Agency. This includes your first name and email address.

We also receive, collect and store Personal Data about you, collected through transactional processes on Stripe, in accordance with their Privacy Policy outlined below.

  • Information you provide by completing a purchase on our site via Stripe or signing up to The Mystery Agency include your name, email and postal addresses, telephone number, country of residence, login, password details, Unique payment identifier and payment provider identifier.
  • Details of any requests or transactions you make through the Services; we partner with other companies (such as Stripe) for payment processing, and the payment information you submit is collected and used by them in accordance with their privacy policies (read Stripe’s privacy policy:
  • The Mystery Agency may also retain payment information apart from the last four digits of your credit card or bank account (as applicable), expiration date, and country, which we require for tax, government regulatory, and security purposes.
  • You may decline to provide The Mystery Agency with your information. However, this will limit your ability to register for an account or use our Services. You may pledge to a project as a guest by providing only an email address.

Please note: when you purchase a product via you are providing your personal data to STRIPE who will process it in accordance with their own Privacy policy which you can view here:

We may also use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

Once you have purchased a product, if you would like to request a refund, please see below:

  • Ordered on – email with the subject line Refund, followed by your order number (i.e. “Refund: XXX”) and reason

How do we store your data?

Information and data collected by The Mystery Agency are subject to The Mystery Agency’s Privacy Policy.

Personal data received at your consent through signing up to our mailing list is received, collected and stored through Mailchimp (our email marketing platform). Mailchimp’s servers are located in the United States. In addition, they or their subcontractors may use cloud technology to store or process Personal Information. Full information on how data is stored can be found in Mailchimp’s Privacy Policy:

How long we keep your personal data

We will store your personal data for as long as we actually need it for, concerning the purpose it was originally collected for. For personal data collected for marketing purposes through sign up, our data retention period is three years. At the end of that retention period, we will confirm if you would like to remain subscribed or unsubscribe to receive further communications.

Third party websites including Woocommerce and Stripe will store your Personal Data in accordance with their Privacy Policy. Please see their Privacy Policies for more information.

Why do we collect and what do we do with the information?

Personal data which you provide to us is used to:

• Provide you with the information, products and services you request from us

• Send you marketing, in accordance with your marketing preferences

• Manage and administer our business

• Review and improve our products and services

In order to provide you with your product and purchases, we will need to share your data with third party companies – those being warehouses, order packers, delivery and courier companies. Such disclosure of data is shared in compliance with the relevant data protection laws – and will be processed by third parties accordingly, with regards to this Privacy Policy as well as their own.
Personal data collected through your use of our website is used to monitor and analyze the performance, operation and effectiveness of the platform, for which we use Cookies.

How we use your personal data for marketing purposes?

If you sign up to receive marketing from us, we will add your details to our marketing database (currently managed and administered through Mailchimp, correct as of 6 July 2020). If you tell a third party (for example, when you purchase a product) that you would like them to pass us your contact details, we can then send you updates about our goods and services. You can withdraw your consent for marketing at any time.

What are Cookies?

​Cookies are small, often encrypted text files, located in browser directories. They are used to help you navigate the websites efficiently and perform certain functions.

Cookies are created when a user’s browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server. For Managing cookies for different browsers see here.

We use cookies for many important reasons:

  • To provide a great experience for visitors.
  • To monitor and analyze the performance, operation and effectiveness of the website
  • To ensure the website is secure and safe to use.

To manage your Cookies and preferences, you can find out more relevant to your specific browser here:

Types of Cookies

​First-party cookies: Cookies that we place on your site.

Third-party cookies: Cookies that are placed and used by third parties.


Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.

Persistent (permanent or stored) cookies: These cookies are stored on a site visitor’s hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site.


​Strictly necessary cookies: These are the cookies that let your visitors browse through your site. They are also necessary for security reasons.

Functional cookies: These cookies “remember” registered visitors/customers in order to improve their user experience.

Third Party Cookies

TS*: Session, Functional

Purpose: Security

TS01*******: Session, Functional

Purpose: Security

​TSxxxxxxxx (where x is replaced with a random series of numbers and letters): Session, Functional

Purpose: Security

​TSxxxxxxxx_d (where x is replaced with a random series of numbers and letters): Session, Functional

Purpose: Security

Third Party Websites

This website contains links to other websites of interest including sign up to the mailing list via Mailchimp. Each website has its own Privacy Policy, and we cannot be responsible for the protection of any information which you provide whilst visiting such sites. Links to third party websites and their Cookies Policies are provided below:

The Mystery Agency also uses a number of third parties that may use data provided through our website. These include:

  • Google Analytics (website statistics): 

Further Information

We try to be as open as we reasonably can about the Personal Data that we process. If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at

You have legal rights (i) to make a “subject access request” to access your Personal Data; (ii) to request and be given your Personal Data in machine readable format for the purposes of your passing such data to third parties; (iii) to request rectification or removal of your Personal Data; and (iv) to object to processing of your Personal Data and/or to have its processing restricted.  You can withdraw your consent to receive marketing messages at any time.  If you would like to use any of these rights, or otherwise have any questions about how we handle data, please contact us at, with details of your request.  In the case of subject access requests please ensure that you add “subject access request” into the subject line of your email.

We will store and process your Personal Data only for as long as is reasonably necessary for us to perform the services/activities we are undertaking and to comply with our legal obligations.

Please note that our Website will, from time to time, contain links to and from third party websites.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

As you probably know, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data once transferred to us; any transmission is at your own risk.  Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorised access.

If you have complaints relating to our processing of your Personal Data, you should contact us in the first instance at  You may also raise complaints with the Information Commissioner who is the statutory regulator.

Shipping information

Shipping times: These are not guaranteed and are the usual timings starting from when the courier receives your parcel. This may be the day after you make your order or after a weekend/bank holiday.