Privacy Policy
Privacy Policy
What we collect
Account email, name, shipping address, and phone; card information processed by Stripe at order/payment time (we do not store card numbers); browsing behavior (aggregated and anonymized); and customer support communication records.
Why we collect it
To fulfill orders and logistics; for customer support and after-sales service; for fraud prevention and compliance auditing; and to submit to competent authorities as required by law.
Who can see it
Only the operations staff needed to process the current order; payment processors Stripe / PayPal / Wise (under compliance requirements); carriers (shipping address and phone only); and relevant authorities where legally compelled. We never sell, rent, or share your data with third parties for advertising or marketing.
Retention period
Account data is kept until you actively close your account plus the statutory limitation period; order/financial/tax records are kept as required by your jurisdiction (typically 7 years); marketing cookies for 24 hours.
Your rights
Access / correction / deletion (the rights granted under GDPR / CCPA and similar laws). You may email our privacy officer and we will respond within 30 days.
Where data is held
Account and order data is stored in Cloudflare D1 (globally distributed SQLite), with the primary region in the United States. Image assets are stored in Cloudflare R2 (global edge). Stripe handles data under its own compliance framework.
Cookies
Essential cookies: login session and shopping bag. Analytics: Cloudflare Web Analytics (no tracking, no fingerprinting). Optional PostHog (if enabled).
DRAFT · Privacy officer contact:legal@example.invalid