0

Privacy Policy

Overview

We are committed to protecting the privacy and security of visitors and customers. This document explains the types of personal information we collect, how we use and disclose that information, the measures we take to protect sensitive data (including payment card information and contact details), and the choices available to individuals regarding their personal information. Using our website indicates acceptance of the practices described here.

Information We Collect

We collect information necessary to provide products and services, process transactions, and improve user experience. Categories of information include:

  • Identity & account data: name, username, account password, date of birth (if provided) and other profile details you supply when creating an account.
  • Contact & fulfillment data: billing and shipping addresses, phone number, recipient name, and delivery instructions used to fulfill orders.
  • Payment data: credit/debit card number, card expiration, billing address and other payment details submitted at checkout. See Payment Security below for handling and retention practices.
  • Order & transaction records: order history, items purchased, returns, refunds and transaction identifiers.
  • Device & usage data: IP address, browser type, device identifiers, operating system, referring URLs, pages visited, search queries and analytics collected through cookies and similar technologies.
  • Communications: customer service correspondence, chat transcripts, product reviews and other messages you choose to provide.

How We Use Personal Information

We use personal information for legitimate business purposes including:

  • Processing orders, payments, shipments, returns and refunds;
  • Verifying identity and preventing fraud, abuse or unauthorized transactions;
  • Providing customer service, order updates and transactional communications;
  • Personalizing product recommendations and website content where permitted;
  • Sending marketing communications when you have opted in and enabling opt-out choices;
  • Performing analytics, improving site performance and troubleshooting technical issues;
  • Complying with legal obligations and protecting our legal rights and property.

Payment Security & Card Data Protection

Ensuring the security of payment card information is a high priority. Our practices include:

  • PCI-compliant payment processors: Card transactions are handled by reputable third-party payment processors that comply with PCI DSS. Payment details entered at checkout are transmitted directly to these providers using secure channels; sensitive card processing is managed by those processors.
  • No storage of full card numbers: We do not retain full card numbers on our systems unless explicitly disclosed at the time of payment. When necessary and permitted, we retain only masked card details (for example, last four digits and card brand) or processor-issued tokens to facilitate authorized refunds or future payments.
  • Tokenization: Where available, tokenization is used so that payment credentials are replaced with secure tokens for stored payment methods and recurring transactions.
  • Encryption: All pages and endpoints that handle personal or payment data use TLS/HTTPS to encrypt data in transit. Sensitive data and backups are encrypted at rest where applicable, and access to encryption keys is tightly controlled.
  • Access controls: Access to payment and personal information is limited to authorized personnel and service providers on a need-to-know basis, protected by multi-factor authentication and strong credential management.
  • Monitoring & testing: We perform regular vulnerability assessments, security testing and monitoring of systems that handle payment data to detect and address potential threats.

Protection of Contact & Personal Data

Contact information and other personal data are protected through organizational and technical measures including:

  • Role-based access controls and least-privilege principles for staff and vendors;
  • Strong password policies, multi-factor authentication for administrative access, and session security;
  • Logging and monitoring of access to systems storing personal information, with periodic reviews;
  • Secure storage and handling policies for backups and exported data; encryption at rest where applicable;
  • Vendor management requiring contractual security and confidentiality obligations for third parties processing personal data on our behalf;
  • Employee training on privacy, data handling and phishing awareness to reduce human risk factors.

Cookies, Tracking & Analytics

We and our partners use cookies, web beacons and similar technologies to enable core site functions, remember preferences, prevent fraud, and provide analytics and advertising features. You may manage cookie preferences through browser settings and any consent controls provided on the site. Disabling certain cookies may affect site functionality.

Sharing & Disclosure

We share personal information only in limited circumstances necessary to operate the business:

  • Service providers: Trusted vendors that perform services on our behalf (payment processing, shipping/fulfillment, hosting, analytics, email delivery, fraud detection) and who are contractually required to protect personal information;
  • Legal reasons: When required by law, legal process or regulation, or to respond to lawful requests by public authorities; to protect rights, property or safety;
  • Business transfers: In connection with a merger, acquisition, financing, sale of assets or bankruptcy proceeding, personal information may be transferred as part of that transaction under confidentiality protections;
  • Aggregated or anonymized data: We may share de-identified summaries or aggregated statistics that do not reasonably identify individuals.

Data Minimization & Retention

We limit collection to what is necessary for the purposes described and retain personal information only as long as required to provide services, comply with legal obligations, resolve disputes and enforce agreements. When data is no longer needed, it is securely deleted, destroyed or anonymized in accordance with applicable law.

Access, Correction & Choices

Depending on jurisdiction, individuals may have rights to access, correct, update, export, restrict or delete their personal data, and to object to or opt out of certain processing (including marketing). Account holders may manage preferences and update information through their account settings. We provide processes to respond to verified requests in accordance with applicable laws and may require verification before fulfilling certain requests.

International Transfers

Personal information may be processed and stored in countries other than the one in which you reside. When transfers occur, we rely on appropriate safeguards required by law (such as standard contractual clauses, adequacy decisions, or other lawful mechanisms) to ensure an adequate level of protection for personal data.

Children

Our services are not directed to children under the age of 16 unless a different minimum age is required by local law. We do not knowingly collect personal information from children below the applicable minimum age. If we learn that we have collected personal data from a child without appropriate consent, we will take steps to delete such information as required by law.

Incident Response & Breach Notification


We maintain an incident response program to detect, contain and investigate security events. In the unlikely event of a confirmed data breach affecting personal information, we will follow applicable