Data Protection

Protecting Your Personal Information

We are committed to handling personal information responsibly. The following explains what data we collect, how we use it, and the technical and organizational measures we implement to safeguard sensitive information such as payment card details and contact data.

Types of Information Collected

To operate our services and deliver orders we may collect:

  • Account & identity data: full name, username, password and profile details you provide when registering an account.
  • Contact & fulfillment data: billing and shipping addresses, phone number and delivery instructions used to complete orders.
  • Payment data: cardholder name, card number, expiration date, billing address and other payment details submitted at checkout (see Payment Security below).
  • Order & transaction records: order history, items purchased, invoices, returns and refunds.
  • Device & usage information: IP address, browser type, device identifiers, operating system, referring URLs, pages visited and interaction data collected via cookies and analytics tools.
  • Customer communications: messages, support inquiries, reviews and other correspondence.

How We Use Personal Information

We process personal data for legitimate business purposes including:

  • Processing and fulfilling orders, payments, returns and exchanges;
  • Verifying identity and preventing fraud, abuse or unauthorized activity;
  • Providing customer service and transactional communications (order confirmations, shipping notices, receipts);
  • Personalizing product recommendations and website experience where permitted;
  • Sending marketing communications when you have consented and enabling easy opt-out options;
  • Analyzing performance, troubleshooting issues and improving products and services;
  • Meeting legal obligations and protecting our rights and systems.

Payment Security & Card Data Protection

Protecting payment card information is a priority. Our practices include:

  • PCI-compliant processors: Card transactions are handled by reputable third-party payment processors that comply with PCI DSS. Card details entered at checkout are transmitted directly to these providers over secure channels.
  • No storage of full card numbers: We do not store full primary account numbers on our servers unless explicitly disclosed at the time of payment. When retained for permitted purposes, only masked card data (for example, last four digits) or processor-issued tokens are kept.
  • Tokenization: Where supported, tokenization replaces sensitive payment credentials with non-sensitive tokens for subsequent transactions and stored payment methods.
  • Encryption: All pages and APIs that collect or transmit payment and personal data use TLS/HTTPS to encrypt data in transit. Sensitive data stored in systems or backups is encrypted at rest where applicable.
  • Access restrictions: Access to payment data is limited to authorized personnel on a need-to-know basis and protected by multi-factor authentication and strong credential policies.
  • Monitoring & testing: Regular security testing, vulnerability scanning and monitoring help detect and remediate threats to payment processing systems.

Protecting Contact & Other Personal Data

Contact details and non-payment personal data are safeguarded through organizational and technical measures:

  • Role-based access control and least-privilege policies to limit internal access;
  • Strong authentication, periodic credential rotation and multi-factor authentication for administrative access;
  • Logging, monitoring and audit trails to detect unauthorized access and support investigations;
  • Encryption for sensitive fields and secure backup handling;
  • Contractual security requirements for third-party vendors and routine vendor assessments;
  • Employee training on data protection, secure handling and phishing awareness.

Cookies, Tracking & Analytics

We and our partners use cookies and similar technologies to enable essential site functions, remember preferences, prevent fraud, and collect analytics. You can manage cookie preferences through browser settings and any consent tools offered on the site. Disabling certain cookies may affect site functionality.

Sharing & Disclosure

Personal information is shared only as necessary to operate our services under confidentiality protections:

  • Service providers: Payment processors, fulfillment and shipping partners, hosting providers, analytics and email services that perform functions on our behalf and are contractually required to protect data.
  • Legal reasons: When required by law, regulation or legal process, or to respond to lawful government requests; to protect rights, property or safety.
  • Business transfers: In the event of a merger, acquisition or sale of assets, personal data may be transferred under appropriate confidentiality safeguards.
  • Aggregated data: Non-identifying aggregated or anonymized information may be shared for analytics and research purposes.

Data Minimization & Retention

We limit collection to what is necessary for the purposes described and retain personal information only as long as required to provide services, comply with legal obligations, resolve disputes and enforce agreements. When personal data is no longer required, we delete, destroy or anonymize it according to internal policies and legal requirements.

International Transfers

Personal data may be processed or stored in jurisdictions different from your country of residence. When we transfer data across borders we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions or other lawful mechanisms to maintain an adequate level of protection.

Incident Response & Breach Notification

We maintain an incident response program to detect, contain and investigate security events. In the unlikely event of a confirmed data breach affecting personal information, we will take steps to contain the incident and follow applicable legal notification requirements.

Your Rights & Choices

Depending on your jurisdiction, you may have rights to access, correct, update, export, restrict or delete your personal information, and to object to certain processing such as marketing. Account holders can manage preferences and consent controls in their account settings. Verified requests will be handled in accordance with applicable law.

Children & Age Restrictions

Our services are not directed to children below the age of 16 unless a different minimum age is required by local law. We do not knowingly collect personal information from children under the applicable age; if discovered we will delete such data as required.

This notice provides an overview of our data protection practices. For additional details about privacy controls and account settings, please use the privacy and account tools available on the website. Continued use of our services after updates to these practices constitutes acceptance of the revised terms.