Privacy Policy for Ecommerce

Payment Information

• Payment details (processed securely by payment providers like Stripe, PayPal, Paddle)
• Billing addresses and tax information
• Payment method preferences
• Transaction history and receipts

Shipping Information

• Shipping addresses (home, work, gift recipients)
• Delivery preferences and special instructions
• Tracking numbers and shipment status
• Return and refund information

Customer Account Data

• Email addresses and account credentials
• Purchase history and order preferences
• Wishlists and saved items
• Product reviews and ratings

Marketing and Analytics

• Email marketing preferences and opt-ins
• Website browsing behavior and product views
• Cart abandonment tracking
• Advertising campaign data (Google Ads, Facebook Ads)

Consent is required for non-essential marketing and tracking cookies under GDPR.

GDPR Compliance for Ecommerce

EU/UK customers have specific rights:

• Lawful basis: Contractual necessity (order processing), consent (marketing), legitimate interests (fraud prevention)
• Data retention: Transaction data (7 years for tax), account data (while active), marketing data (until opt-out)
• International transfers: Payment processors and shipping providers may transfer data internationally
• User rights: Access, deletion, portability, objection to marketing

CCPA/CPRA Compliance for Ecommerce

California customers have specific rights:

• Right to know: What personal information is collected, used, and shared
• Right to delete: Request deletion (with exceptions for transaction records)
• Right to opt out: Opt out of sale or sharing of personal information (e.g., advertising data)
• Non-discrimination: Cannot be denied service for exercising rights