Data Protection

Protecting Personal Information

We are committed to handling personal information responsibly. The following explains what data we collect, how we use it, and the technical and organizational measures we implement to protect sensitive information such as payment card details and contact data.

Information We Collect

To provide products and services we may collect the following categories of personal information:

  • Account and identity data: name, username, password and profile details supplied during registration.
  • Contact and fulfillment data: billing and shipping addresses, phone number and delivery instructions used to fulfill orders.
  • Payment data: cardholder name, card number, expiration date and billing address submitted at checkout (see Payment Security below for handling).
  • Order and transaction records: order history, items purchased, refunds and transaction identifiers.
  • Device and usage information: IP address, browser type, device identifiers, referring URLs, pages visited and analytics collected by cookies and similar technologies.
  • Customer communications: support inquiries, chat transcripts, reviews and other messages you provide.

How We Use Personal Information

  • To process and fulfill orders, payments, returns and exchanges;
  • To verify identity, detect and prevent fraud and unauthorized transactions;
  • To provide customer service, order status updates and transactional communications;
  • To personalize product recommendations and website experience where permitted;
  • To send marketing communications when you have consented and to provide simple opt-out choices;
  • To analyze performance, troubleshoot issues and improve products and services;
  • To comply with legal obligations and protect our rights and systems.

Payment Security & Card Data Protection

Protecting payment card information is a top priority. Our practices include:

  • PCI-compliant processors: Card transactions are handled by reputable third-party payment processors that comply with PCI DSS. Payment details entered at checkout are transmitted directly to these providers via secure channels.
  • No storage of full card numbers: We do not store full primary account numbers on our systems unless explicitly disclosed at the point of payment. When retained for legitimate purposes, only masked card details (e.g., last four digits) or processor-issued tokens are kept.
  • Tokenization: Where supported, tokenization replaces sensitive payment credentials with non-sensitive tokens for stored payment methods and subsequent transactions.
  • Encryption: All pages and APIs that collect or transmit payment and personal data use TLS/HTTPS to encrypt data in transit. Sensitive data stored in systems or backups is encrypted at rest where applicable.
  • Access restrictions: Access to payment data is limited to authorized personnel on a need-to-know basis and protected by multi-factor authentication and strong credential policies.
  • Monitoring & testing: Regular vulnerability scanning, security testing and monitoring help detect and remediate threats to payment processing systems.

Protecting Contact & Other Personal Data

Contact information and non-payment personal data are safeguarded through organizational and technical measures:

  • Role-based access control and least-privilege principles to limit internal access;
  • Strong authentication, periodic credential rotation and multi-factor authentication for administrative access;
  • Logging, monitoring and audit trails to detect unauthorized access and support investigations;
  • Encryption for sensitive fields and secure handling of backups and exports;
  • Vendor management requiring contractual security and confidentiality obligations for third parties processing data on our behalf;
  • Employee training on privacy, secure handling and phishing awareness to reduce human risk.

Cookies, Tracking & Analytics

We and our partners use cookies, web beacons and similar technologies to enable core site functions, remember preferences, prevent fraud, and collect analytics. You may manage cookie preferences via your browser and any consent tools provided on the site. Disabling certain cookies may affect site functionality.

Sharing & Disclosure

Personal information is shared only as necessary to operate the business and under confidentiality protections:

  • Service providers: Payment processors, fulfillment and shipping partners, hosting providers, analytics and email services that perform functions on our behalf and are contractually required to protect data.
  • Legal reasons: When required by law, regulation or legal process, or to respond to lawful requests from authorities; to protect rights, property or safety.
  • Business transfers: In the event of a merger, acquisition, financing or sale of assets, personal data may be transferred as part of that transaction under confidentiality safeguards.
  • Aggregated data: Non-identifying aggregated or anonymized information may be shared for analytics, research or marketing.

Data Minimization & Retention

We limit collection to information necessary for the purposes described and retain personal data only as long as required to provide services, comply with legal obligations, resolve disputes and enforce agreements. When data is no longer needed, we securely delete, destroy or anonymize it in accordance with applicable laws and internal policies.

International Transfers

Personal data may be processed or stored in countries other than your country of residence. When transfers occur, we rely on appropriate safeguards such as standard contractual clauses, adequacy decisions or other lawful mechanisms to ensure an adequate level of protection.

Incident Response & Breach Notification

We maintain an incident response program to detect, contain and investigate security events. In the unlikely event of a confirmed data breach affecting personal information, we will take steps to contain the incident and follow applicable notification requirements to affected individuals and authorities.

Your Rights & Choices

Depending on your jurisdiction, you may have rights to access, correct, update, export, restrict or delete your personal information, and to object to certain processing such as marketing. Account holders can manage preferences and consent controls through account settings, and we provide processes to respond to verified requests in accordance with applicable law.

This notice provides an overview of our data protection practices. For more detail about privacy controls and account tools, please use the privacy and account features available on the website. Continued use of our services after updates to these practices constitutes acceptance of the revised terms.