We collects your data when you purchase from or interact with our storefront. This information includes, but is not limited to: your account email, name, address, IP address, shipping preferences, and browser information. This information is safely stored and only accessible by our staff. For payments through our storefront, we utilize the payment processors PayPal, Stripe, and Etsy. As a result, we do not in any way receive, process, or store customer credit card information, as this information is processed on third-party servers.
The collected data is used by us to coordinate the shipment of your products. When necessary, we share your data with third-party organizations to generate shipping labels and fulfill your orders.
If you have any questions or concerns regarding your privacy, including requests for, or the deletion of your data, please contact us using the information at the end of this document.
If you wish to withdraw consent from this policy or any future revision, you must contact us. Doing so will result in the deletion of user data per our deletion standards. If you wish to further modify your data after deletion, please contact us at your earliest convenience through the methods outlined in the Contact section of this document.
In order to use our services, we require personal information such as your name and email address. Certain services may require us to store your information, such as when an order is placed in our store.
When requests are made to our services, data such as page visited, time of request, type of device, and your browser information may be logged temporarily. By doing so, we can better streamline your experience and make our site easier to use. These logs will only be accessible by us and will never be tied back to you or your user account.
In the event of an internal server or website error, we may log information about the request, including, but not limited to: IP address, time of request, current and previous pages, error information, and request information (including anonymized form data). This information is frequently purged and only accessible to our technical staff in the event of a malfunction.
All information transmitted to our service is encrypted using above-industry standard protection, with special attention given to sensitive information such as passwords and API keys.
When you access our services, small data files called “cookies” may be stored on your computer. These cookies allow us to provide core functionalities of our website to you. You are permitted to disable cookies, however, your ability to navigate and use our services may be severely impaired by this.
With the following exceptions, we will not provide your personal information to third party services. We will never sell your personal information under any circumstance.
Your information may need to be shared with certain third-party organizations, such as our payment processors or the United States Postal Service, in order to fulfill our services. When this occurs, the relevant information will be subject to the receiving organization's privacy policies.
We will share your personal data if required by law, regulations, subpoenas, court orders, legal investigations, or other legal requirements by governmental authorities. Depending on the nature of the request, you may or may not be notified of this event.
We may share your personal data, including IP address, email address, and other identifying information when deemed necessary in order to prevent financial loss to a third party, physical harm, illegal activity, or violations to our Terms of Service.
At your request, we may share your personal data with a third party organization. See the Contact section for more information regarding who to contact and what proofs of ownership may be required.
We may transfer personal information to a successor entity in the event of a merger, acquisition, or other similar events. If this occurs, users will be duly notified and provided with options regarding account deletion.
We recognize the privacy interests of children and will take the necessary steps to ensure the following interests:
For users under the age of eighteen, we recommend that parents and guardians actively monitor and take a part in their children's online activities.
Our site is not targeted towards children under the age of thirteen, or sixteen in the European Union, nor do we knowingly collect data from children under this age.
Should we find a child under this age has provided us with personal information, that information will be deleted as outlined in our Deletion Standards and Data Retention policy. If your child is under age and has provided us with such information, please contact us as soon as possible.
Upon the deletion of information from our site, we will delete most traces of your personal information. However, certain types of information may persist after deletion for the following reasons:
If you have an unfulfilled shop order or ongoing commission, relevant data such as shipping addresses may be preserved for the sake of fulfillment. Any and all data preserved for this reason will be deleted once these circumstances elapse. You may request these orders be cancelled prematurely according to our cancellation policy.
We automatically create daily backups of all information site-wide. These backups, or portions therein, may be retained as long as necessary in order to comply with legal obligations or assist in dispute resolutions.
If you notify us after your account deletion, and your account remains in good standing, we will take the necessary actions to remove it from our backups in a timely manner.
If your account is deemed to not be in good standing, or has demonstrated suspicious activity, we reserve the right to retain this information per the section Right to Erasure Including Retention and Disposal policy.
When it comes to security, we use well-above industry practices for the transmittance and storage of personal information. All information transmitted through our services employs at least 4096-bit RSA key encryption through Transport Layer Security (TLS). Certain areas of the services may use additional encryption mechanisms, such as AES or additional RSA encryption as deemed necessary. If your device or browser do not support these security mechanisms, you will be unable to use the service.
You may withdraw your consent at any time. Upon such withdrawal, we will immediately cease any and all further transfer of your data. Regardless of your home country, you may use the rights provided by the General Data Protection Regulation (GDPR), as outlined in the Rights to Your Information section.
In order to act upon the following rights, please see the instructions in the Contact section of this policy. Verification of your identity will be required.
You have a right to rectify, update, or otherwise complete any inaccurate or missing data by contacting us as outlined in this policy.
You have the right to obtain a copy of all personal data that we may currently hold about you.
The first three requests within a calendar month will be completed, or at least initiated, within 30 days of initial contact at no cost. Additional requests within this same calendar month will incur a reasonable administrative fee per request.
Under certain circumstances, you can request that we migrate your data to another service provider. This is not an automatic right due to the unique nature of our services and relational data, however, we can attempt to work with other service providers in the event of a such a request.
You have the right to request that we stop certain data processing activities that involve your data. This is not an automatic right, as our ability to restrict processing will depend on the type of data you are requesting, particularly those listed in our data retention policies.
You have a right to request that we delete any of your personal data. This is not an automatic right, as what we are able to delete will depend on the type of data that we hold about you, particularly those listed in our data retention policies.
All requests regarding personal information or this privacy should be directed to
email@example.com. Such requests should clearly define all applicable details and information.
If you have any questions or concerns regarding this policy, please contact us.
In order to make a request regarding personal information, ownership of the account(s) in question must be verified.
Verification requirements are determined on a case-by-case basis, however, at minimum, you are required to provide verification of ownership of the email address associated with the account(s) in question.
If the account's owner is deceased, we will grant requests to their personal representative, as applicable, upon receipt of documents indicating the death and appointment of aforementioned representative.
If account ownership cannot be verified, we reserve the right to deny any request regarding personal information. We further reserve the right to contact the legitimate account holder, and/or appropriate legal authorities, if necessary.