Privacy Policy

Privacy Policy (Website & Services)

Last Updated: [2025-09-02]
Scope: This Privacy Policy applies to your use of [your domain] (the “Site”) and all features, content, and related services we provide through it (collectively, the “Services”). “We,” “us,” or “our” means [Your Company Name]. See Contact Us for details.

1. How to Use This Policy

Jump to what you need:

  • What we collect: §3

  • How we use/share it: §§4–5

  • Your rights & choices: §8

  • Cookies & tracking: §6

2. Who We Are & Policy Changes

  • Data Controller. Unless stated otherwise, [Your Company Name] is the controller of your personal information.

  • Updates. We may update this Policy to reflect operational, legal, or regulatory changes. If changes are material, we’ll notify you where required by law and refresh the “Last Updated” date.

3. Information We Collect

Depending on how you interact with the Services, we may collect:

3.1 Information You Provide

  • Contact details: name, address, email, phone.

  • Orders & support: billing/shipping info, order details, returns/exchanges.

  • Account & security: username, password, security prompts.

  • Shopping & interactions: cart/wishlist items, rewards/gift cards, reviews, inquiries.

  • Customer support: contents of your communications with us.

3.2 Information Collected Automatically

Using cookies, pixels, and similar tools, we may collect device and usage data such as IP address, browser/OS, device identifiers, pages viewed, links clicked, and interaction logs.

3.3 Information from Third Parties

Where permitted:

  • Service providers/platforms (ecommerce hosting, cloud/security, analytics, customer support, logistics/fulfillment).

  • Payment processors (to complete transactions).

  • Marketing/advertising partners (to run and measure campaigns).

  • Third-party widgets or login you choose to use, which may share info with us per your settings.

4. How We Use Personal Information

We process personal information for the following purposes (legal bases apply if you are in the EEA/UK):

  1. Provide & operate the Services (fulfill orders and payments, manage accounts, shipping/returns, service communications, site functionality and improvements). (Contract/Legitimate interests)

  2. Support & improvements (respond to inquiries, troubleshoot, enhance user experience). (Legitimate interests)

  3. Security & fraud prevention (detect, investigate, and deter malicious or unlawful activity; protect rights). (Legitimate interests)

  4. Marketing & personalization (optional) (send or display offers, personalize content/ads, and measure performance—you can opt out anytime). (Consent/Legitimate interests)

  5. Compliance & enforcement (comply with laws, enforce our terms, defend legal claims). (Legal obligation/Legitimate interests)

5. How We Share Personal Information

We share information only as permitted by this Policy or law:

  • Vendors/Service Providers (IT/cloud, payments, analytics, customer support, warehousing/logistics).

  • Business/marketing partners (if applicable and subject to their commitments).

  • At your direction or with your consent (e.g., shipping partners, third-party widgets/logins).

  • Affiliates (for internal administration and compliance).

  • Corporate transactions (merger, acquisition, asset transfer, bankruptcy).

  • Legal/safety (to comply with legal requests or protect rights, property, and safety).

[Show if applicable; e.g., California] “Sale” or “Sharing” for cross-context behavioral advertising.
If we “sell” or “share” personal information as defined by applicable law, we will disclose the categories of information and recipient categories here and provide an opt-out mechanism: [Your opt-out URL or instructions].

6. Cookies, Online Tracking & Preferences

  • Use of cookies. We and our partners use cookies, pixels, and similar technologies to remember preferences, analyze usage, personalize content/ads, and improve the Services.

  • Managing cookies. Most browsers let you delete or block cookies; doing so may affect some features.

  • Global Privacy Control (GPC). If you enable a GPC signal in a supported browser/extension, we treat it as a valid request to opt out of targeted ads/sharing for that browser/device (and, when we can link it, for your account).

  • Do Not Track (DNT). Except where law requires, we do not respond to other DNT signals at this time.

  • [Optional platform note]. If your store runs on [Platform, e.g., Shopify] and uses its cookies, see their cookie notice: [Platform policy link].

7. User-Generated Content (UGC)

Content you post in public areas (e.g., reviews) is publicly visible and may be collected or used by others. Share personal info carefully. We do not control third parties’ handling of such content.

8. Your Rights & Choices (Region-Specific)

Depending on your location, you may have some or all of the following rights:

  • Access/Know, Delete, Correct, Data Portability

  • Restrict processing, Withdraw consent (where consent is the basis)

  • Appeal (if we decline a request, where applicable)

  • Marketing controls: unsubscribe using the link in our emails (transactional/service emails may still be sent)

Verification & agents. We may request information to verify your identity. You may authorize an agent to submit requests on your behalf (we may require proof of authorization and, if needed, direct verification from you). We will respond within timeframes required by law and will not discriminate against you for exercising your rights.

9. Children’s Privacy

Our Services are not directed to children. We do not knowingly collect personal information from children. If you are a parent/guardian and believe a child provided information to us, contact us to delete it.
[If required, e.g., California] We do not knowingly “sell” or “share” personal information of users under 16.

10. Security & Retention

  • Security. We use reasonable technical and organizational measures to protect personal information. However, no system is 100% secure; avoid sending sensitive data via insecure channels.

  • Retention. We retain information as long as needed for the purposes described above, including account/service maintenance, legal obligations, dispute resolution, and contract enforcement. When no longer needed, we delete or anonymize it unless law requires otherwise.

11. International Transfers

If we process your information outside your country/region (e.g., by staff or vendors in other countries), we will use appropriate transfer mechanisms (such as EU Standard Contractual Clauses, UK addenda, or equivalent) or rely on adequacy decisions, as applicable.

12. Third-Party Sites & Links

Our Site may link to third-party websites/platforms. Their privacy and security practices are not under our control. Review their policies before sharing information.

13. Complaints & Supervisory Authorities

If you have concerns about how we process your information, please contact us first at [privacy@yourcompany.com]. If you are in the EEA/UK and are unsatisfied with our response, you may lodge a complaint with your local data protection authority. [Insert link to authority list, if applicable.]

Quick Customization Checklist

  1. Replace all [placeholders] (company name, domain, email, address, platform links).

  2. Decide whether you engage in “sale”/“sharing” for targeted advertising; if yes, complete §5 opt-out details and add an opt-out link/button.

  3. Add or remove the platform-specific cookie reference in §6.

  4. Confirm lawful bases for marketing (consent vs. legitimate interests) for your markets (EEA/UK/US/CA).

  5. Update the Last Updated date on publishing.

  6. If your audience may include minors, add consent/parental controls as required.

This is a general template, not legal advice. For regulated regions (EEA/UK/California, etc.), consider a final legal review.