Privacy Policy

Personal Information

We collect personal information that you voluntarily provide to us when you:

• Account Registration: Name, email address, phone number, and password
• Profile Information: Address, city, zip code, country, and profile image
• Order Processing: Shipping and billing information, payment details
• Customer Support: Information you provide when contacting our support team

Automatically Collected Information

We automatically collect certain information when you visit our website:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, referral sources
• Session Data: Authentication tokens, session identifiers, user preferences
• Technical Data: Server logs, error reports, performance metrics

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Maintain your login session and shopping cart
• Analytics Cookies: Understand how you use our website (Google Analytics)
• Preference Cookies: Remember your settings and preferences
• Security Cookies: Protect against fraud and unauthorized access

You can control cookie settings through your browser preferences, but disabling certain cookies may affect website functionality.

Service Provision

• Process and fulfill your orders
• Manage your account and profile
• Provide customer support
• Send order confirmations and shipping updates

Communication

• Send marketing communications (with your consent)
• Respond to your inquiries and support requests
• Send important service updates and notifications

Security and Fraud Prevention

• Verify your identity and prevent unauthorized access
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations and enforce our terms

Analytics and Improvement

• Analyze website usage and performance
• Improve our products, services, and user experience
• Conduct research and development

Service Providers

We share information with trusted third-party service providers who assist us in:

• Cloud Storage: DigitalOcean Spaces for product image storage
• Database Services: MySQL database hosting
• Analytics: Google Analytics for website analytics
• Error Monitoring: Sentry for application monitoring
• Payment Processing: Payment processors (when implemented)

Legal Requirements

We may disclose your information if required by law or if we believe such action is necessary to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our terms of service

Technical Safeguards

• Encryption: Passwords are hashed using bcrypt
• Secure Headers: CSP, X-Frame-Options, X-XSS-Protection
• HTTPS: All data transmission is encrypted
• Access Controls: Role-based access restrictions
• CSRF Protection: Cross-site request forgery prevention

Administrative Safeguards

• Access Logging: All data access is logged and monitored
• Regular Audits: Security reviews and vulnerability assessments
• Staff Training: Privacy and security awareness training
• Incident Response: Procedures for handling security breaches

Access and Portability

• Request access to your personal information
• Receive a copy of your data in a portable format
• Request correction of inaccurate information

Deletion and Restriction

• Request deletion of your personal information
• Request restriction of processing
• Object to certain types of processing

Communication Preferences

• Opt out of marketing communications
• Update your communication preferences
• Unsubscribe from email lists

Retention Periods

• Account information: Until account deletion
• Order data: 7 years (for tax and legal compliance)
• Marketing data: Until consent is withdrawn
• Analytics data: 26 months (Google Analytics default)