Plain-English summary, not legal advice. This page is generic boilerplate written for a small apparel brand. Have a lawyer in your jurisdiction review before deploying, particularly the “Your Rights” section which varies by region (CCPA, GDPR, etc.).
Information We Collect
When you place an order, we collect your name, shipping address, billing address, email, phone (optional), and the products you bought. Payment information (credit card numbers, expiration, CVV) is handled directly by our payment processor — we never see it or store it. If you create an account, we add your password (hashed) and order history. We also collect basic site analytics (pages visited, time on site, device type) via a privacy-conscious analytics tool.
How We Use Your Information
We use your information to (a) fulfill your orders and ship them, (b) email you order confirmations and shipping updates, (c) respond when you write to us, (d) send marketing emails (only if you opted in — and you can unsubscribe with one click), and (e) understand how the site is being used so we can improve it. We do not sell or rent your personal information to anyone. Ever.
How We Share Information
We share data with a small number of service providers needed to run the business: our payment processor (to charge your card), our shipping carrier (to deliver the package), our email service (to send order confirmations), our analytics provider (aggregated usage data), and our customer-support tool. Each of these is bound by their own privacy commitments. We also disclose information when legally required — subpoena, court order, or a clear threat to safety.
Cookies and Tracking
The site uses essential cookies (to keep your cart and account session working) and a small number of analytics cookies. We don’t use cross-site advertising trackers. You can clear or block cookies in your browser settings; doing so may break the cart and sign-in features.
Your Rights
You have the right to ask us what data we hold about you, correct it if it’s wrong, and have it deleted. EU/UK residents have additional GDPR rights (data portability, objection to processing, etc.). California residents have additional CCPA rights (opt-out of “sale,” though we don’t sell). For any of these, email privacy@kindlingthreads.com — we aim to respond within 30 days.
Data Retention & Security
Order data is retained for 7 years (tax and accounting requirements). Account data is retained until you ask us to delete it or until 3 years of account inactivity. We use HTTPS site-wide, our database is encrypted at rest, and access to customer data is limited to the small team that needs it.
Children’s Privacy
Kindling Threads is not directed at children under 13, and we don’t knowingly collect data from them. If you believe we have, contact us and we’ll delete it.
Changes to This Policy
When we update this policy we’ll change the “Last Updated” date at the top. For substantive changes (new uses of data, new sharing) we’ll also email people on our customer list. Continued use of the site after a change means you accept the updated policy.
Contact Us
Questions about this policy? Reach us at privacy@kindlingthreads.com or via our contact form.