Privacy & Security Practices

We are committed to safeguarding the personal information of our customers. This page explains what information we collect, how it is used, how we protect it, and the choices available to you regarding your personal data.

Information We Collect

We collect information necessary to process orders, provide services, and improve your experience. Typical categories include:

  • Account details: name, username, password, date of birth (when provided), and account preferences.
  • Contact information: billing and shipping addresses, phone number and email address.
  • Order information: items ordered, quantities, order history and preferences.
  • Payment information: payment card details or other payment tokens required to complete purchases. Full card numbers are not stored on our servers unless you explicitly opt into a secure, tokenized vault provided by a certified payment processor.
  • Device and usage data: IP address, device identifiers, browsing behaviour on the site, and analytics data for fraud prevention and site improvements.
  • Customer service records: communications, support tickets, and returns or dispute documentation.

How We Use Personal Data

Personal information is used for purposes including:

  • Processing and fulfilling orders, handling returns and refunds, and providing order updates.
  • Processing payments and preventing fraud, using secure, industry-recognized payment gateways.
  • Communicating about products, promotions and account-related information — as permitted by law and your preferences.
  • Personalizing the shopping experience and providing product recommendations.
  • Customer support and dispute resolution.
  • Complying with legal obligations, enforcing our terms, and protecting the security and integrity of our services.

Payment Card Security

Protecting payment data is a top priority. We follow these practices:

  • We use reputable, PCI DSS–compliant payment processors for card authorization and tokenization. When possible, payment card numbers are exchanged directly between your browser and the payment provider so full card numbers never pass through or are stored on our systems.
  • When tokenization is used, a secure token is stored and used for future charges instead of storing the raw card number.
  • Access to payment-related systems is restricted by role-based controls and logged to detect unauthorized use.
  • All payment transmissions occur over secure, encrypted channels (HTTPS/TLS).

Security Measures

We implement a combination of administrative, technical and physical safeguards to protect personal data:

  • Encryption: Data in transit is encrypted with TLS. Sensitive data at rest is encrypted where practical.
  • Access controls: Data access is limited to authorized personnel on a need-to-know basis and is managed through least-privilege principles.
  • Monitoring & logging: Systems are monitored for suspicious activity and audit logs are maintained to support incident investigation.
  • Secure development practices: Regular code reviews, testing and vulnerability scanning are conducted to reduce risks.
  • Vendor assessment: Third-party partners handling personal data are evaluated for appropriate security and privacy controls and must follow contractual safeguards.

Cookies & Tracking Technologies

We use cookies and similar technologies to provide site functionality, remember preferences, analyse usage, and prevent fraud. Most browsers allow you to manage cookie settings, and you can adjust preferences through your browser or account settings. Disabling certain cookies may affect site functionality.

Third Parties and Processors

We share personal data with service providers who perform functions on our behalf (for example, payment processors, fulfillment partners, analytics providers and fraud prevention vendors). These partners are contractually bound to process information only for the purposes we specify and to maintain appropriate security measures.

International Transfers

Personal data may be transferred to and processed in countries other than your country of residence. When this occurs, we take steps to ensure an adequate level of protection through contractual measures, transfer mechanisms recognized by applicable law, and by requiring our partners to maintain strong privacy and security controls.

Data Retention

We retain personal information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and purpose; when data is no longer required it is deleted or aggregated for analytical use.

Your Rights & Choices

Depending on where you live, you may have rights regarding your personal data, such as the right to access, correct, restrict or delete your information, the right to object to certain processing, and the right to data portability. You can manage many preferences in your account settings or privacy portal where available. We will respond to valid requests in accordance with applicable law.

Children’s Privacy

Our services are intended for adults. We do not knowingly collect personal information from children under the age required by local law. If we learn that personal information of a child has been collected in violation of law, we will take steps to delete that information.

Breach Notification

In the unlikely event of a security incident that affects personal information, we will act promptly to contain and remediate the issue. Where required by law, we will notify affected individuals and regulators in accordance with legal timelines and provide guidance on protective steps you can take.

How to Manage Your Information

You can review and update much of your personal information through your account settings or privacy portal. To exercise other rights described above, please use the privacy or account request tools provided in your account interface.

We continually review our privacy and security practices and may update this notice to reflect changes in our services or applicable laws. Significant changes will be posted to this page with an updated effective date.