Write a Privacy Policy for Your Online Store

# Privacy Policy

**Effective Date:** [Insert Effective Date]
**Last Updated:** [Insert Last Updated Date]

## 1. Introduction

BrewCraft Coffee Co. ("BrewCraft," "we," "us," or "our") is a specialty coffee and brewing equipment retailer based in Austin, Texas, operating online through the Shopify platform. This Privacy Policy explains how BrewCraft collects, uses, shares, and protects personal information when customers visit its website, place an order, or otherwise interact with its services. By using the BrewCraft website, visitors agree to the practices described in this Policy.

This Policy applies to all personal data processed by BrewCraft, regardless of where a customer is located. Customers who do not agree with these practices should discontinue use of the website.

## 2. Information We Collect

BrewCraft collects the following categories of personal information:

- **Identity and Contact Information:** Name, email address, phone number (if provided), and shipping and billing addresses.
- **Order and Transaction Information:** Products purchased, order history, and payment details (payment card information is collected and processed directly by Stripe and PayPal and is not stored on BrewCraft's servers).
- **Account Information:** Login credentials, saved preferences, and wishlist items, if a customer creates an account.
- **Communications:** Customer service inquiries, product reviews, and correspondence with BrewCraft.
- **Technical and Usage Data:** IP address, browser type, device identifiers, referring URLs, pages viewed, and browsing behavior on the website.
- **Marketing Preferences:** Newsletter subscription status and email engagement data.

BrewCraft collects this information directly from customers, automatically through cookies and similar technologies, and from third-party services such as Shopify, Stripe, PayPal, Google, Meta, and Klaviyo.

## 3. How We Use Your Information

BrewCraft uses personal information for the following purposes:

- To process and fulfill orders, including shipping and returns;
- To communicate about orders, account activity, and customer service inquiries;
- To send marketing emails, newsletters, and promotional offers (only with consent where required by law);
- To operate, maintain, and improve the website and product offerings;
- To personalize shopping experiences and product recommendations;
- To detect and prevent fraud, unauthorized transactions, and other unlawful activity;
- To comply with legal obligations, including tax, accounting, and consumer protection requirements.

The legal bases for processing personal data include contract performance, legitimate business interests, consent, and compliance with legal obligations.

## 4. Cookies & Tracking Technologies

BrewCraft uses cookies, pixels, and similar tracking technologies to enhance site functionality, analyze traffic, and deliver targeted advertising. These include:

- **Essential Cookies:** Required for core site functions such as shopping cart and checkout.
- **Analytics Cookies:** Google Analytics is used to understand how visitors interact with the website.
- **Advertising Cookies:** The Meta Pixel (Facebook/Instagram) is used to measure ad performance and retarget visitors with relevant advertisements.
- **Email Marketing Tracking:** Klaviyo may set cookies to personalize newsletters and track engagement.

Visitors may manage cookie preferences through their browser settings or the cookie banner displayed on the website. Disabling certain cookies may limit site functionality.

## 5. Sharing With Third Parties

BrewCraft does not sell personal information. It shares data only with trusted third-party service providers as necessary to operate the business, including:

- **Payment Processors:** Stripe and PayPal handle all payment transactions securely and in accordance with PCI-DSS standards.
- **Ecommerce Platform:** Shopify hosts the website and stores order and customer data.
- **Shipping Carriers:** [Insert Shipping Partners, e.g., USPS, UPS, FedEx, DHL] receive names and addresses required to deliver orders.
- **Analytics Providers:** Google Analytics receives anonymized usage data to help analyze site performance.
- **Advertising Partners:** Meta (Facebook and Instagram) receives data through the Meta Pixel to support targeted marketing.
- **Email Marketing Provider:** Klaviyo processes subscriber data to send newsletters and transactional emails.
- **Legal and Regulatory Authorities:** When required by law, subpoena, or to protect legal rights.

All third-party providers are contractually obligated to protect personal data consistent with this Policy.

## 6. Data Retention

BrewCraft retains personal information only as long as necessary to fulfill the purposes outlined in this Policy, including legal, accounting, or reporting requirements. Order records are typically retained for [Insert Retention Period, e.g., 7 years] to comply with tax and financial regulations. Marketing data is retained until a customer unsubscribes or requests deletion.

## 7. Your Rights (GDPR & CCPA)

Depending on location, customers may have the following rights:

- **Access:** Request a copy of the personal data held about them.
- **Correction:** Request correction of inaccurate or incomplete data.
- **Deletion:** Request deletion of personal data, subject to legal exceptions.
- **Restriction or Objection:** Request restriction of processing or object to certain uses, including direct marketing.
- **Data Portability:** Receive personal data in a structured, machine-readable format.
- **Non-Discrimination (CCPA):** Not be denied services for exercising privacy rights.
- **Opt-Out of Sale/Sharing (CCPA):** BrewCraft does not sell personal information but honors opt-out requests related to targeted advertising.

Requests may be submitted to **support@brewcraftco.com**. Identity verification may be required. EU/UK residents may also lodge complaints with their local data protection authority.

## 8. International Transfers

Because BrewCraft ships worldwide and uses U.S.-based service providers, personal data may be transferred to and processed in the United States or other

# Privacy Policy for BrewCraft Coffee Co.

**Last Updated: [Month Year]**

## 1. Introduction

BrewCraft Coffee Co. ("we," "us," "our," or "Company") operates an ecommerce store at [Website URL] selling specialty coffee beans and brewing equipment. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, make purchases, and interact with our services. Please read this policy carefully. If you do not agree with our practices, do not use our site.

## 2. Information We Collect

We collect information in the following ways:

**2.1 Information You Provide**

- **Account Information:** When you create an account or make a purchase, we collect your name, email address, phone number, and password.
- **Payment Information:** We collect billing and shipping addresses, credit card details, and other payment information necessary to process transactions. Payment processing is handled by [Stripe/PayPal]; we do not store complete payment card details on our servers.
- **Communications:** When you contact us via email or customer support channels, we collect the content of your messages and any attachments.
- **Newsletter Subscriptions:** When you opt-in to our mailing list, we collect your email address through our email marketing platform, Klaviyo.

**2.2 Automatically Collected Information**

- **Device Information:** We collect information about your browser, device type, operating system, IP address, and unique device identifiers.
- **Usage Data:** We track pages visited, products viewed, time spent on the site, referring URLs, and clickthrough data.
- **Location Data:** We may collect approximate location data based on IP addresses to enhance shipping and fraud prevention.
- **Cookies and Tracking:** See Section 4 for details on cookies and tracking technologies.

**2.3 Third-Party Information**

We may receive information about you from third parties, including payment processors and shipping carriers, to facilitate order fulfillment and fraud prevention.

## 3. How We Use Your Information

We use collected information for the following purposes:

- **Order Fulfillment:** Processing purchases, managing payments, and arranging shipping.
- **Customer Service:** Responding to inquiries, resolving disputes, and providing technical support.
- **Marketing & Communications:** Sending promotional emails, newsletters, and product recommendations through Klaviyo (with your consent, where required).
- **Analytics & Improvement:** Using Google Analytics and Meta Pixel to understand user behavior, optimize our website, and measure marketing effectiveness.
- **Fraud Prevention:** Identifying and preventing fraudulent transactions and protecting against security threats.
- **Legal Compliance:** Fulfilling legal and regulatory obligations.
- **Customer Preferences:** Personalizing your shopping experience and recommending relevant products.

We will not sell or rent your personal information to third parties for their direct marketing purposes.

## 4. Cookies & Tracking Technologies

**4.1 Cookies**

We use both session-based and persistent cookies to recognize you, store your preferences, and understand how you interact with our site. These include:

- **Essential Cookies:** Required for site functionality and security.
- **Analytics Cookies:** Used by Google Analytics to track user behavior and site performance.
- **Marketing Cookies:** Used by Meta Pixel to measure ad performance and enable targeted advertising.
- **Preference Cookies:** Store your settings and choices.

**4.2 Third-Party Tracking**

Google Analytics and Meta Pixel (Facebook) collect data about your online activities across our site and other websites to create user profiles and deliver targeted advertisements. You can opt out of Google Analytics tracking via the [Google Analytics Opt-Out Browser Add-on](https://tools.google.com/dlpage/gaoptout).

**4.3 Cookie Consent**

By continuing to use our site, you consent to our use of cookies. Most browsers allow you to refuse cookies or alert you when they are being sent; however, some site features may not function properly if cookies are disabled.

## 5. Sharing With Third Parties

We may share your information with the following service providers:

- **Payment Processors:** Stripe and PayPal process payment information securely on our behalf.
- **Shipping Partners:** We share your name and address with shipping carriers (e.g., UPS, FedEx, USPS) to deliver orders.
- **Email Marketing:** Klaviyo processes email addresses and marketing preferences to send newsletters and promotional communications.
- **Analytics Providers:** Google Analytics and Meta Pixel receive usage data to measure site performance and advertising effectiveness.
- **Shopify:** Our website platform, Shopify, processes certain data as part of hosting and maintaining our store.
- **Legal Requirements:** We may disclose information if required by law, court order, or governmental request.

We ensure all third-party service providers maintain appropriate data protection standards and privacy practices.

## 6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy. Specifically:

- **Account Information:** Retained while your account is active and for [specified period] thereafter.
- **Transaction Data:** Retained for [7-10 years] to comply with tax and accounting regulations.
- **Marketing Data:** Retained until you unsubscribe or request deletion.
- **Automated Usage Data:** Typically retained for [12-36 months].

You may request data deletion subject to legal and operational obligations.

## 7. Your Privacy Rights

**7.1 GDPR Rights (EU/UK Users)**

If you are located in the European Union or United Kingdom, you have the following rights:

- Right to access, correct, or delete your personal data
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time

**7.2 CCPA Rights (California Residents)**

If you are a California resident, you have the right to:

- Know what personal information is collected, used, shared, or sold
- Delete personal information collected from you
- Opt-out of the sale or sharing of personal information
- Non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at [support@brewcraftco.com].

## 8. International Data Transfers

BrewCraft Coffee Co. is based in Austin, Texas. If you reside outside the United States, your information may be transferred to, stored in, and processed in the United States, which may have different data protection laws. By using our site, you consent to such transfers.

## 9. Data Security

We implement industry-standard security measures, including encryption (SSL/TLS), secure payment processing, and regular security assessments to protect your personal information. However, no online transmission is completely secure; we cannot guarantee absolute security.

## 10. Children's Privacy

Our site is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided information, we will delete it promptly. Parents or guardians who believe their child's information has been collected may contact us immediately.

## 11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy with a new "Last Updated" date. Your continued use of our site constitutes acceptance of modifications.

## 12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

**BrewCraft Coffee Co.**  
Email: [support@brewcraftco.com]  
Address: [Physical Address, Austin, Texas]  
Response Time: [5-10 business days]

---

*This Privacy Policy is provided for informational purposes. BrewCraft Coffee Co. reserves the right to update or modify this policy as needed.*

# Privacy Policy

**Effective Date:** [Effective Date]  
**Last Updated:** [Last Updated]

This Privacy Policy explains how **BrewCraft Coffee Co.** (“BrewCraft Coffee Co.,” “the Company,” “it,” “its,” or “the Store”) collects, uses, shares, and protects personal information when customers visit or make a purchase from **[Website URL]** or otherwise interact with the Store’s services. BrewCraft Coffee Co. is based in Austin, Texas and sells specialty coffee beans and brewing equipment worldwide through Shopify.

## 1. Introduction

BrewCraft Coffee Co. is committed to protecting customer privacy and handling personal information in a transparent manner. This Privacy Policy applies to information collected through the Store’s website, checkout process, customer support communications, marketing communications, and related services.

By using the Store’s website or purchasing from it, individuals acknowledge that their information may be processed as described in this Privacy Policy.

## 2. Information We Collect

BrewCraft Coffee Co. may collect the following categories of personal information:

**a. Information provided directly by customers**
- Name
- Email address
- Shipping address
- Billing address
- Phone number, if provided
- Order details and purchase history
- Communications sent to customer support

**b. Payment information**
Payment information is collected and processed through third-party payment providers, including **Stripe** and **PayPal**. BrewCraft Coffee Co. does not store full payment card details on its own servers, but it may receive limited transaction information such as payment status, card type, or partial payment identifiers.

**c. Automatically collected information**
When customers visit the website, certain information may be collected automatically, including:
- IP address
- Browser type and device information
- Operating system
- Pages viewed and browsing behavior
- Referring website or source
- Date and time of access
- Cookie identifiers and similar tracking data

**d. Marketing and analytics information**
The Store uses tools such as **Google Analytics** and **Meta Pixel** to understand website traffic, customer behavior, and the effectiveness of advertising campaigns.

## 3. How We Use Your Information

BrewCraft Coffee Co. uses personal information for legitimate business purposes, including to:

1. Process and fulfill orders, including shipping and delivery.
2. Send order confirmations, shipping updates, and service-related messages.
3. Process payments and prevent fraudulent transactions.
4. Respond to questions, returns, complaints, or customer support requests.
5. Operate, maintain, and improve the website, products, and customer experience.
6. Analyze website usage and performance through analytics tools.
7. Send marketing emails, newsletters, and promotional content through **Klaviyo**, where customers have opted in or where otherwise permitted by law.
8. Retarget or advertise to visitors through services such as Meta Pixel, subject to applicable consent requirements.
9. Comply with legal obligations, enforce policies, and protect the rights, property, or safety of the Store and others.

## 4. Cookies & Tracking

BrewCraft Coffee Co. uses cookies, pixels, tags, and similar tracking technologies on its Shopify-powered website.

These technologies may be used to:
- Keep the website functioning properly
- Remember user preferences and shopping cart contents
- Understand how visitors use the site
- Measure marketing performance
- Personalize content and advertisements

Third-party tools such as **Google Analytics** and **Meta Pixel** may place cookies or collect information about browsing activity on the website and, in some cases, across other websites.

Visitors can usually control cookies through their browser settings and, where applicable, through cookie consent tools on the site. Disabling certain cookies may affect site functionality.

## 5. Sharing With Third Parties

BrewCraft Coffee Co. does not sell personal information for money. However, it may share personal information with trusted third parties as necessary to operate the business and provide services.

These third parties may include:

**a. Ecommerce platform provider**
- **Shopify**, which hosts the online store and supports checkout, order management, and related ecommerce functions.

**b. Payment processors**
- **Stripe**
- **PayPal**

These providers process payment transactions subject to their own privacy policies and security practices.

**c. Shipping and fulfillment providers**
The Store may share customer names, shipping addresses, and order details with shipping carriers and logistics partners so orders can be delivered.

**d. Marketing and email service providers**
- **Klaviyo** for newsletters and promotional emails
- **Meta** for advertising and retargeting
- **Google Analytics** for traffic measurement and site analytics

**e. Legal and compliance disclosures**
The Store may disclose information if required by law, subpoena, court order, or governmental request, or where necessary to protect legal rights or prevent fraud.

## 6. Data Retention

BrewCraft Coffee Co. retains personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:
- Complete transactions and fulfill orders
- Maintain business and tax records
- Resolve disputes
- Enforce agreements
- Comply with legal obligations

Retention periods may vary depending on the type of information and applicable legal requirements. When personal information is no longer needed, it will be deleted, anonymized, or securely disposed of where feasible.

## 7. Your Rights (GDPR/CCPA)

Depending on where an individual lives, they may have certain privacy rights under applicable laws, including the **General Data Protection Regulation (GDPR)** and the **California Consumer Privacy Act (CCPA), as amended by the CPRA**.

These rights may include:
- The right to know what personal information is collected, used, disclosed, or shared
- The right to request access to personal information
- The right to request correction of inaccurate information
- The right to request deletion of personal information, subject to exceptions
- The right to object to or restrict certain processing
- The right to withdraw consent where processing is based on consent
- The right to opt out of certain targeted advertising or “sharing” as defined by applicable law
- The right not to be discriminated against for exercising privacy rights

To exercise these rights, individuals may contact BrewCraft Coffee Co. at **support@brewcraftco.com** or **[Mailing Address]**. The Store may need to verify identity before processing a request. Authorized agents may also submit requests where permitted by law.

Marketing emails can be unsubscribed from at any time by clicking the “unsubscribe” link in the email.

## 8. International Transfers

Because BrewCraft Coffee Co. sells worldwide and uses service providers that may operate in multiple countries, personal information may be transferred to, stored in, or processed outside a customer’s country of residence, including in the United States.

Where required by law, the Store will rely on appropriate safeguards for international data transfers, such as contractual protections or other lawful transfer mechanisms.

## 9. Security

BrewCraft Coffee Co. uses reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, loss, misuse, or alteration. These measures include using established third-party providers such as Shopify, Stripe, and PayPal.

However, no method of internet transmission or electronic storage is completely secure, and absolute security cannot be guaranteed.

## 10. Children’s Privacy

The Store’s website and services are not directed to children under the age of 13, and BrewCraft Coffee Co. does not knowingly collect personal information from children under 13. If the Store becomes aware that it has collected such information, it will take reasonable steps to delete it.

If a parent or guardian believes that a child has provided personal information, they should contact **support@brewcraftco.com**.

## 11. Changes to This Policy

BrewCraft Coffee Co. may update this Privacy Policy from time to time to reflect changes in business practices, legal requirements, or service providers. When changes are made, the updated version will be posted on the website with a revised “Last Updated” date.

Continued use of the website after changes are posted constitutes acceptance of the updated Privacy Policy, to the extent permitted by law.

## 12. Contact Information

If there are any questions about this Privacy Policy or if an individual wishes to exercise privacy rights, contact:

**BrewCraft Coffee Co.**  
Email: **support@brewcraftco.com**  
Mailing Address: **[Business Mailing Address]**  
Website: **[Website URL]**

# Privacy Policy

**Effective Date: [Insert Date, e.g., October 1, 2023]**

BrewCraft Coffee Co., a Texas-based online store located in Austin, Texas, is committed to protecting the privacy of its customers. This Privacy Policy explains how BrewCraft Coffee Co. collects, uses, shares, and protects personal information when individuals visit its website (brewcraftco.com), make purchases, or interact with its services. BrewCraft Coffee Co. operates on the Shopify platform and sells specialty coffee beans and brewing equipment worldwide. By using the website or services, users agree to the practices described herein. This policy complies with applicable laws, including GDPR for European users and CCPA for California residents.

## 1. Information We Collect

BrewCraft Coffee Co. collects personal information to provide its services effectively. This includes:

- **Information provided directly by users**: Names, email addresses, shipping and billing addresses, phone numbers, and payment details (such as credit card numbers, processed securely without storage by BrewCraft Coffee Co.).
- **Order and account information**: Purchase history, product preferences, and account credentials (if users create accounts).
- **Communication data**: Information from customer support inquiries, newsletters sign-ups, or surveys.
- **Automatically collected information**: IP addresses, browser types, device information, operating systems, pages visited, time spent on site, and referral sources.

BrewCraft Coffee Co. does not collect sensitive personal information, such as racial or ethnic origin, political opinions, religious beliefs, or health data.

## 2. How We Use Your Information

BrewCraft Coffee Co. uses collected information for legitimate business purposes, including:

- Processing orders, fulfilling shipments, and handling returns.
- Processing payments and preventing fraud.
- Providing customer support and responding to inquiries.
- Sending transactional emails (e.g., order confirmations) and marketing communications (e.g., newsletters via Klaviyo), with opt-out options.
- Personalizing user experience, such as product recommendations.
- Analyzing website performance and improving services.
- Complying with legal obligations, resolving disputes, and enforcing terms.

Users can unsubscribe from marketing emails at any time via links in messages or by contacting support.

## 3. Cookies & Tracking

BrewCraft Coffee Co. uses cookies, pixels, and similar tracking technologies to enhance functionality and user experience. Cookies are small data files stored on devices.

- **Essential cookies**: Necessary for site operation, like cart functionality (managed by Shopify).
- **Analytics cookies**: Google Analytics tracks site usage, traffic sources, and user behavior (anonymized where possible).
- **Marketing cookies**: Meta Pixel (Facebook Pixel) enables retargeting ads and audience building on Meta platforms.

Users can manage preferences via browser settings (e.g., opt out of Google Analytics at tools.google.com). BrewCraft Coffee Co.'s Cookie Policy [link if separate] provides details. Do Not Track (DNT) signals are honored where feasible.

## 4. Sharing With Third Parties

BrewCraft Coffee Co. shares information only as necessary and with trusted partners:

- **Payment processors**: Stripe and PayPal handle transactions; they receive payment details but not full customer profiles.
- **Shipping providers**: Carriers like USPS, UPS, or DHL receive shipping addresses for delivery.
- **Marketing and analytics**: Klaviyo (email newsletters), Google Analytics, and Meta Pixel receive anonymized or aggregated data.
- **Service providers**: Shopify (platform hosting), cloud storage (e.g., AWS), and fraud prevention tools.
- **Legal requirements**: Disclosure to authorities if required by law, or in mergers/acquisitions.

No information is sold to third parties. All partners are bound by confidentiality and data protection agreements.

## 5. Data Retention

BrewCraft Coffee Co. retains personal information only as long as necessary:

- Order data: 7 years for tax and legal compliance.
- Marketing data: Until opt-out or 2 years of inactivity.
- Analytics data: Anonymized after 26 months (Google Analytics standard).

Inactive accounts are deleted after 2 years. Users can request deletion earlier (see Section 7). Backups may extend retention for security.

## 6. Your Rights (GDPR/CCPA)

BrewCraft Coffee Co. respects user rights under GDPR, CCPA, and similar laws:

- **Access**: Request a copy of personal data.
- **Correction**: Update inaccurate information.
- **Deletion**: Request erasure (subject to legal retention).
- **Objection/Opt-out**: Object to processing for marketing; CCPA "Do Not Sell My Personal Information" opt-out via cookie tools or email.
- **Portability**: Receive data in structured format (GDPR).
- **Restriction**: Limit processing in disputes.
- **Withdraw consent**: For consent-based processing.

California residents have additional CCPA rights, including non-discrimination for exercising rights. To exercise rights, email support@brewcraftco.com with "Privacy Rights Request." Verification may be required. Responses within 45 days (extendable).

## 7. International Transfers

BrewCraft Coffee Co. is based in the United States and stores data primarily on U.S. servers (Shopify, AWS). For international customers, data may transfer to the U.S. or other countries. Transfers comply with GDPR via Standard Contractual Clauses (SCCs) for EU/UK data and adequacy decisions where applicable. Users consent to transfers by using global services. BrewCraft Coffee Co. ensures recipient countries provide adequate protection.

## 8. Security

BrewCraft Coffee Co. implements reasonable administrative, technical, and physical safeguards to protect data, including:

- SSL/TLS encryption for transmissions.
- Access controls and employee training.
- Regular security audits and Shopify's PCI-compliant hosting.
- Fraud detection tools.

No system is impenetrable; users share responsibility (e.g., strong passwords). In case of a breach, affected users will be notified as required by law.

## 9. Children's Privacy

BrewCraft Coffee Co. does not knowingly collect personal information from children under 13 (U.S. COPPA) or 16 (GDPR). The site is not directed at children. Parents/guardians can contact support@brewcraftco.com to request removal of a child's data.

## 10. Changes to This Policy

BrewCraft Coffee Co. may update this policy to reflect changes in practices or laws. Significant updates will be posted on the website with notice via email (for registered users) at least 30 days in advance. Continued use constitutes acceptance. Check the effective date above.

## 11. Contact Information

For questions, complaints, or rights requests, contact:

BrewCraft Coffee Co.  
Attn: Privacy Officer  
[Insert Physical Address, e.g., 123 Coffee Lane, Austin, TX 78701]  
Email: support@brewcraftco.com  

EU/UK users may also contact supervisory authorities, e.g., Data Protection Officer via email.

*Word count: 928*