Privacy Policy — [Your Store Name]

Effective date: April 19, 2026

This Privacy Policy explains how [Your Store Name] ("we", "us", "our") collects, uses, discloses, and protects personal information when you visit or make a purchase from our website (the "Service"). This policy covers US (including CCPA-style) and EU (GDPR) protections.

 1. Business contact
- Legal name: [Your Store Name]  
- Mailing address: [Insert business address — USA]  
- Privacy contact email: privacy@[yourdomain].com

 2. Information we collect
- **Account & contact:** name, email, password (hashed), phone number, billing/shipping addresses.  
- **Order & payment:** order details, transaction records. We do not store full card data; payments are processed via our payment processors (major credit cards through a PCI-compliant processor and PayPal). Minimal payment metadata (last 4 digits, card type) may be retained by processors.  
- **Device & usage:** IP address, browser/device type, cookies, pages visited, referrer, analytics data. We may use services such as Google Analytics and similar tools.  
- **Communications:** customer support records, chat transcripts, emails.  
- **User content:** product reviews, photos, and other content you submit.  
- **Marketing opt-ins:** newsletter subscription, SMS (if opted-in).  
- **Sensitive data:** we do not intentionally collect sensitive personal data (e.g., health, racial/ethnic origin). Do not submit sensitive information.

 3. How we use your information
- To process and fulfill orders, manage payments, ship products, and provide customer service.  
- To communicate about orders, products, promotions, and account-related notices (with consent where required).  
- To improve and personalize the Service (analytics, A/B testing, recommendations).  
- To detect, prevent, and address fraud, abuse, security risks, and violations of our policies.  
- To comply with legal obligations and respond to lawful requests.

 4. Legal bases for processing (GDPR)
- **Contract:** processing necessary to perform the contract (orders, payments, shipping).  
- **Consent:** marketing communications, cookies where required.  
- **Legitimate interests:** fraud prevention, analytics, service improvements, and direct marketing (balanced with user rights).

 5. Sharing & disclosure
We share personal information with:
- **Service providers:** payment processors (credit card processor, PayPal), hosting providers, email service providers, analytics vendors, fulfillment and shipping partners, customer support platforms.  
- **Legal & safety:** when required by law, to respond to legal process, or to protect rights and safety.  
- **Business transfers:** in connection with corporate transactions (sale, merger, reorganization) with notice.  
We do not sell personal information for monetary consideration. If that changes, opt-out mechanisms will be provided.

 6. International transfers
Personal data may be processed and stored in the United States and other countries. We use appropriate safeguards (e.g., standard contractual clauses) where required by law.

7. Cookies & tracking
We use cookies, web beacons, and similar technologies for functionality, authentication, analytics, and advertising. You can manage cookie preferences via our cookie banner and browser settings. Opt-in consent is obtained where required.

 8. Data retention
We retain personal information as long as necessary to provide services, comply with legal obligations, resolve disputes, enforce agreements, and for fraud prevention—generally up to 7 years for transactional records unless a different retention period is required.

 9. Your rights
- EU/EEA residents: access, rectify, erase, restrict processing, portability, and object to processing; withdraw consent at any time.  
- California residents (CCPA/CPRA): right to know, delete, correct, and request data portability, and to opt-out of sale of personal information.  
- All users: opt-out of marketing communications via unsubscribe links or contacting privacy@[yourdomain].com.  
To exercise rights, contact privacy@[yourdomain].com. We may require verification and will respond within applicable legal timeframes.

 10. Children's privacy
Our Service is not directed to children under 16. We do not knowingly collect personal information from children; if discovered, we will delete it.

 11. Security
We use industry-standard measures (TLS encryption in transit, access controls, vendor security requirements). Payments are processed through PCI-compliant processors (credit card processor and PayPal). No system is completely secure; we will notify affected users and regulators of breaches as required by law.

 12. Third-party links
Our site may link to third-party sites. This policy does not apply to third-party sites; review their privacy notices.

 13. Changes to this policy
We may update this policy; changes take effect on the posted "Effective date." For material changes, we will provide notice via email or site banner.

 14. Governing law
Governing law: laws of the State of [Your State], USA, except where overridden by mandatory local laws (e.g., EU data subject rights).

---

Replace bracketed placeholders (e.g., [Your Store Name], [yourdomain].com, [Your State]) with your details. If you want, I can produce a version formatted for your website footer and include a cookie banner text and consent options..