Privacy Policy

1. Information we collect

Information you provide directly

• Account information: name, email address, password, and phone number when you create an account.
• Order information: shipping address, billing details, and order history when you make a purchase.
• Guest checkout: name, email address, and shipping address when you checkout without an account.
• Communications: messages you send us via our contact form or email.
• Reviews: any product reviews or ratings you submit.

Information collected automatically

• Usage data: pages visited, time spent, clicks, and referring URLs.
• Device data: browser type, operating system, IP address, and device identifiers.
• Cookies: session cookies to keep you logged in and remember your cart.

Payment information

We do not store your card details. All payments are processed securely by Stripe, which is PCI DSS Level 1 certified. We only receive a payment confirmation and transaction reference.

2. How we use your information

• To process and fulfil your orders and send order confirmations and shipping updates.
• To create and manage your account.
• To respond to your enquiries and provide customer support.
• To send transactional emails (order confirmed, shipped, delivered).
• To improve our website, products, and services.
• To detect and prevent fraud or abuse.
• To comply with legal obligations including tax reporting.

We do not sell your personal information to third parties. We do not use your data for automated profiling.

3. Legal basis for processing (GDPR)

If you are in the European Economic Area, we process your data under the following legal bases:

• Contract: to fulfil orders you place with us.
• Legitimate interests: fraud prevention, improving our services, and customer support.
• Legal obligation: tax records and compliance requirements.
• Consent: for any optional marketing emails (you can withdraw at any time).

4. Sharing your information

We share your data only with trusted third parties necessary to operate our business:

• Stripe — payment processing (Stripe Privacy Policy)
• Cloudinary — image hosting and delivery
• Email service provider — sending transactional emails
• Hosting provider — server infrastructure

We do not share your data with advertisers.

5. Cookies

We do not use advertising or tracking cookies.

6. Data retention

• Order records are kept for 7 years for tax and legal compliance.
• Account data is retained while your account is active. You may request deletion at any time.
• Guest order data is retained for 7 years for the same legal reasons.

7. Your rights

Depending on your location you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data, subject to legal retention requirements.
• Portability — receive your data in a machine-readable format.
• Object to certain types of processing.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at hello@greatimpactdeluxe.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, CSRF protection, and rate limiting. While we take reasonable precautions, no system is completely secure.

9. Children's privacy

Our store is intended for adults purchasing products for children. We do not knowingly collect personal information from anyone under the age of 13. If you believe a child has provided us with their information, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. Continued use of our site after changes constitutes acceptance of the updated policy.

11. Contact us