Legal

Privacy policy.

Last updated: January 2026

This policy describes what we collect, why we collect it, and what your rights are. We try to keep it short and free of legalese. If anything is unclear, contact us.

What we collect

Order information: name, email, shipping address, items ordered, payment confirmation. Required to fulfill orders.
Account information (if you create one): email, optional name and phone. Stored in our authentication system (Supabase).
Payment details: handled directly by Stripe. We never see or store your card number — Stripe gives us a token and a confirmation that you paid.
Site usage: we don't run third-party analytics or trackers. Your browser stores your cart and saved items locally, on your device.
Newsletter: if you sign up, only your email. You can unsubscribe at any time.
Contact form messages: stored so we can respond.

Why we collect it

To process and ship your order.
To send order confirmation, shipping, and delivery emails.
To respond to questions you send via the contact form.
To send newsletter emails (only if you signed up).
To detect and prevent fraud and abuse.

Who we share it with

Only the third-party services we need to run the store. We never sell your data.

Stripe — to process payments and handle card details securely.
Supabase — our database and authentication provider.
Resend — to send transactional emails (order confirmations, shipping notifications).
Vercel — our hosting provider.
Shipping carriers — to deliver your order. They get the address you provided.

Your rights

You have the right to:

Access the personal information we hold about you.
Correct anything that's wrong (you can update your name, phone, and address from your account settings).
Delete your account and personal data. From your account settings there's a "Delete my account" button — one click, plus a confirmation. Or email us via the contact form with the subject "Delete my data". We retain anonymized order records (no email or shipping address) for tax and accounting compliance.
Object to processing or restrict it.
Port your data to another service. Email us for an export.
Unsubscribe from any marketing emails — every email we send has an unsubscribe link.

Cookies

We don't use third-party tracking cookies. Your browser stores your cart, wishlist, and recently-viewed list locally — they never leave your device until you check out. Sign-in tokens are stored in your browser's local storage so you stay signed in across sessions.

Data security

The site uses HTTPS for every page. Passwords are hashed by Supabase and never stored in plain text. Card data is handled exclusively by Stripe — we never see or store it. Our admin endpoints require a server-side admin key and our database has row-level security policies that prevent users from accessing each other's orders.

Children

This site is not directed at children under 13, and we do not knowingly collect information from anyone under 13.

International transfers

Our hosting and database providers may store data in the United States. By using the site, you consent to your information being stored in the US.

Changes to this policy

If we make material changes, we'll update the "last updated" date at the top of this page and, if you have an account, send you an email.

Contact

Questions about this policy or your data? Get in touch.