Privacy Policy

This policy explains what personal data we collect, why we collect it, and your rights under the GDPR. We aim to collect the minimum we need to run the store and serve you well.

Data we collect

• Account data: name, email, hashed password.
• Order data: shipping address, items, totals, payment metadata (we never store full card numbers).
• Communication data: messages you send us via the contact form or email.
• Usage data: anonymous analytics (only with your consent).

How we use your data

• To process and ship your orders.
• To answer support questions.
• To send transactional emails (receipts, shipping updates).
• To improve the site (anonymous analytics, with your consent).

Legal bases

Contract performance for orders and account management; legitimate interest for fraud prevention and service improvement; and consent for optional analytics and marketing.

Sharing

We share data only with vetted processors needed to run the service: payment providers, shipping carriers, and email infrastructure. We never sell personal data.

Your rights

• Access — request a copy of your personal data.
• Rectification — ask us to fix inaccurate data.
• Erasure — ask us to delete your data, subject to legal retention requirements.
• Portability — receive your data in a machine-readable format.
• Object / withdraw consent — at any time.

Contact privacy@innercirclelabs.net to exercise any of these rights.

Cookies

See our cookie policy for the specific cookies we use and how to manage them.

Retention

Order data is retained as required by tax law (typically 7 years). Account data is retained while your account is active.