Privacy Policy

Privacy Policy Effective date: November 24, 2025 This Privacy Policy explains how DripDepot.Shop ("we", "us", or "DripDepot") collects, uses, discloses, and protects personal information from visitors and customers who use the DripDepot.Shop online store (the “Site”) hosted on Shopify. This Policy describes practices required to comply with applicable law, including the New Hampshire Consumer Privacy Act and New Hampshire breach-notification rules, and describes how we work with Shopify and other service providers. 1. Scope This Policy applies to personal information we collect through the Site, by email, phone, or other direct communications in connection with purchases of goods (jewelry) and related services. It does not govern third-party sites or services you access from our Site. 2. Controller and Contact DripDepot.Shop is the data controller for information collected via the Site. For questions or to exercise your privacy rights, email: dripdepot4@gmail.com. 3. What we collect We collect categories of personal data necessary to provide e-commerce services: a. Account & contact data: name, email, phone, billing and shipping addresses. b. Transaction data: order details, product SKUs, purchase amount, payment tokens (note: full card numbers are handled by payment processors). c. Payment & billing: when you pay, Shopify Payments or other payment processors collect and store card or payment credentials; we receive a payment confirmation only. d. Device & usage: IP address, browser, device identifiers, pages visited, referral source, and analytics data. e. Marketing & communications: preferences, subscription status, marketing consents, and correspondence. f. User content: product reviews, photos, or messages you choose to submit. g. Sensitive or special categories: we do not intentionally collect sensitive personal data (health, racial/ethnic origin, etc.). If you voluntarily provide sensitive data for a special request, we will treat it with heightened protection. Some categories above are collected directly from you and some are collected automatically (cookies, analytics). Shopify and affiliated services may also collect data when operating the Site. 4. How we use personal information We use personal information to: Process and fulfill orders, payments, shipping, and returns. Communicate order status, updates, and customer service. Provide and improve the Site, detect and prevent fraud, and enforce our Terms. Send marketing communications where you have consented (you may opt out). Comply with legal obligations (taxes, regulatory requests). Processing is based on contractual necessity (order fulfillment), consent (marketing), legitimate interests (fraud prevention, site analytics), or legal obligation as applicable. 5. Sharing and disclosure We share personal information only as necessary with: Shopify Inc. (platform provider and data processor) for hosting, payments, order processing and store management. Shopify acts as a processor under a Data Processing Addendum. Payment processors (Shopify Payments, Stripe, PayPal, or other third parties) to process payments. Shipping carriers and fulfillment partners to deliver orders. Third-party service providers (email, CRM, marketing platforms, analytics, fraud detection). Law enforcement, regulators, or courts where required by law. We require service providers to use personal information only to provide services for us and to implement reasonable security measures. For Shopify’s role and privacy controls, see Shopify’s merchant resources. 6. Cookies, tracking, and advertising We and third parties use cookies, web beacons, and similar technologies for site functionality, analytics, personalization, and marketing. You can control cookie preferences through the cookie banner and your browser settings. Information about tracking used by Shopify and third-party apps is available in Shopify’s documentation and the third parties’ policies. 7. International transfers Because we and our processors (including Shopify servers and third-party services) may operate or store data outside your jurisdiction, your personal information may be transferred internationally. Where required, we rely on appropriate safeguards (e.g., standard contractual clauses) or other lawful transfer mechanisms. 8. Data retention We retain personal information only for as long as necessary to fulfill the purposes described (order fulfillment, legal obligations, tax records, fraud prevention, dispute resolution). Specific retention periods vary by data category and legal requirements; where laws require a minimum retention period (for example for tax-records) we will retain data for that period. 9. Your privacy rights under New Hampshire law Under the New Hampshire Consumer Privacy Act and related law effective January 1, 2025, residents may have rights including: access, correction, deletion, data portability, and to opt out of certain processing such as targeted advertising or sale of personal data. Some rights may be limited where necessary to comply with legal obligations, fraud prevention, or contract performance. To submit a request, contact dripdepot4@gmail.comand provide sufficient information to verify your identity. We will respond within the timeframes required by law. Verification and limitations We will take reasonable steps to verify your identity before honoring requests. We may refuse or limit requests that are manifestly unfounded or exceed legal limits (for example, when fulfilling the request would adversely affect another person’s rights). 10. How to exercise rights To exercise a privacy right (access, deletion, correction, portability, opt-out), email dripdepot4@gmail.com with: subject line “Privacy Request”, your name, email used for the order, and a description of the request. We will verify your identity and follow required procedures. If you are a New Hampshire resident and remain unsatisfied, you may have enforcement options under state law. 11. Security We implement reasonable technical and organizational measures to protect personal information (encryption in transit, secure access controls, regular reviews). However, no system is perfect; absolute security cannot be guaranteed. We rely on Shopify and our service providers to maintain industry-standard protections for hosted data. 12. Data breach notifications If we become aware of a security breach involving personal information, we will promptly investigate and, where required by New Hampshire law, determine whether misuse is reasonably likely and notify affected individuals as soon as possible in accordance with RSA 359-C:20. We will also notify any appropriate regulators as required. 13. Children’s privacy Our Site is not directed to children under 13 (or higher minimums where applicable). We do not knowingly collect personal information from children under the applicable age. If we discover that we have collected such information without parental consent, we will take steps to delete it. 14. Third-party links and apps The Site may contain links or integrations with third-party sites, social platforms, and apps (including Shopify apps). This Policy does not apply to those third parties. Review their privacy policies before sharing personal information. We are not responsible for third-party practices. 15. Changes to this Policy We may update this Policy as our practices or legal requirements change. Material changes will be posted on the Site with a revised effective date. Continued use of the Site after posting constitutes acceptance of the updated Policy. 16. Additional information for Shopify customers We use Shopify to operate our online store. Shopify’s systems, privacy controls, and processor agreements help merchants comply with data protection obligations (GDPR, state laws). For details on how Shopify processes and secures customer data, consult Shopify resources and the Shopify Privacy Policy and merchant documentation 17. Contact Privacy questions or requests: dripdepot4@gmail.com. If you prefer, provide "Privacy Request" and your order number in the subject line.