Privacy Policy
This Privacy Policy explains how Shop J Walton ("we," "us," or "our") collects, uses, shares, and safeguards your information when you visit shopjwalton.com, create an account, or purchase our products (collectively, the "Services").
1) Information We Collect
- Account & Contact Info: name, email, phone number, shipping/billing addresses, and account preferences.
- Credentials: passwords are stored as hashed and salted values; we never store plaintext passwords.
- Order & Payment Info: order details (items, totals, status). Full payment card data (full PAN and CVV) is not stored on our servers; our payment processor handles it securely.
- Device & Usage Data: IP address, browser type, device identifiers, pages viewed, referring/exit pages, and timestamps to help secure and improve the Services.
- Cookies & Similar Tech: small files to keep you signed in, remember your cart, and understand site usage. See “Cookies” below.
- User Content: messages to support and other information you provide.
2) How We Use Your Information
- Provide, operate, and improve the Services.
- Create and manage your account; authenticate and keep you signed in.
- Process and fulfill orders; send confirmations, invoices, and updates.
- Provide customer support and respond to inquiries.
- Personalize content (e.g., saved carts, preferences).
- Send marketing communications (you can opt out at any time).
- Detect, prevent, and investigate fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our terms and policies.
3) Where & How We Store Data (Supabase)
We use Supabase to host and manage our application database (PostgreSQL) for account and profile information (PII). Supabase provides encryption in transit (TLS) and at rest, role-based access controls, and Row Level Security (RLS) policies to restrict access to your records. We also:
- Limit access to authorized personnel on a need-to-know basis.
- Store secrets (API keys) in environment variables; never commit them to source control.
- Use least-privilege database roles for our app services.
- Maintain audit logs for authentication events.
- Leverage automatic backups provided by our hosting platform.
Note: No method of transmission or storage is 100% secure. We work to protect your information but cannot guarantee absolute security.
4) Payments
We use a third-party payment processor to handle payments. We do not store full credit card numbers or CVV on our servers. Your payment information is transmitted directly to the processor and is subject to their security certifications and privacy policy. We store non-sensitive payment metadata (e.g., transaction IDs, last 4 digits, card brand) for receipts and order history.
5) When We Share Information
- Vendors/Service Providers: hosting (e.g., Supabase), analytics, email/SMS, payment processing, fraud prevention—only what they need to perform their services.
- Legal/Compliance: to comply with law, respond to lawful requests, or protect rights, safety, and security.
- Business Transfers: in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality safeguards.
6) Cookies & Tracking
We use cookies and similar technologies for authentication (session), preferences, cart, analytics, and performance. You can set your browser to refuse cookies or to alert you when cookies are being sent. Some features may not work without cookies.
7) Your Privacy Rights
Depending on where you live, you may have rights to:
- Access, correct, or delete your personal information.
- Receive a portable copy of your information.
- Opt out of marketing communications at any time.
- Opt out of certain data sharing or targeted advertising (where applicable under U.S. state laws).
To exercise these rights, email us at support@shopjwalton.com. We may verify your request to protect your account. If you designate an authorized agent, we may require proof of authorization.
8) Region-Specific Notices
United States (including California & Texas)
If you are a resident of certain U.S. states (e.g., CA, CO, CT, VA, UT, TX), you may have additional rights regarding access, deletion, correction, and certain opt-outs. We do not sell your personal information for money. We may use cookies for advertising/analytics; where required, we provide mechanisms to opt out of targeted advertising.
EU/EEA & UK
If you are in the EU/EEA or UK, we process personal data based on one or more of the following legal bases: performance of a contract (e.g., to fulfill your order), legitimate interests (e.g., to secure and improve the Services), consent (e.g., for marketing where required), and compliance with legal obligations. You may have rights to access, rectify, erase, restrict, object, and data portability.
9) Data Retention
We keep personal information only as long as necessary for the purposes described above (for example, while you have an account or to comply with tax, accounting, and fraud-prevention requirements). We will delete or anonymize data when it is no longer needed, subject to legal obligations.
10) Children’s Privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, please contact us so we can delete it.
11) Do Not Track
Some browsers offer a “Do Not Track” (DNT) signal. Because there is no industry consensus, we do not respond to DNT at this time.
12) International Transfers
If we transfer personal information internationally, we will do so using lawful mechanisms and with appropriate safeguards.
13) Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated policy here and revise the “Effective date” above. If changes are material, we will provide additional notice (e.g., by email or prominent notice on the site).
14) Contact Us
Questions or requests? Email support@shopjwalton.com