Legal
Privacy Policy
Effective date: January 15, 2026 · Last updated: January 2026
1.Information We Collect
Information you provide directly
- Account information — email address and display name when you create an account
- Order information — name, shipping address, and order details when you make a purchase
- Communications — messages you send via our contact form or email
Information collected automatically
- Log data — IP address, browser type, pages visited, and timestamps (standard server logs)
- Cookies — session cookies to maintain your login state and shopping cart (see Section 4)
Payment information
We use Stripe Checkout for payment processing. When you complete a purchase, you are redirected to Stripe's secure hosted checkout page. We do not receive, store, or have access to your payment card details. All payment data is handled entirely by Stripe. See Stripe's Privacy Policy at stripe.com/privacy.
2.How We Use Your Information
We use the information we collect to:
- Process and fulfill your orders
- Send transactional emails — order confirmation, shipping notifications, and account-related messages
- Respond to your inquiries and customer service requests
- Maintain and improve the security and functionality of our website
- Comply with applicable laws and legal obligations
We do not sell your personal information to third parties. We do not use your data for behavioral advertising or cross-site tracking.
3.How We Store Your Information
Your account and order data is stored securely using Supabase, a cloud database platform. Data is encrypted in transit (TLS) and at rest. Supabase's privacy policy is available at supabase.com/privacy.
Our website is hosted on Vercel. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
4.Cookies
We use only essential cookies — small text files stored in your browser that are strictly necessary for the website to function. We do not use advertising cookies, tracking pixels, or behavioral analytics.
Essential cookies we set:
- Authentication session — keeps you logged in to your account across pages
- Shopping cart — preserves the items in your cart during your session
You can disable cookies in your browser settings, but doing so may prevent certain site features (such as staying logged in) from working correctly.
5.Third-Party Services
We work with the following third-party services that may process your data as part of operating our website:
| Service | Purpose |
|---|---|
| Stripe | Payment processing |
| Supabase | Database, authentication, and data storage |
| Vercel | Website hosting and delivery |
| Resend | Transactional emails (order confirmation, shipping) |
6.Data Retention
We retain different types of data for different periods based on legal requirements and operational need. You may request deletion of your account and associated data at any time — see Section 7.
| Data type | Retention period |
|---|---|
| Orders & invoices | 7 years (tax compliance) |
| Customer account data | While account is active + 1 year |
| Marketing email list | Until unsubscribe + periodic cleanup |
| Customer support emails | 2 years |
| Payment card details | Not stored — handled entirely by Stripe |
7.Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights regarding your personal information:
- Right to access — request a copy of the personal data we hold about you
- Right to correction — request that we correct inaccurate or incomplete data
- Right to deletion — request that we delete your personal data (“right to be forgotten”)
- Right to portability — receive your data in a structured, machine-readable format
- Right to opt out — opt out of any data processing for marketing purposes (we do not currently send marketing emails without explicit consent)
To exercise any of these rights, please contact us at contact@invinebotanicals.com. We will respond within 30 days.
8.Children's Privacy
Our website is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9.Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
10.Contact Us
For privacy-related questions, data access requests, or to exercise any of your rights, please contact us: