隐私政策

Privacy Policy

PokePet Shop ("we", "our", "us") collects and processes personal information when you visit our store, customize a product, or place an order. This policy explains what we collect, why, and how we protect it. We comply with GDPR (EU/UK), CCPA (California), and other applicable privacy laws.

Information We Collect

  • Order details: name, email address, shipping address (for physical products), payment info (handled by Shopify Payments — we never see card numbers).
  • Customization content: kid names, dedications, photos, drink/snack choices, character details. Stored in our database to render your personalized game and print.
  • Browsing data: page views, clicks, device type, IP address, referrer (collected via Shopify analytics + tracking pixels: Meta, TikTok, Microsoft Clarity, Google Analytics 4). Used to improve site experience and measure ad performance.
  • Cookies: session cookies, cart cookies, locale cookies, advertising cookies (the latter only if you consent in regions where consent is required).

Lawful Basis for Processing (GDPR)

  • Performance of a contract: order processing, customization rendering, fulfillment, customer support.
  • Consent: marketing emails, advertising/analytics cookies in EU/UK regions.
  • Legitimate interest: fraud prevention, site security, basic analytics for site improvement.

Sub-Processors

We share data with the following sub-processors strictly for service delivery:

  • Shopify Inc. (Canada) — e-commerce platform, payments, hosting
  • Supabase, Inc. (US) — database for customization configs and photo storage
  • Vercel Inc. (US) — hosting for our customizer + game subdomains
  • SendGrid (Twilio) (US) — transactional email delivery
  • Render Inc. (US) — daily print-generation cron job
  • Anthropic, Inc. (US) — AI-assisted customer support (when used)
  • Meta, TikTok, Google, Microsoft — advertising and analytics pixels (only loaded with consent in regions where required)

EU data transfers are governed by Standard Contractual Clauses (SCCs) per Shopify's DPA.

Your Rights (GDPR/UK GDPR/CCPA)

You have the right to:

  • Access the data we hold about you
  • Rectify inaccurate data
  • Erase your data (subject to legal retention requirements)
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time (where consent is the lawful basis)
  • Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany)

To exercise any of these rights, email info@pokepetshop.com. We respond within 30 days.

Data Retention

  • Order data: 7 years (tax compliance)
  • Customization configs: indefinitely (so we can re-render your game/print years later if you lose the link)
  • Customer photos: indefinitely (linked to your config)
  • Browsing/analytics data: 90 days (Microsoft Clarity), per provider for others

You can request deletion at any time via info@pokepetshop.com. Deletion of customization data may prevent us from providing the game or fulfilling re-print requests.

Children's Privacy

Our products are designed as gifts for parents — typically purchased by adults. We do not knowingly collect personal information from anyone under 13 (US) or under 16 (EU). If you believe a child has provided us data, contact us at info@pokepetshop.com and we will delete it.

Cookies and Consent

In regions where consent is required (EU, UK, EEA, Switzerland), we display a cookie banner allowing you to accept or reject non-essential cookies (advertising/analytics). Essential cookies (cart, checkout, session) are always loaded. You can revisit your choices via the cookie preferences link in our footer.

Effective date of this policy is the date this page was last published. We will notify you by email of material changes if you have an active order.

Contact for privacy questions: info@pokepetshop.com