Privacy Policy

Last Updated: September 6, 2025

At GraceThread Apparel, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website (https://gracethreadapparel.com) or make a purchase through our store. It also outlines your rights regarding your personal data and how to contact us with privacy-related concerns.

This policy complies with applicable privacy laws, including [list relevant laws based on your target markets, e.g., General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), etc.].

1. Information We Collect

We collect personal information to provide and improve our services, process orders, and enhance your shopping experience. The types of information we collect include:

– Personal Information You Provide:
– Order Information: When you make a purchase or create an account, we collect your name, billing address, shipping address, email address, phone number, and payment information (processed securely via Stripe).
– Email Address: When you sign up for our newsletter subscription.

– Automatically Collected Information:
– Browsing Data: We use Google Analytics to collect information about your interactions with our website, such as your IP address, browser type, device information, pages visited, and referring/exit pages. This data is used to analyze trends and optimize our website.
– Cookies and Tracking Technologies: Our website uses cookies to enhance your experience, track user preferences, and analyze site performance. For more details, see our Cookie Policy section below.

– Third-Party Data: We may receive information from third-party services, such as Stripe for payment processing, to complete transactions or verify payment details.

2. How We Use Your Information

We use your personal information for the following purposes:
– To process and fulfill your orders, including payment processing, shipping, and order confirmation.
– To communicate with you about your account, orders, or customer service inquiries.
– To improve our website and services through analytics and user behavior insights (via Google Analytics).
– To comply with legal obligations, such as tax or accounting requirements.

Legal Basis for Processing (GDPR): If you are in the European Economic Area (EEA), we process your data based on:
– Contract Performance: To fulfill your orders and provide services.
– Consent: For non-essential cookies or marketing communications (where applicable).
– Legitimate Interest: For analytics and site optimization, provided it does not override your rights.
– Legal Obligation: To comply with applicable laws or regulations.

3. How We Share Your Information

We do not sell or rent your personal data to third parties. However, we may share your data with trusted third parties to operate our business, as follows:
– Stripe: We use Stripe to process payments securely. Stripe receives payment information (e.g., credit card details, billing address) to process transactions. Stripe does not store your full credit card information on our servers; instead, it uses tokenization for secure payments. For more details, see Stripe’s Privacy Policy: https://stripe.com/privacy.
– Google Analytics: We use Google Analytics to track website usage and performance. Google Analytics collects anonymized data about your browsing behavior. For more details, see Google’s Privacy Policy: https://policies.google.com/privacy.

We ensure that third parties comply with applicable privacy laws and maintain appropriate security measures. If your data is transferred outside your region (e.g., to the US for Stripe or Google Analytics), we ensure compliance with data transfer regulations, such as GDPR’s standard contractual clauses.

4. Cookie Policy

Our website uses cookies and similar technologies to enhance your experience and analyze site performance. Cookies are small text files stored on your device. The types of cookies we use include:
– Essential Cookies: Necessary for website functionality, such as maintaining your shopping cart or session.
– Analytics Cookies: Set by Google Analytics to track user interactions and improve our website.

You can disable cookies through your browser settings, but this may affect website functionality.

5. How We Protect Your Data

We take reasonable measures to protect your personal data, including:
– SSL encryption to secure data transmission.
– Secure payment processing via Stripe’s PCI-DSS compliant systems.
– Limited access to personal data by authorized personnel only.

We do not store sensitive payment information (e.g., full credit card numbers) on our servers. In case of a data breach, we will notify affected users and relevant authorities within 72 hours, as required by GDPR or other applicable laws.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:
– Order Data: Retained for 7 years to comply with tax and accounting obligations.
– Inactive Accounts: Retained unless you request deletion.
– Analytics Data: Google Analytics data is retained for 36 months or as specified in Google’s policies.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:
– Access: Request a copy of the personal data we hold about you.
– Correction: Request correction of inaccurate or incomplete data.
– Deletion: Request deletion of your data, subject to legal obligations (e.g., tax records).
– Objection: Object to certain data processing activities, such as marketing.
– Data Portability: Request a copy of your data in a structured, machine-readable format.
– Opt-Out of Data Sharing: For California residents (CCPA), opt out of the “sale” or “sharing” of personal data for advertising purposes (note: we do not sell personal data, but sharing with Google Analytics may qualify as “sharing” under CCPA).

To exercise these rights, contact us at contact@gracethreadapparel.com. We will respond within 7 business days.

8. Third-Party Links

Our website may contain links to third-party websites (e.g., Stripe, Google Analytics). We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies before providing personal information.

9. Children’s Privacy

Our services are not directed to individuals under 13. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at contact@gracethreadapparel.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice of the updated policy date on the website. The updated policy will be effective as of the “Last Updated” date above.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: contact@gracethreadapparel.com