Cottage Cart

Draft template — not legal advice.

This document is a working draft pending review by a licensed attorney. It does not constitute legal advice and may not reflect your jurisdiction's requirements. Do not rely on it in production until counsel has reviewed and approved it.

Privacy Policy

Effective date: [EFFECTIVE DATE]

This Privacy Policy describes how [COMPANY LEGAL NAME] ("Company", "we", "us") handles personal information in connection with the Cottage Cart platform ("Service"). It covers sellers who hold accounts and customers who place preorders through seller storefronts.

1. Information we collect

We collect the following personal information:

  • Customer order data: name, email address, and phone number provided when placing a preorder, plus order and pickup details. We use this to process and fulfil the order and to send order-related communications.
  • Seller account data: the email address and authentication credentials used to create and sign in to a seller account, and store configuration the seller provides. We use this to operate the seller's account and store.
  • Technical data: basic logs and session information generated when the Service is used, used for security, debugging, and reliability.

We do not collect or store payment card numbers. Card payments are handled by Stripe (see Subprocessors).

2. How we use information

We use personal information to provide and operate the Service, process and fulfil orders, authenticate seller accounts, send transactional email (such as order confirmations), maintain security and prevent abuse, and meet legal obligations. We do not sell personal information.

3. Subprocessors

We use the following service providers to operate the Service, and personal information may be processed by them for that purpose:

  • Supabase — database and authentication.
  • Stripe — payment processing for seller sales and platform subscription billing.
  • Resend — transactional email delivery.
  • Vercel — application hosting.

4. Cookies and sessions

We use cookies and similar storage that are necessary for the Service to function, primarily to keep sellers signed in and to maintain session and security state. We do not use these for cross-site advertising.

5. Data sharing

Customer order information is made available to the seller whose storefront received the order so the seller can fulfil it. Sellers are independently responsible for how they handle that information. We otherwise share personal information only with the subprocessors above or where required by law.

6. Retention

We retain personal information for as long as needed to provide the Service, operate seller accounts and order history, and meet legal, accounting, or security obligations, after which it is deleted or anonymized. Specific retention periods are set out at [RETENTION PERIOD].

7. Security

We use reasonable technical and organizational measures intended to protect personal information, including access controls and database row-level security. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict use of your personal information, or to object to certain processing. To make a request, contact us using the details below. Customers may also need to contact the relevant seller for information the seller controls. We will respond consistent with applicable law at [CONTACT EMAIL].

9. Children

The Service is not directed to children and is intended for use by businesses and their adult customers.

10. Changes to this Policy

We may update this Policy. Material changes will be communicated through the Service or by email, and the effective date above will be updated.

11. Contact

Privacy questions or requests: [COMPANY LEGAL NAME], [COMPANY ADDRESS], [CONTACT EMAIL].