Privacy Policy

1. Introduction

Lizard Merch Store ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and make purchases.

GDPR & CCPA Compliance: This policy complies with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Information We Collect

Personal Information

When you make a purchase, we collect:

• Contact Information: Name, email address, phone number
• Billing Information: Billing address, payment method details (processed securely by Stripe)
• Shipping Information: Delivery address and special delivery instructions
• Order Information: Products purchased, quantities, pricing, order history

Technical Information

We automatically collect:

• Device Information: IP address, browser type, device type, operating system
• Usage Data: Pages visited, time spent on site, click patterns, referrer URLs
• Cookies: Session data, preferences, analytics (see Cookie Policy below)
• Performance Data: Load times, error rates for site optimization

3. How We Use Your Information

Order Processing

• Process and fulfill your orders through our print-on-demand partners
• Send order confirmations, shipping updates, and delivery notifications
• Handle customer service inquiries and support requests
• Process refunds and returns when applicable

Business Operations

• Improve website performance, security, and user experience
• Analyze purchasing trends and optimize product offerings
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations and law enforcement requests

Marketing (Optional)

• Send promotional emails about new products or sales (with consent)
• Retarget ads based on browsing behavior (anonymized)
• Share user-generated content (with explicit permission)

4. Information Sharing

Essential Service Providers

• Stripe: Payment processing (PCI DSS compliant)
• Printify: Order fulfillment and shipping
• Shipping Carriers: Package delivery (UPS, FedEx, USPS)
• Resend: Transactional email delivery
• Vercel: Website hosting and performance monitoring

Analytics Partners

• Google Analytics: Website usage statistics (anonymized)
• Vercel Analytics: Performance monitoring

No Sale of Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Cookie Policy

Essential Cookies

• Shopping Cart: Maintains cart contents during your session
• Authentication: Keeps you logged in if you create an account
• Security: Prevents cross-site request forgery attacks
• Preferences: Remembers your site preferences (dark mode, currency)

Analytics Cookies (Optional)

• Google Analytics: Tracks page views, user behavior (anonymized)
• Performance Monitoring: Measures site speed and error rates

Cookie Management: You can disable non-essential cookies in your browser settings or through our cookie banner.

6. Data Security

Security Measures

• Encryption: All data transmitted using TLS/SSL encryption
• Payment Security: No payment card data stored (handled by Stripe)
• Access Controls: Limited employee access on need-to-know basis
• Regular Audits: Security reviews and vulnerability assessments
• Data Backup: Regular secure backups with encryption at rest

Data Breach Response: In the unlikely event of a data breach, we will notify affected users within 72 hours as required by law.

7. Your Data Rights

GDPR Rights (EU Residents)

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Export your data in a machine-readable format
• Restriction: Limit processing of your personal data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for data processing

CCPA Rights (California Residents)

• Know: What personal information is collected and how it's used
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of sale of personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

Exercise Your Rights: Contact us at privacy@lizardmerch.com to exercise any of these rights.

8. Data Retention

• Order Data: Retained for 7 years for tax and legal compliance
• Customer Accounts: Retained until account deletion requested
• Marketing Data: Retained until unsubscribe or 2 years of inactivity
• Analytics Data: Anonymized and retained for up to 26 months
• Support Communications: Retained for 3 years for quality assurance

9. International Data Transfers

As a US-based company, your data may be processed in the United States. For EU residents, we ensure adequate protection through:

• Standard Contractual Clauses with service providers
• Adequacy decisions where applicable
• Additional safeguards for sensitive data transfers

10. Children's Privacy

Our service is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If you are a parent and believe your child has provided us with personal information, please contact us immediately.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Changes are effective immediately upon posting.

Significant Changes: For material changes, we will provide prominent notice or email notification to registered users.

12. Contact Information

For questions about this Privacy Policy or to exercise your data rights:

Privacy Contact: privacy@lizardmerch.com
Data Protection Officer: dpo@lizardmerch.com
General Support: support@lizardmerch.com
Response Time: We respond to privacy requests within 30 days