๐Ÿš€ Get Your Free Store
CONTENTS show

Privacy Policy

Effective Date: June 3, 2025

1. Lawful Basis for Data Processing (GDPR Compliance)

We process personal data under the following lawful bases:

  • Contractual Necessity: Processing payment details, order fulfillment, and account management to execute agreements with users.
  • Legitimate Interests: Analyzing website traffic, fraud prevention, and service optimization, ensuring a balance between business needs and user rights.
  • Explicit Consent: Marketing communications require opt-in consent, which users may withdraw via account settings or unsubscribe links.

2. International Data Transfers

For transfers of EU user data to U.S.-based servers:

  • Standard Contractual Clauses (SCCs) are implemented with hosting providers to ensure GDPR compliance.

3. Special Data Categories & AI Chatbot

  • Prohibited Data: We do not collect health, biometric, or sensitive data.
  • AI Chatbot:
    Conversations are stored for 90 days and encrypted using AES-256. Users may delete specific chat threads via profile settings or request human intervention for automated decisions through support tickets.

4. CCPA/CPRA Compliance

California residents may:

  • Submit deletion requests to support[@]start-dropshipping.com (verified via government-issued ID).
  • Opt-out of data sharing via support[@]start-dropshipping.com.
  • Correct inaccuracies by contacting our Privacy Officer.

5. Age Verification & Minor Protections

  • Users Under 18:
    Minors aged 13โ€“17 may use the service with parental/guardian consent. Accounts for users under 13 require verified parental consent (e.g., notarized form or credit card verification).
  • COPPA Compliance:
    If underage usage is detected without consent:
    1. Accounts are suspended immediately.
    2. Data is permanently deleted if consent is not verified.

6. Policy Updates

  • Notification Methods:
    • Updated "Last Revised" date displayed prominently in the policy header.
  • Continued use of services constitutes acceptance of updated terms.

7. Security Measures

  • Encryption: AES-256 for data at rest; TLS 1.3 for in-transit data.
  • Access Controls: Role-based permissions with mandatory multi-factor authentication (MFA) for employees.
  • Audits: Quarterly penetration testing and bi-annual third-party security reviews.
  • Incident Response: Breach notifications issued within 72 hours of detection.

8. Data Retention Schedule

Data TypeRetention PeriodLegal Basis
Account Information5 years post-terminationContractual Obligations
Payment Records7 yearsTax Compliance (IRS ยง6001)
Marketing Consent3 years post-opt-outGDPR Article 7(1)

9. Multi-State Compliance (US)

Residents of Virginia (VCDPA), Colorado (CPA), and Connecticut (CTDPA) may:

  • Appeal denied requests.
  • Opt-out of targeted advertising via the "Privacy Preferences" dashboard.
  • Request data portability in JSON or CSV formats.

10. Contact Information & Rights Exercise

  • Privacy Officer: support[@]start-dropshipping.com
  • Request Handling: Submit inquiries to support[@]start-dropshipping.com; responses within 30 days (extensions notified via email).