1. Introduction and scope
This Privacy Policy describes how ZohaClick (“we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal information when you visit, browse, or make purchases through our online storefront located at https://store.zohaclick.com (the “Store”), including any subdomains, mobile-optimized pages, checkout flows, customer account areas, and related services that link to this policy (collectively, the “Services”).
We respect your privacy and are committed to explaining our practices in plain language. This policy is designed to help you understand what information we process, why we process it, who we may share it with, how long we keep it, and what choices and rights you may have depending on where you live. Because privacy law varies by country, state, and region, certain sections include location-specific information. If anything in this policy conflicts with a mandatory provision of the law that applies to you, the applicable law will control to the extent of that conflict.
This policy applies to personal information we collect through the Services. It does not apply to information collected offline, through unrelated third-party websites that we do not control, or through employment or business-to-business contexts unless we expressly state otherwise. If you follow a link to a third-party site or service, that third party’s privacy policy—not this one—will generally govern your interaction with them.
By accessing or using the Services, you acknowledge that you have read this Privacy Policy. Depending on your jurisdiction and the feature you use, you may also be asked to provide additional consent (for example, for certain cookies or marketing communications). Where consent is required and you do not provide it, we may not be able to offer the related feature.
2. Related policies and contractual terms
Our legal documents work together. For convenience, this Privacy Policy cross-references other documents that may apply to your relationship with us. Those documents are legally binding where they apply to you, and you should read them carefully alongside this policy:
- Terms and Conditions: These set out the rules for using the Store, placing orders, limitations of liability, governing law, dispute resolution, and other contractual matters.
- Refund & Access Policy: This explains refunds, access issues, cancellations, and related order support topics, including timelines and eligibility.
- Cookie Policy: This describes how we and our partners use cookies and similar technologies, including categories of cookies, purposes, retention, and your choices.
If we publish additional legal notices—such as a digital delivery policy, accessibility statement, seller guidelines, or promotional terms—we may link them from the Store footer, checkout, or product pages. Unless we state otherwise, those notices supplement this Privacy Policy where they relate to personal information (for example, how we use account and order data to provide digital access).
3. Who is responsible for your information?
For the purposes of the EU and UK General Data Protection Regulation frameworks (collectively, “GDPR” where relevant), the data controller is the ZohaClick entity that operates the Store and determines how and why personal data is processed. The controller’s identity and contact details are published through the Store’s official contact channels (for example, a contact page, order communications, or business profile). If you need the precise legal name and registered address of the controller for a regulatory filing, please contact us using the details in Section 24 (Contact us) and we will provide the appropriate entity information.
Where we process personal information on behalf of another business (for example, if we enable a marketplace model in the future), we may act as a processor for certain datasets. In that situation, the merchant or partner may be the controller for specific processing activities, and we will process personal information under their instructions and applicable data processing terms.
4. Summary of key points (non-binding overview)
The following summary is provided for convenience only and does not replace the full policy:
| Topic | High-level summary |
|---|---|
| What we collect | Identifiers, contact and account details, commercial and order information, payment-related data (often handled by payment providers), device/technical data, and limited content you submit (for example, support messages). |
| Why we collect it | To operate the Store, process orders, provide customer support, secure transactions, comply with law, and—where permitted—improve the Services and communicate with you. |
| Sharing | We share information with service providers (hosting, email delivery, payment processors), and in limited cases with authorities or parties when required or permitted by law. |
| Your choices | Depending on your location, you may have rights to access, correct, delete, restrict, object, or port data, and to opt out of certain sales/sharing or targeted advertising (where applicable). |
| International transfers | If we transfer data across borders, we use appropriate safeguards where required (such as standard contractual clauses), as described in Section 16. |
5. Personal information we collect
The personal information we collect depends on how you interact with the Services, whether you create an account, whether you complete a purchase, and which payment method you choose. We group personal information into categories for transparency. Some items may fall into more than one category.
5.1 Categories of personal information
| Category | Examples (not exhaustive) | Typical sources |
|---|---|---|
| Identifiers | Name, username, customer ID, order number, IP address, device identifiers in logs | You; your device/browser; our ecommerce platform |
| Contact information | Email address, phone number (if provided), billing address, and country/region details where needed for tax | You; autofill tools you use |
| Account credentials | Email/username and password (stored using security practices; we do not store passwords in plain text) | You |
| Commercial information | Products viewed or purchased, cart contents, order history, refund/return records, promo codes used | You; WooCommerce/WooCommerce Blocks interactions |
| Payment-related information | Payment method type, limited card metadata (if applicable), transaction IDs, payment status; full payment card numbers are typically processed by payment providers | You; payment processors (for example, PayPal, WooCommerce Payments) |
| Customer service content | Messages you send, attachments, dispute details | You |
| Internet or similar network activity | Pages viewed, referring URLs, approximate location derived from IP, browser type, timestamps | Your device; cookies/similar technologies; server logs |
| Inferences | Risk/fraud signals derived from patterns (for example, repeated failed checkouts), product recommendations based on browsing (if enabled) | Our systems; ecommerce features |
| Sensitive categories | We do not intentionally collect sensitive categories (such as health data) to profile you. Do not submit sensitive information unless a feature explicitly requires it. | N/A (avoid submitting) |
5.2 Information we do not intend to collect
Unless a specific Store feature requires it, we do not ask you to provide government ID numbers, financial account passwords, full payment card data directly to us (rather than to a payment provider’s secure fields), or special categories of data under GDPR (such as data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used for identification, health data, or data concerning sex life or sexual orientation). If you voluntarily include such information in a message to us, we will treat it as customer support content and will restrict access; we may delete it if it is not needed.
6. How we collect personal information
We collect personal information through the following general methods:
- Directly from you when you create an account, place an order, subscribe to communications, contact support, or participate in promotions.
- Automatically when you use the Services, through cookies, pixels, and similar technologies, and through server logs created when your browser requests pages, assets, or APIs.
- From payment and fraud providers when you initiate a payment, including confirmations, risk assessments, and dispute information.
- From ecommerce platform features such as WooCommerce session handling, cart persistence, and order management workflows.
If you provide personal information about another person (for example, a billing contact for a business purchase), you represent that you have the authority to do so and that the other person understands this policy to the extent applicable.
7. Technologies on our Store (cookies and similar)
We use cookies and similar technologies to operate the Store, remember preferences, keep you signed in (if applicable), maintain carts and checkout sessions, reduce fraud, and—depending on your settings—measure performance or support marketing. For category-by-category details (including how to manage preferences), please read our Cookie Policy, which is incorporated here by reference for cookie-specific disclosures where required.
Browser controls can block or delete cookies, but blocking strictly necessary cookies may prevent checkout, account login, or cart features from working reliably. Some choices may be managed through consent tools if we implement them on the Store.
8. How we use personal information (purposes)
We use personal information for the following purposes, consistent with applicable law:
- Providing the Services: displaying products, enabling browsing, processing orders, calculating applicable taxes, providing download access, and delivering confirmations.
- Payments and fraud prevention: authorizing charges, refunds, and disputes; detecting abusive transactions; complying with payment network rules.
- Customer accounts: creating and maintaining accounts, order history, download entitlements, and authentication.
- Customer support: responding to inquiries, processing refunds/access requests in line with our Refund & Access Policy, and resolving issues.
- Security and integrity: monitoring for attacks, investigating suspicious activity, enforcing our Terms and Conditions, and protecting users.
- Legal compliance: tax, accounting, and regulatory obligations; responding to lawful requests; enforcing legal rights.
- Improvement and analytics: understanding how the Store is used, diagnosing errors, and improving performance and user experience.
- Marketing communications (optional): sending promotional emails or messages where permitted and with appropriate consent/opt-out mechanisms.
8.1 GDPR lawful bases (where applicable)
If GDPR applies, we rely on one or more lawful bases depending on the processing activity:
| Processing purpose | Lawful basis (typical) |
|---|---|
| Providing the Store, fulfilling orders, account administration | Performance of a contract; steps prior to contract at your request |
| Legal and tax records, responding to regulators | Legal obligation |
| Security, fraud prevention, abuse detection | Legitimate interests (and sometimes legal obligation) |
| Non-essential cookies, certain marketing | Consent (where required) |
| Product improvement analytics that is not strictly necessary | Consent or legitimate interests (depending on implementation and jurisdiction) |
Where we rely on legitimate interests, we balance our interests against your rights and minimize impact where feasible. You may have the right to object to certain processing based on legitimate interests, as described in Section 18.
9. WooCommerce, WordPress, and Store operations
The Store is powered by WordPress and WooCommerce, which process personal information as part of normal ecommerce operations. This includes storing order records in the site database, generating transactional emails, handling customer accounts, and supporting checkout flows (including block-based cart and checkout experiences where enabled).
WooCommerce’s approach to privacy and recommended disclosures for merchants are described in WooCommerce’s documentation. For external reference (merchant guidance), see: WooCommerce Privacy Documentation. We configure WooCommerce according to our business needs and implement reasonable administrative and technical measures to protect store data.
WordPress core and plugins may create additional technical records (for example, security logs on some installations). For general information about the WordPress open-source project’s privacy practices, you may review: WordPress.org Privacy Policy.
10. Payments: PayPal, WooCommerce Payments, Stripe-powered methods
Our Store supports payment methods through integrated payment services. Based on our current configuration, relevant providers include:
- PayPal through the WooCommerce PayPal Payments integration, which may route you to PayPal’s experience for wallet payments, cards where supported, and related payment features.
- WooCommerce Payments, which is operated by WooCommerce and can use Stripe-backed rails depending on region and configuration (for example card payments and certain bank-debit methods such as ACH where available).
When you pay, your payment information is generally collected directly by the payment provider’s secure systems. We typically receive limited information needed to confirm the transaction (such as payment status, payer email where provided by the provider, transaction identifiers, and limited instrument details).
Payment providers process personal information under their own privacy policies. We encourage you to read:
- PayPal: PayPal Privacy Statement
- WooCommerce Payments: refer to the disclosures presented at checkout and the WooCommerce Payments privacy documentation for your region on WooCommerce.com (search “WooCommerce Payments privacy” for the latest page).
PayPal and card networks may use fraud signals and device data consistent with industry practice. If a payment fails or is disputed, we may receive related correspondence and use it to resolve the order in line with our policies and provider rules.
11. Currency display and conversion (Woo Multi Currency)
We may use the Woo Multi Currency extension (or comparable tools) to display prices in multiple currencies, convert amounts based on exchange rates, or tailor pricing presentation. That functionality may store preferences (such as selected currency) using cookies or local storage, and may interact with your session as you browse. The developer’s documentation and privacy practices may apply to any external exchange-rate or licensing services the extension uses. If you notice unexpected currency behavior, contact us and we will investigate configuration issues.
12. Communications: transactional and promotional
We send transactional messages that are reasonably necessary to complete your purchase or provide the Services—such as order confirmations, digital access/download updates (if applicable), payment receipts, password reset emails (if enabled), and security notices. You generally cannot opt out of these communications without ceasing to use the related feature (for example, you cannot complete an order without receiving an order confirmation).
If we send promotional communications, we will do so in accordance with applicable law, including providing a way to unsubscribe from marketing emails (typically an “unsubscribe” link). If your jurisdiction requires prior consent for certain channels (for example, SMS marketing), we will obtain that consent separately.
13. Legal bases and “sale,” “sharing,” and targeted advertising (U.S. state law concepts)
Certain U.S. state privacy laws distinguish between processing for “sales,” “sharing” for cross-context behavioral advertising, and “targeted advertising.” Whether we engage in these activities depends on our actual tools and partnerships. As a general matter:
- We do not “sell” personal information for money in the traditional sense.
- We may use analytics or advertising technologies that could be considered “sharing” or “targeted advertising” under some state laws if those tools measure ad performance across sites or apps. If we deploy such tools, we will align our cookie/consent approach with applicable requirements and update this policy and our Cookie Policy accordingly.
If a jurisdiction grants you opt-out rights, we will describe how to exercise them (for example, a preference link, browser signal handling where required, or an email process). For general consumer privacy guidance in the United States, the Federal Trade Commission publishes materials for businesses and consumers: FTC Consumer Privacy Resources.
14. When we disclose personal information
We disclose personal information in the following situations:
- Service providers and processors: hosting providers, email delivery, security tools, backup services, analytics (if used), customer support tooling, and ecommerce-related services that require access to operate the Store.
- Payment partners: PayPal, WooCommerce Payments, and related financial partners involved in transaction authorization, settlement, and disputes.
- Professional advisors: lawyers, accountants, insurers, where confidentiality obligations apply.
- Corporate transactions: if we evaluate or complete a merger, acquisition, financing, or asset sale, personal information may transfer as a business asset, subject to standard confidentiality and continued protections where required.
- Legal and safety: to comply with law, regulation, legal process, or governmental requests; to protect rights, privacy, safety, or property; to enforce contracts; and to address fraud or security incidents.
- With your direction: when you ask us to share information or when you intentionally use features that involve third parties.
| Recipient type | Why they receive data |
|---|---|
| Infrastructure / hosting | Store availability, database storage, content delivery |
| Email / transactional messaging | Order emails, account messages, support correspondence |
| Payment processors | Payment authorization, refunds, dispute handling |
| Security / anti-abuse | Protecting against attacks, spam, fraud |
We contractually require service providers to use personal information only for the services they provide to us and to implement appropriate security measures, consistent with applicable law.
15. International data transfers
We may process and store personal information in the country where we operate the Store and in other countries where our service providers maintain facilities. If personal information moves from the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland to countries that are not deemed to provide an adequate level of protection, we will implement appropriate safeguards where required—such as the European Commission’s Standard Contractual Clauses (“SCCs”), the UK International Data Transfer Addendum, or Swiss adaptations, together with supplementary measures where appropriate.
For background reading on GDPR and international transfers, you may consult summaries published by the EU GDPR portal: GDPR.eu. UK residents may also consult the Information Commissioner’s Office (“ICO”) guidance: ICO UK GDPR Guidance.
16. Retention
We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Retention periods vary based on business need, legal obligations, and the nature of the record.
| Record type (examples) | Typical retention drivers |
|---|---|
| Orders, invoices, tax records | Accounting and tax law; dispute resolution; chargeback windows |
| Customer accounts | Until you request deletion/closure where permitted, subject to legal holds |
| Support tickets | Reasonable period to resolve issues and demonstrate customer care |
| Server/security logs | Short to moderate periods for security monitoring, unless longer retention is justified |
| Marketing lists | Until you unsubscribe or we retire the channel, subject to suppression lists |
When retention expires, we delete or de-identify personal information where feasible, or isolate it for archival legal holds if deletion is not immediately possible.
17. Security
We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration. These measures may include access controls, TLS encryption for data in transit on the Store (HTTPS), separation of duties for administrative accounts, patching, monitoring, and backups. No method of transmission or storage is completely secure; we encourage you to use strong passwords, enable multi-factor authentication if available, and avoid sharing account credentials.
If we become aware of a breach affecting personal information and notification is required by law, we will notify regulators and/or affected individuals as required, consistent with applicable timelines and facts.
18. Your privacy rights (EEA, UK, and Switzerland)
If GDPR or comparable local law applies to you, you may have the following rights (subject to exceptions):
- Access: request a copy of or information about the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure (“right to be forgotten”): request deletion where applicable law allows.
- Restriction: request that we limit processing in certain circumstances.
- Objection: object to processing based on legitimate interests or for direct marketing.
- Data portability: receive certain personal data in a structured, commonly used, machine-readable format, where technically feasible.
- Withdraw consent: where processing is based on consent, withdraw consent without affecting the lawfulness of processing before withdrawal.
- Lodge a complaint: file a complaint with your local supervisory authority.
To exercise these rights, contact us using Section 24. We may need to verify your identity before fulfilling requests. If we deny a request, we will explain why where required.
19. California and other U.S. state privacy rights
If you are a resident of California or another U.S. state with a comprehensive privacy law, you may have additional rights regarding personal information, which can include:
- Right to know/access specific pieces or categories of personal information collected
- Right to correct inaccuracies
- Right to delete personal information, subject to exceptions
- Right to opt out of certain types of “sale,” “sharing,” or targeted advertising (if applicable)
- Right to limit use of sensitive personal information (if applicable and if we collect SPI as defined by law)
- Right to appeal our decision regarding a request (in certain states)
- Right to non-discrimination for exercising privacy rights
California residents can learn more from the California Attorney General’s office: California Consumer Privacy Act (CCPA) overview. We do not knowingly sell or share personal information of minors under 16 in ways that require opt-in consent under CCPA without obtaining affirmative authorization as required.
20. EU/EEA consumer information
If you reside in the EU/EEA, you may also have rights under consumer protection laws related to online purchases, including withdrawal rights for certain distance contracts, subject to exceptions for sealed goods or perishable items. Consumer protection information is available from the European Commission: EU consumer rights and complaints. Our contractual and refund/access rules are further explained in the Terms and Conditions and Refund & Access Policy.
21. Children’s privacy
The Services are not directed to children under 13 (or the age required by local law), and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it where required.
22. Automated decision-making and profiling
We do not use automated decision-making that produces legal or similarly significant effects solely by automated means (such as fully automated credit eligibility decisions) as a core part of the Store. We may use automated tools to detect fraud, bot traffic, or spam; those processes may involve risk scoring. If you are subject to a decision based solely on automated processing under GDPR and you have rights to human review, contact us and we will evaluate your request under applicable law.
23. Third-party links and embedded content
The Store may contain links to third-party websites, social media widgets, videos, maps, or embedded content. Interacting with embedded content can allow the third party to collect information about you even if you do not leave our site. This policy does not govern third parties; please review their privacy policies. For general education about cookies, you may visit: All About Cookies.
24. Contact us
For privacy-related requests or questions about this policy, contact us through the official channels published on the Store (for example, a contact form, support email, or help desk). When you contact us, please include:
- Your name and email address
- A description of your request (access, deletion, correction, opt-out, etc.)
- Sufficient information to verify your identity and locate relevant records (such as an order number)
- Your country/state of residence (helps us apply the correct rights framework)
If we appoint a data protection officer or EU/UK representative, we will publish those contact details here or on our contact page.
25. Changes to this Privacy Policy
We may update this policy to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will provide notice as required—such as updating the “Last updated” date, posting a notice on the Store, or emailing you if we have your contact details and the change is significant. Continued use of the Services after the effective date may constitute acceptance where permitted by law.
26. Regional addendum: Brazil (LGPD) — illustrative disclosures
If the Brazilian General Data Protection Law (“LGPD”) applies, we process personal information for the purposes described above and rely on appropriate legal bases under LGPD (such as performance of contract, legal obligation, legitimate interest, credit protection, and consent where required). You may have rights to confirmation of processing, access, correction, anonymization, blocking/deletion, portability, information about sharing, and revocation of consent. You may lodge a complaint with the Brazilian National Data Protection Authority (“ANPD”). If you are in Brazil and need Portuguese-language disclosures, contact us and we will provide a localized summary where feasible.
27. Regional addendum: Canada (PIPEDA and provincial laws) — illustrative disclosures
If Canadian privacy law applies, we collect, use, and disclose personal information with appropriate notice and consent as required, and implement safeguards reasonable for the sensitivity of the information. You may have rights to access and challenge the accuracy of your personal information. For general information, see the Office of the Privacy Commissioner of Canada resources: Office of the Privacy Commissioner of Canada.
28. Regional addendum: Australia and New Zealand — illustrative disclosures
If Australian or New Zealand privacy law applies, we will handle personal information in accordance with applicable principles, including ensuring transparency, security, and access/correction rights where available. For Australian Privacy Act information, see: Australian Privacy Principles (OAIC). For New Zealand, see: Office of the Privacy Commissioner (New Zealand).
29. Data minimization and purpose limitation
We strive to collect only personal information that is relevant and necessary for the purposes stated in this policy. When we introduce new features that collect new categories of data, we will update this policy and—where required—provide additional notice or obtain consent. If you believe we are collecting excessive information for a stated purpose, contact us and we will review the concern.
30. Account closure and deletion interactions with orders
If you request account deletion, we may retain certain order and financial records as required for tax, accounting, fraud prevention, and dispute resolution, even if your account is closed. We will stop using account data for marketing where applicable and will restrict access internally. The interaction between deletion rights and legal retention is governed by applicable law; we will explain any limitation when responding to your request.
31. Fraud prevention and enforcement
We may use personal information to detect, investigate, and prevent fraudulent transactions, chargeback abuse, coupon abuse, reseller policy violations, and other breaches of our Terms and Conditions. This may include sharing relevant facts with payment processors, banks, or law enforcement when justified. We may retain fraud-related notes for a period necessary to mitigate repeat abuse.
32. Product reviews and user content
If the Store enables product reviews, ratings, Q&A, or other public content features, any information you submit may be displayed publicly (for example, your first name or username, review text, and general location if you choose to provide it). Do not include personal information in public posts that you do not want visible. We may moderate content to remove prohibited material, spam, or personal data inadvertently posted.
33. Digital delivery providers and access services
Because we sell digital products, we do not use shipping carriers for order fulfillment. We may share limited data with service providers that support secure file hosting, access control, download delivery, licensing, fraud prevention, and transactional messaging (for example, name, email, order ID, and payment status where needed). Those providers process data under their own policies and our contractual instructions.
34. Business customers and gifting
If you purchase on behalf of a company, we may process business contact details and billing information. If access is purchased for another permitted recipient (for example, a team member under the applicable license terms), we may process the recipient’s contact details only as needed to provide access. The purchaser remains responsible for obtaining any necessary permission from recipients where required.
35. Technical notes: logs, diagnostics, and backups
Like most websites, our servers and security tools may automatically record technical events such as IP addresses, user agents, request paths, HTTP status codes, timestamps, and referring URLs. We use logs for troubleshooting, capacity planning, and security. Backups may retain data snapshots for disaster recovery; backups are overwritten on a rolling schedule consistent with operational practices.
36. Your responsibilities
You are responsible for the accuracy of information you provide, for maintaining the confidentiality of your account credentials, and for notifying us if you suspect unauthorized access. If you use shared devices, sign out after completing a session—especially on checkout pages—to reduce the risk of others viewing your information.
37. Accessibility of this policy
We aim to present this policy in a readable format. If you need this policy in an alternative format due to a disability, contact us and we will work with you to provide reasonable access.
38. No waiver
Our failure to enforce any provision of this policy is not a waiver of our right to enforce it later. If any provision is held invalid, the remaining provisions remain in effect.
39. Governing language
If we provide translations of this policy, the English version controls to the extent permitted by law, unless local law requires the local language version to prevail.
40. Acknowledgement of ecommerce realities (merchant transparency statement)
Operating an ecommerce store requires processing personal information in predictable, industry-standard ways: carts must be stored, orders must be recorded, payments must be validated, and customers must be reachable for access or download issues. Our goal is to be transparent about those realities while minimizing data collection, limiting access internally, and respecting your legal rights. We encourage you to review this policy alongside our Cookie Policy and Terms and Conditions so you have a complete picture of how the Store works.
41. Additional details about payment dispute flows
If you initiate a chargeback, payment dispute, or PayPal claim, we and our payment partners may exchange transaction records, communications, download-access logs, and identity verification details as needed to resolve the dispute under network rules. This processing is necessary to protect our legitimate interests and comply with financial partner requirements, and may continue after the underlying order is closed until the dispute cycle completes.
42. Order abandonment and reminder communications
If enabled, we may send cart recovery or checkout reminder messages when you provide contact details but do not complete a purchase. Such messages are designed to help you continue a transaction you started. You can opt out of marketing-style reminders where required; transactional reminders necessary to prevent fraud or complete an in-progress checkout may continue where permitted.
43. Loyalty, referrals, and promotional programs
If we operate loyalty points, referral bonuses, or sweepstakes, we will process personal information to track eligibility, prevent duplicate accounts, and distribute rewards. Additional terms may apply and will be presented at enrollment. We may verify identities for high-value rewards to reduce fraud.
44. Intellectual property and DMCA-style notices
If you submit a copyright or trademark complaint, we will process your contact details and the content of your notice to evaluate the claim. That information may be shared with the affected user as required by applicable notice-and-takedown procedures.
45. Research and surveys
If we invite you to participate in optional surveys, we will tell you how responses will be used. Aggregated, de-identified results may be used to improve the Store. If a survey collects identifiable data, we will apply this policy and any supplemental consent language presented at the survey start.
46. Enforcement of promotional abuse rules
To protect the integrity of discounts and coupons, we may analyze order patterns, device signals available to us, and account linkages to detect duplicate accounts or policy violations described in our Terms and Conditions. This processing supports our legitimate interest in preventing loss and maintaining fair pricing.
47. Data accuracy and routine updates
You can update many account and billing details through your customer account area (if enabled). Keeping information current helps prevent failed payments, tax miscalculations, and account-access issues. We may use validation tools to standardize billing fields where necessary.
48. Cooperation with law enforcement
We may disclose personal information to law enforcement or regulators when we believe in good faith that disclosure is necessary to comply with legal obligations or to protect the vital interests of a person. We will scrutinize requests for legal validity and narrow scope where feasible.
49. Merger, acquisition, or restructuring
If ownership of the Store changes, personal information may be transferred to a successor entity that agrees to honor this policy or provides comparable protections, with notice as required by law. In some jurisdictions, you may object to certain transfers or exercise rights regarding your data.
50. Ethics of data use
We do not use personal information to discriminate unlawfully against protected classes, and we do not use health or biometric data to infer sensitive attributes for marketing. If we ever introduce high-risk processing under GDPR (for example, systematic profiling with legal effects), we will conduct an appropriate assessment and provide additional disclosures where required.
51. Mobile browsers and responsive design
If you access the Services through a mobile browser, similar information may be collected as on desktop, including device type and screen parameters, to render pages correctly. Mobile network operators may separately collect technical data about your usage; their practices are governed by your agreement with them.
52. Do Not Track signals
There is no uniform industry standard for how browsers communicate “Do Not Track” signals. We currently do not respond to all such signals in a standardized way; however, we honor applicable opt-out rights where required by law (for example, certain state targeted advertising opt-outs) and provide cookie controls through our Cookie Policy where implemented.
53. Email security and phishing awareness
We will not ask you to provide full payment card details by email. If you receive a suspicious message claiming to be from us, contact us through official channels before clicking links or opening attachments. Protecting your account credentials helps prevent unauthorized purchases.
54. Third-party analytics (conditional disclosure)
We may use analytics tools to understand traffic and conversion rates. If analytics cookies or trackers are used, they will be described in our Cookie Policy, including retention and opt-out options. If we do not use third-party analytics beyond server logs, the Cookie Policy will reflect that minimal posture.
55. Artificial intelligence-assisted support (if used)
If we deploy AI-assisted chat or ticket triage tools, those tools may process the text of your messages to generate suggested responses for our staff or to route your inquiry. We will limit data exposure to what is necessary and contractually require providers to protect personal information. If we do not use AI tools, this section does not apply.
56. Export controls and sanctions screening
In limited cases involving high-risk transactions or certain destinations, we may screen orders against sanctions and export control lists as required by law. That processing may involve names, addresses, and order details.
57. Warranty and product safety communications
If a product recall or safety notice is required, we may use your contact and order information to notify affected purchasers. This processing may be necessary to protect vital interests and comply with product safety obligations.
58. Social media interactions
If you interact with our brand on social platforms, those platforms process your activity under their policies. We may see your public profile information and message content you send to us. Do not share payment card details in social DMs.
59. Test orders and fraud simulations
We may place test transactions in controlled environments to validate checkout configuration. Those transactions are not used to profile customers and are segregated from production analytics where feasible.
60. Relationship to payment card network rules
Payment networks impose data handling and security expectations on merchants and service providers. We comply with applicable requirements relevant to our role, and rely on certified payment providers for card data handling where applicable.
61. Records of processing and accountability (GDPR-style transparency)
Where GDPR applies, merchants are expected to maintain internal records describing processing activities. While those internal records are not typically published in full, this policy summarizes the major processing activities for the Store: (1) ecommerce order processing and digital delivery access administration; (2) payment authorization and settlement through third-party payment providers; (3) customer service and refund administration; (4) security monitoring and abuse prevention; (5) compliance with tax, accounting, and regulatory obligations; and (6) optional marketing where permitted. We review our processing practices when we add materially new plugins, change checkout flows, or onboard new vendors that access personal data.
If you are a business partner auditing our posture, we can provide high-level descriptions of safeguards and subprocessors under an appropriate confidentiality arrangement, subject to legal limitations and provider confidentiality terms.
62. Processor relationships and merchant responsibilities
In a typical WooCommerce deployment, the store operator acts as the controller for customer personal data collected through the Store, while vendors such as hosting companies and email providers act as processors. Payment providers may act as separate controllers for certain fraud and compliance processing tied to their financial services. This division matters because it determines who you contact for specific rights requests and who sets retention for certain transaction records. When you contact us, we will coordinate with providers if needed—especially for deletion requests that may be partially constrained by payment and tax recordkeeping rules.
63. Detailed procedure for exercising GDPR rights (step-by-step expectations)
To help you understand what happens after you submit a request, the following describes our typical workflow (timelines depend on law and complexity):
- Receipt and logging: We record your request and assign it for review. We may acknowledge receipt where required.
- Identity verification: We verify your identity using reasonable methods (for example, confirming control of your email address, requesting an order number, or matching billing details). We may refuse to disclose certain data if verification cannot be completed, to prevent unauthorized access.
- Scoping: We identify which systems may contain your data (WooCommerce orders, account records, email threads, logs).
- Legal review: We determine whether exceptions apply (for example, data we must retain for tax compliance, or information solely in payment systems that must be requested from the provider).
- Fulfillment: We provide copies, make corrections, delete where appropriate, restrict processing, or document why a request cannot be fully granted.
- Closure: We retain minimal records of the request itself where required to demonstrate compliance.
If you are unsatisfied with our response, you may escalate to your supervisory authority. A list of EU supervisory authorities is maintained by the European Data Protection Board network resources; UK residents may contact the ICO referenced earlier in this policy.
64. California “notice at collection” expansion (illustrative categories table)
California law may require businesses to provide more granular detail about categories collected, purposes, and retention at or before collection. The following table aligns with common CCPA-style disclosures for ecommerce merchants. If a category does not apply to your interaction (for example, you only browse without purchasing), collection may be limited accordingly.
| CCPA category (label) | Collected? | Business purposes (examples) | Retention (high level) |
|---|---|---|---|
| Identifiers | Yes (if you interact with the Store) | Orders, accounts, security | As described in Section 16 |
| Personal information in Cal. Civ. Code § 1798.80(e) | Often yes for purchasers | Fulfillment, billing, support | As described in Section 16 |
| Commercial information | Yes for purchasers | Processing purchases, returns | As described in Section 16 |
| Internet or electronic network activity | Typically yes | Site operation, diagnostics, security | Shorter periods for logs unless needed |
| Geolocation data (precise) | Generally no (not intended) | N/A | N/A |
| Sensory information (audio/video) | Only if you submit it | Support troubleshooting | Minimal retention unless needed |
| Professional/employment information | Rarely (only if you provide for B2B) | Invoicing, account setup | Business need |
| Inferences | Possibly (fraud/risk, recommendations) | Security, merchandising | Varies by system |
65. WooCommerce Payments: additional merchant-facing transparency
WooCommerce Payments can involve additional verification steps for merchants and, for certain transactions, additional risk checks for customers. Those checks may process identity-related data through the payments stack. The precise data elements depend on your region, the payment method, and compliance requirements. As the Store operator, we do not use WooCommerce Payments to collect unnecessary data beyond what checkout requires. If WooCommerce Payments presents you with fields or notices at checkout, those disclosures are part of your agreement with the payments service and supplement this policy for payment-specific processing.
For regulatory context on payment transparency in the United States, you may review Federal consumer finance educational materials via the Consumer Financial Protection Bureau’s public website at consumerfinance.gov (general reference; not a substitute for legal advice).
66. PayPal-specific considerations (wallet, vaulting, and webhooks)
PayPal integrations may support features such as paying with a PayPal balance, linked cards, or—where enabled—saving payment methods for faster checkout (“vaulting”). If vaulting is available, PayPal processes stored payment credentials under its rules. Our Store may receive tokens or references rather than full card numbers. PayPal may send webhook events to our systems to update order payment status (for example, captured, refunded, voided). Those updates can include transaction metadata necessary to keep WooCommerce orders accurate. We configure integrations to limit data exposure to operational necessity.
67. Multi-currency pricing integrity and exchange rates
When prices are converted between currencies, rounding and exchange-rate timing can produce small differences versus your card issuer’s rates. Multi-currency features may rely on external rate sources. While currency presentation is not typically “personal information,” your selected currency preference may be stored to improve your experience. If tax-inclusive pricing or VAT display rules apply, additional parameters may be used to calculate the displayed price.
68. Email deliverability and transactional reliability
Transactional emails (orders, resets) depend on email infrastructure providers and your mailbox provider’s spam filtering. If you do not receive an expected email, check spam folders and verify your email address on the order. We may retry sends or provide downloadable receipts through your account where available. Email providers may log delivery events (bounces, opens if tracking pixels are used). If we use open tracking in marketing emails, we will disclose that practice and provide opt-out consistent with law.
69. Customer account security practices we recommend
We recommend unique passwords, avoiding credential reuse from other sites, and caution when logging in on public devices. If you believe your account is compromised, change your password immediately and contact us so we can review recent orders and payment attempts. We may temporarily lock accounts or require additional verification when we detect suspicious patterns consistent with account takeover.
70. Data localization and government access requests
Depending on where our servers are located, personal information may be subject to access requests by courts or agencies in that jurisdiction. We evaluate requests carefully and challenge overbroad demands where permitted. We may be prohibited from notifying you of a disclosure if a valid non-disclosure order applies.
71. Final statement
We take privacy seriously because trust is essential in ecommerce. This policy is intended to be thorough and practical for a WooCommerce-powered storefront that uses modern payment methods and standard operational tooling. If you have questions, please reach out—we will do our best to respond promptly and clearly.
External resources cited in this policy (quick list): WooCommerce privacy documentation · WordPress.org privacy · PayPal privacy statement · GDPR.eu · ICO guidance · FTC consumer privacy · California AG CCPA overview · EU consumer rights · All About Cookies · OPC Canada · Australian Privacy Principles · New Zealand Privacy Commissioner