Privacy Policy – Amber Hearth

Your Privacy Matters – How Amber Hearth Collects, Uses, and Protects Your Information

Effective Date: January 1, 2024
Last Updated: January 1, 2024

Welcome to the Amber Hearth Privacy Policy. Your privacy is not an afterthought – it is a foundational principle of how we operate. When you visit amberhearth.shop or purchase our products, you trust us with your personal information. We take that trust seriously.

This Privacy Policy explains:

What information we collect about you
How we use that information
When and why we share it with third parties
How we protect your data
What rights you have regarding your personal information

We have written this policy in clear, plain language – no legal jargon designed to confuse you. Please read it carefully. By using our website or purchasing products from Amber Hearth, you consent to the practices described in this Privacy Policy.

If you have any questions or concerns about your privacy, contact us at:
📧 marga.trading.amz@gmail.com
📞 +84814592700 (Monday–Friday, 9 AM–6 PM Mountain Time)
📬 7533 S Center View Ct Ste R, West Jordan, UT, 84084, United States

1. Information We Collect {#information-collect}

We collect several categories of personal information to provide our services, process orders, improve your experience, and comply with legal obligations. The specific information depends on how you interact with Amber Hearth.

A. Information You Provide Directly to Us

When you create an account, place an order, sign up for our newsletter, request customer support, or otherwise communicate with us, you may provide:

Category	Examples
Identity information	Full name, date of birth (if required for age verification), username
Contact information	Email address, phone number, shipping address, billing address
Payment information	Credit/debit card number, expiration date, CVV, billing ZIP code (processed directly by Stripe – we do not store full card numbers)
Order details	Products purchased, sizes, colors, quantities, special instructions
Account credentials	Password (stored in hashed, non-readable format), security questions
Communications	Emails, chat messages, phone call notes, survey responses, product reviews
User-generated content	Photos you upload (e.g., customer photos wearing our shirts), comments, forum posts

B. Information Collected Automatically

When you browse our website, even if you do not create an account or make a purchase, we automatically collect certain technical information:

Category	Examples	Purpose
Device information	IP address, browser type and version, operating system, device type (desktop, mobile, tablet)	To optimize our website for your device
Usage data	Pages visited, time spent on each page, clicks, scrolls, search queries, referring website (e.g., Google, Facebook, email link)	To improve website design and user experience
Location data	Approximate geographic location derived from IP address (city, region, country)	To display correct currency, shipping options, and taxes
Session data	Items added to cart, checkout abandonment, login timestamps	To recover abandoned carts and analyze sales funnels

C. Information from Third-Party Sources

We may receive information about you from:

Source	Examples
Payment processors (Stripe)	Confirmation of payment status, masked card details (last 4 digits only), fraud risk scores
Shipping carriers (USPS, UPS, FedEx, DHL)	Delivery confirmation, address validation corrections
Social media platforms (if you log in via Google/Facebook)	Public profile information (name, email, profile picture) – only if you choose to connect
Marketing partners	Email addresses from co-marketing campaigns (only where you have consented)
Fraud prevention services	Risk indicators, IP reputation scores

We do not buy or rent mailing lists from third parties. Any marketing emails we send are only to individuals who have explicitly opted in.

D. Sensitive Personal Information

Amber Hearth does not intentionally collect sensitive personal information such as:

Social Security numbers
Driver’s license numbers
Financial account numbers (beyond payment cards processed by Stripe)
Biometric data (fingerprints, facial recognition)
Health or medical information
Genetic data
Precise geolocation (GPS coordinates)
Political or religious beliefs
Sexual orientation or activity
Trade union membership

If we inadvertently receive such information, we will delete it promptly.

2. How We Collect Your Information {#how-collect}

We collect information through the following methods:

Direct Collection (You Provide)

When you create an account – You enter your name, email, and password.
When you place an order – You enter shipping/billing addresses and payment details (through Stripe’s secure form).
When you contact customer support – You provide your order number, email, and describe your issue.
When you sign up for newsletters – You provide your email address.
When you write a product review – You provide your name (optional) and review text/photo.

Automatic Collection (Technology)

Cookies – Small text files stored on your browser (see Section 3).
Log files – Our servers automatically record information about your request (IP address, timestamp, requested URL).
Web beacons / pixels – Invisible images in emails or web pages that track open rates and click-throughs.
JavaScript tags – Code that captures user interactions (e.g., button clicks, form submissions).

Third-Party Collection

Stripe collects payment information directly on their PCI-compliant forms. We never see or store your full card number.
Google Analytics collects anonymized usage data via a JavaScript snippet.
Social login providers (if enabled) collect your authentication data.

3. Cookies & Tracking Technologies {#cookies}

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites remember you, your preferences, and your actions over time.

Types of Cookies We Use

Cookie Type	Purpose	Examples	Duration
Essential (strictly necessary)	Required for the website to function. Cannot be disabled.	Shopping cart, login session, security tokens, checkout process	Session (deleted when you close browser) or up to 1 year
Preference (functional)	Remember your choices to improve your experience.	Language preference, currency selection, size chart preferences	Up to 1 year
Analytics (performance)	Collect anonymous usage data to help us improve.	Google Analytics – pages visited, time on site, bounce rate	Up to 2 years
Marketing (advertising)	Track your browsing across websites to show relevant ads.	Facebook Pixel, Google Ads remarketing	Up to 180 days

Specific Cookies We Use

Cookie Name	Provider	Purpose
`session_id`	Amber Hearth	Maintains your shopping cart and login state
`cart_token`	Amber Hearth	Recovers abandoned carts
`_ga`, `_gid`, `_gat`	Google Analytics	Anonymously tracks website usage
`_fbp`, `fr`	Facebook	Tracks conversions and remarketing
`_gcl_au`	Google Ads	Conversion tracking
`stripe_mid`	Stripe	Fraud detection and payment processing

Third-Party Cookies

Some cookies are placed by third-party services integrated into our website:

Google Analytics – Helps us understand how visitors use our site.
Facebook Pixel – Helps us measure ad effectiveness and show relevant ads.
Stripe – Essential for payment processing and fraud prevention.

We do not control how these third parties use their cookies. Please review their privacy policies for details.

Your Cookie Choices

You can control cookies through your browser settings:

Delete all cookies – Clear your browser history/cache.
Block third-party cookies – Prevent marketing and analytics cookies while allowing essential ones.
Block all cookies – Not recommended, as our checkout and cart will not work.

To manage cookies in popular browsers:

Chrome: Settings → Privacy and security → Cookies and other site data
Firefox: Options → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Cookies and website data
Edge: Settings → Site permissions → Cookies and site data

If you disable essential cookies, you will not be able to place orders or log into your account.

Do Not Track (DNT)

Some browsers have a “Do Not Track” feature that signals websites to stop tracking your activity. Our website does not currently respond to DNT signals because there is no universally accepted standard. However, you can block analytics and marketing cookies as described above.

4. How We Use Your Information {#how-use}

We use your personal information for the following purposes:

A. Order Processing & Fulfillment

Process payments (through Stripe)
Print and ship your products to your address
Send order confirmations, shipping updates, and delivery notifications
Handle returns, refunds, and exchanges
Provide customer support for order-related issues

Legal basis: Contractual necessity (we cannot fulfill your order without this information).

B. Account Management

Create and maintain your account
Store your order history and preferences
Allow you to reset your password
Enable faster checkout for future orders

Legal basis: Contractual necessity (account services) or legitimate interest (improving user experience).

C. Marketing & Promotions (Only with Your Consent)

Send newsletters, promotional offers, and new product announcements (opt-in required)
Show personalized ads on social media (e.g., Facebook, Instagram) and Google
Administer contests, sweepstakes, or giveaways
Send birthday discounts (if you provide your birthdate)

You can opt out at any time by clicking “unsubscribe” in any marketing email or updating your account preferences.

Legal basis: Consent (for direct marketing); legitimate interest (for retargeting ads, with opt-out available).

D. Website Improvement & Analytics

Analyze how customers use our website (e.g., which pages are most popular)
Identify and fix technical issues (broken links, slow loading)
Test new features (A/B testing)
Monitor and prevent fraud or security breaches

Legal basis: Legitimate interest (improving our services and protecting our business).

E. Legal Compliance & Fraud Prevention

Comply with tax, accounting, and anti-money laundering laws
Respond to lawful requests from law enforcement or regulators
Enforce our Terms and Conditions
Detect and prevent fraudulent transactions, chargebacks, or abuse

Legal basis: Legal obligation (tax records) and legitimate interest (fraud prevention).

F. Communication

Respond to your customer support inquiries
Send important service announcements (e.g., policy changes, security alerts)
Request feedback or reviews after your purchase

Legal basis: Contractual necessity (responding to your requests) or legitimate interest (improving service quality).

5. Legal Basis for Processing (GDPR & Other Laws) {#legal-basis}

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, data protection laws (including GDPR) require us to have a “legal basis” for collecting and processing your personal information.

Processing Activity	Legal Basis
Processing orders, payments, shipping	Contractual necessity – We cannot fulfill your purchase without this data.
Account creation and management	Contractual necessity – Necessary to provide account features you request.
Sending marketing emails	Consent – You must opt in. You can withdraw consent at any time.
Using cookies for analytics	Legitimate interest – Improving our website. You can opt out via cookie settings.
Using cookies for marketing	Consent – Required in EEA for non-essential cookies.
Fraud detection	Legitimate interest – Protecting our business and customers from financial harm.
Tax and accounting records	Legal obligation – We must retain order data for tax purposes.
Customer support communications	Legitimate interest – Responding to your inquiries.

If you have questions about our legal bases, contact us at marga.trading.amz@gmail.com.

6. Sharing Your Information with Third Parties {#sharing}

We do not sell your personal information to third parties. We never have, and we never will. However, we do share your information with trusted service providers who help us run our business.

Categories of Third Parties We Share With

Third Party Category	Examples	Information Shared	Why
Payment processors	Stripe	Payment card details, billing address, order total	To process your payment and prevent fraud
Shipping carriers	USPS, UPS, FedEx, DHL	Name, shipping address, phone number (optional), email (for tracking notifications)	To deliver your order
Printing & fulfillment partners	Our in-house team (no external partners currently)	Order details (design, size, quantity)	To produce your t‑shirts
Email service providers	(We use internal systems, but may use third-party in future)	Email address, name	To send order confirmations and marketing (if opted in)
Analytics providers	Google Analytics	Anonymized IP address, device info, browsing behavior	To understand how customers use our site
Advertising platforms	Facebook, Google Ads	Hashed email address (for custom audiences), pixel data	To show relevant ads to people who have visited our site
Fraud prevention services	Stripe Radar, other tools	IP address, device fingerprint, order data	To detect and block fraudulent transactions
Legal & law enforcement	Courts, police, regulators	Any information required by law	To comply with legal obligations

Specific Disclosures

Stripe: When you enter payment information, it goes directly to Stripe’s PCI-compliant servers. We receive only a token and the last 4 digits of your card. Read Stripe’s privacy policy: stripe.com/privacy
Google Analytics: We use Google Analytics with IP anonymization enabled. Your full IP address is not stored. You can install the Google Analytics Opt-Out Browser Add-on.
Facebook Pixel: We use the Facebook pixel to measure conversions and show retargeting ads. You can opt out of Facebook’s ad targeting in your Facebook Ad Preferences.

Business Transfers

If Amber Hearth is involved in a merger, acquisition, financing, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information, and we will provide choices about your information.

Aggregated & Anonymized Data

We may share aggregated, anonymized data (e.g., “30% of customers buy size M”) with partners or publish it for research purposes. This data cannot identify you personally.

7. Your Choices & Opt-Out Rights {#choices}

You have control over how your information is used. Here are the choices available to you:

Marketing Communications

Email newsletters: Every marketing email we send contains an “unsubscribe” link at the bottom. Click it to stop receiving promotional emails. You will still receive transactional emails (order confirmations, shipping updates, password resets).
SMS/text messages: We do not currently send marketing SMS. If we start, we will obtain your explicit consent and provide opt-out instructions.
Postal mail: We do not send postal marketing.

Cookies & Tracking

Disable cookies in your browser (see Section 3). Note that essential cookies are required for checkout.
Opt out of Google Analytics using the browser add-on linked above.
Opt out of Facebook ads by visiting facebook.com/ads/preferences.

Account Information

Access & update: Log into your account to update your name, email, password, shipping addresses, and communication preferences.
Delete your account: Email marga.trading.amz@gmail.com with “Delete My Account” in the subject line. We will remove your personal information within 30 days, subject to legal retention requirements (see Section 9).

Do Not Sell My Personal Information (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have the right to opt out of the “sale” of their personal information. As stated above, we do not sell personal information. Therefore, no opt-out is necessary. However, if our practices change, we will provide a “Do Not Sell My Personal Information” link on our website.

8. Data Security – How We Protect You {#data-security}

Protecting your personal information is not just a legal obligation – it is a moral commitment. We implement multiple layers of security:

Technical Safeguards

Measure	Description
SSL/TLS encryption	All data transmitted between your browser and our website is encrypted with 256-bit TLS. Look for the padlock icon in your address bar.
PCI DSS Level 1 compliance	Stripe, our payment processor, holds the highest certification for payment security.
Tokenization	We store only tokens (random strings) instead of actual card numbers.
Hashing of passwords	Your password is never stored in plain text. We use bcrypt, a strong one-way hashing algorithm.
Firewalls & intrusion detection	Our servers are protected by enterprise-grade firewalls and 24/7 monitoring.
Regular security audits	We conduct internal and third-party penetration tests at least annually.
Access controls	Only employees whose job requires access (e.g., fulfillment, customer support) can view customer data, and only the minimum necessary.

Organizational Safeguards

Employee training: All team members complete privacy and security training upon hire and annually.
Confidentiality agreements: Employees sign legally binding confidentiality agreements.
Incident response plan: We have a written plan to respond to data breaches within 72 hours.

Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach, we will notify affected users and relevant authorities as required by law (within 72 hours under GDPR).

What You Can Do to Protect Yourself

Use a strong, unique password for your Amber Hearth account (do not reuse passwords from other sites).
Do not share your password with anyone.
Shop from secure networks – avoid public Wi-Fi for financial transactions.
Monitor your bank statements for unauthorized charges. Report any to us and your bank immediately.

9. Data Retention – How Long We Keep Your Information {#data-retention}

We keep your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, plus any additional period required or permitted by law.

Data Category	Retention Period	Reason
Order records (name, address, purchase details, amount paid)	7 years from date of order	U.S. tax law requires keeping financial records for 7 years
Payment tokens (from Stripe)	As long as your account exists, plus 1 year after account deletion	To process refunds and handle disputes
Account information (email, hashed password, preferences)	Until you delete your account, plus 30 days	To maintain your account
Customer support emails & chat logs	3 years from last interaction	To resolve disputes and improve service
Email marketing opt-in records	Until you unsubscribe, plus 5 years	To prove consent under GDPR/CCPA
Website analytics data (anonymized)	26 months (Google Analytics default)	To analyze trends over time
Product reviews & user-generated content	Indefinitely (or until you request removal)	To benefit other customers (reviews are public)

Anonymization

After the retention period expires, we either delete your personal information or anonymize it (remove any identifying information so it can never be linked back to you).

Your Right to Erasure (“Right to Be Forgotten”)

You may request that we delete your personal information earlier than the stated retention periods, subject to legal exceptions (e.g., we cannot delete tax records until the 7-year period ends). Email marga.trading.amz@gmail.com with “Right to Erasure” in the subject line.

10. Children’s Privacy (COPPA Compliance) {#children-privacy}

Amber Hearth does not knowingly collect personal information from children under the age of 13 (or under 16 for certain jurisdictions like California and the EU). Our website and products are intended for general audiences.

What We Do

Age screening: Our checkout process does not ask for age, but we require users to affirm they are at least 18 years old or have parental consent.
No targeted marketing: We do not direct marketing to children.
No child accounts: We do not knowingly allow children under 13 to create accounts.

If You Are a Parent or Guardian

If you believe your child under 13 has provided personal information to us without your consent, please contact us immediately at marga.trading.amz@gmail.com. We will:

Verify your identity and relationship to the child
Delete all personal information of the child from our systems
Close any associated account

COPPA Compliance Statement

We comply with the U.S. Children’s Online Privacy Protection Act (COPPA), which requires parental consent for the collection of personal information from children under 13. If we discover that a child under 13 has provided us with personal information without parental consent, we will delete that information as soon as reasonably practicable.

11. Your Privacy Rights – California (CCPA), GDPR, and Others {#privacy-rights}

Depending on where you live, you may have specific legal rights regarding your personal information. Amber Hearth honors these rights for all customers, regardless of location, to the extent technically and legally feasible.

Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights:

Right	Description	How to Exercise
Right to Know	Request disclosure of what personal information we collect, use, disclose, and sell (we do not sell)	Email marga.trading.amz@gmail.com with “CCPA Request – Know”
Right to Delete	Request deletion of your personal information (subject to exceptions)	Email with “CCPA Request – Delete”
Right to Opt-Out of Sale	We do not sell personal information, so no action needed	N/A
Right to Non-Discrimination	We will not discriminate against you for exercising your rights (e.g., charge higher prices)	Automatic
Right to Correct	Request correction of inaccurate information	Log into account or email us

CCPA Request Verification: To protect your privacy, we will verify your identity before responding to a CCPA request. We may ask for:

Your email address (to match our records)
Your order number (if you have one)
A signed declaration under penalty of perjury (for certain requests)

We will respond within 45 days (extendable by another 45 days if reasonably necessary).

Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under GDPR:

Right	Description
Right to Access	Obtain a copy of your personal information we hold
Right to Rectification	Correct inaccurate or incomplete data
Right to Erasure (“Right to be Forgotten”)	Request deletion of your data, subject to legal exceptions
Right to Restrict Processing	Limit how we use your data while a dispute is resolved
Right to Data Portability	Receive your data in a structured, machine-readable format (CSV)
Right to Object	Object to processing based on legitimate interests (e.g., direct marketing)
Rights Related to Automated Decision-Making	We do not use automated decision-making that significantly affects you (e.g., credit decisions)

To exercise any GDPR right: Email marga.trading.amz@gmail.com with “GDPR Request” in the subject line. We will respond within 30 days.

Rights for Other U.S. States (Virginia, Colorado, Connecticut, Utah, etc.)

Residents of states with comprehensive privacy laws (Virginia’s VCDPA, Colorado’s CPA, Connecticut’s CTDPA, Utah’s UCPA) have similar rights to access, delete, correct, and opt out of certain processing. Please contact us using the information below.

How to Submit a Privacy Request

Email: marga.trading.amz@gmail.com
Subject line: Use one of the following:

“CCPA Request – Know”
“CCPA Request – Delete”
“GDPR Request – Access”
“GDPR Request – Erasure”
“Privacy Request – [Your Specific Right]”

Body of email: Provide:

Your full name
Email address associated with your account (if any)
Order number (if applicable)
A clear description of your request
Preferred response method (email or mail)

Verification: We may request additional information to verify your identity (e.g., order details, government ID redacted). We will never ask for your password or full payment card number.

Appeals: If we deny your request, you may appeal by replying to our denial email or sending a new email with “APPEAL” in the subject line. We will respond within 60 days.

12. International Data Transfers {#international-transfers}

Amber Hearth is headquartered in the United States. When you provide personal information to us, that data is stored on servers located in the United States.

For Customers Outside the United States

If you are located in a country with data protection laws that differ from U.S. laws (e.g., the European Union), please be aware that your information may be transferred to, stored, and processed in the United States.

Legal basis for transfer (GDPR): We rely on the following mechanisms to lawfully transfer data from the EEA/UK to the US:

Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually obligate us to protect your data to EU standards.
Your explicit consent (by using our website, you consent to this transfer – see consent banner).

Data protection guarantees: We implement appropriate safeguards, including encryption, access controls, and regular security audits.

Privacy Shield (Historical)

Amber Hearth is not certified under the EU-US Privacy Shield framework, which was invalidated in 2020. We rely on SCCs as described above.

Questions About International Transfers

If you have concerns about your data being transferred to the United States, please contact us. You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, the CNIL in France, or your country’s equivalent).

13. Third-Party Links on Our Website {#third-party-links}

Our website may contain links to third-party websites, products, or services (e.g., social media buttons, payment processor documentation, shipping carrier tracking). These third parties have their own privacy policies, and we are not responsible for their practices.

Examples:

Links to Facebook, Instagram, Twitter, Pinterest
Links to Stripe’s website for payment information
Links to USPS, UPS, FedEx, DHL for tracking

We encourage you to read the privacy policies of any third-party websites you visit. This Privacy Policy applies only to information collected by Amber Hearth.

14. Changes to This Privacy Policy {#changes-policy}

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

How We Notify You of Changes

Type of Change	Notification Method
Minor updates (clarifications, grammar, non-material changes)	Updated “Last Updated” date at the top of this page. No individual notice.
Material changes (new data uses, expanded sharing, new cookies)	Email notice to the email address associated with your account (if any) plus a banner on our website for at least 30 days.

Your Acceptance of Changes

Your continued use of our website or purchase of products after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the changes, you may:

Delete your account (email marga.trading.amz@gmail.com)
Stop using our website

Version History

Version	Date	Summary of Changes
1.0	January 1, 2024	Initial Privacy Policy

We will maintain a version history for at least the past 3 years.

15. Contact Information for Privacy Questions {#privacy-contact}

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer (the team member responsible for data protection compliance).

Email (preferred): marga.trading.amz@gmail.com
Please include “PRIVACY” in the subject line for fastest routing.

Phone: +84814592700 (Monday–Friday, 9 AM–6 PM Mountain Time)
Ask to speak with the Privacy Officer.

Mail:
Amber Hearth
Attn: Privacy Officer
7533 S Center View Ct Ste R
West Jordan, UT, 84084
United States

Response Time

We will acknowledge your privacy request within 48 hours and provide a substantive response within 30 days (or 45 days for CCPA requests). If we need more time, we will notify you of the extension.

Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority:

For EEA residents: Your local data protection authority (find yours at edpb.europa.eu)
For UK residents: The Information Commissioner’s Office (ICO) – ico.org.uk
For California residents: The California Attorney General – oag.ca.gov/privacy

However, we ask that you please give us the opportunity to resolve your issue first by contacting us directly.

Summary – Key Privacy Points

Question	Answer
Do you sell my personal information?	No. Never.
Do you share my data with third parties?	Yes, only with service providers who help us process orders, ship products, prevent fraud, and analyze traffic.
Do you store my credit card number?	No. Stripe processes payments; we only store a token.
How long do you keep my data?	Order records: 7 years (tax law). Other data: until you delete your account or request erasure.
Can I delete my data?	Yes. Email marga.trading.amz@gmail.com with “Right to Erasure.”
Do you use cookies?	Yes – essential, analytics, and marketing cookies. You can disable non-essential ones.
Do you comply with GDPR/CCPA?	Yes, for all customers globally (to the extent possible).
How do I contact your Privacy Officer?	Email marga.trading.amz@gmail.com with “PRIVACY” in the subject line.

Conclusion – Our Promise to You

Privacy is not just a legal checkbox at Amber Hearth. It is a core value. We believe that:

Your data belongs to you. We are merely custodians.
Transparency builds trust. That’s why we wrote this policy in plain English, not legalese.
Security is non-negotiable. We invest in protection so you don’t have to worry.
You have choices. We make it easy to access, correct, or delete your information.

Thank you for trusting Amber Hearth with your personal information. We will continue to earn that trust every day through honest, responsible data practices.

Shop with confidence at amberhearth.shop.