Privacy Policy

1. Information We Collect

Information You Provide Directly

Email address — when you purchase, take our quiz, sign up for the newsletter, submit a review, join the affiliate program, or contact us
Name — when you purchase a gift card (for delivery) or contact us
Quiz responses — if you take our product recommendation quiz (12 questions about your emotional state and healing style)
Order information — product purchased, amount paid, date, download activity
Affiliate application details — if you apply to our affiliate program
Payment information — we do not collect or store this. All payment processing is handled entirely by Stripe. See Section 5.

Information Collected Automatically

Session identifiers — anonymous tokens to track cart state, wishlist items, and quiz progress
Browser/device data — via Meta Pixel: browser type, device type, IP address (see Section 4)
Usage data — pages visited, products viewed, download activity (used to improve our store)
Referral data — affiliate tracking codes in URLs when you arrive via an affiliate link

2. How We Use Your Information

We use the information we collect to:

Deliver your digital products (generate and send download links)
Send order confirmations and transactional emails
Send marketing emails if you opted in (you can opt out anytime)
Power our quiz recommendation engine and personalized follow-up sequence
Run our affiliate program (track referrals, calculate commissions)
Recover abandoned carts (three-email sequence if you provided your email)
Send cross-sell recommendations after purchase
Analyze conversion and sales data to improve our products
Detect and prevent fraud
Comply with legal obligations

We do not use your information for automated decision-making or profiling beyond basic marketing segmentation.

3. Cookies & Tracking

Our site uses the following types of cookies and tracking mechanisms:

Session cookies: Temporary cookies that expire when you close your browser. Used for cart state, wishlist items, and quiz progress. Strictly necessary — the site doesn't work without them.
Preference cookies: Remembers your session token for order lookups and wishlist persistence. Expires after 90 days.
Analytics/advertising cookies: Meta Pixel sets cookies on your browser to enable retargeting and conversion tracking. See Section 4.
Affiliate tracking: When you arrive via an affiliate link, we store the referral code in a session cookie for attribution. See Section 7.

You can disable cookies in your browser settings. Note that disabling cookies will break cart and wishlist functionality.

4. Meta Pixel

We use Meta Pixel (ID: 850198527547486) on our website. Meta Pixel is an advertising tool operated by Meta Platforms, Inc. (Facebook/Instagram).

What It Does

The Meta Pixel loads a small piece of JavaScript on each page. This script:

Records standard events: PageView (every page), Lead (quiz email capture), Purchase (after checkout confirmation)
Sends data about your visit — including hashed email (if available), IP address, browser, device, and the URL you're on — to Meta
Allows us to run retargeting ads on Facebook and Instagram to people who've visited our site
Allows us to measure the effectiveness of our advertising

Your Choices

Meta Ad Settings: You can opt out of Meta's ad targeting at facebook.com/adpreferences
Browser opt-out: Use a browser extension like uBlock Origin or Privacy Badger to block the Meta Pixel script
Industry opt-out: Visit optout.aboutads.info for broader industry opt-outs

Meta's use of data collected via the Pixel is governed by Meta's Privacy Policy.

5. Third-Party Services

Stripe (Payment Processing)

All payments are processed by Stripe, Inc. When you check out, you're submitting your payment information directly to Stripe's servers. We never see, transmit, or store your card number, CVV, or full billing information. Stripe's privacy policy is at stripe.com/privacy.

Email Delivery

We use a third-party email service to send transactional and marketing emails. This service processes your email address to deliver messages on our behalf. They act as a data processor under our instructions.

Neon (Database Hosting)

Our database is hosted on Neon, a PostgreSQL cloud provider. Customer data (orders, emails, quiz responses) is stored on Neon's infrastructure in the US.

Render (Web Hosting)

Our website is hosted on Render. Standard server logs (IP addresses, request data) are collected by Render as part of hosting operations.

We do not share your personal information with any other third parties except as required by law.

6. Email Communications

We send the following types of emails:

Transactional: Order confirmations, download links, gift card deliveries, subscription confirmations. These are required and cannot be opted out of.
Marketing: Promotions, new products, sale announcements. You can opt out via the unsubscribe link in any email or at /email-preferences.
Quiz follow-up: A short email sequence after taking our quiz. You signed up for this by entering your email on the quiz page. Opt out via unsubscribe link.
Abandoned cart: Up to 3 emails if you left the checkout with an item in your cart. Opt out via unsubscribe link.
Review requests: A single email 3 days after your product is expected to be printed/used, asking for a review. Opt out via unsubscribe link.
Cross-sell: Up to 3 emails over 10 days suggesting related products after a purchase. Opt out via unsubscribe link.

Every marketing email includes an unsubscribe link as required by CAN-SPAM. Our physical address is: Shadow Lotus, Minot, ND. Requests to opt out are honored within 10 business days.

7. Affiliate Tracking

Our affiliate program uses cookies to track referrals. When you visit our site via an affiliate link, we store the affiliate's tracking code in a session cookie. If you make a purchase during that session (or within the cookie's validity window), the purchase is attributed to that affiliate for commission purposes.

We record: the affiliate tracking code, your IP address at time of click, and whether you converted to a purchase. We do not share your personal information with the affiliate — they only see aggregate conversion data in their portal.

8. Data Retention

We retain your data for the following periods:

Order records: 7 years (required for tax and accounting purposes)
Email addresses (marketing): Until you unsubscribe or request deletion
Quiz responses: 2 years from submission, or until you request deletion
Abandoned cart data: 90 days after cart abandonment
Affiliate data: For the duration of the affiliate relationship, then 3 years for financial records
Server logs: 30 days

You can request deletion of your data at any time. See Section 9 and 10 for your rights.

9. Your Rights (GDPR — EU & UK)

If you are located in the European Union or United Kingdom, you have the following rights under GDPR:

Access Request a copy of all personal data we hold about you

Rectification Ask us to correct inaccurate or incomplete data

Erasure Ask us to delete your personal data ("right to be forgotten")

Restriction Ask us to pause processing your data

Portability Receive your data in a machine-readable format

Object Object to processing based on legitimate interests or direct marketing

Our legal basis for processing your data is primarily contract performance (to deliver your order) and legitimate interests (marketing to existing customers). For marketing to new leads (quiz signups, newsletter), we rely on consent.

To exercise your rights, contact us at /contact or email us directly. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Your Rights (CCPA — California)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information:

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale: We do not sell personal information. There is nothing to opt out of.
Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit a verifiable request, contact us and include your email address. We will verify your identity before processing the request. Response within 45 days.

11. Children's Privacy

Our website and products are intended for adults 18 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us immediately and we will delete it.

12. Security

We take reasonable technical and organizational measures to protect your data:

HTTPS encryption on all connections
Parameterized database queries (no SQL injection vulnerabilities)
No storage of payment card information (Stripe handles all of this)
Access controls on our database and production systems

No system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new "last updated" date. For material changes, we will notify customers via email. Continued use of our site after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, data access requests, or deletion requests:

Contact form: /contact
Mail: Shadow Lotus, Minot, ND

We respond to all privacy inquiries within 10 business days.

Contents