Legal

Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

We collect the following categories of personal information:

  • Account information: name, email address, and password when you create an account.
  • Order information: shipping address, billing address, phone number, and purchase history.
  • Payment information: payment method details are processed directly by Stripe and are never stored on our servers.
  • Usage data: pages visited, time spent on pages, browser type, device information, and IP address.
  • Communications: any information you provide when contacting our support team.

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders.
  • Communicate with you about orders, account updates, and promotions (with your consent).
  • Improve and personalize your experience on the platform.
  • Detect and prevent fraud or unauthorized activity.
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information to third parties for marketing purposes.

3. Cookies & Tracking

Cafendo uses cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze site usage. We use essential cookies required for the platform to function (e.g., authentication and cart state) and optional analytics cookies to understand how visitors use the site. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent certain features from working correctly.

4. Third-Party Services

We share limited information with the following third-party services to operate the platform:

  • Stripe: processes payments securely. Stripe collects and handles payment card data under its own privacy policy.
  • Analytics providers: we use privacy-respecting analytics to understand site traffic and user behavior. Data is aggregated and anonymized where possible.
  • Email services: transactional emails (order confirmations, shipping notifications) are sent through our email service provider.
  • Hosting providers: our infrastructure is hosted on Vercel and Railway, both of which maintain industry-standard security practices.

5. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data (“right to be forgotten”).
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests or direct marketing.
  • Restriction: request limited processing of your data in certain circumstances.

To exercise any of these rights, contact us at privacy@cafendo.com. We will respond within 30 days.

6. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Order data is retained for a minimum of 5 years to comply with tax and accounting regulations. Account data is deleted within 30 days of account closure, unless retention is required by law.

7. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@cafendo.com. Our data protection officer can be reached at the same address. We are committed to working with you to resolve any concerns about your privacy.

This policy applies to all users of the Cafendo platform, including vendors and customers.