Privacy Policy

1. Introduction

TheGarora ("we", "us", or "our") operates the website thegarora.shop. This policy explains what personal data we collect, why we collect it, and your rights regarding that data. By using our site, you agree to the practices described here.

2. Data We Collect

• Account information: name, email address, and hashed password when you register.
• Order information: shipping name, email, phone, delivery address, and order history.
• Payment information: payments are processed by Stripe — we never store your card details.
• Activity data: products you review, wishlist items, and browsing behavior (via cookies).
• Communications: messages you send via our contact form.

3. How We Use Your Data

• To process and fulfill your orders and send order confirmation emails.
• To verify your email address and authenticate your account.
• To respond to your customer service inquiries.
• To improve our products and website experience.
• To send transactional emails (order status, password reset). You may opt out of non-essential emails at any time.

4. Cookies

We use cookies to keep you signed in, remember your shopping cart, and understand how visitors use the site. Essential cookies are required for the site to function. You can decline non-essential cookies via the consent banner when you first visit.

• Session cookies: required for authentication (NextAuth).
• Cart cookies: stored in your browser's localStorage to persist your cart.
• Analytics cookies: only placed if you accept cookies.

5. Third Parties

• Stripe: processes payments. Subject to Stripe's Privacy Policy.
• Cloudinary: hosts product images when enabled.
• Google: optional sign-in via Google OAuth. Subject to Google's Privacy Policy.
• Resend / Gmail: delivers transactional emails on our behalf.

We do not sell your personal data to any third party.

6. Data Retention

We retain account data for as long as your account is active. Order records are kept for 7 years to comply with accounting and tax obligations. If you delete your account, your personal profile is removed immediately; anonymised order records may be retained for legal purposes.

7. Your Rights

• Access: request a copy of the data we hold about you.
• Correction: update inaccurate information via your account settings.
• Deletion: delete your account from the account settings page. This removes your profile and personal data.
• Opt-out: unsubscribe from marketing emails at any time via the link in any email or from account settings.
• Portability: request an export of your data by contacting us.

8. Security

We use industry-standard measures including bcrypt password hashing, HTTPS encryption, and rate limiting on authentication endpoints. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children

Our site is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to registered users. Continued use of the site after changes constitutes acceptance.

11. Contact