Last Updated: 6/20/2025

Website: https://craftylulu.com/Shop

Brand Name: Crafty Lulu

Contact Email: support@craftylulu.com

Who we are

Crafty Lulu is a small, independently operated ecommerce business based in the United States. We specialize in offering handmade and curated craft items through our online store at https://craftylulu.com/shop. This website is managed by the owner/operator of Crafty Lulu. For any questions or concerns related to privacy, you can reach us at support@craftylulu.com

What Personal Data We Collect and Why

We collect the following types of personal data to operate our online store, fulfill orders, and improve your experience:

I. Personal Identifiers:

• Name, email address, shipping/billing address, phone number.
• Why: To process orders, provide customer support, and communicate with you about your purchases.

II. Payment Information:

• We collect limited payment-related data such as your purchase history and transaction ID through secure third-party payment processors like Stripe or PayPal.
• Why: To process your payments securely. We do not store credit card numbers or other sensitive financial information on our servers.

III. Sensitive Data:

• We do not intentionally collect sensitive personal data such as health information, biometric data, or government-issued identifiers. If such data is ever collected (e.g., through optional uploads or third-party services), it will be handled with heightened security and only used for its intended purpose.

IV. Legal Basis:

We collect and process personal data based on the following legal grounds.

• Consent: When you voluntarily provide information (e.g., account registration, signing up for emails, leaving comments, etc.)
• Contractual Necessity: To fulfill orders and provide customer service.
• Legal Obligation: To comply with applicable laws and tax requirements.
• Legitimate Interest: To improve our website, prevent fraud, and understand customer behavior.

V. Technical and Usage Data:

• IP address, browser type, device information, pages visited, and time spent on the site for analytics and site functionality.
• Why: To analyze website performance, detect fraud, and improve user experience

VI. Cookies and Tracking Technologies:

• Session cookies, analytics cookies, and preference cookies.
• Why: To remember your preferences, track shopping cart contents, and understand how visitors use our site.

VII. Optional Data:

• Product reviews, comments, or uploaded media content.
• Why: To display user-generated content and enhance community engagement.

Comments

When visitors leave comments on our site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string. This information helps us detect and prevent spam and abuse.

If you are logged into an account when commenting, your username and profile information may also be visible to other visitors.

Please note that any information you post in a public comment may be visible to others and can be collected or used by third parties. We recommend avoiding the inclusion of personal or sensitive information in comments.

Media

If you upload images or other media files to our website, please avoid including embedded location data (EXIF GPS) in the files. Visitors to the website may be able to download and extract any location data from images posted on the site.

Uploaded media may be publicly visible depending on where it is displayed (e.g., product reviews, blog comments, etc.). We recommend not uploading media that contains personal or sensitive information.

Contact Forms

When you submit a message through our contact form, we collect the information you provide, which may include your name, email address, and the content of your message.

We use this information solely to respond to your inquiry and provide customer support. We do not use contact form submissions for marketing purposes unless you explicitly opt in.

We retain contact form submissions for up to 6 months, after which they are securely deleted, unless required for legal or administrative purposes.

Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and help us understand how visitors use our site

What are Cookies?

Cookies are small text files stored on your device when you visit a website. They help remember your preferences and improve site functionality.

Types of Cookies We Use:

• Essential Cookies: Required for basic site functionality, such as remembering items in your shopping cart.
• Analytics Cookies: Help us understand how visitors interact with our site (e.g., which pages are visited most often).
• Preference Cookies: Remember your settings and preferences (e.g., language or region).
• Third-Party Cookies: May be set by services like Google Analytics or embedded social media content.

How you can Control Cookies:

You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of certain parts of our website.

How we use Cookies:

We use cookies to enhance your experience on our website.

Here are some examples of how they work:

Commenting:

• When you leave a comment, you can choose to save your name, email address, and website in cookies. This is for your convenience, so you don’t have to re-enter your details the next time you comment.
• These cookies may last up to one year unless you clear your browser’s cache or cookies.

Login Page:

• When you visit our login page, we may set a temporary cookie to check if your browser accepts cookies.
• This cookie doesn’t contain any personal data and is deleted when you close your browser.

Account Login:

If you log in to your account, we may set cookies to store your login information and screen display preferences:

• Login cookies should last for two days.
• Screen preference cookies should last for one year.
• If you select “Remember Me,” your login should persist for two weeks.
• Logging out should remove the login cookies.

Editing or Publishing Content:

If you edit or publish an article, a cookie may be saved in your browser. This cookie contains no personal data—only the post ID of the article you edited—and should expire after one day.

Analytics

We use analytics tools to help us understand how visitors interact with our website. These tools collect information such as your IP address, browser type, pages visited, and time spent on the site.

This data is used in aggregate to improve our website’s performance, identify popular content, and enhance the user experience. We do not use analytics data to personally identify you.

We may use third-party analytics services (such as Google Analytics), which may set their own cookies or tracking technologies. You can learn more about how Google uses your data here, and you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website (e.g. YouTube, Instagram, etc.)

Who we may share your data with

We do not sell your personal information. However, we may share your data with trusted third-party service providers who help us operate our website and fulfill your orders.

These include:

• Payment Processors (e.g., PayPal, Stripe): To securely process your transactions.
• Shipping Providers (e.g., USPS, UPS): To deliver your purchases.
• Analytics Services (e.g., Google Analytics): To help us understand how visitors use our site.
• Website Hosting and Security Providers: To maintain and protect our website.

Each of these providers is contractually obligated to protect your data and use it only for the services they provide to us.

We may also disclose your information if required by law, to comply with legal obligations, or to protect our rights and the safety of our users.

How long we may retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements.

Our general retention periods are:

• Contact form submissions: Up to 6 months, for customer service purposes.
• Order and transaction records: Up to 7 years, for tax and legal compliance.
• Analytics data: Up to 18 months, for website performance and improvement.
• Comments and reviews: Indefinitely, unless you request removal by writing to us.

When data is no longer needed, we securely delete or anonymize it in accordance with industry best practices.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive a copy of the personal data we hold about you, including any data you have provided to us. You may also request the deletion of any personal data we hold about you by submitting a written request. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

As a consumer, you have the following rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Correction: You can ask us to correct inaccurate or incomplete information.
• Right to Deletion: You can request that we delete your personal data, subject to certain legal or operational exceptions.
• Right to Know: You can ask what categories of personal data we collect, why we collect it, and who we share it with.
• Right to Opt Out: You may opt out of the sale or sharing of your personal data (note: we do not sell personal data).
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

To exercise any of these rights, please contact us at support@craftylulu.com – We may need to verify your identity before processing your request.

Where your data is sent

We may store or process your personal data using third-party services that operate outside the United States. This includes cloud hosting providers, analytics platforms, and payment processors that may store data on servers located in other countries. Visitor comments may be checked through an automated spam detection service.

Whenever possible, we prioritize using third-party service providers that are based in and operate within the United States to help ensure your data is handled in accordance with U.S. privacy and security standards.

When data must be transferred internationally, we take reasonable steps to ensure that your information is handled securely and in compliance with applicable privacy laws. These steps may include using providers that implement strong data protection practices and contractual safeguards.

By using our website, you consent to the transfer of your information to countries outside of your own, including the United States, where data protection laws may differ.

How We Protect Your Data

We take the security of your personal information seriously and implement reasonable technical and organizational measures to protect it.

These include:

• Secure Website Hosting: Our website is hosted on a secure platform with regular updates and monitoring.
• SSL Encryption: All data transmitted between your browser and our site is encrypted using Secure Socket Layer (SSL) technology.
• Limited Access: Access to personal data is restricted to authorized personnel who need it to perform their duties.
• Third-Party Security: We work with service providers who follow strong data protection practices and are contractually obligated to safeguard your information.
• Regular Reviews: We periodically review our data handling practices and update our security measures as needed.

While we strive to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure. If you believe your interaction with us is no longer secure, please contact us immediately.

Data Breach Procedures

We take data security seriously and have procedures in place to detect, respond to, and mitigate data breaches

If we discover a data breach involving your personal information, we will:

• Investigate the incident promptly to determine the nature and scope of the breach.
• Notify affected individuals without unreasonable delay, and within the timeframes required by applicable U.S. state or federal laws.
• Provide notice via email or mail, or through substitute notice (e.g., website posting and media announcement) if direct contact is not feasible.
• Notify relevant authorities (such as state Attorneys General or the Federal Trade Commission) if the breach affects a significant number of individuals, as required by law.

We strive to use encryption and other safeguards to minimize the risk of unauthorized access. However, if unencrypted personal data is accessed or acquired by an unauthorized party, we will take all legally required steps to inform you and mitigate the impact.

Third-Party Data Sources

We may receive limited personal data about you from third-party sources to help us operate our business and improve your experience.

These sources may include:

• Analytics providers (e.g., Google Analytics) that give us insights into how visitors interact with our website.
• Advertising platforms that help us understand the effectiveness of our marketing campaigns.
• Payment processors that confirm transaction status or fraud alerts.
• Shipping and logistics partners that provide delivery updates or address verification.

We only use this information to support our services, fulfill orders, and improve our website. We do not combine this data with other personal information for profiling or automated decision-making.

Automated Decision-Making

We do not use automated decision-making or profiling systems that make decisions with legal or similarly significant effects on individuals (such as credit scoring, employment screening, or behavioral advertising based on personal profiles).

If we ever implement such systems in the future, we will update this policy to explain:

• What types of decisions are made automatically,
• What data is used to make those decisions,
• And what rights you have to opt out or request human review.

Industry Regulatory Disclosures

Crafty Lulu is a small ecommerce business and is not part of a regulated industry such as healthcare, finance, or education. As such, we are not subject to additional industry-specific privacy regulations like HIPAA, GLBA, or FERPA.

However, we work with third-party service providers (such as payment processors and hosting platforms) that may be subject to their own regulatory obligations. We rely on these providers to maintain compliance with applicable laws and to safeguard your data accordingly.

If our business practices change in a way that subjects us to additional privacy regulations, we will update this policy to reflect those requirements