How we collect, use, share, and protect information about you when you shop with us.
This Privacy Policy explains how ZentoPlatform ("we", "us", "our") collects, uses, and discloses information about you when you use our online store (the "Store"), and the choices you have. We respect your privacy and only collect what we need to fulfill your order, run our business, and comply with the law.
Information you give us at checkout. When you place an order we collect your name, email address, phone number (optional), shipping address, billing address, and any notes you add to the order. You also tell us whether you've accepted our Terms & Conditions and whether you want to receive optional order-status notifications.
Payment information. Your payment-card details are entered directly into Stripe's payment form embedded on our checkout page. Stripe processes the charge and returns to us only a transaction reference, the card brand, the last four digits, an issuer authorization code, and amounts. We do not see, store, or transmit your full card number, CVC, or expiry date.
Information collected automatically. When you visit the Store we receive technical data: IP address, browser type and version, device type, referring URL, pages viewed, and timestamps. We use a session cookie to keep your shopping cart while you browse; this cookie is essential to the Store and is not used for advertising.
We use the information described above to:
We share information with the following categories of third parties, only to the extent reasonably necessary:
We do not sell your personal information for advertising. We do not share it with advertisers or data brokers.
We use a small number of strictly necessary cookies to make the Store function — most importantly, a session cookie that holds your shopping cart and a CSRF token cookie that protects checkout against forged requests. These cookies are removed when you close your browser or, in the case of authenticated sessions, when you log out. We do not use third-party advertising or cross-site tracking cookies on the Store by default.
Transactional messages. We will send you order confirmation, payment receipt, shipping notice, delivery confirmation, and similar messages directly related to your order. These are not marketing and you cannot opt out without abandoning the order.
Optional notifications. If you opted in at checkout, we may also send proactive order-status updates by email and/or SMS — for example, a friendly reminder that your shipment is on a truck for delivery today. You can opt out at any time by contacting us; opting out will not affect transactional messages.
We keep order records for as long as needed to fulfill the order, support customer service, resolve disputes, file tax returns, and comply with our legal obligations. In most jurisdictions accounting and tax records must be retained for several years. After that period we delete or anonymize order data unless we are required to keep it longer.
You can ask us to delete your account or order history at any time, subject to our obligation to retain certain records as described above.
Depending on where you live, you may have the right to access the personal information we hold about you, request correction of inaccurate data, request deletion of your data ("right to be forgotten"), object to or restrict certain uses, and request a portable copy of your data.
To exercise any of these rights, contact us at the address in Section 12. We will respond within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before acting on a request.
If you are in the European Economic Area, the United Kingdom, or Switzerland, the lawful bases on which we process your data include performance of our contract with you (to fulfill orders), our legitimate interests (running and improving the Store, fraud prevention), your consent (for optional notifications), and compliance with legal obligations.
We take reasonable technical and organizational measures to protect your information, including transport-layer encryption (HTTPS) for everything you submit to us, restricted access to order data, and use of a PCI-compliant payment processor (Stripe) so that card data does not transit our servers. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work to keep risks low.
The Store is not directed at children under 13 (or under 16 in the EEA), and we do not knowingly collect information from them. If you believe we have collected information from a child, please contact us and we will delete it.
Our hosting and certain service providers may be located outside your country. Where personal data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses or other mechanisms approved by applicable law.
We may update this Privacy Policy as our practices change or as the law requires. The "Last updated" date at the top of this document indicates when the most recent changes took effect. We encourage you to review the policy periodically.
For questions about this Privacy Policy, to exercise your rights, or to request deletion of your data, contact us at: