Privacy Policy

Terra Mystic ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website terramystic.shop and use our services.

By accessing or using our website, you agree to the terms of this Privacy Policy. If you do not agree with our practices, please do not use our website or services.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you:

• Create an Account: Username, email address, password (encrypted)
• Place an Order: Shipping address (full name, address line 1, address line 2, city, state/region, postal code, country, phone number)
• Contact Us: Email address and any information you choose to provide in your message
• Update Your Profile: Display name, email address changes

1.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information:

• Usage Data: Pages visited, time spent on pages, navigation paths (collected via internal admin panel tracking only)
• Device Information: Browser type, operating system, IP address (for security and rate limiting purposes)
• Security Logs: Login attempts, failed authentication, suspicious activities (stored for security purposes)

1.3 Information We Do NOT Collect

• We do not use third-party analytics services (Google Analytics, Facebook Pixel, etc.)
• We do not use marketing cookies or tracking pixels
• We do not collect sensitive financial information (payments are processed via cryptocurrency)
• We do not sell or share your personal information with third parties for marketing purposes

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Order Processing and Fulfillment

• Process and fulfill your orders
• Ship products to your designated address
• Send order confirmations and shipping notifications
• Provide customer support regarding orders
• Maintain order history for your account

2.2 Account Management

• Create and manage your user account
• Authenticate your identity and secure your account
• Allow you to access your order history and profile
• Process account deletion requests

2.3 Security and Fraud Prevention

• Detect and prevent fraudulent transactions
• Enforce our Terms of Service
• Monitor for suspicious activity and abuse
• Implement rate limiting and CAPTCHA protection
• Maintain audit logs for security purposes

2.4 Legal Compliance

• Verify age requirements (21+ years old)
• Comply with shipping restrictions and regulations
• Maintain records as required by law
• Respond to legal requests and prevent illegal activities

2.5 Website Improvement

• Analyze website usage to improve functionality (internal tracking only)
• Identify and fix technical issues
• Enhance user experience and navigation

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

3.1 Service Providers

• Shipping Carriers: We share your name and shipping address with FedEx to deliver your orders
• Email Service Provider: We use SMTP services to send transactional emails (order confirmations, shipping notifications)
• Hosting Provider: Our website is hosted on Netlify, which may have access to server logs and technical data
• Database Provider: Customer data is stored securely with Neon (PostgreSQL database)

All service providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Requests from law enforcement or government agencies
• Protection of our rights, property, or safety, or that of our users
• Investigation of fraud, security issues, or Terms of Service violations

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Active Accounts: Information is retained as long as your account remains active
• Inactive Accounts: Accounts inactive for 1 year will be subject to deletion
• Order History: Order records are retained for 7 years for legal, tax, and accounting purposes
• Security Logs: Audit logs are retained for 90 days for security monitoring
• Deleted Accounts: When you request account deletion, your personal information is permanently removed within 30 days (order records may be retained as required by law)

5. Data Security

We implement industry-standard security measures to protect your personal information:

Security Measures Include:

• Encryption: All data transmitted between your browser and our servers is encrypted using SSL/TLS
• Password Protection: Passwords are hashed using bcrypt encryption and never stored in plain text
• Access Controls: Strict role-based access controls limit who can access your data
• Secure Database: Data is stored in secure, encrypted databases with regular backups
• Rate Limiting: Automated protections against brute force attacks and abuse
• Security Monitoring: Continuous monitoring for suspicious activity and security threats
• CSRF Protection: Protection against cross-site request forgery attacks
• Regular Updates: Software and security patches are applied regularly

6. Your Privacy Rights

You have the following rights regarding your personal information:

6.1 Access and Correction

• View Your Data: You can access your account information, email, and order history by logging into your account
• Update Information: You can update your email address and display name through your profile settings
• Request Data Copy: Contact us at support@terramystic.shop to request a copy of your personal data

6.2 Account Deletion

You have the right to request deletion of your account and personal information:

• Send a deletion request to support@terramystic.shop
• We will process your request within 30 days
• Note: Order history may be retained for legal and tax compliance (7 years)
• Once deleted, your account cannot be recovered

6.3 Opt-Out Rights

• Transactional Emails: You cannot opt out of essential transactional emails (order confirmations, shipping notifications) as they are necessary for service delivery
• Marketing Emails: We currently do not send marketing emails. If we begin doing so in the future, you will be able to unsubscribe

6.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about personal data we collect, use, and share
• Right to Delete: Request deletion of your personal information (subject to legal exceptions)
• Right to Opt-Out: We do not sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at support@terramystic.shop

6.5 Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, and Utah have similar rights under their respective state privacy laws. Contact us to exercise these rights.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use only essential cookies necessary for website functionality:

• Session Cookies: Secure, httpOnly cookies to maintain your logged-in session (7-day expiration)
• Shopping Cart: Local storage to maintain your cart items
• Security: CSRF tokens to protect against cross-site attacks

7.2 What We Don't Use

• No third-party analytics cookies (Google Analytics, etc.)
• No advertising or marketing cookies
• No social media tracking pixels
• No cross-site tracking

You can disable cookies in your browser settings, but this may affect website functionality and prevent you from placing orders.

8. Children's Privacy

9. International Users

Our services are provided from the United States and are intended for users within the United States only. We do not ship internationally.

If you access our website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our database operates. By using our services, you consent to this transfer and processing.

10. Third-Party Links

Our website may contain links to third-party websites or services (such as payment processors or social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email or prominent notice on our website
• Your continued use of our services after changes become effective constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.