Privacy Policy

Your privacy matters. This policy explains how we collect, use, protect, and share your personal information.

Last updated: March 5, 2026

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Information Sharing & Disclosure
  5. Cookies & Tracking Technologies
  6. Data Security
  7. Data Retention
  8. Your Rights (GDPR & CCPA)
  9. Third-Party Services
  10. Children's Privacy
  11. International Data Transfers
  12. Changes to This Policy
  13. Contact Us

1. Introduction

Storifay ("we", "us", "our") operates the website storifay.com (the "Website") and is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, store, and disclose personal data when you visit our Website, make a purchase, or interact with us in any way.

This policy is written in compliance with the General Data Protection Regulation (GDPR) of the European Union, the California Consumer Privacy Act (CCPA), and other applicable data protection laws. By using our Website, you consent to the practices described in this policy.

We encourage you to read this Privacy Policy carefully to understand our views and practices regarding your personal data and how we treat it.

2. Information We Collect

We collect different types of information depending on how you interact with our Website:

2.1 Information You Provide Directly

When you place an order, create an account, subscribe to our newsletter, or contact us, you may provide the following personal information:

  • Identity Information: Full name, date of birth (if applicable).
  • Contact Information: Email address, phone number, shipping and billing address.
  • Payment Information: Credit/debit card number, PayPal details, or other payment method data. Please note that payment processing is handled by secure third-party processors (such as Shopify Payments and Stripe), and we do not store your full card details on our servers.
  • Account Information: Username, password (encrypted), and order history.
  • Communication Data: Any messages, reviews, feedback, or other content you send to us via email, contact forms, or social media.

2.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information through cookies and similar technologies:

  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, links clicked, referral URLs, and browsing patterns on our Website.
  • Location Data: Approximate geographic location based on your IP address.
  • Session Data: Login times, session duration, and interaction patterns.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Payment processors (transaction confirmation).
  • Shipping carriers (delivery confirmation and tracking).
  • Analytics providers (aggregated usage statistics).
  • Marketing platforms (if you interact with our advertisements).

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose Legal Basis (GDPR)
To process and fulfill your orders Performance of contract
To send order confirmations and shipping updates Performance of contract
To respond to your inquiries and support requests Legitimate interest
To send marketing emails and newsletters Consent
To improve our Website, products, and services Legitimate interest
To detect and prevent fraud Legitimate interest / Legal obligation
To comply with legal and regulatory obligations Legal obligation
To personalize your shopping experience Consent / Legitimate interest
To administer promotions, surveys, or contests Consent

✓ We will never sell your personal data to third parties for their own marketing purposes.

4. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. However, we may share your data with the following categories of third parties, solely for the purposes described in this policy:

4.1 Service Providers

We share information with trusted third-party companies that help us operate our business:

  • Shopify: Our e-commerce platform, which processes transactions and stores order data.
  • Stripe / Payment Processors: Secure payment processing.
  • Shipping Partners: To fulfill and deliver your orders (e.g., PostNL, DHL, FedEx).
  • Email Service Providers: To send transactional and marketing emails (e.g., Klaviyo, Mailchimp).
  • Analytics Providers: To understand Website usage (e.g., Google Analytics).

4.2 Legal Requirements

We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to:

  • Comply with a legal obligation or court order.
  • Protect and defend our rights or property.
  • Prevent or investigate potential wrongdoing.
  • Protect the personal safety of users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Cookies & Tracking Technologies

Our Website uses cookies and similar tracking technologies to provide a better user experience, analyze usage, and deliver personalized content.

Types of Cookies We Use

Cookie Type Purpose Duration
Essential Necessary for the Website to function (cart, checkout, login) Session / 1 year
Analytics Help us understand how visitors interact with our Website Up to 2 years
Marketing Used to deliver relevant ads and measure campaign effectiveness Up to 1 year
Preferences Remember your settings and preferences (language, currency) Up to 1 year

Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our Website. Most browsers allow you to:

  • View and delete existing cookies.
  • Block cookies from specific or all websites.
  • Set preferences for certain types of cookies.

For more information about cookies and how to manage them, visit allaboutcookies.org.

6. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it, including:

  • Encryption: All data transmitted between your browser and our Website is encrypted using SSL/TLS (256-bit encryption).
  • Secure Payment Processing: All payment data is processed through PCI-DSS compliant providers.
  • Access Controls: Access to personal data is limited to authorized personnel who need it for business purposes.
  • Regular Audits: We conduct regular security assessments and vulnerability testing.
  • Data Minimization: We only collect and retain data that is necessary for the purposes outlined in this policy.

⚠ While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. Specific retention periods include:

  • Order Data: Retained for 7 years for tax and accounting compliance.
  • Account Data: Retained for as long as your account is active, plus 2 years after closure.
  • Marketing Consent: Until you withdraw consent (unsubscribe).
  • Analytics Data: Anonymized after 26 months.
  • Support Correspondence: Retained for 3 years after case resolution.

When personal data is no longer needed, it is securely deleted or anonymized in accordance with our data management procedures.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have certain rights regarding your personal data. We are committed to respecting these rights and facilitating their exercise.

Rights Under GDPR (EU/EEA Residents)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances.
  • Right to Restriction: Request restricted processing of your personal data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

Rights Under CCPA (California Residents)

  • Right to Know: Request information about data collection, use, and sharing.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: Opt out of the "sale" of personal information (note: we do not sell personal data).
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights.

To exercise any of these rights, please contact us at privacy@storifay.com. We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

✓ You can unsubscribe from our marketing emails at any time by clicking the "unsubscribe" link at the bottom of any email.

9. Third-Party Services

Our Website may contain links to third-party websites, plugins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read their privacy policies before providing any personal data.

Key Third-Party Services We Use

10. Children's Privacy

Our Website is not directed at children under the age of 16 (or under 13 in the United States). We do not knowingly collect personal data from children. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us immediately at privacy@storifay.com. If we discover that we have collected personal data from a child without parental consent, we will take steps to remove that information from our servers promptly.

11. International Data Transfers

We operate primarily from the European Union. However, some of our service providers may be located outside the EU/EEA. When we transfer personal data internationally, we ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions by the European Commission for specific countries.
  • Binding Corporate Rules where applicable.

If you would like more information about the safeguards in place for international data transfers, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Post a prominent notice on our Website.
  • Send you an email notification if the changes are significant (if we have your email address).

We encourage you to review this Privacy Policy periodically. Your continued use of our Website after the changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy-related complaint, please contact us:

Storifay Data Protection

📧 Privacy inquiries: privacy@storifay.com

📧 General support: support@storifay.com

📝 Contact Form: storifay.com/contact

🕐 Hours: Monday – Friday, 9:00 AM – 5:00 PM (CET)

📍 Response time: Within 30 days for GDPR requests

If you are not satisfied with our response or believe we are processing your personal data in violation of applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.