Skip to main content
Nicotine free

Privacy Policy

Privacy Policy

Last updated: [DATE]

This Privacy Policy explains how [COMPANY NAME] ("we", "us", "our"), operating the website ketopouches.com, collects, uses, and protects your personal data. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679.

1. Data Controller

[COMPANY NAME]
[ADDRESS]
[COUNTRY]
Registration number: [NUMBER]
Email: [email protected]

2. What Personal Data We Collect

We collect personal data that you provide directly to us when using our website:

Account registration: Name, email address, and password. Creating an account is optional — you may also check out as a guest.

Orders and checkout: Name, email, shipping address, billing address, and phone number (if provided). Payment card details are collected and processed directly by our payment provider Stripe — we never see, store, or have access to your full card number.

Contact form: Name, email address, subject category, and your message.

Automatically collected data: We use Umami, a privacy-focused, self-hosted analytics tool that collects anonymous page view statistics. Umami does not use cookies, does not track individual users, and does not collect any personally identifiable information. The analytics data includes only aggregated information such as page URLs, referral sources, browser type, screen size, and country (derived from anonymized IP addresses).

3. How We Use Your Data

We process your personal data for the following purposes:

To fulfill your orders — processing payments, arranging shipping, and sending order confirmations. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).

To manage your account — if you create one, we use your data to maintain your account, order history, and saved addresses. Legal basis: performance of a contract.

To respond to inquiries — when you use our contact form, we process your data to reply to your message. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).

To send transactional emails — order confirmations, shipping updates, and account-related notifications. These are not marketing emails. Legal basis: performance of a contract.

To improve our website — using anonymous, aggregated analytics data. No personal data is processed for this purpose.

To comply with legal obligations — such as tax reporting and accounting requirements. Legal basis: legal obligation (Art. 6(1)(c) GDPR).

4. Data Processors and Third Parties

We share your personal data only with trusted service providers who process data on our behalf. All processors are bound by data processing agreements and GDPR-compliant terms:

Stripe (Stripe Payments Europe, Ltd., Ireland) — Payment processing. Stripe receives your payment details directly and is an independent data controller for payment fraud prevention. Stripe Privacy Policy.

Resend (EU region, Ireland) — Transactional email delivery. Receives recipient email addresses and email content to deliver order confirmations and other notifications. Resend Privacy Policy.

DigitalOcean (Amsterdam, Netherlands) — Server hosting. All website data, including the database containing your account and order information, is stored on servers in the EU. DigitalOcean Privacy Policy.

Cloudflare (EU infrastructure) — Content delivery, DNS, DDoS protection, and email routing. Cloudflare processes request data (IP addresses, headers) to deliver our website securely. Cloudflare Privacy Policy.

We do not sell, rent, or trade your personal data to any third parties. We do not share your data with advertisers.

5. International Data Transfers

Your data is primarily stored and processed within the European Union (Amsterdam, Netherlands and Ireland). Some of our processors (Stripe, Cloudflare) may process limited data in the United States under the EU-U.S. Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.

6. Cookies and Tracking

Our website uses only strictly necessary cookies required for the website to function:

Session cookie — maintains your shopping cart and login session. Expires when you close your browser or after a period of inactivity.

We do not use any advertising cookies, tracking cookies, or third-party marketing pixels. Our analytics tool (Umami) is fully cookieless and does not track individual users.

Because we only use strictly necessary cookies, no cookie consent banner is required under GDPR and the ePrivacy Directive.

7. Data Retention

Account data: Retained for as long as your account is active. You may request deletion at any time.

Order data: Retained for the duration required by applicable tax and accounting laws (typically 7 years in the EU), after which it is deleted.

Contact form messages: Retained for up to 12 months after the inquiry is resolved, then deleted.

Analytics data: Aggregated and anonymous — retained indefinitely as it contains no personal data.

8. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

Right of access — request a copy of the personal data we hold about you.

Right to rectification — request correction of inaccurate data. You can also update your profile and addresses directly in your account.

Right to erasure — request deletion of your personal data, subject to legal retention obligations.

Right to restriction — request that we limit how we process your data in certain circumstances.

Right to data portability — receive your data in a structured, machine-readable format.

Right to object — object to processing based on legitimate interests.

Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.

9. Data Security

We take appropriate technical and organizational measures to protect your personal data, including:

Encrypted connections (TLS/SSL) for all website traffic. Secure, hashed password storage. Access controls limiting data access to authorized personnel only. Regular security updates and monitoring of our infrastructure. Daily encrypted database backups.

10. Children's Privacy

Our products are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]
Website: ketopouches.com