Heart Lake Quilts – Privacy Policy
Last updated: July 17, 2025
Heart Lake Quilts (“we,” “us,” “our”) operates an e‑commerce website based in Charlottesville, Virginia, where we sell handcrafted quilts and related products. Protecting your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit heartlakequilts.com (the “Site”) or purchase from our WooCommerce store.
| Category | Examples | Purpose |
|---|---|---|
| Account & Checkout Data | Name, billing & shipping address, email, phone number, payment method, order details | To process and fulfill orders, communicate about your purchase, handle returns & warranty |
| Payment Data | Last four digits of card number, transaction ID (processed securely by Stripe / PayPal) | Fraud prevention, refunds, bookkeeping |
| Technical Data (via Google Analytics) | IP address (anonymized where possible), device/browser type, pages visited, referring URLs, time spent on pages | Site analytics, performance monitoring, improvement of user experience |
| Cookies & Similar Technologies | WooCommerce session cookies, GA cookies, cart retention cookies | Keep items in cart, remember preferences, compile aggregate statistics |
Sensitive data: We do not intentionally collect sensitive personal information (e.g., SSN, health data, precise geolocation).
We use your information only for:
Order Processing & Fulfillment – creating invoices, arranging shipping, and providing customer support.
Communication – sending order confirmations, shipping updates, and responding to inquiries.
Site Improvement & Analytics – understanding aggregate user behavior via Google Analytics to improve navigation, product selection, and performance.
Legal & Security – detecting fraud, complying with tax and accounting obligations, and enforcing our Terms of Service.
We do not use personal data for interest‑based advertising, and we do not sell or rent your information to third parties.
| Recipient | What We Share | Why |
|---|---|---|
| Shipping Carriers (USPS, UPS, FedEx) | Name, address, phone/email, order weight | Deliver your order, send tracking updates |
| Payment Processors (Stripe, PayPal) | Payment credentials, transaction total | Complete your purchase securely |
| Service Providers (Web hosting, IT support) | Limited technical data as needed | Maintain site reliability & security |
| Analytics Provider (Google Analytics) | Device & usage data (pseudonymized) | Site performance insights |
All third‑party partners are contractually required to keep your data confidential and to use it only for the intended service.
For residents of the European Economic Area (EEA) or United Kingdom, we rely on:
Contractual necessity – to fulfill our agreement with you.
Legitimate interests – to analyze and improve our services, prevent fraud, and secure our Site (balanced against your rights).
Legal obligations – to satisfy tax, accounting, and regulatory requirements.
Consent – for optional cookies or marketing emails (you may withdraw at any time).
Access / Correction – request a copy of the personal data we hold or correct inaccuracies.
Deletion – ask us to delete certain data (subject to record‑keeping laws).
Opt‑Out of Analytics Cookies – adjust your browser settings or install the Google Analytics Opt‑out Browser Add‑on.
Do‑Not‑Track – we honor Global Privacy Control (GPC) signals where technically feasible.
Virginia Residents (VCDPA) – right to appeal denial of a privacy request; contact details below.
California Residents (CCPA/CPRA) – right to know, delete, and correct; no sale or sharing for cross‑context advertising means no opt‑out is needed.
To exercise any right, email kristin@heartlakequilts.com. We will respond within 30 days.
| Data Type | Retention Period |
|---|---|
| Order records & invoices | 7 years (tax/accounting laws) |
| Customer service correspondence | 3 years after ticket closure |
| Google Analytics data | 14 months (auto‑delete setting) |
| Abandoned carts (WooCommerce) | 60 days |
When retention periods expire, data is securely deleted or anonymized.
TLS/SSL encryption for all data in transit
Payment details handled exclusively by PCI‑DSS‑compliant processors
Role‑based access controls & 2‑factor authentication for administrative accounts
Regular software updates, malware scans, and off‑site backups
Despite safeguards, no online transmission can be guaranteed 100% secure.
Our servers are located in the United States. If you access the Site from outside the U.S., you consent to transferring your data to the U.S., where privacy laws may differ. For EEA/UK residents, transfers rely on Standard Contractual Clauses or an adequacy mechanism.
Our Site is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us for deletion.
We may update this Privacy Policy from time to time. Any changes will be posted on this page with a new “Last updated” date. Material changes will be communicated via email or a prominent Site notice.
Heart Lake Quilts
Email: kristin@heartlakequilts.com
If you have questions about this Privacy Policy, your personal information, or wish to file a complaint, please reach out using the details above.
