Privacy policy

PRIVACY POLICY

1. Introduction & Data Controller

Hyostore.com is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share your personal information in compliance with GDPR, CCPA, PIPEDA, CASL, CAN-SPAM, and other applicable laws.

Contact: support@hyostore.com

2. Information We Collect

From You:

  • Contact info (name, email, phone)

  • Address (shipping/billing)

  • Payment information (processed securely; we don't store full card details)

  • Account information (username, password - encrypted)

  • Communication data (messages, support requests)

Automatically:

  • IP address, browser type, device info

  • Pages visited, time on site, links clicked

  • Cookies and tracking data

  • General location (IP-based, not precise)

3. Cookies & Tracking

Essential Cookies (always active for site function):

  • Shopping cart, login, security

Analytics Cookies (with your consent):

Marketing Cookies (with your consent):

Consent: We require your active consent before placing non-essential cookies. If you see our cookie banner, you can:

  • Accept All: Accept all cookies

  • Reject All: Accept only essential cookies

  • Customize: Choose which cookies to allow

Cookie Control: You can disable cookies in your browser settings (usually Settings > Privacy > Cookies), but this may affect site functionality.

4. How We Use Your Information

  • Order Processing: Fulfill orders, arrange shipping, send confirmations and tracking updates

  • Payment: Verify payment, process transactions securely, prevent fraud and unauthorized charges

  • Communication: Respond to inquiries, send order updates, provide customer support

  • Improvement: Analyze site usage to enhance experience and identify technical issues

  • Marketing: Send promotional emails about products and sales (only if you opt-in; you can unsubscribe anytime)

  • Legal Compliance: Comply with tax laws, respond to legal requests, prevent fraud

5. Data Sharing & Third Parties

Your information may be shared with:

Third Party Purpose Security
Shopify E-commerce platform PCI-DSS Level 1, SOC 2 Type II
Shopify Payments / PayPal / Stripe Payment processing PCI-DSS Level 1, encrypted
Additional Payment Gateways (future) Payment processing PCI-DSS Level 1 minimum
Fulfillment Partner Order fulfillment & shipping Standard data protection
Google Analytics Website analytics Google's security standards
Facebook Pixel / TikTok Pixel Conversion tracking & ads Meta/TikTok security standards


Important: All third parties are contractually required to:

  • Comply with privacy laws (GDPR, CCPA, CASL, etc.)

  • Protect your data with industry-standard security

  • Use data only for specified purposes

  • Not sell or share your information without consent

Payment Processing:

  • We don't store full credit card numbers; payment processors handle this securely

  • All payment methods use PCI-DSS Level 1 encryption (highest standard)

  • Credit card details are tokenized for security

6. Data Retention

Data Type Retention Reason
Purchase & transaction records 3-7 years Tax, legal, accounting compliance
Payment info Not stored by us Payment processors handle securely
Marketing emails Until you unsubscribe Marketing purposes only
Analytics data 26 months Site improvement & optimization
Support messages 2 years Customer service & dispute resolution
Fraud detection data 5 years Fraud prevention & protection


After the retention period, we delete your data. You can request deletion anytime (some exceptions apply for legal compliance).

7. Your Privacy Rights (GDPR, CCPA, PIPEDA, CASL)

You have the right to:

  • Access: Request a copy of all data we have about you

  • Correct: Update or fix inaccurate information

  • Delete: Request removal of your data (some legal exceptions apply)

  • Portability: Get your data in a readable, transferable format

  • Opt-Out: Stop receiving marketing emails or targeted ads immediately

  • Object: Oppose how we process your data for certain purposes

  • Withdraw Consent: Change your mind about cookies or marketing at any time

No Penalties: We will not penalize you for exercising your rights.

How to Request:
Email support@hyostore.com with your request:

  • "Data Access Request"

  • "Data Deletion Request"

  • "Data Correction Request"

  • "Opt-Out Request"

  • Include your order number or email address for verification

Response Time: Within 30 days

8. Payment Methods & Security

Accepted Payment Methods:

  • Shopify Payments (Visa, Mastercard, American Express, Discover)

  • PayPal

  • Stripe (Credit/Debit Cards, Apple Pay, Google Pay)

  • Additional payment gateways (future)

Security Standards:

  • All payment data encrypted via SSL/TLS (https://)

  • PCI-DSS Level 1 compliance (highest security standard)

  • Credit card details are tokenized; we never store full card numbers

  • Payment processors handle all sensitive card data securely

Your Responsibility:

  • Provide accurate billing information

  • Keep your password secure

  • Report fraudulent charges to your bank within 30 days

  • Monitor your account for unauthorized activity

9. Marketing & Email Compliance

US (CAN-SPAM):

  • Every marketing email has an unsubscribe link

  • We respond to unsubscribe requests within 10 business days

  • Email subjects are accurate and not deceptive

Canada (CASL):

  • We obtain your consent before sending commercial emails

  • Every email has an unsubscribe option

  • We clearly identify our business in emails

EU (GDPR):

  • You must opt-in to receive marketing emails

  • We never send without your permission

  • You can withdraw consent anytime

Unsubscribe Anytime:

  • Click "unsubscribe" link in any marketing email, OR

  • Email support@hyostore.com with subject "Unsubscribe from marketing"

10. Children's Privacy (COPPA)

This site is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately and may terminate the child's account.

11. Third-Party Links & External Websites

Our site may contain links to third-party websites (social media, payment processors, blogs, etc.). We are not responsible for the privacy practices of external sites. Please review their privacy policies before providing any information.

12. Data Security & Protection Measures

How We Protect Your Data:

  • SSL/TLS encryption for all data in transit (https://)

  • PCI-DSS Level 1 compliance for payment data

  • Shopify's SOC 2 Type II certified infrastructure

  • Access controls (only authorized staff access data)

  • Regular security audits and vulnerability assessments

  • Fraud detection systems (device fingerprinting, transaction monitoring)

Your Role in Security:

  • Use a strong, unique password

  • Don't share your password with others

  • Enable two-factor authentication if available

  • Log out on shared computers

  • Report suspicious activity immediately

Limitations: No internet transmission is 100% secure. We implement industry-standard safeguards, but cannot guarantee absolute security.

13. Data Breaches & Security Incidents

If a security breach affects your personal data, we will:

  1. Investigate immediately

  2. Notify you within 72 hours (as required by law)

  3. Explain what data was compromised and how it happened

  4. Advise protective measures (change password, monitor accounts, file reports)

  5. Contact relevant authorities as required by law

Report a Security Issue:
Email support@hyostore.com with subject line "Data Security Incident Report"

14. International Data Transfers

Your data may be transferred to, stored in, and processed in countries outside your residence, including the United States and China. By using this site, you consent to these transfers.

For EU Residents: We use Standard Contractual Clauses (SCCs) and additional safeguards to ensure adequate protection when transferring data outside the EU.

15. Automated Decision-Making & Fraud Detection

We use automated tools to detect fraud and prevent unauthorized transactions. These tools analyze:

  • Device fingerprints

  • Transaction patterns

  • IP addresses

  • Payment history

Your Rights: If we automatically decline an order, you have the right to:

  • Request human review

  • Get an explanation of the decision

  • Object to the automated decision

Email support@hyostore.com with "Review Fraud Decision" to request a manual review.

16. California Consumer Privacy Act (CCPA) - CA Residents Only

Your CCPA Rights:

  • Know: What personal info we collect, use, and share

  • Delete: Request deletion of your personal data (some legal exceptions apply)

  • Opt-Out: Stop the sale/sharing of your data (we don't sell data; we only share with service providers for business operations)

  • Non-Discrimination: We won't discriminate or charge more if you exercise your CCPA rights

How to Submit: Email support@hyostore.com with "CCPA Request"
Response Time: Within 45 days

17. Canada's PIPEDA Compliance - Canadian Residents Only

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA):

  • We collect personal information only for legitimate business purposes

  • You have the right to access, correct, and delete your personal data

  • We do not use your information for purposes other than stated in this policy

  • Contact support@hyostore.com for PIPEDA-related questions

18. Legal Basis for Processing Your Data (GDPR)

We process your personal information based on:

  • Contract Performance: To fulfill your order and provide services (you can't opt-out; necessary for the transaction)

  • Legitimate Interest: To improve our site, prevent fraud, conduct analytics, and protect our legal rights

  • Consent: For marketing emails and targeted ads (you can opt-out anytime)

  • Legal Obligation: To comply with tax laws, anti-money laundering requirements, and respond to legal requests

19. Policy Updates & Changes

We may update this Privacy Policy at any time. Changes take effect immediately upon posting to this page. We recommend reviewing this policy periodically.

Material Changes: If we make significant changes, we will notify you by email or prominent notice on our site.

Last Updated: December 28, 2025

20. Contact Us & Support

Questions about your privacy, data rights, or this policy?

📧 Email: support@hyostore.com

Subject Line Examples:

  • "Privacy Question"

  • "Data Access Request"

  • "Data Deletion Request"

  • "Unsubscribe from Marketing"

  • "Opt-Out Request"

  • "Fraud Decision Review"

  • "Data Breach Report"

Response Time: We respond to all inquiries within 30 days.