Treasure Finders LLC

Privacy Policy

Last updated: February 26, 2026

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, make a purchase, subscribe to our newsletter, or contact us for support.

This information may include:

  • Name and email address
  • Phone number (optional)
  • Billing and shipping address
  • Payment information (processed securely by Stripe — never stored on our servers)
  • Communication and email preferences
  • Product reviews and ratings
  • Wishlist selections

Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address (used for security, rate limiting, and fraud prevention)
  • Browser type and device information
  • Pages visited and interactions (only with your analytics consent via our cookie banner)
  • Referral source

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders
  • Communicate with you about orders, shipping, and services
  • Send promotional communications (only with your explicit consent)
  • Recover abandoned shopping carts (you can opt out at any time)
  • Improve our website and services (via anonymized analytics)
  • Prevent fraud and ensure security
  • Comply with legal obligations

3. Service Providers (Data Processors)

We do not sell your personal information. We share data with the following service providers who process it on our behalf under data processing agreements:

  • Stripe — Payment processing (name, email, billing/shipping address, payment details)
  • Supabase — Database hosting and authentication (all account data)
  • Resend — Transactional and marketing email delivery (email address, name)
  • Vercel — Website hosting (IP addresses in server logs)
  • Google Analytics — Website analytics (anonymized browsing data, only with consent)
  • Cloudflare — Bot protection on forms (IP address, browser fingerprint)
  • Sentry — Error monitoring (anonymized error reports with PII scrubbed)

We may also share information with law enforcement when required by law.

4. Cookies and Tracking

We use cookies to operate our website. On your first visit, we present a cookie consent banner where you can choose your preferences:

  • Essential cookies — Required for the website to function (authentication, shopping cart). Always active.
  • Analytics cookies — Google Analytics 4 for understanding how visitors use our site. Only loaded after your explicit consent.
  • Marketing cookies — Not currently used. Reserved for future features.

You can change your cookie preferences at any time via the "Cookie Settings" link in our website footer.

5. Data Retention

We retain your personal data as follows:

  • Account data — Until you request deletion or 3 years of inactivity
  • Order records — 7 years (tax and legal compliance)
  • Contact messages — 6 months after resolution
  • Abandoned cart data — 30 days
  • Newsletter subscriptions — Until you unsubscribe
  • Security/audit logs — 2 years
  • Cookie consent records — 12 months

6. Data Security

We implement appropriate security measures to protect your personal information, including: encryption in transit (HTTPS/TLS), row-level database security, content security policies, and access controls. Payment information is processed securely by Stripe and is never stored on our servers. We scrub personally identifiable information from error reports before they are sent to monitoring services.

7. Your Rights

You have the right to:

  • Access your personal information via your account page
  • Correct inaccurate information via your account settings
  • Delete your account and personal data (via Account Settings > Delete Account)
  • Opt out of marketing communications (via email preferences or unsubscribe links)
  • Withdraw consent for analytics cookies at any time (via Cookie Settings)
  • Data portability — request a copy of your data by contacting us
  • Object to processing based on legitimate interests

For California Residents (CCPA)

Under the California Consumer Privacy Act, you have additional rights including the right to know what personal information we collect and the right to request deletion. We do not sell your personal information. To exercise your CCPA rights, contact us at the email below.

For EU/EEA Residents (GDPR)

We process your data under the following lawful bases: contract performance (order fulfillment), consent (marketing, analytics), and legitimate interests (security, fraud prevention). You may lodge a complaint with your local data protection authority. For cross-border transfers, our processors maintain appropriate safeguards (Standard Contractual Clauses).

8. Children's Privacy

Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@treasurefindersllc.com.