Privacy Policy

RoyalPopKits is the controller of personal data collected through royalpop-kits.com. RoyalPopKits can be contacted at support@royalpop-kits.com. Additional business details may be provided where required by applicable law or on customer request.

We collect personal data in the following situations:

• When you place an order: name, email address, shipping address, optional phone number, the product selected (including crown position, colour and quantity), and shipping country.
• When you pay: payment is handled directly by Stripe. We do not see or store your card number, security code, or full bank details. Stripe returns us a payment identifier, the amount, the currency, and basic billing information.
• When you contact us: the contents of your message and any details you choose to share.
• Technical data: standard server logs (IP-derived country, browser user-agent, timestamps) used for security, anti-fraud and aggregate analytics. We do not build personal advertising profiles.

• To fulfil your order — performance of the contract you entered into when you placed the order.
• To process your payment — performance of the contract and our legitimate interest in being paid for the goods.
• To send order, shipping and licence emails — performance of the contract.
• To comply with tax, accounting and consumer-law obligations — legal obligation.
• To prevent fraud and abuse — legitimate interest in protecting our business and other customers.
• To improve the store and product — legitimate interest, on the basis of aggregated, non-identifying analytics.
• To notify adapter customers when the bracelet launches — legitimate interest in updating customers about a directly related product they have expressed an implicit interest in by buying the adapter. You can opt out at any time.

We do not sell your personal data. We share it only with the service providers we need to operate the store:

• Stripe — payment processing, fraud detection, invoicing. Stripe acts as an independent controller for payment data.
• Supabase — secure database hosting for order and customer records.
• Vercel — hosting of royalpop-kits.com.
• Shipping carriers — the carrier that ships your parcel receives the name, address and phone number required to deliver.
• Email infrastructure — used to deliver order confirmations, shipping notifications, and the STL download link.
• Authorities — if compelled by law.

Some of our service providers are based outside your country, including in the United States. Where personal data is transferred outside the European Economic Area or United Kingdom, we rely on the provider's standard contractual clauses or equivalent safeguards in line with applicable data-protection law.

We keep order and customer records for as long as needed to fulfil the order, provide support, and comply with applicable tax, accounting and consumer-protection law (typically up to 7 years from the date of the order, depending on jurisdiction). Server logs and anti-fraud signals are kept for a shorter period.

Depending on where you live, you may have the right to access, correct, delete, restrict or port the personal data we hold about you, and to object to certain processing. You may also withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal. To exercise any of these rights, email support@royalpop-kits.com. If you believe we have not handled your request properly, you can lodge a complaint with your local data-protection authority.

royalpop-kits.com uses only the cookies and storage strictly necessary to operate the store and the checkout (for example to maintain the Stripe Checkout session). We do not currently use third-party advertising cookies, retargeting pixels, or sell behavioural data. If this changes, we will update this section and, where required, request consent.

royalpop-kits.com is not intended for children under the age of majority in their country. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it.

We use industry-standard measures to protect personal data, including encrypted database connections, restricted administrative access, and tokenised payment flows via Stripe. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you in line with applicable law.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. Material changes will be communicated where required.

Privacy questions: support@royalpop-kits.com.