Privacy Policy

Last updated: May 29, 2026

SNOOGICROCHET LTD (“we”, “us”) operates https://druvixora.store. This policy explains what information we collect, how we use it, and your rights — written for the GDPR (EU/EEA/UK), CCPA/CPRA (California), and US state privacy laws generally.

1. Data we collect

  • Order data: email address, order ID, product purchased, amount, currency.
  • Shipping data: recipient name, shipping address, and phone number — needed to deliver and track your parcel.
  • Payment data: handled by Stripe; we receive only the payment status and an opaque payment identifier — never your card number.
  • Contact form data: name, email, message, hashed IP for spam prevention.
  • Server logs: hashed IP, request URL, status code, timestamp (retained 30 days).
  • Cookies: only essential session cookies (admin login, CSRF) — no analytics or ad cookies are set without your consent.

2. How we use it

We process the data above to (a) fulfil and ship the order you purchased, (b) issue receipts and tracking, (c) provide customer support, (d) prevent fraud, and (e) comply with legal obligations (tax, accounting). The legal basis under GDPR is (i) contract performance for orders, (ii) legitimate interest for fraud prevention and logs, and (iii) legal obligation for tax and accounting records.

3. Sharing

We share data only with the following processors, each under written DPAs:

  • Stripe, Inc. — payment processing (United States; SCC + DPF).
  • Resend, Inc. — transactional email delivery (United States).
  • Cloudflare, Inc. — DDoS protection / CDN (United States).
  • Print & shipping carriers — we share the recipient name and shipping address with our print/fulfilment partner and the delivery carrier (e.g. USPS/UPS/FedEx) solely to produce and deliver your order.
  • Hetzner Online GmbH or DigitalOcean LLC — server hosting (US/EU region depending on instance).

We do not sell or rent your personal information. We do not engage in “cross-context behavioural advertising”.

4. Retention

Order records are retained for 6 years to meet UK tax requirements. Server logs: 30 days. Contact form submissions: 12 months unless converted into an open support ticket. Subscriber list: until you unsubscribe.

5. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Have it corrected if inaccurate
  • Request deletion (subject to legal retention obligations)
  • Object to or restrict certain processing
  • Receive a portable copy of your data
  • (California residents) Opt out of any sale or share of personal information

Contact [email protected] with the subject line “Privacy request”. We respond within 30 days. You may also lodge a complaint with your local data-protection authority.

6. International transfers

We are a UK company. Where personal data is transferred to processors outside the UK/EEA (for example, US-based payment or email providers), the transfer relies on Standard Contractual Clauses (SCC) and the UK International Data Transfer Addendum (IDTA) where applicable.

7. Security

We use HTTPS (TLS 1.3) for all transport, store passwords using argon2id, hash IP addresses before logging, and never store your full card number (payment data is handled by Stripe). No system is perfectly secure; please report security concerns to [email protected].

8. Children

The Site is not directed at children under 16, and we do not knowingly collect data from them.

9. Changes

We will post any updates here with a revised “Last updated” date. Material changes will be announced on the homepage for 14 days.

10. Contact

Privacy queries: [email protected] · Postal: SNOOGICROCHET LTD, 7 Coronation Road, Dephna House, LAUNCHESE #105, London, NW10 7PQ, United Kingdom.