Privacy Policy

Last updated: March 2026

Information We Collect

When you make a purchase or interact with our website, we may collect the following personal information:

  • Name and email address
  • Shipping and billing address
  • Payment information (processed securely through Stripe)
  • Order history and transaction details
  • Communication preferences
  • Device and browser information collected through cookies

How We Use Your Data

We use your personal information for the following purposes:

  • Processing and fulfilling your orders
  • Communicating with you about your orders, account, or inquiries
  • Sending product updates and promotional materials (with your consent)
  • Improving our website, products, and customer experience
  • Complying with legal obligations

Third-Party Services

We work with trusted third-party providers to deliver our services:

  • Stripe — for secure payment processing. Stripe handles all payment card data and is PCI DSS compliant. We do not store your full credit card information on our servers.
  • Shipping carriers — your name and shipping address are shared with carriers to deliver your order.
  • Analytics providers — we use anonymized analytics to understand how visitors use our website and improve the experience.

We do not sell, rent, or trade your personal information to any third parties.

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Order and transaction records are typically retained for seven years to comply with tax and accounting regulations. You may request deletion of your account data at any time.

Your Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to deletion — request that we delete your personal data
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to opt out — opt out of promotional communications at any time
  • Right to non-discrimination — exercising your rights will not affect the quality of service you receive

To exercise any of these rights, please contact us at privacy@chalazion.com . We will respond to your request within 30 days.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data transmitted between your browser and our servers is encrypted using TLS. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this privacy policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Contact Us

If you have any questions or concerns about this privacy policy or how we handle your data, please contact us at privacy@chalazion.com .