TN Cottage Law: Sales to TN residents only. Out-of-state orders will be canceled.

Sage's Herb Garden LogoSage's Herb Garden
0

Privacy Policy

Last Updated: April 16, 2026 INTRODUCTION At Sages Herb Store, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website and use our services. INFORMATION WE COLLECT We collect information you provide directly, including: - Account information: name, email address, password, phone number - Shipping information: address, city, state, zip code - Billing information: processed securely through Stripe (we do not store card numbers) - Order history: products purchased, quantities, prices, dates - Communications: emails, support messages, feedback, and reviews - Optional information: preferences, wishlist items, saved items We also collect information automatically, including: - Browser and device information - IP address and location data - Pages visited and time spent - Search queries and product interactions - Cookie and similar tracking technologies THIRD-PARTY INTEGRATIONS We share information with trusted partners to provide our services: Stripe (Payments): Payment processing and fraud detection. Your payment information is encrypted and tokenized; we never store full card numbers. Stripe adheres to PCI compliance standards. Resend (Email): Transactional and marketing emails, newsletters, order confirmations, and promotional content. Resend does not use your information for third-party marketing. Vercel (Hosting & Analytics): Website hosting and optional analytics to understand traffic patterns and user behavior. GitHub (Feedback): Feedback reports and feature requests are shared with GitHub for issue tracking. Cloudinary (Image Hosting): Product images and media are hosted and optimized through Cloudinary. HOW WE USE YOUR INFORMATION We use collected information to: - Process and fulfill your orders - Send transactional emails (order confirmations, shipping updates) - Improve and personalize your shopping experience - Send marketing communications (with your consent) - Detect and prevent fraud and unauthorized access - Comply with legal obligations - Conduct analytics and improve our services - Respond to customer inquiries and support requests COOKIES AND LOCAL STORAGE We use the following technologies: Shopping Cart: localStorage stores your cart contents for convenience. This data is never sent to our servers. Theme Preference: localStorage saves your selected theme (light, dark, earthy) to persist across sessions. Session Management: NextAuth.js manages secure session cookies for authenticated users. Session data includes user ID, email, role, and permissions. Analytics (Optional): If enabled, Vercel Analytics uses cookies to track page views and user interactions. You can opt-out by disabling analytics in your browser. Your browser controls allow you to delete cookies and local storage at any time. YOUR PRIVACY RIGHTS Right to Access: You can request a copy of all personal data we hold about you. Right to Correction: You can request that we correct inaccurate or incomplete information. Right to Deletion (Right to be Forgotten): You can request deletion of your account and associated data (subject to legal retention requirements). Right to Data Portability: You can request your data in a portable, machine-readable format. Right to Opt-Out: You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails. GDPR COMPLIANCE (EU Users) If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR). We process your data on the legal basis of your consent, contract performance, or legitimate business interests. We have a Data Protection Officer available to address privacy concerns. You also have the right to lodge a complaint with your local data protection authority. CCPA COMPLIANCE (California Residents) If you are a California resident, you have the right to know what personal data is collected, the right to delete personal data, and the right to opt-out of personal data sales (we do not sell personal data). You can exercise these rights by contacting privacy@herbstore.com. DATA RETENTION - Transaction history and financial records: 7 years (for accounting and tax purposes) - User account data: Maintained for the lifetime of your account - Marketing communications: Until you unsubscribe - Support tickets and communications: 2 years for reference purposes - Analytics data: 12 months (then automatically deleted) SECURITY We implement industry-standard security measures to protect your information, including: - SSL/TLS encryption for data in transit - Secure password hashing (bcrypt) - Limited access to personal data (employee access control) - Regular security audits and updates - PCI compliance for payment processing However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, and you use our services at your own risk. CHILDREN'S PRIVACY Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of our services following changes constitutes your acceptance of the updated Privacy Policy. CONTACT US If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: Email: privacy@herbstore.com Support: support@herbstore.com Phone: Contact us through the support form We will respond to privacy inquiries within 30 days.