Skip to content
HearthWitch Hollow
← Back to home

Privacy Policy

Last updated: May 4, 2026

HearthWitch Hollow operates this store and website, including all related information, content, features, tools, products, and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). HearthWitch Hollow is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase using the Services or otherwise communicate with us.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described.

Personal information we collect

When we use the term "personal information," we mean information that identifies or can reasonably be linked to you. We collect or process the following categories of personal information, depending on how you interact with the Services and where you live:

  • Contact details — your name, billing address, shipping address, phone number, and email address
  • Financial information — payment card information and transaction details. Card numbers are handled by Shopify's secure checkout; we never see or store your full card number.
  • Order information — items you view, place in your cart, or purchase, and your past transactions with us
  • Reading information — when you book a tarot reading, the question(s) you submit and any context you provide for the reading
  • Communications — anything you write to us via the contact form, email, or in connection with an order or reading
  • Device information — your IP address, browser type, and similar identifiers, used by Shopify and Cloudflare to serve the site and prevent abuse
  • Usage information — aggregated, anonymous information about how visitors interact with the site (collected by Cloudflare Web Analytics; no cookies, no fingerprinting)

Where we get your information

  • Directly from you — when you place an order, book a reading, fill out the contact form, or email us
  • Automatically through the Services — basic device and connection information, as needed to deliver pages and prevent abuse. We do not use tracking cookies on the marketing site. The Shopify-hosted checkout uses cookies necessary to process your order; these are governed by Shopify's Privacy Policy.
  • From our service providers — Shopify, Cal.com, Cloudflare, and the other tools listed below collect or process some information on our behalf.

How we use your information

We use your personal information for the following purposes:

  • Delivering products and services — process payments, fulfill orders, ship physical items, schedule and conduct readings, send order and booking confirmations, and provide customer support
  • Responding to your messages — when you reach out via the contact form or email, we use your details to reply
  • Improving the shop — using anonymous, aggregated analytics to understand which pages are visited and what works
  • Preventing fraud and abuse — Shopify uses transaction details to detect fraud; Cloudflare uses connection information to block abusive traffic
  • Legal compliance — to comply with applicable law, respond to valid legal requests, and enforce our Terms of Service

We do not send marketing or promotional emails unless you specifically opt in. We do not run retargeting advertising, behavioral advertising, or any form of cross-site tracking. We do not sell or share your personal information for advertising purposes.

Who we share it with

We share information only with the small set of services we use to run the shop:

  • Shopify — order processing, payment, shipping labels, fraud detection (Shopify Consumer Privacy Policy)
  • Cal.com — live reading bookings and calendar invites
  • Web3Forms — relays contact form messages to our inbox
  • Cloudflare — web hosting, SSL, and privacy-friendly analytics (no cookies, no fingerprinting)
  • Zoho Mail — email correspondence (replies to customer messages, manual order follow-ups)

We do not share information with marketing networks, advertising platforms, or data brokers. We may share information when legally required, such as in response to a valid subpoena, court order, or to protect our legal rights.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify and third parties that may be located in countries other than where you reside, in order to provide services to you.

To learn more about how Shopify uses your personal information and any rights you may have, visit the Shopify Consumer Privacy Policy or the Shopify Privacy Portal.

Third-party websites and links

The Services may link to websites operated by third parties. If you follow those links, you should review the destination's privacy and security policies. We do not control and are not responsible for the privacy practices of sites we link to. Information you provide on public or semi-public venues, including third-party social platforms, may also be viewable by other users of those platforms without limitation as to its use.

Children's data

The Services are not intended to be used by children. We do not knowingly collect personal information from anyone under the age of 18. Tarot readings in particular may not be booked by anyone under 18. If you are the parent or guardian of a minor whose information has been submitted to us, please contact us using the details below and we will delete it.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and retention

We use HTTPS across the entire site, and our payment infrastructure (Shopify) is PCI-DSS compliant. That said, no system is perfect — please use common-sense precautions when sending sensitive information over the internet, and avoid sending payment details by email.

We retain personal information for as long as needed to provide the Services, comply with legal obligations (such as bookkeeping for tax purposes), resolve disputes, and enforce our agreements. When we no longer need the information, we delete or anonymize it.

Your rights and choices

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you
  • Delete — request deletion of your personal information
  • Correct — request correction of inaccurate information
  • Portability — request your data in a portable format
  • Opt out — opt out of any "sale" or "share" of personal information (we do not sell or share for advertising, but the right exists by law)
  • Manage email — unsubscribe from any future promotional emails using the link in the email itself. Transactional emails (order confirmations, booking emails) cannot be unsubscribed because they are necessary to deliver your purchase.

To exercise any of these rights, email us at the address below. We may need to verify your identity before processing requests. We will respond within the timeframe required by your local privacy law (usually 30–45 days). We will not discriminate against you for exercising your rights.

If you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are located we will automatically treat this as a request to opt out of the "sale" or "sharing" of your personal information for the device and browser that you use to visit. To learn more about Global Privacy Control, visit globalprivacycontrol.org.

Complaints

If you have a complaint about how we process your personal information, please contact us using the email below. Depending on where you live, you may also have the right to lodge a complaint with your local data protection authority.

International transfers

We are based in the United States. If you are located elsewhere — including in the European Economic Area or the United Kingdom — your information may be transferred to and processed in the United States. Shopify and our other service providers operate globally and may store data in countries other than your own. Where required, transfers out of the EEA or UK rely on recognized legal mechanisms such as the European Commission's Standard Contractual Clauses.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised version on this page, update the "Last updated" date, and provide notice as required by applicable law.

Contact

Questions about this Privacy Policy, or to exercise any of the rights described above, please email us at info@hearthwitchhollow.com.