Privacy Policy

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is Witchwish. For any questions or requests regarding your data, contact us at support@witchwish.com.

2. Personal Data We Collect

Data you provide directly

Account & order information — Full name, email address, phone number, shipping address, billing address
Payment information — Processed securely by Stripe and PayPal. We do not store your full card details.
Communications — Contact form messages, support requests, review submissions
Newsletter subscriptions — Email address and optional first name

Data collected automatically

Device & browser information — Device type, operating system, browser type, screen resolution
IP address — Used for fraud prevention, geolocation, and analytics
Browsing behavior — Pages viewed, products viewed, time on site, referral source
Cookies & tracking data — See our Cookie Policy for details
Marketing attribution — UTM parameters, click identifiers (fbclid), affiliate referral codes

3. How We Use Your Data

PurposeData usedLegal basis Processing and fulfilling your ordersName, email, address, paymentContract performance Sending order confirmations, shipping updates, and delivery notificationsName, email, order detailsContract performance Customer support and dispute resolutionName, email, order historyContract performance Fraud prevention and payment securityIP address, payment data, device infoLegitimate interest Website analytics and performance improvementBrowsing behavior, device info, IP addressLegitimate interest Marketing emails and abandoned cart remindersEmail, name, cart contentsConsent / Legitimate interest Advertising measurement and retargetingBrowsing behavior, purchase data, cookiesConsent Affiliate program tracking and commission calculationReferral codes, order dataLegitimate interest Product reviews and ratingsName, email, review content, imagesConsent 4. Third-Party Services

We share your data with the following third-party processors, solely for the purposes described above:

Payment processing

Stripe — Processes card payments securely. Privacy Policy
PayPal — Processes PayPal payments. Privacy Policy

Order fulfillment

Print-on-demand providers (Printify, Lulu, Gelato) — Receive your shipping address and order details to produce and ship your items.

Communications

Amazon SES — Sends transactional and marketing emails on our behalf.

Analytics & advertising

Google Analytics — Website traffic analysis. Privacy Policy
Meta (Facebook) Pixel — Ad measurement and retargeting. Privacy Policy
TikTok Pixel — Ad measurement and retargeting. Privacy Policy

Hosting & infrastructure

Amazon Web Services (AWS) — Hosts our servers, stores files (S3), and provides infrastructure. Data may be processed in the US or EU depending on the service region. Privacy Policy
Cloudflare — Hosts our website frontend and provides CDN/security services. Privacy Policy

We do not sell your personal data to any third party.

5. International Data Transfers

Some of our third-party providers are based outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

6. Data Retention

Order data — Retained for the duration required by applicable tax and accounting laws (typically 5–10 years).
Customer accounts — Retained until you request deletion.
Analytics data — Aggregated and anonymized after 2 years.
Marketing data — Retained until you unsubscribe or request deletion.
Cookies — See retention periods in our Cookie Policy.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access — Request a copy of the personal data we hold about you.
Right to rectification — Request correction of inaccurate or incomplete data.
Right to erasure — Request deletion of your personal data ("right to be forgotten").
Right to restriction — Request that we limit how we process your data.
Right to data portability — Receive your data in a structured, machine-readable format.
Right to object — Object to processing based on legitimate interest, including direct marketing.
Right to withdraw consent — Withdraw consent at any time for processing based on consent (e.g., marketing emails).

To exercise any of these rights, contact us at support@witchwish.com. We will respond within 30 days.

8. Marketing Communications

You can unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link at the bottom of any email, or by contacting us directly. Transactional emails (order confirmations, shipping updates) are not affected by unsubscribing from marketing.

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

Encrypted data transmission (HTTPS/TLS)
Secure payment processing via PCI-compliant providers (Stripe, PayPal)
Access controls and authentication for our systems
Regular security monitoring

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: support@witchwish.com

You also have the right to lodge a complaint with your local data protection authority if you believe your data has been mishandled.