Privacy Policy

Orchid Atelier (“Orchid Atelier”, “we”, “us”) respects your privacy. This policy describes what data we collect, how we use it, who processes it on our behalf, and the choices you have. It applies to www.orchidatelierco.com and any related Orchid Atelier services.

What we collect

  • Order information: name, shipping address, billing address, email, phone, items purchased, order total.
  • Account information: if you create an account, your email and a hashed password.
  • Payment information: card data is collected and processed directly by Stripe — we never see or store full card numbers. We retain only the last 4 digits, brand, and a Stripe transaction ID for reconciliation.
  • Technical data: IP address, browser type, device type, referring URL, and pages viewed.
  • Cookies: a small number of first-party cookies used for cart persistence, login sessions, and a site-gate flag. We do not use third-party advertising cookies.

How we use it

  • To process and ship your orders
  • To send transactional email (order confirmations, shipping notifications, account messages)
  • To prevent fraud and abuse
  • To comply with legal and tax obligations
  • To improve site performance and product selection (aggregate analytics only)

Processors we use

These processors only receive the data necessary to perform their function on our behalf and are contractually bound to protect it.

What we never do

We do not sell, rent, trade, or share your personal information with third parties for their marketing purposes. We do not run third-party advertising networks on this site. We do not knowingly collect data from anyone under 21 years of age.

Your rights

You may request access to, correction of, or deletion of the personal data we hold about you. Customers in the EU/UK (GDPR) and California (CCPA/CPRA) have additional statutory rights. To exercise any right, email hello@orchidatelierco.com from the address on file. We will respond within 30 days.

Data retention

Order records are retained for 7 years for tax and accounting purposes. Account data is retained while your account is active. Server logs are retained for 90 days.

Security

The site is served exclusively over HTTPS (TLS 1.2+). Payment data is tokenized by Stripe and never touches our servers. Passwords are hashed with bcrypt-equivalent algorithm. We patch our platform on a regular cadence.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via a notice on the site or by email to active customers.

Contact

Privacy questions or data requests: hello@orchidatelierco.com.

Last updated: 2026-05-11.