Skip to main content

Storefront Privacy Policy Template

This is a template, not legal advice. You must customize all [BRACKETED] placeholders with your own business information before using it. We strongly recommend having a legal professional review the final version for your jurisdiction.
How to use this template:
  1. Copy the text below
  2. Replace all [BRACKETED] placeholders with your information
  3. Remove any optional sections that don’t apply to your business
  4. Have a legal professional review the final version
  5. Host it on your storefront (e.g., at /privacy-policy)

Privacy Policy

Effective Date: [DATE] This Privacy Policy describes how [YOUR STORE NAME] (“we”, “us”, or “our”) collects, uses, and protects your personal information when you visit or make a purchase from our online store.

1. Information We Collect

Information you provide:
DataWhen Collected
NameAccount registration, checkout
Email addressAccount registration, checkout, newsletter signup
Phone numberCheckout (for delivery updates)
Shipping addressCheckout
Billing addressCheckout
Account passwordAccount registration (stored securely hashed)
Information collected automatically:
DataPurpose
Cart session IDMaintaining your shopping cart
Browser type and versionEnsuring compatibility
Pages visitedImproving our store experience
If you collect additional data (e.g., birthday for loyalty programs, size preferences, etc.), list them here:
  • [ADDITIONAL DATA ITEM][PURPOSE]
  • [ADDITIONAL DATA ITEM][PURPOSE]

2. How We Use Your Information

We use your personal information to:
  • Process and fulfill orders — Including shipping, payment processing, and order confirmations
  • Manage your account — If you create a customer account
  • Communicate with you — Order status updates, delivery notifications, and customer support
  • Prevent fraud — Detecting and preventing fraudulent transactions
  • Comply with legal obligations — Tax records, regulatory requirements
With your consent, we may also use your email to send:
  • Promotional offers and discounts
  • New product announcements
  • Newsletter content
You can unsubscribe at any time by clicking the “unsubscribe” link in any marketing email or contacting us at [YOUR EMAIL].

3. Payment Information

We use [Stripe / TossPayments / YOUR PAYMENT PROVIDER] to process payments. Your payment card information is sent directly to the payment processor and is never stored on our servers. We only receive a payment confirmation reference. For more information, see:
  • [Stripe's Privacy Policy: https://stripe.com/privacy]
  • [TossPayments Privacy Policy: https://www.tosspayments.com/privacy]

4. Who We Share Your Data With

We share your personal information only with service providers necessary to operate our store:
Service ProviderPurpose
Headless CommerceCommerce platform (order processing, inventory)
[Stripe / TossPayments]Payment processing
[SHIPPING CARRIER NAME]Order delivery
[EMAIL PROVIDER, if applicable]Transactional and marketing emails
We do not sell your personal information to third parties.

5. Data Retention

DataRetention Period
Order records[3-5] years (for tax and legal compliance)
Customer accountsUntil you request deletion
Cart sessionsAutomatically cleared after 30 days of inactivity
Marketing consent recordsDuration of consent + [3] years

6. Your Rights

If you are located in the EU/EEA, you have the right to:
  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your data (“right to be forgotten”)
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Request that we limit how we use your data
  • Object — Object to processing based on legitimate interests
  • Withdraw consent — Withdraw consent for marketing at any time
To exercise these rights, contact us at [YOUR EMAIL]. We will respond within 30 days.

7. Cookies

We use the following cookies:
CookieTypePurposeDuration
Cart sessionEssentialMaintaining your shopping cart30 days
AuthenticationEssentialKeeping you logged inSession
If you use analytics or marketing cookies, list them here:
CookieTypePurposeDuration
[COOKIE NAME]Analytics[PURPOSE][DURATION]
[COOKIE NAME]Marketing[PURPOSE][DURATION]
You can manage cookie preferences through your browser settings.

8. Children’s Privacy

Our store is not directed to individuals under the age of [14/16]. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place through our platform provider (Headless Commerce) and payment processor.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. [We will also notify you via email for material changes.]

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:
  • Business name: [YOUR BUSINESS NAME]
  • Email: [YOUR EMAIL]
  • Address: [YOUR ADDRESS]
  • Phone: [YOUR PHONE NUMBER]
If we are unable to resolve your concern, you may lodge a complaint with your local data protection authority.