PRIVACY POLICY

Effective Date: August 1, 2025
Last Updated: September 23, 2025
Contact Email: info@daocrafts.com

1. Scope & Acceptance

This policy governs data collection for:

  • Daocrafts.com and subdomains
  • Purchases, account registrations, and customer support interactions
    By using our services, you consent to the practices described herein.

2. Information We Collect

(a) Directly Provided Data:

  • Identifiers: Name, email, shipping/billing address, phone number.
  • Transaction Details: Order history, payment method (processed via Stripe/PayPal; card data never stored by us).
  • Account Data: Passwords (hashed), wishlists, communication preferences.
  • Customization Requests: Birth year (for zodiac-based products), energy intentions (e.g., “career luck”), ritual notes.

(b) Automatically Collected Data:

  • Device/Usage: IP address, browser type, pages visited (via Google Analytics 4 with anonymized IPs).
  • Cookies: Essential (session IDs), functional (language settings), and analytics (see Section 8).

3. How We Use Your Data

Purpose Legal Basis
Order fulfillment & shipping Contractual necessity
Account management User consent
Personalized product suggestions Legitimate interest
Fraud prevention Legal obligation
Newsletter (if opted-in) Explicit consent

Note: Custom ritual data (e.g., birth year) is never used for profiling or automated decisions.

4. Data Sharing & Disclosure

We only share data with:

  • Service Providers:
    • Payment processors (Stripe, PayPal)
    • Shipping partners (DHL, FedEx)
    • Email platforms (Mailchimp)
  • Legal Requirements: To comply with court orders or fraud investigations.
  • Business Transfers: If Daocrafts merges/acquires another entity (users notified).
    No sale of personal data occurs.

5. International Data Transfers

Data may transfer outside your country under safeguards:

  • EU/UK → US: Standard Contractual Clauses (SCCs).
  • All vendors adhere to GDPR/CCPA standards.

6. Data Security

We implement:

  • Technical Measures: AES-256 encryption, PCI-DSS compliance, annual penetration testing.
  • Organizational Controls: Role-based access, employee privacy training.
    Note: No method is 100% secure; we cannot guarantee absolute security.

7. Your Rights

Submit requests to info@daocrafts.com:

Right Action
Access Obtain copy of personal data
Rectification Correct inaccurate data
Erasure Delete data (exceptions apply)
Restriction Limit processing under certain conditions
Portability Receive data in machine-readable format
Opt-Out Unsubscribe from marketing

Response Time: 30 days (free of charge).
CCPA Notice: California residents may opt out of “sales” (though we do not sell data).

8. Cookies & Tracking

  • Essential Cookies: Required for site functionality (no consent needed).
  • Analytics/Advertising: Only activated with explicit consent via our cookie banner.
  • Opt-Out: Adjust via browser settings or our Cookie Preference Center.

9. Children’s Privacy

  • Services not directed at under-16s.
  • Unverified minor accounts will be terminated.

10. Policy Updates

  • Notify users of material changes via email or site banners..

11. Contact

Data Protection Officer (DPO):
Email: info@daocrafts.com
Postal: Daocrafts Ltd., Attn: Privacy, 88 Harmony Lane, Sedona, AZ 86336, USA

EU Representative:
Designated under GDPR Article 27. Contact details provided upon request.

Key Compliance Notes:

  • Data Minimization: Birth year stored as “Snake” (乙巳) not full birthdate.
  • Energy Data: Custom ritual notes auto-deleted after 12 months.
  • No Profiling: Metaphysical preferences never used for behavioral advertising.

♻️ Print Recommendation: Use recycled paper for physical policy copies.
☯️ Symbolic Notice: This policy energetically aligns with Dao principles of integrity and balance.