Legal
The short version: we collect the minimum we need to send you patterns and answer your questions. We don’t sell your data.
Last updated: [Add date]. This policy explains how Bonito Día Crochet handles personal data. We try to use as little as possible and we never sell it.
When you create an account: your name, email, and a hashed password (we never see your plain password). When you place an order: payment details are handled by Paddle (we receive the order metadata: which product, when, country). When you contact us: the email you send and your reply address. When you visit the site: standard server logs and basic privacy-respecting analytics.
To deliver the products you bought, to provide support, to fulfil tax and accounting obligations, to keep the site secure, and (only if you opt in) to send occasional news about new patterns.
We share data only with the service providers we need to run the site: Paddle (payments), Neon (database hosting), Sanity (content), Cloudflare R2 (file storage), Mux (video), Vercel (web hosting), and an email provider for transactional emails. Each acts as a processor on our instructions.
Our providers may store data outside your country. They are bound by appropriate safeguards (standard contractual clauses where applicable).
You can ask us to access, correct, export, or delete your data. Email hello@bonitodiacrochet.com and we’ll act within a reasonable time (and within the timeframes required by GDPR/UK GDPR if those apply to you).
We use only essential cookies for sign-in and a small amount of privacy-respecting analytics. We don’t use third-party advertising cookies.
Questions about privacy: hello@bonitodiacrochet.com. Postal address: [Your registered business address].
This is a starter draft. Please review with a lawyer before going live. Placeholders [in brackets] need to be filled in.