Privacy policy

Last Updated: June 23, 2026

This Privacy Policy describes how ANDELION ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit or make a purchase from andelion.store (the "Site"). It also explains your privacy rights and how to exercise them.

We are committed to protecting your privacy and handling your data with transparency and care. This policy complies with applicable privacy laws in the United States, European Union, United Kingdom, Canada, Australia, and other jurisdictions where we operate.

Business Contact Information
Business Name: ANDELION
Website: andelion.store
Email: contact@andelion.shop
Owner: Ariana Cardenas
Address: 511 W California Ave, Homedale, ID 83628-3040, United States
Table of Contents
  1. Information We Collect
  2. How We Use Your Information
  3. Cookies and Similar Technologies
  4. How We Share Your Information
  5. Data Security
  6. Data Retention
  7. Your Privacy Rights
  8. Children's Privacy
  9. International Data Transfers
  10. Changes to This Policy
  11. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

When you visit our Site, create an account, place an order, or contact us, you may provide:

  • Identity Information: Full name, username, account password (encrypted)
  • Contact Information: Email address, phone number, billing and shipping addresses
  • Payment Information: Credit/debit card numbers, billing address. Full payment card data is processed securely by Shopify Payments. We do not store complete card numbers on our servers.
  • Order Information: Products purchased, order history, transaction amounts, gift messages
  • Preference Information: Style preferences, size information, wishlist items, marketing preferences
  • Communications: Customer service inquiries, feedback, survey responses, reviews

1.2 Information Collected Automatically

When you browse our Site, we automatically collect certain information using cookies, web beacons, pixels, and similar technologies:

  • Device Information: IP address, browser type and version, time zone setting, operating system, device type, screen resolution
  • Usage Data: Pages viewed, click patterns, time spent on pages, referring/exit pages, navigation paths, search queries
  • Location Data: General geographic location (country, state, city) derived from your IP address
  • Shopify Analytics: Aggregate browsing and purchasing behavior data

1.3 Information from Third Parties

  • Payment Processors: Shopify Payments provides transaction confirmation, fraud risk scores, and payment status updates.
  • Shipping Carriers: USPS, UPS, FedEx, and DHL provide delivery confirmation, tracking updates, and address verification.
  • Analytics Providers: Google Analytics provides aggregated demographic and interest data.
  • Advertising Partners: Meta (Facebook/Instagram), Google, and TikTok provide ad performance data and conversion tracking.

2. How We Use Your Information

We use your personal information for the following purposes and legal bases:

Purpose Legal Basis
Processing and fulfilling orders, including payment authorization, shipping, delivery, and order confirmations Performance of a contract
Providing customer support and responding to inquiries, returns, and complaints Performance of a contract / Legitimate interest
Sending transactional communications (order confirmations, shipping notifications, delivery updates) Performance of a contract / Legitimate interest
Verifying identity, preventing fraud, and ensuring security Legitimate interest / Legal obligation
Improving our website, products, and customer experience Legitimate interest
Sending marketing communications, promotions, and newsletters (with your consent where required) Your consent / Legitimate interest
Displaying personalized advertisements (using cookies with consent) Your consent
Complying with legal, tax, and regulatory obligations Legal obligation

3. Cookies and Similar Technologies

3.1 What Are Cookies

Cookies are small text files placed on your device to store information about your preferences and browsing activity. We also use web beacons, pixels, and SDKs for similar purposes.

3.2 Types of Cookies We Use

Category Purpose Examples
Strictly Necessary Essential for the Site to function. Enable core features like shopping cart, checkout, account login, and security. Shopify session cookies, cart cookies, CSRF protection
Functional Remember your preferences and personalize your experience. Language selection, currency preference, recently viewed items
Analytics / Performance Help us understand how visitors interact with our Site so we can improve. Google Analytics, Shopify Analytics
Advertising / Targeting Deliver relevant ads, measure ad performance, build lookalike audiences. Meta Pixel, Google Ads, TikTok Pixel, Pinterest Tag

3.3 Cookie Consent and Management

When you first visit our Site, you will see a cookie consent banner. You can:

  • Accept All Cookies — Enable all cookie categories
  • Customize Preferences — Select which non-essential cookies you accept
  • Reject Non-Essential Cookies — Disable analytics and advertising cookies

You can change your cookie preferences at any time by clicking "Cookie Settings" in our website footer. You can also disable cookies through your browser settings, though some Site features may not function properly.

3.4 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Our Site does not currently respond to DNT signals. You can manage cookie preferences through our cookie banner or your browser settings.

4. How We Share Your Information

We do not sell your personal information to third parties for monetary consideration. We share your information only as necessary to operate our business:

4.1 Service Providers (Processors)

We share information with trusted third-party service providers who process data on our behalf under contractual data protection obligations:

Service Provider Purpose Location
Shopify Inc. E-commerce platform hosting, payment processing (Shopify Payments), data storage, store management, analytics Canada / USA
Payment Processors Secure payment processing (Shopify Payments, Shop Pay, Apple Pay, Google Pay, PayPal) USA
Shipping Carriers Order fulfillment and delivery (USPS, UPS, FedEx, DHL, local carriers) Varies by destination
Email/Marketing Services Order communications and marketing emails (Shopify Email, Klaviyo) USA
Analytics Providers Website traffic analysis (Google Analytics, Shopify Analytics) USA
Advertising Partners Ad delivery, retargeting, conversion tracking (Meta, Google, TikTok, Pinterest) USA
Fraud Prevention Fraud detection and risk assessment (Shopify Protect, Signifyd) USA

4.2 Legal and Safety Disclosures

We may disclose your information if required by law, court order, subpoena, or government regulation, or if necessary to protect our rights, property, or safety, or that of our customers or others.

4.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

  • Encryption: All data transmitted between your browser and our Site uses TLS/SSL encryption (HTTPS). Payment data is encrypted using AES-256.
  • PCI-DSS Compliance: Payment processing is handled through Shopify Payments, which is certified PCI-DSS Level 1 compliant. We never store full payment card numbers.
  • Access Controls: Personal data is accessible only to authorized personnel with a legitimate business need, protected by role-based access controls and multi-factor authentication.
  • Security Monitoring: Our systems are monitored 24/7 for suspicious activity, unauthorized access attempts, and potential vulnerabilities.
  • Data Minimization: We collect only the information necessary for the purposes stated in this policy.

Despite these measures, no method of internet transmission or electronic storage is 100% secure. We commit to notifying you and applicable authorities of any data breaches as required by applicable law.

6. Data Retention

We retain your personal information only as long as necessary for the purposes for which it was collected, or as required by law:

Data Category Retention Period Reason
Order and transaction records 7 years Tax and accounting legal requirements (IRS)
Account information Duration of account activity + 2 years Customer service and legal obligations
Customer service records 3 years Quality assurance and dispute resolution
Marketing preferences and data Until consent is withdrawn + 2 years Marketing compliance and record-keeping
Analytics data 26 months (Google Analytics) or until deletion request Analytics retention settings
Cookie data Per cookie — 1 session to 2 years Varies by cookie type

After the applicable retention period expires, your data is securely deleted or irreversibly anonymized.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Rights for All Customers

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request deletion of your personal data, subject to legal exceptions.
  • Opt-Out of Marketing: Unsubscribe from promotional emails at any time by clicking the "Unsubscribe" link or contacting us.
  • Complaint: Lodge a complaint with a data protection authority in your jurisdiction.

7.2 California Residents — CCPA / CPRA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the categories of sources, the business or commercial purposes, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, detecting fraud, complying with legal obligations).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell your personal information for monetary value. We use cookies and pixels for advertising and analytics, which may constitute "sharing" or "targeted advertising" under California law. You can opt out by clicking "Do Not Sell or Share My Personal Information" in our cookie banner or footer, or by enabling the Global Privacy Control signal in your browser.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes other than providing our services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge different prices, or provide a different level of service.
  • Right to Data Portability: Receive your personal information in a portable, readily usable format.
  • Shine the Light: California Civil Code Section 1798.83 allows California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

7.3 Virginia Residents — VCDPA Rights

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act (VCDPA):

  • Right to Access: Confirm whether we process your personal data and access such data.
  • Right to Correction: Correct inaccuracies in your personal data.
  • Right to Deletion: Delete personal data provided by or obtained about you.
  • Right to Data Portability: Obtain a copy of your personal data in a portable format.
  • Right to Opt-Out: Opt out of processing for targeted advertising, sale of personal data, and profiling for decisions with legal or significant effects.
  • Right to Appeal: If we decline to take action on your request, you may appeal within 45 days by contacting us.

7.4 Colorado Residents — CPA Rights

If you are a Colorado resident, you have rights under the Colorado Privacy Act (CPA):

  • Right to Access, Correct, Delete, and Portability (same framework as Virginia)
  • Right to Opt-Out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects
  • Right to Appeal our decisions regarding your requests

7.5 Connecticut Residents — CTDPA Rights

If you are a Connecticut resident, you have rights under the Connecticut Data Privacy Act (CTDPA):

  • Right to Access, Correct, Delete, and Portability
  • Right to Opt-Out of targeted advertising, sale of personal data, and profiling
  • Right to Appeal

7.6 Utah Residents — UCPA Rights

If you are a Utah resident, you have rights under the Utah Consumer Privacy Act (UCPA):

  • Right to Access and Delete personal data
  • Right to Data Portability
  • Right to Opt-Out of sale of personal data and targeted advertising

7.7 Nevada Residents

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law. To submit an opt-out request, contact us at contact@andelion.shop.

7.8 European Union, UK, and EEA Residents — GDPR Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Be Informed (Articles 13-14): This Privacy Policy fulfills our obligation to inform you about our data processing activities.
  • Right of Access (Article 15): Request a copy of your personal data and information about how we process it.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure / Right to be Forgotten (Article 17): Request deletion of your personal data under certain conditions.
  • Right to Restrict Processing (Article 18): Request limitation on how we use your data.
  • Right to Data Portability (Article 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint (Article 77): File a complaint with your local data protection authority.

Legal Basis for Processing: Our legal bases for processing your data are: (a) performance of a contract (order fulfillment), (b) legitimate interests (fraud prevention, website improvement), (c) your consent (marketing, non-essential cookies), and (d) legal obligations (tax compliance).

Data Controller: ANDELION, 511 W California Ave, Homedale, ID 83628-3040, USA. Email: contact@andelion.shop. We have appointed Shopify Inc. as a data processor for e-commerce operations.

7.9 Canada — PIPEDA Rights

If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and challenge the accuracy of your personal information.

7.10 Australia — Privacy Act Rights

If you are in Australia, you have rights under the Privacy Act 1988 (Cth), including the right to access and correct your personal information.

7.11 Japan — APPI Rights

If you are in Japan, you have rights under the Act on the Protection of Personal Information (APPI), including the right to disclosure, correction, cessation of use, and deletion of your personal information.

7.12 Hong Kong — PDPO Rights

If you are in Hong Kong, you have rights under the Personal Data (Privacy) Ordinance (PDPO), including the right to request access to and correction of your personal data.

7.13 Singapore — PDPA Rights

If you are in Singapore, you have rights under the Personal Data Protection Act (PDPA), including the right to access and correct your personal data, and to withdraw consent for collection, use, and disclosure.

7.14 New Zealand — Privacy Act Rights

If you are in New Zealand, you have rights under the Privacy Act 2020, including the right to access and correct your personal information.

7.15 Mexico — LFPDPPP Rights

If you are in Mexico, you have rights under the Ley Federal de Proteccion de Datos Personales en Posesion de los Particulares (LFPDPPP), including the rights of access (ARCO rights), rectification, cancellation, and opposition.

7.16 Switzerland — FADP Rights

If you are in Switzerland, you have rights under the Federal Act on Data Protection (FADP / revDSG), including the right to information, correction, and deletion of your personal data.

7.17 Norway — GDPR Alignment

Norway, while not an EU member, is part of the EEA and applies the GDPR through the EEA Agreement. Residents have the same GDPR rights outlined in Section 7.8.

7.18 How to Exercise Your Rights

To exercise any privacy right, contact us using the methods below. We will respond within the timeframes required by your jurisdiction's law:

Jurisdiction Response Time
California / US States 45 days (extendable by 45 days)
EU/UK/EEA/Switzerland/Norway (GDPR/FADP) 30 days (extendable by 60 days)
Canada (PIPEDA) 30 days
Australia / New Zealand 30 days
Japan (APPI) 30 days
Singapore (PDPA) 30 days
Hong Kong (PDPO) 40 days
Mexico (LFPDPPP) 20 business days

Submit a request:

  • Email: contact@andelion.shop with subject line "Privacy Rights Request — [Your Country/State]"
  • Contact Page: andelion.store/pages/contact
  • Mail: ANDELION, Attn: Privacy, 511 W California Ave, Homedale, ID 83628-3040, USA

Verification: We must verify your identity before processing your request. We may ask you to confirm information associated with your account or provide a government-issued ID. We will not charge a fee unless requests are excessive, repetitive, or manifestly unfounded.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly with us.

8. Children's Privacy

Our Site is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at contact@andelion.shop, and we will delete such information promptly.

If we learn we have collected personal information from a child under 16 without verification of parental consent, we will delete that information as quickly as possible.

9. International Data Transfers

Our Site is hosted on Shopify's servers, which are located in the United States and Canada. If you access our Site from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

For transfers from the European Economic Area, United Kingdom, Switzerland, and Norway to the United States, Shopify relies on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK Addendum to the SCCs for UK data transfers
  • Swiss-U.S. Data Privacy Framework for Swiss data transfers

For transfers from Asia-Pacific countries (Australia, Japan, Singapore, Hong Kong, New Zealand), appropriate safeguards are implemented including contractual protections and Shopify's global data protection standards.

By using our Site and providing your information, you consent to the transfer of your information to the United States and other countries as described above. We implement appropriate safeguards to protect your data regardless of where it is processed.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post a notice on our Site's homepage or policy page
  • Send an email notification to registered users for material changes

Your continued use of the Site after changes are posted constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

11. Contact Us

For questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, contact us:

ANDELION Privacy Office
Attn: Ariana Cardenas, Privacy Contact
Email: contact@andelion.shop
Website: andelion.store/pages/contact
Mailing Address: 511 W California Ave, Homedale, ID 83628-3040, USA

For Shopify-related privacy matters, contact Shopify Inc. at shopify.com/legal/privacy or Shopify Inc., 151 O'Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8, Canada.