Privacy Policy
Last Updated: October 17, 2025
πΏ Introduction
Welcome to Hudson Valley Botanicals (we, us, our). Your privacy matters. This policy explains exactly what data we collect, why we need it, how we protect it, and who we share it with. We've written this in plain Englishβno legalese runaround.
π What We Collect (Exact List)
When you place an order, we collect:
- Name: To address shipping labels ("John Doe")
- Email: Order confirmations & tracking updates
- Shipping Address: For USPS/UPS delivery
- Phone Number (optional): Delivery issues only
- Order Details: Product name (e.g., "Red Bali Kratom"), quantity, total price
- Payment Info: Handled by Waave (our payment processor) - we NEVER store credit card numbers, expiry dates, or CVV codes
Technical Data (Automatically Collected):
- IP Address: For fraud prevention (e.g., detecting bot orders)
- Browser Info: To optimize site performance (Chrome vs Safari display)
- Device Type: Desktop, mobile, or tablet (for responsive design)
- Page Views: Internal analytics onlyβNO Google Analytics or third-party trackers
What We DON'T Collect:
- β Social Security Numbers
- β Driver's License / Government IDs
- β Financial Account Numbers
- β Biometric Data (fingerprints, face scans)
- β Political Opinions, Health Data, or Religious Beliefs
πͺ Cookies & Tracking (Full Transparency)
We use minimal cookiesβonly what's essential for checkout. NO tracking pixels, NO behavioral ads.
| Cookie Type | Purpose | Lifespan | Example |
|---|---|---|---|
| Essential | Cart, checkout, login | Session only | cart_id, session_token |
| Preferences | Dark mode, language | 1 year | theme_preference |
Your Control: Disable cookies in Chrome Settings β Privacy β Cookies. Note: Disabling may break checkout functionality.
π How We Use Your Information (Detailed)
Every piece of data you provide has a specific, limited purpose. Here's exactly how we use it:
- Order Processing (Primary Use): We use your name, address, and order total to fulfill orders through USPS or UPS. Waave processes payment separately - we never see card details. Example: "John Doe, 123 Main St, NY, $49.99" β shipped via USPS Priority.
- Shipping & Delivery: Address used only for delivery. USPS/UPS see ONLY name + address (no email/payment).
- Payment Processing: Waave handles 100% of payments. We receive only confirmation ("Payment successful - $49.99") - never card numbers, expiry, or CVV.
- Order Updates: Email sent to your address: "Your Red Bali Kratom shipped! Tracking #9400..."
- Customer Support: Your message + order # used to resolve issues. Example: "Jane's White Maeng Da delayed β reshipped."
- Newsletter (Opt-in): Email used ONLY for monthly deals + new strain announcements. Unsubscribe anytime.
- Site Improvements: No external analytics - we review internal data manually to improve user experience.
- Fraud Prevention: IP + device fingerprint to block suspicious orders (ex: 10 orders from same IP in 1 hour).
π‘οΈ Security Measures (Technical Details)
Your data is protected by enterprise-grade security. Here's our complete protection stack:
- SSL/TLS 256-bit: All pages encrypted (https://). Lock icon in browser = secure.
- PCI DSS Level 1: Payments via Waave (never stored on our servers).
- Database Encryption: AES-256 at rest. Passwords hashed with bcrypt.
- Access Controls: 2FA for staff. Role-based access (shipping team sees addresses only).
- Firewalls: Cloudflare WAF blocks 99.9% attacks automatically.
- Backups: Daily encrypted backups, 30-day retention, geo-redundant storage.
- Penetration Testing: Quarterly audits by certified ethical hackers.
- Monitoring: 24/7 intrusion detection. Alerts within 60 seconds.
π€ Third Parties We Share With (Exact List)
We NEVER sell, trade, or rent your personal data to marketers. Only 2 trusted partners receive limited info:
| Partner | Data Shared | Purpose | Their Policy |
|---|---|---|---|
| Waave | Card #, expiry, CVV (you enter directly) | Payment processing | waave.com/privacy |
| USPS / UPS | Name, address only | Delivery | USPS / UPS |
Legal Requirements: We may disclose data if required by subpoena, court order, or law enforcement (ex: fraud investigation). We'll notify you unless prohibited.
β° Data Retention Periods
- Order Data: 7 years (IRS requirement)
- Contact Info: Until you request deletion
- Newsletter: Until unsubscribe
- Cookies: See table above
Deletion Rights: Email staff@hudsonvalleybotanicals.com to request removal. We'll delete within 30 days (except legal requirements).
βοΈ Policy Updates & Notifications
We reserve the right to update this policy. You'll be notified via:
- Homepage Banner: 30-day notice for major changes
- Date Stamp: Bottom of this page updated
- Email Alert: To subscribed users for material changes
- Footer Link: Always accessible
Your Obligation: Review periodically. Continued use = acceptance of updates.
β Your Rights & Acceptance
By accessing HudsonValleyBotanicals.com, you:
- Acknowledge reading and understanding this policy
- Consent to data collection for stated purposes
- Agree to receive order-related emails
- Accept responsibility to review updates
π International Users
Our servers are in the United States. If you're outside the US, your data will be transferred to and processed in the US. You consent to this transfer by using our Site.
πΆ Children's Privacy
Our Site is not intended for children under 18. We do not knowingly collect data from minors. If we discover such data, we'll delete it immediately.
π§ Contact Us
Questions about this Privacy Policy?
Email: staff@hudsonvalleybotanicals.com
X (Twitter): @GarudaKratom
Response Time: Within 24 business hours
