CosmicMycology
Privacy

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how CosmicMycology collects, uses, and protects information when you use our website and purchase our products.

1. What We Collect

We collect information you provide directly to us when you place an order, fill out the contact form, or subscribe to our communications:

  • Order information: Name, email address, shipping address, and order details (strains purchased, quantity, total paid). This is collected at checkout via Stripe.
  • Contact form submissions: Name, email address, and message content when you use our contact form.
  • Analytics data: Page views, referrer URLs, browser type, and general location (city-level, derived from IP). This is collected automatically when you visit our site.
  • Payment transaction data: Stripe payment confirmation (transaction ID, amount, timestamp). We do not store your full payment card details — Stripe handles this on our behalf.

We do not collect sensitive personal data beyond what is necessary to process your order and operate the site.

2. Payment Processing (Stripe)

All payment processing is handled by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Your full credit or debit card details are never transmitted through or stored on our servers.

When you purchase from CosmicMycology:

  • You are redirected to Stripe's secure checkout page to enter your payment details.
  • Stripe processes the payment and sends us a tokenized confirmation — not your card number.
  • We receive only: order confirmation ID, amount, customer email (for shipping confirmation), and transaction status.

Stripe's role: Stripe acts as our payment processor and, in limited circumstances, as a data controller under GDPR. For Stripe's full privacy policy, visit stripe.com/privacy. Stripe may process your data in the United States in accordance with applicable data protection laws.

We retain Stripe transaction IDs as part of your order record for accounting and dispute resolution purposes.

3. Analytics & Cookies

CosmicMycology uses limited analytics to understand how visitors use our site. We do not use advertising trackers or third-party ad networks.

First-party analytics cookie: When you visit our site, we set a single analytics session cookie (`polsia_vid`) that generates a unique visitor ID stored in your browser's localStorage. This is used to track page views and general traffic patterns — not individual user behavior over time.

What we track:

  • Pages visited and referrer URL
  • Browser type and device category (desktop/mobile)
  • Approximate geographic region (city-level, from IP)
  • Session duration and navigation flow (anonymized)

What we do not track: Individual mouse movements, keystrokes, form inputs (beyond the contact form submission), or behavior across other websites.

You can disable JavaScript on our site to prevent analytics collection. Our analytics script runs entirely client-side and cannot collect data if JavaScript is disabled.

4. How We Use Your Data

We use your information for the following purposes only:

  • Order fulfillment: To process and ship your order, send shipping confirmation, and respond to order-related inquiries.
  • Customer support: To respond to your contact form messages and questions about orders, products, or our services.
  • Site improvement: To understand which pages are most visited, identify technical issues, and improve site performance and user experience.
  • Legal compliance: To fulfill our tax, accounting, and legal obligations, including maintaining transaction records as required by law.
  • Marketing communications: If you opt in to receive updates, we may send emails about new strains, promotions, and company news. You can unsubscribe at any time using the link in any marketing email. We do not send marketing emails without explicit consent.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your data for the following periods:

  • Order records: 7 years from the date of purchase. This satisfies U.S. tax and accounting record-keeping requirements.
  • Contact form submissions: 2 years from the date of submission, or until you request deletion — whichever comes first.
  • Analytics data: 12 months from the date of collection. Aggregated statistics may be retained longer for trend analysis.
  • Marketing email subscriptions: Until you unsubscribe. We check subscription status monthly and remove inactive subscribers.

When data retention periods expire, your data is deleted or anonymized. Deletion requests are processed within 30 days.

6. Third-Party Sharing

We share your data with the following third parties, only as needed to deliver our services:

  • Stripe: Payment processing, fraud detection, and dispute resolution. See stripe.com/privacy.
  • Shipping carriers (USPS, UPS, FedEx): Your shipping address is shared with the carrier to deliver your order.
  • Email delivery (Postmark): Your email address is used to send order confirmations, shipping notifications, and — if you opted in — marketing emails. We use Postmark for transactional and marketing email delivery.
  • Web hosting (Render): Our hosting provider may have limited access to server logs containing IP addresses and user agents for security and debugging purposes.

Beyond the above, we do not share your personal information with any other third parties, advertisers, or data brokers.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Contact us to request a copy of all data we hold about you (orders, contact submissions, email subscriptions). We will provide this within 14 days.
  • Correction: If your data is inaccurate, request an update by emailing cosmicmycology@polsia.app.
  • Deletion: Request that we delete your data at any time. Order records subject to legal retention requirements will be retained for the legally required period but deleted thereafter.
  • Unsubscribe: Click the unsubscribe link in any marketing email to immediately stop receiving promotional messages. Transactional emails (order confirmations, shipping updates) are not covered by this opt-out.
  • Withdraw consent: If you previously opted into marketing emails, you can withdraw that consent at any time.
  • File a complaint: If you believe we have mishandled your data, you have the right to file a complaint with the Federal Trade Commission (FTC) or your state's attorney general.

To exercise any of these rights, email cosmicmycology@polsia.app with your request. We will respond within 14 business days.