Book Store Growth Audit →
  • Home
  • Services
  • Pricing
  • About
  • Case Studies
  • Blog
  • Contact
    • Book Store Growth Audit

    Privacy Policy

    Effective Date: June 1, 2025 Last Updated: June 1, 2025 Applies to: organiccartstudio.com and all OrganicCartStudio client engagements

    Introduction

    OrganicCartStudio takes privacy seriously. This policy explains exactly what data we collect, why we collect it, how we use it, and what rights you have over it.

    We do not sell your data. We do not share it with advertisers. We collect only what we need to deliver our services and communicate with you professionally.

    If you use our website, submit an inquiry, or engage us for SEO or content services, this policy applies to you.

    Who We Are

    OrganicCartStudio is an e-commerce SEO agency specializing in Shopify and WooCommerce store growth. We serve clients globally, with a focus on organic search, content strategy, and generative engine optimization.

    Website: organiccartstudio.com Contact: hello@organiccartstudio.com

    For any privacy-related question or request, the above email is the right place to start.

    What Data We Collect

    We collect two types of data — information you give us directly, and information collected automatically when you visit our site.

    Information you provide directly:

    • Name and email address when you submit a contact form or inquiry
    • Business name, website URL, and project details when requesting a proposal
    • Payment information when engaging our services (processed by third-party payment providers — we do not store card details)
    • Communications you send us via email, contact forms, or messaging platforms
    • Access credentials you share for platforms like Google Search Console, Google Analytics, or your CMS (stored securely, used only for agreed work)

    Information collected automatically:

    • IP address and approximate location
    • Browser type and device information
    • Pages visited, time on site, and referring URLs
    • Cookies and similar tracking technologies (see Section 7)

    We do not collect sensitive personal data such as race, religion, health information, or political opinions.

    How We Use Your Data

    Every piece of data we collect has a specific purpose. We do not use your data for anything beyond what is listed here.

    To deliver our services: We use the information you provide to carry out SEO audits, content writing, link building, and other agreed deliverables. Access credentials are used solely to perform work on your behalf.

    To communicate with you: We use your contact details to respond to inquiries, send project updates, deliver reports, and handle billing. We do not add you to a newsletter without explicit consent.

    To process payments: Your billing details are passed to our payment processor. We retain invoice records for accounting and legal compliance purposes.

    To improve our website: Anonymized analytics data helps us understand which pages are useful and where the site experience can be improved. This data is never used to identify you individually.

    To comply with legal obligations: We may retain or disclose data if required by law, court order, or regulatory obligation.

    Legal Basis for Processing

    For clients and contacts based in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases as defined by GDPR:

    Contractual necessity: Processing required to fulfill a service agreement with you — delivering work, sending invoices, managing project communication.

    Legitimate interests: Improving our website, maintaining records of business communications, and protecting against fraud or misuse.

    Legal obligation: Retaining financial records as required by applicable tax and accounting law.

    Consent: Sending marketing emails or newsletters. You may withdraw consent at any time.

    If you are outside the EEA or UK, we still apply the same data handling standards described in this policy.

    Data Sharing and Third Parties

    We do not sell your personal data. Full stop.

    We share data only in the following limited circumstances:

    Service providers: We use a small number of trusted third-party tools to operate our business. These include payment processors (PayPal, Wise, Stripe), email platforms, analytics tools (Google Analytics), and project management software. These providers access only the data needed to perform their function and are contractually required to protect it.

    Platform access: When you grant us access to your Google Search Console, Google Analytics, Shopify, or WooCommerce accounts, those platforms process data according to their own privacy policies. We do not extract or retain data from those platforms beyond what is required for your project.

    Legal requirements: We may disclose data if compelled by law, court order, or to protect the rights, property, or safety of OrganicCartStudio, our clients, or others.

    Business transfers: In the unlikely event of a sale, merger, or acquisition of OrganicCartStudio, client data may be transferred to the acquiring entity. You will be notified if this occurs.

    We do not share your data with advertisers, data brokers, or any party for marketing purposes.

    Cookies

    Our website uses cookies to function properly and to understand how visitors use it.

    Essential cookies: Required for the website to work. These cannot be disabled without breaking basic site functionality. They include session cookies and security tokens.

    Analytics cookies: We use Google Analytics to collect anonymized data on page visits, traffic sources, and user behavior. This helps us improve the site. No personally identifiable information is attached to this data.

    Preference cookies: These remember your settings and choices across visits, such as language preferences or form data.

    Marketing cookies: We do not currently run retargeting campaigns. If this changes, we will update this section and obtain consent before placing marketing cookies.

    You can manage or disable cookies through your browser settings at any time. Disabling analytics cookies will not affect your ability to use the site or engage our services.

    If you are visiting from the EEA or UK, a cookie consent banner will appear on your first visit. Continuing to browse without adjusting cookie settings constitutes acceptance of non-essential cookies.

    Data Retention

    We keep your data only for as long as it serves a legitimate purpose.

    Client project data (briefs, access credentials, deliverables, communications) is retained for 2 years after project completion, then securely deleted unless you request otherwise.

    Financial records (invoices, payment confirmations) are retained for 7 years in compliance with standard accounting and tax requirements.

    Inquiry data (contact form submissions that did not result in a project) is retained for 12 months, then deleted.

    Website analytics data is anonymized and aggregated. It does not contain personally identifiable information and is retained indefinitely for trend analysis.

    Access credentials you share with us (CMS logins, API keys) are deleted within 30 days of project completion unless ongoing access management is part of your retainer.

    You may request deletion of your data at any time — see Section 10.

    Data Security

    We take reasonable technical and organizational measures to protect your data from unauthorized access, loss, or misuse.

    These include:

    • Encrypted storage for access credentials and sensitive project information
    • Password-protected systems with two-factor authentication where available
    • Limited internal access — only team members who need data to perform your work can access it
    • Secure communication channels for sharing sensitive credentials
    • Regular review of third-party tools for compliance with data security standards

    No system is 100% secure. If a data breach occurs that affects your personal information, we will notify you promptly and take immediate corrective action.

    We strongly recommend using a password manager and sharing credentials via secure methods (such as 1Password, LastPass, or encrypted email) rather than plain-text messages.

    Your Rights

    Depending on where you are located, you have rights over your personal data. We respect these rights regardless of your location.

    Right to access: You can request a copy of the personal data we hold about you.

    Right to correction: If any information we hold is inaccurate or incomplete, you can ask us to correct it.

    Right to deletion: You can ask us to delete your personal data. We will comply unless we have a legal obligation to retain it (for example, financial records).

    Right to restriction: You can ask us to pause processing your data while a dispute is being resolved.

    Right to data portability: You can request your data in a structured, machine-readable format.

    Right to object: You can object to processing based on legitimate interests, including direct marketing.

    Right to withdraw consent: If you have given consent for any processing (such as marketing emails), you can withdraw it at any time without affecting any prior processing.

    To exercise any of these rights, email us at hello@organiccartstudio.com. We will respond within 30 days. We may ask you to verify your identity before processing a request.

    If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the relevant data protection authority in your country.

    Children’s Privacy

    OrganicCartStudio’s services are intended for businesses and professionals. We do not knowingly collect data from anyone under the age of 16.

    If you believe a minor has submitted personal information to us, please contact us immediately and we will delete it.

    International Data Transfers

    OrganicCartStudio serves clients globally. If you are based in the EEA or UK and your data is transferred outside those regions — for example, to a third-party tool hosted in the United States — we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms recognized under GDPR.

    We only work with third-party providers that meet internationally accepted data protection standards.

    Links to Other Websites

    Our website may contain links to third-party websites — clients, tools we recommend, or industry resources. Clicking those links takes you to sites outside our control.

    We are not responsible for the privacy practices of external websites. We recommend reading the privacy policy of any third-party site you visit.

    Changes to This Policy

    We may update this Privacy Policy as our services evolve, as new laws come into effect, or as we adopt new tools.

    Updates will be posted on this page with a revised effective date. For material changes that affect how we handle your data, we will notify active clients by email with at least 14 days’ notice.

    We recommend reviewing this page periodically, particularly before starting a new project with us.

    Contact and Data Requests

    For any privacy question, data access request, deletion request, or concern:

    Email: hello@organiccartstudio.com
    Website: organiccartstudio.com

    We respond to all privacy-related requests within 30 days.