Privacy Policy
PRIVACY POLICY
Effective Date: August 2025
Version: 1.0
SHOPIFY COMPLIANCE AND DATA PROTECTION STATEMENT
Aliensellz.com operates in full compliance with comprehensive data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Shopify's Privacy Requirements and Data Processing Agreement, Payment Card Industry Data Security Standards (PCI DSS), and all applicable international privacy frameworks. Our commitment to data protection is fundamental to our business operations and essential for maintaining customer trust.
As a Shopify merchant, we utilize Shopify's secure infrastructure for all e-commerce operations. Shopify processes payments on our behalf using bank-level security protocols, manages customer data with enterprise-grade protection, and ensures PCI compliance throughout the transaction process. This integration allows us to leverage world-class security infrastructure while focusing on delivering quality digital products to our customers. The partnership with Shopify ensures that your data receives the highest level of protection available in e-commerce today.
ANTI-COUNTERFEIT DATA COOPERATION
We maintain an unwavering commitment to preventing counterfeit operations and will share all customer data with law enforcement agencies investigating counterfeit operations, intellectual property violations, or fraud. This cooperation includes providing complete purchase history and transaction records, IP addresses and device information used to access our services, all communication records between us and suspected violators, payment details as legally permitted by financial regulations, comprehensive download and access logs showing usage patterns, and detailed pattern analysis data revealing suspicious behavior.
No warrant is required for our voluntary cooperation when we suspect illegal activity. We proactively monitor for suspicious patterns and report potential violations to appropriate authorities. This cooperation extends to federal agencies including the FBI and Homeland Security, state and local law enforcement, international agencies like INTERPOL, brand protection teams representing legitimate businesses, and Shopify's Trust and Safety team. Our commitment to stopping counterfeit operations supersedes any privacy considerations for those engaged in illegal activities.
INFORMATION WE COLLECT
Essential Collection for Legal Compliance
Our data collection practices are limited to information essential for legal compliance and service delivery. For identity verification, we collect your full legal name as it appears on official documents, which is required for transaction records and tax reporting. Your email address serves as the primary delivery method for digital products and account communications. We collect billing addresses for accurate tax calculation and compliance with regional regulations. IP addresses are recorded for fraud prevention and geographic compliance verification, helping us identify and prevent suspicious activity patterns.
We maintain transaction records including all purchase details for the legally required 7-year retention period. Where required by law, we collect tax identification numbers such as VAT IDs for EU customers. This information is collected solely to meet our legal obligations and ensure proper service delivery. We do not collect information beyond what is necessary for legitimate business purposes and legal compliance.
Information We Explicitly Do Not Collect
We maintain strict limitations on data collection to protect customer privacy. We do not collect Social Security numbers unless absolutely required by law for specific tax reporting purposes. We never collect government identification documents, biometric data of any kind, health or medical information, political affiliations or beliefs, religious preferences, or sexual orientation information. We do not knowingly collect any information from individuals under 18 years of age.
These limitations ensure we maintain only the minimum necessary data to operate our business effectively while respecting customer privacy. Any request for information beyond our standard collection practices should be viewed with suspicion and reported to our security team immediately.
DATA USE AND PURPOSE LIMITATION
Primary Legal Purposes
We use collected data for specific, legitimate purposes directly related to our business operations. Order fulfillment and digital delivery represent our core service, requiring customer information to complete transactions successfully. Legal compliance and tax reporting obligations necessitate maintaining accurate records for government authorities. Fraud prevention and security measures protect both our business and legitimate customers from criminal activity.
Our anti-counterfeit enforcement efforts require analyzing transaction patterns and user behavior to identify potential illegal operations. Law enforcement cooperation demands maintaining comprehensive records that can be provided when investigating crimes. Shopify platform requirements specify certain data handling practices we must follow to maintain our merchant account. Each use of customer data is carefully considered and limited to necessary purposes only.
Marketing Communications
Marketing communications are processed only with explicit customer consent and remain entirely optional. These may include product updates about new vendor lists or bundle releases, educational content providing business tips and strategies, special offers and seasonal discounts, and surveys requesting feedback to improve our services. All marketing communications include clear unsubscribe mechanisms allowing immediate opt-out. We never sell customer data to third parties for marketing purposes or share customer lists with other businesses.
DATA SHARING FOR COMPLIANCE
We share customer data only with carefully selected partners necessary for business operations and legal compliance. Shopify Inc., our e-commerce platform provider, processes all transaction and account data through their secure infrastructure. Payment processors handle payment information in tokenized format to maintain security while enabling transactions. Law enforcement agencies receive data when investigating counterfeit operations or other crimes. Brand protection teams are notified when we detect potential trademark or copyright violations. Legal authorities receive information as required by law or court order. Industry fraud prevention databases receive information about confirmed fraudulent activity to protect other merchants.
Each data sharing arrangement is governed by strict agreements ensuring appropriate protection of customer information. We never sell customer data or share it for purposes unrelated to our legitimate business operations and legal obligations.
YOUR PRIVACY RIGHTS
Universal Rights for All Users
Regardless of your location, you enjoy fundamental privacy rights including the ability to access and download all data we hold about you, correct any inaccuracies in your information, request deletion of non-essential data not required for legal compliance, export your data in standard portable formats, restrict or limit certain processing activities, and object to or opt-out of specific uses of your data. These rights form the foundation of our privacy program and demonstrate our commitment to customer control over personal information.
To exercise these rights, you may use our dedicated privacy portal or contact our Data Protection Officer directly. We commit to acknowledging all requests within 72 hours and completing valid requests within 30 days as required by law. If you disagree with our response to your request, an appeals process is available to ensure fair consideration of your concerns.
GDPR Rights for EU/UK Residents
Residents of the European Union and United Kingdom enjoy additional rights under GDPR including the ability to withdraw consent at any time for consent-based processing, object to automated decision-making processes that significantly affect you, lodge complaints with supervisory authorities in your country, seek compensation for damages resulting from privacy violations, designate a representative to act on your behalf in privacy matters, and request data protection impact assessments for high-risk processing activities.
CCPA Rights for California Residents
California residents have specific rights under CCPA including the right to know exactly what personal information is collected about you, understand if personal information is sold or disclosed to third parties, opt-out of any personal information sales, enjoy non-discrimination for exercising privacy rights, designate authorized agents to make requests on your behalf, and pursue a private right of action for certain data breaches involving sensitive information.
DATA RETENTION SCHEDULES
Mandatory Legal Retention
Certain data must be retained for legal compliance regardless of customer preference. Financial records are retained for 7 years to meet tax law requirements in multiple jurisdictions. Transaction data is maintained for 7 years for accounting and audit purposes. Legal documents are retained for 10 years to address potential litigation. Security logs are kept for 5 years to meet compliance requirements and enable investigation of historical incidents. Fraud records are retained permanently to prevent repeat offenses and protect our business and customers.
These retention periods are non-negotiable legal requirements that supersede deletion requests. Even when customers exercise their right to deletion, we must maintain certain records to meet our legal obligations. We clearly communicate which data cannot be deleted and why when responding to deletion requests.
Standard Business Retention
For non-mandatory data, we maintain retention periods balancing business needs with privacy principles. Account data is retained for the active period plus 3 years to enable account recovery and provide customer service. Support tickets are kept for 2 years from resolution to inform future service improvements. Marketing data is retained until opt-out plus 6 months to ensure suppression lists prevent unwanted contact. Analytics data follows platform standards of 26 months for trend analysis. Temporary files are automatically deleted after 30 days when no longer needed.
SECURITY MEASURES
We implement comprehensive technical and organizational safeguards to protect customer data from unauthorized access, disclosure, alteration, and destruction. All data is encrypted using AES-256 encryption at rest and TLS 1.3 encryption in transit, meeting or exceeding industry standards. We maintain role-based access controls ensuring employees can only access data necessary for their specific job functions. Our systems are monitored 24/7 through Shopify's security operations center, with immediate response to any detected threats.
Regular security measures include monthly vulnerability scanning to identify and address potential weaknesses, employee security training to prevent social engineering attacks, vendor security assessments to ensure third-party compliance, and incident response procedures ensuring rapid containment of any breaches. We leverage Shopify's enterprise security infrastructure, which includes DDoS protection, Web Application Firewall (WAF) protection, and continuous security updates.
INTERNATIONAL DATA TRANSFERS
As a globally accessible service, we transfer data internationally using approved legal mechanisms. These include Standard Contractual Clauses approved by the European Union for transfers outside the EEA, adequacy decisions where available between jurisdictions, and explicit consent for specific transfers when required. Our primary data storage is in the United States, with backup facilities in Canada and the European Union for redundancy and performance optimization.
Shopify maintains servers in multiple global locations to ensure optimal performance and compliance with regional requirements. All international transfers are protected by appropriate safeguards ensuring your data receives consistent protection regardless of location.
CONTACT INFORMATION
For all privacy-related matters, our Data Protection Officer can be reached at aliensellzvendors@gmail.com. We commit to responding to all privacy inquiries within 48 hours. Privacy rights requests can be submitted through our dedicated portal at privacy.aliensellz.com or via email to aliensellzvendors@gmail.com. We maintain transparent communication throughout the request process and provide regular updates on request status.
