Privacy Policy

This Privacy Policy explains how StoreCraft Studio, operated by Finanfi LLC, collects, uses and protects your personal data when you visit this website, make a purchase or otherwise interact with us.

1. Controller

The controller responsible for processing your personal data is:

Finanfi LLC
Operating as StoreCraft Studio
30 N Gould St Ste R
82801 Sheridan, Wyoming, United States
Representative: David Nagy
Phone: +421 948 279 914
Email: info@storecraftstudio.com

We do not have a mandatory data protection officer. For any privacy-related questions, please contact us using the details above.

2. Data we collect

We may process the following categories of personal data:

  • Website usage data – IP address, device and browser information, pages viewed, time spent, referral sources and similar technical data.
  • Order and account data – name, company name, billing address, email address, phone number, payment status, ordered services and invoices.
  • Project and communication data – information you provide in our client checklist, emails, contact forms or calls (for example: store URL, products, brand information, content and preferences).
  • Newsletter data – email address and optional profiling information (such as interests) if you subscribe to our newsletter.

3. Purposes and legal bases

We process your data for the following purposes and based on the following legal bases under the GDPR (where applicable):

  • To operate the website and provide basic functionality (e.g. shopping cart, contact forms). Legal basis: performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR) and our legitimate interest in running a secure, functional website (Art. 6(1)(f) GDPR).
  • To process orders and deliver services, including billing, client onboarding and project communication. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • To handle enquiries and support requests. Legal basis: performance of a contract or legitimate interest (Art. 6(1)(b), (f) GDPR).
  • To send newsletters and marketing communications when you have explicitly subscribed or where permitted for existing customers. Legal basis: consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR) within the limits of applicable law.
  • To analyse website usage and improve our services. Legal basis: our legitimate interest in optimisation (Art. 6(1)(f) GDPR), or your consent where required (Art. 6(1)(a) GDPR) via the cookie banner.
  • To comply with legal obligations (for example tax and accounting rules). Legal basis: legal obligation (Art. 6(1)(c) GDPR).

4. Cookies and tracking technologies

Our website uses cookies and similar technologies provided by Shopify and its partners to:

  • make the site function (required cookies),
  • remember your preferences (personalisation cookies),
  • measure usage and performance (analytics cookies), and
  • display relevant ads and track conversions (marketing cookies).

When you first visit our site in certain regions, you will see a cookie banner that allows you to accept or decline non-essential cookies and manage your preferences by category. You can change your choices at any time via the “Manage preferences” link in the banner (where available).

For more detail about cookie categories, see our separate Cookie Policy.

5. Shopify and hosting

This store is hosted on Shopify. Your data is stored through Shopify’s data storage systems and databases. Shopify may process data on servers located in various countries, including Canada, the United States and the EU, under appropriate safeguards.

For more information on how Shopify handles personal data, please refer to Shopify’s own privacy documentation.

6. Payment providers

To process payments, we use external payment providers such as Stripe, PayPal, Klarna or Shopify Payments, depending on your region and checkout selection. When you make a payment, your payment data is processed directly by the relevant provider under their own responsibility.

We receive limited information from those providers (e.g. confirmation of payment, last four digits of a card, payment method) for bookkeeping and fraud prevention purposes.

7. Analytics and marketing tools

Depending on your cookie preferences and region, we may use analytics and marketing tools such as:

  • Shopify analytics,
  • web analytics solutions to understand how visitors use the site, and
  • advertising pixels to measure conversions and optimise campaigns.

These tools may set cookies and collect information about your device, browsing behaviour and interactions with our site. Where required by law, such tools are only activated if you have given consent via the cookie banner.

8. Email marketing and newsletters

If you subscribe to our newsletter or marketing emails, we will use your email address to send updates, offers and content related to StoreCraft Studio and Shopify-related services.

We only send newsletters where permitted by law:

  • with your explicit consent (for example via a sign-up form), or
  • to existing customers, within the limits of applicable law, for similar products or services.

You can unsubscribe at any time using the link in each email or by contacting us directly. Where required, we may use a “double opt-in” process, meaning you confirm your email address before being added to the list.

9. Data retention

We keep your personal data only for as long as necessary for the purposes described in this policy, in particular:

  • Order and invoice data – for the duration of our contractual relationship and for the period required by tax and accounting laws.
  • Project and communication data – for the duration of the project and for a reasonable period afterwards to handle follow-up questions, disputes or documentation.
  • Newsletter data – until you unsubscribe or we discontinue the mailing list.
  • Technical logs – for security and troubleshooting, usually for a shorter period.

10. Data sharing & international transfers

We share your data with third parties only as necessary for the purposes described above, for example:

  • Shopify (store platform and hosting),
  • payment service providers,
  • email and communication providers,
  • analytics and marketing tools (subject to your consent),
  • professional advisors (e.g. accountants) where required.

These providers may be located in countries outside the EU/EEA or UK (such as the United States). In such cases we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions, where available.

11. Your rights

If the GDPR or similar data protection laws apply to you, you have the following rights with respect to your personal data:

  • Right of access – to obtain confirmation and a copy of your data.
  • Right to rectification – to correct inaccurate or incomplete data.
  • Right to erasure – to request deletion of your data under certain conditions.
  • Right to restriction of processing – in specific circumstances.
  • Right to data portability – to receive your data in a structured, commonly used format.
  • Right to object – to certain processing, including direct marketing.
  • Right to withdraw consent – where processing is based on your consent.

To exercise these rights, please contact us using the details in section 1. We may need to verify your identity before fulfilling requests.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA member state or UK of your habitual residence, place of work or place of the alleged infringement.

12. Security

We take reasonable technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction. No system is completely secure, but we aim to keep risk proportionate and up to date.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical or business changes. The current version is always available on this page. Where required by law, we will notify you of significant changes.