AstralKnots Privacy Policy

Last Updated: October 24, 2025

This Privacy Policy (“Policy”) explains how AstralKnots (“we”, “us”, “our”) collects, uses, stores, shares, and protects the personal information (“Personal Information”) of users (“you”, “your”) who access or use our e-commerce independent website (the “Website”). All your activities on the Website, including account registration, login, browsing, and product purchases, are subject to this Policy. We comply with global privacy regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Children’s Online Privacy Protection Act (COPPA), and applicable local laws in other regions, to safeguard your privacy rights.

Who we are

Our website address is: https://astralknots.art.

1. Scope of Application

This Policy applies to all your interactions with the Website, including but not limited to:​

  • Creating and using an AstralKnots account (login function);​
  • Browsing product information, adding items to the shopping cart, and placing orders;​
  • Subscribing to newsletters, participating in promotional activities, or contacting customer service;​
  • Using third-party tools integrated into the Website (e.g., payment processing platforms, logistics tracking tools).​

This Policy does not apply to third-party websites, services, or applications linked from the Website (e.g., social media platforms, payment gateways). We recommend that you review the privacy policies of these third parties independently.

2. Types of Personal Information We Collect

We only collect Personal Information for legitimate, specific, and transparent purposes. The collected information falls into two categories: Information You Voluntarily Provide and Information We Automatically Collect.

2.1 Personal Information You Voluntarily Provide

When using the Website, you may voluntarily provide us with the following Personal Information:​

  • Account Registration & Login Information: Full name, email address, password (stored in encrypted form), phone number (optional), and country/region of residence.​
  • Order & Transaction Information: Shipping address (street, city, postal code, country), billing address (if different from the shipping address), payment method details (e.g., last 4 digits of a credit card—we do not store full credit card information; such information is processed by licensed third-party payment service providers), order history, and product preferences.​
  • Communication Information: Content of emails, chat records, or customer service tickets you send to us (e.g., order inquiries, return requests), and your confirmation to receive marketing communications.​
  • Subscription Information: If you subscribe to our newsletter, you will need to provide your email address and preferences for the type of content you wish to receive.

2.2 Personal Information We Automatically Collect

When you access or use the Website, we may automatically collect certain non-identifiable or de-identified information through cookies or similar tracking technologies to improve Website functionality and user experience. Such information includes:​

  • Device & Technical Information: IP address, browser type and version, operating system, device model, screen resolution, and Internet Service Provider (ISP).​
  • Browsing & Usage Information: Pages you visit on the Website, time spent on each page, links clicked, search keywords entered, shopping cart activities (e.g., adding/removing items), and referral source (e.g., how you found the Website via search engines or social media).​
  • Cookie Information: We use cookies (small text files stored on your device) to remember your login status, shopping cart contents, and preferences. For details on cookie types and management methods, see Chapter 7 “Cookies & Tracking Technologies”.

2.3 Personal Information from Third Parties

In limited cases, we may obtain your Personal Information from trusted third parties, including:​

  • Payment Service Providers: Transaction confirmation information, payment status, and anti-fraud detection data (used to verify the legitimacy of payments).​
  • Logistics Partners: Delivery status updates (e.g., “package shipped”, “delivered”) to sync with your order history.​
  • Social Media Platforms: If you register/login via social media (e.g., Facebook, Google), we will obtain basic profile information (name, email address) that you authorize to share.​

3. How We Use Your Personal Information

We only use your Personal Information for the purposes stated at the time of collection or as required by law. The main use scenarios include:

3.1 Providing and Maintaining Website Services

  • Managing your account (e.g., login verification, password reset, profile updates);​
  • Processing and fulfilling your orders (e.g., verifying shipping information, coordinating with logistics providers, sending order confirmations);​
  • Providing customer service (e.g., responding to inquiries, resolving issues related to orders or accounts).​

3.2 Enhancing User Experience and Website Performance

  • Analyzing browsing and usage data to identify trends (e.g., popular products, page loading issues), and optimizing Website design, navigation, and functionality;​
  • Personalizing your user experience (e.g., recommending products based on your order history, saving your shipping address for future purchases).​

3.3 Sending Communications

  • Transactional Communications: Mandatory notifications related to your account or orders (e.g., order confirmations, logistics notifications, refund alerts)—these are necessary for service delivery and cannot be opted out of;
  • Marketing Communications: Promotional content (e.g., new product launches, discount activities, newsletters) will only be sent to you if you have given explicit consent (e.g., checking the box during registration). You can opt out at any time via the “unsubscribe” link in emails or by contacting customer service.​

3.4 Ensuring Security and Compliance

  • Detecting and preventing fraud, unauthorized access, or misuse of the Website (e.g., monitoring abnormal login activities, verifying payment authenticity);​
  • Complying with legal obligations (e.g., tax filing, responding to legitimate requests from government authorities, retaining records to resolve disputes).​

3.5 Conducting Business Operations

Aggregating and de-identifying data (removing personal identifiers) to generate statistical reports for internal use (e.g., sales trends) or sharing with partners (such reports do not contain any Personal Information).​

4. How We Share Your Personal Information

We will not sell, rent, or lease your Personal Information to third parties for marketing purposes without your explicit consent. We may only share your information in the following limited circumstances:

4.1 Sharing with Trusted Service Providers

We engage third-party service providers to assist with specific business functions. These providers are contractually obligated to use your Personal Information only as instructed and to protect its security:

  • Payment Service Providers: Licensed providers (e.g., PayPal, Stripe, Airwallex) for secure payment processing (they only receive your payment details and will not use them for other purposes);​
  • Logistics Partners: Courier services (e.g., DHL, FedEx) for delivering your orders (they only receive your shipping address and contact information to complete delivery);​
  • Analytics Tool Providers: Such as Google Analytics, for analyzing Website usage (shared data is usually de-identified or aggregated);​
  • Customer Service Tool Providers: Platforms for managing customer service tickets (they only access your communication records and order details to provide assistance).

4.2 Sharing for Legal or Security Purposes

We may disclose your Personal Information in the following situations:​

  • In response to legitimate legal requests (e.g., subpoenas, court orders, or government investigations);​
  • To address suspected fraud, illegal activities, or violations of our Terms of Service;​
  • To protect the safety of users, the public, or our business (e.g., sharing data with anti-fraud agencies).

4.3 Sharing in Business Transactions

If we undergo a business transaction (e.g., merger, acquisition, sale of assets), your Personal Information may be transferred to the new owner as part of the transaction assets. We will notify you of such a transfer and ensure the new owner complies with this Policy.

5. Data Storage and Security

We take reasonable and industry-standard measures to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction.​

5.1 Storage Details

  • Storage Location: Personal Information is stored on secure servers that comply with global privacy regulations;​
  • Retention Period: We only retain your Personal Information for as long as necessary to achieve the purposes of collection or as required by law:​
  • Account Information: Retained while your account is active; if you do not log in for 12 months after your last login, the information will be deleted (you may also request early deletion);​
  • Order Information: Retained for 7 years to comply with tax and legal obligations (after which it will be de-identified);​
  • Marketing Information: Retained until you opt out of marketing communications.

5.2 Security Measures

  • Technical Security: SSL/TLS encryption for data in transit, AES-256 encryption for data at rest; passwords stored in encrypted hash form (plain-text passwords are never stored); regular security audits of our systems;​
  • Access Controls: Only authorized personnel (e.g., customer service, IT teams) have limited access to Personal Information and are required to sign confidentiality agreements;​
  • Third-Party Security Requirements: We require all service providers to implement equivalent security measures and conduct regular compliance audits.​

Although we have adopted strict security measures, no security system is 100% impenetrable. If a data breach occurs that may affect your rights, we will notify you and relevant regulatory authorities in accordance with the law (e.g., within 72 hours as required by GDPR) and take corrective actions.

6. Your Privacy Rights

Depending on your country/region of residence (e.g., GDPR applies to the EU/EEA, CCPA/CPRA applies to California, USA), you have the following legal rights regarding your Personal Information. We will facilitate your exercise of these rights:

6.1 Key Rights

  • Right of Access: Request a copy of the Personal Information we hold about you (we will provide it in a portable, machine-readable format);​
  • Right to Rectification: Request correction of inaccurate or incomplete Personal Information (e.g., updating your shipping address);​
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your Personal Information (except where retention is required by law, such as tax records);​
  • Right to Restrict Processing: Request that we temporarily stop using your Personal Information (e.g., while we verify the accuracy of your information);​
  • Right to Data Portability: Request transfer of your Personal Information to another service provider (where technically feasible);​
  • Right to Withdraw Consent: Withdraw consent for marketing communications or other non-essential uses of your information (withdrawal of consent does not affect the legality of processing before withdrawal);​
  • Right to Object: Object to the use of your Personal Information for direct marketing or processing based on legitimate interests (unless we have compelling reasons to continue processing).​

6.2 How to Exercise Your Rights

To exercise any of the above rights, please contact us via:​

  • Email: info@astralknots.art​
  • Website Form: Submit a request through the “Contact Us” page on the AstralKnots Website​

We will respond to your request within 30 days (or within the time limit required by local law). To prevent unauthorized access to your information, we may request proof of identity (e.g., a copy of your ID) to verify your identity.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixel tags) to enhance your Website experience. These tools help us remember your preferences, analyze usage, and deliver personalized content.

7.1 Types of Cookies We Use

  • Necessary Cookies: Essential for the normal operation of the Website (e.g., remembering your login status, saving shopping cart contents). You cannot disable these cookies via the Website, but you can block them in your browser (note: this may cause Website functionality to malfunction);​
  • Analytics Cookies: Used to track how you use the Website (e.g., pages visited, time spent) to optimize Website performance. Examples include Google Analytics cookies;​
  • Marketing Cookies: Used to deliver relevant advertisements (e.g., displaying AstralKnots promotions on other websites) and measure the effectiveness of marketing campaigns. These cookies are only used if you have given consent.​

7.2 How to Manage Cookies

You can manage cookies through your browser settings:​

  • Block/Delete Cookies: Most browsers allow you to block new cookies, delete existing cookies, or set cookie notifications (e.g., Chrome: Settings > Privacy and security > Cookies and other site data; Safari: Preferences > Privacy);​
  • Do Not Track (DNT): Enable the DNT feature in your browser to send a signal that you do not want your browsing data to be tracked. We will respect your DNT requests for analytics and marketing cookies.​

For more details, please refer to our separate “Cookie Policy” (linked at the bottom of the Website homepage).​

8. Children’s Privacy

The Website is not intended for children under the age of 13 (or under the age of 16 in the EU/EEA, in accordance with GDPR). We do not intentionally collect Personal Information from children. If we learn that we have collected information from a child without parental/guardian consent, we will immediately delete the information and notify the parent/guardian if contact information is available. Parents/guardians who believe their child has provided information to us may contact us to request deletion.

9. Cross-Border Data Transfers

If you are located in a country/region different from where our servers are located (e.g., EU/EEA users accessing servers in the US), your Personal Information may be transferred across borders. We ensure such transfers comply with global privacy regulations:​

  • EU/EEA Transfers: We comply through: (1) selecting countries recognized by the European Commission as having “adequate data protection” for data storage; or (2) signing “Standard Contractual Clauses (SCCs)”—legally binding agreements with third parties to ensure your information receives the same level of protection as in the EU;​
  • Transfers to Other Regions: We comply with local cross-border data transfer rules (e.g., CCPA in California, USA; LGPD in Brazil) through approved mechanisms.​

10. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in laws, technology, or business practices. When we make material changes:​

  • We will post the updated Policy on the Website with a new “Last Updated” date;​
  • We will notify you via email (if you have an account) or a pop-up alert on the Website (for significant changes affecting your rights).​

We recommend that you review this Policy regularly to stay informed about how we protect your information.​

11. Contact Us

If you have any questions, concerns, or requests regarding this Policy or your Personal Information, please contact us via:​

  • Email: info@astralknots.art​
  • Website Form: “Contact Us” page on the AstralKnots Website