Privacy
What we collect, and
why we hold it.
Last updated · June 8, 2026
What we collect
Only what an order requires.
To take and ship an order we collect your name, contact email, shipping address, the customization choices you make at checkout, and the transactional record from your payment provider. We do not collect data you have not given us.
- Account
- Email and any name you sign up with.
- Order
- Shipping address, chosen options, internal order notes.
- Payment
- Last 4 / brand / amount — provided by our payment processor, never raw card data.
How it is held
Encrypted at rest, encrypted in transit.
Our database and storage volumes are encrypted at rest. All traffic between you, our site, and our processors is TLS-encrypted. Access to identifiable records inside the company is restricted to the team handling fulfillment and support.
- Transit
- TLS 1.2+ between all parties.
- Storage
- AES-encrypted at rest on the database host.
- Access
- Named-user audit log on the admin console.
How it is used
To make your doll, and to tell you about it.
Your information is used to fulfill the specific order you placed, send the status updates that go with it, and respond if you write to us. We do not mail you about other things unless you opt in.
- Fulfillment
- Production, dispatch, customs clearance, delivery.
- Support
- Replying to your emails about your order.
- Internal
- Anonymized analytics to fix the obvious bugs.
Sharing
Only with the people moving your order.
We share only what is needed: the shipping address with the courier, the order amount with the payment processor, the customs paperwork with destination customs. We do not sell or rent data to anyone.
- Couriers
- DHL / FedEx / UPS — for delivery only.
- Payment
- Stripe — they handle card data, we never see it.
- Legal
- Disclosure only if compelled by valid order.
Your rights
Ask. We answer in one working day.
You can request a copy of everything we hold about you, ask us to correct an error, or request deletion of your account and associated personal data. EU residents have these rights under the GDPR; we extend the same rights to everyone.
- Access
- Email a request, receive a JSON export.
- Correction
- We update on receipt.
- Deletion
- We delete after open orders close.
- Opt-out
- Unsubscribe in any email; no penalty.
Questions about how your data is handled? Email privacy@divinadoll.shop — a person reads it.