The Petal & Threads
Privacy Policy
Last updated: July 1, 2026
The Petal & Threads LLC (“we,” “us,” “our”) makes handmade, made-to-order goods and takes custom orders from our home base in Connecticut, selling across the United States. We care about your privacy and keep the data we collect small and purposeful. This policy explains what we collect, why, who we share it with, how long we keep it, and the choices you have.
What we collect and why
We only collect what we need to take your order, make your item, ship it, and stay in touch if you ask us to: your name, email, phone, shipping address, and your order or custom-project details. If you subscribe, we keep your email for our newsletter until you opt out.
We never see or store your full card number.Payments are entered into Stripe's secure checkout and handled by Stripe. We do not buy customer data, and we do not use advertising or cross-site tracking cookies.
Who we share it with
We do not sell or rent your personal information. We share it only with the trusted services that help us run the shop, and only for that purpose:
- Stripe — payment processing (privacy policy).
- Resend— order & shipping emails and, if you opt in, our newsletter (privacy policy).
- Supabase — secure database storage (privacy policy).
- Vercel — website hosting (privacy policy).
We may also disclose information if required by law or to protect our rights and safety.
Cookies & local storage
Our site uses your browser's local storage to remember your shopping cart — it stays on your device and is essential for the shop to work. We do not use advertising cookies or cross-site trackers. During checkout, Stripe may set its own cookies to process your payment securely.
How long we keep your data
We keep order records as long as needed to fulfill your order and to meet tax and legal recordkeeping requirements. Custom-quote requests that don't become orders are kept so we can follow up, then deleted. Newsletter subscriptions are kept until you unsubscribe.
How we protect your data
We use reputable providers (Stripe, Supabase, Vercel, Resend) with industry-standard security, card data is handled entirely by Stripe, and we limit who can access customer information. No method of storage is 100% secure, but we take reasonable steps to protect your data.
Your privacy rights
Wherever you live in the US, you can ask us to access, correct, or deletethe personal information we hold (subject to records we're legally required to keep), and to opt out of our newsletter anytime. We do not sell or share your personal informationas defined by California (CCPA/CPRA) or Connecticut (CTDPA) law, and we don't use it for cross-context behavioral advertising. To make a request, contact us and we'll verify your identity and respond within the time the law requires (generally 45 days).
Children's privacy
Our shop is intended for adults. We do not knowingly collect personal information from children under 13. If you believe a child has given us information, contact us and we'll delete it.
Changes to this policy
We may update this policy as our shop grows or the law changes; we'll update the “Last updated” date above when we do.
Questions about this policy? Please reach out through our contact page.
