Privacy Policy

Effective: March 20, 2026

This Privacy Policy describes how Charming Seal ("Company," "we," "us," or "our") collects, uses, and shares information about you when you use our checkout software platform (the "Service"). It covers two categories of people: Merchants (businesses that subscribe to Charming Seal) and Customers (individuals who purchase from a Merchant's checkout powered by Charming Seal).

Important — two-tier relationship: Charming Seal provides checkout infrastructure to Merchants. When a Customer purchases through a Merchant's checkout, that Merchant is the data controller for that Customer's personal data. Charming Seal acts as a data processor on the Merchant's behalf. Customers who have questions about how their data is used by a specific Merchant should contact that Merchant directly.

1. Information We Collect

1.1 Information We Collect From Merchants

Data	How Collected	Purpose
Business name, contact email	Account registration	Account management, service delivery, billing
Stripe publishable & secret keys	Setup wizard	Creating payment intents on your behalf; stored encrypted (AES-256-GCM)
PayPal client ID & secret	Settings page	Processing PayPal orders; stored encrypted
SMTP / email API credentials	Settings page	Sending transactional emails to your customers; stored encrypted
Billing information	Subscription purchase	Charging your subscription; handled directly by Stripe
Usage data, access logs	Automatically	Security monitoring, debugging, fraud prevention

1.2 Information We Collect From Customers (on behalf of Merchants)

Data	How Collected	Purpose
Name, email address	Checkout form	Order fulfillment, receipt delivery, customer record
Billing address	Checkout form	Payment processing, fraud prevention
Phone number (if collected)	Checkout form	Order communications (at Merchant's discretion)
Payment card details	Stripe Elements (encrypted; never touches our servers)	Payment processing
IP address, user agent	Automatically	Fraud prevention, abandoned cart recovery, rate limiting
UTM parameters, affiliate codes	URL parameters	Marketing attribution for the Merchant
Order history, transaction status	Payment events	Order management, receipts, analytics for the Merchant

2. How We Use Information

Service Delivery: Processing payments, sending receipts, delivering digital products, managing subscriptions and invoices.
Account Management: Authenticating Merchants, maintaining account records, sending service notices.
Security and Fraud Prevention: Rate limiting, abuse detection, IP logging, webhook signature verification.
Analytics: Aggregated, anonymized reporting for Merchants on checkout performance, conversion rates, and attribution. We do not sell or share individual Customer analytics with third parties.
Legal Compliance: Complying with applicable law, court orders, and regulatory requirements.
Platform Improvement: Debugging, performance monitoring, and feature development using aggregated, non-identifiable data.

We do not sell personal data. We do not use Customer data for advertising purposes unrelated to the Merchant's own marketing.

3. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases:

Contract Performance: Processing necessary to deliver the Service to Merchants and to process Customer purchases.
Legitimate Interests: Fraud prevention, security monitoring, service improvement, and marketing to existing Merchants.
Legal Obligation: Compliance with applicable laws and regulations.
Consent: Where required by applicable law (e.g., marketing emails to prospective Merchants).

4. Information Sharing

We do not sell, rent, or trade personal data. We share data only as follows:

Recipient	What Is Shared	Purpose
Stripe, Inc.	Payment card data, billing address, email	Payment processing; governed by Stripe's Privacy Policy
PayPal Holdings, Inc.	Order amount, email	PayPal payment processing; governed by PayPal's Privacy Policy
Resend / your SMTP provider	Customer name, email, order details	Transactional email delivery
Supabase / PostgreSQL	All platform data	Database hosting; data stored in the cloud under Supabase's DPA
Vercel, Inc.	Request logs, IP addresses	Application hosting and CDN delivery
Law Enforcement / Legal Process	As required	Compliance with valid legal process (warrant, court order, subpoena)

5. Data Retention

Merchant data: Retained for the duration of your account, plus 30 days after termination for data export, then deleted.
Transaction records: Retained for 7 years to comply with financial recordkeeping requirements, then deleted.
Customer data (on behalf of Merchants): Retained for the duration of the Merchant's account plus applicable legal hold periods.
Magic link tokens: Deleted immediately upon use or expiration (15 minutes).
Analytics events: Retained for 24 months, then purged.
Server / access logs: Retained for 90 days, then deleted.

6. Security

We implement technical and organizational measures to protect personal data, including:

AES-256-GCM encryption at rest for all sensitive credentials (Stripe keys, PayPal secrets, SMTP passwords)
HTTPS / TLS in transit for all data
Magic link authentication (single-use, 15-minute expiry, timing-safe comparison)
Stripe webhook HMAC-SHA256 signature verification
Server-side price resolution — customer-supplied amounts are never trusted
Per-IP rate limiting on all write endpoints
Role-based access control separating Owner, Merchant, and public access

No security system is perfect. In the event of a data breach affecting your personal data, we will notify affected parties as required by applicable law.

7. Payment Card Data

Charming Seal never receives, stores, or transmits raw payment card data. Stripe Elements renders the card input directly in the customer's browser and transmits it encrypted to Stripe's servers. Charming Seal only receives a Stripe Payment Intent client secret and, upon successful payment, a Stripe Payment Method ID (a tokenized reference). We are not a PCI DSS Merchant — the cardholder data environment is entirely within Stripe's scope.

8. Cookies and Tracking

Charming Seal uses minimal cookies:

Authentication cookies (httpOnly, Secure, SameSite=Lax): Required to maintain Merchant admin sessions. These are session cookies deleted when you log out.
Session storage (client-side only): Used on checkout pages to persist form data across page loads (e.g., BNPL redirect). Cleared when the browser session ends. Not transmitted to servers.

If a Merchant configures tracking pixels (Meta Pixel, Google Analytics, TikTok Pixel) via their Settings, those third-party scripts may place their own cookies governed by their respective privacy policies. Charming Seal validates all pixel IDs against strict format allowlists before injection.

9. Your Rights

9.1 Rights for All Users

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to legal hold obligations.
Portability: Receive your data in a structured, machine-readable format.

9.2 Additional Rights for EEA / UK Residents (GDPR)

Restriction of Processing: Request that we restrict how we use your data while a dispute is resolved.
Objection: Object to processing based on legitimate interests.
Withdrawal of Consent: Where processing is based on consent, withdraw it at any time.
Lodge a Complaint: File a complaint with your national data protection authority (e.g., ICO in the UK, your local DPA in the EU).

9.3 Additional Rights for California Residents (CCPA / CPRA)

Right to know what personal information is collected, used, shared, or sold.
Right to delete personal information, subject to exceptions.
Right to opt out of the sale or sharing of personal information. We do not sell or share personal information for advertising purposes.
Right to non-discrimination for exercising your CCPA rights.
To exercise these rights, contact us at privacy@jejeholdings.com. We will respond within 45 days.

9.4 Customer Rights Through Merchants

If you are a Customer who made a purchase through a Merchant's Charming Seal-powered checkout, your data controller is that Merchant. Please contact the Merchant directly for data requests. Charming Seal will cooperate with Merchants to fulfill verified data subject requests.

10. International Data Transfers

Our infrastructure is hosted primarily in the United States (Vercel, Supabase). If you are located outside the US, your data may be transferred to and processed in the US. For transfers from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms where required.

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you become aware that a minor has submitted personal data, contact us immediately at privacy@jejeholdings.com and we will delete it promptly.

12. Third-Party Links

The Service may contain links to third-party websites (e.g., Stripe dashboard, PayPal). We are not responsible for the privacy practices of those sites and encourage you to review their policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Merchants of material changes by email and by posting the updated policy at least 14 days before the effective date. The "Effective Date" at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance.

14. Data Processing Agreement

Merchants who require a Data Processing Agreement (DPA) for GDPR compliance may request one by contacting privacy@jejeholdings.com. We will provide a standard DPA covering our processing activities on your behalf within 10 business days.

15. Contact Us

For privacy inquiries, data subject requests, or DPA requests:
Charming Seal — Privacy Team
Email: privacy@jejeholdings.com

We aim to respond to all requests within 30 days. If your inquiry involves a data breach or is urgent, include "URGENT" in the subject line.