Privacy & Data Policy

Introduction

Welcome to Hart (the "Site", "we", "us", or "our"). This Privacy & Data Policy explains how we collect, use, disclose, and protect information when you visit or use our website (hildart.vercel.app) or any related services. By using our Site, you agree to the collection and use of information in accordance with this policy.

If you do not agree with this policy, please refrain from using the Site.

What Data We Collect

Data you provide

When you sign up, log in, purchase, or contact us, we may collect:

• Username — when you register or log in.
• Email address — for account management, receipts, and communication.
• Password — stored securely (hashed), used for authentication.
• Billing or shipping address — if you order an artwork.
• Order & purchase details — items, quantity, date, payment data.
• Any content you submit — messages, contact forms, preferences.

Automatically collected data

When you visit the Site, we may automatically collect:

• IP address & geolocation — for security, fraud detection, analytics.
• Device information — browser, OS, device type, screen resolution.
• Usage data — pages viewed, time spent, clicks, interactions.
• Cookies & similar technologies — see Section 6 below.

Why We Collect the Data

We use collected data for:

• Account management — registration, login, authentication, password reset.
• Order processing — fulfilling purchases, shipping, billing, receipts.
• Site functionality — personalised content, preferences, smooth navigation.
• Communications — responding to enquiries, purchase confirmations, opt-in newsletters.
• Security & fraud prevention — detecting suspicious behaviour, protecting against abuse.
• Analytics & performance — understanding usage, improving content and design.

We will never process more data than needed, and we do not sell or trade your personal data to third parties for marketing.

Legal & Compliance

Depending on your location, relevant data-protection laws may apply — e.g. the Privacy Act 1988 (Cth) & Australian Privacy Principles, or international regulations like GDPR / CCPA. We endeavour to meet or exceed all applicable standards.

If you are browsing from a country with strict data-protection laws, you may have additional rights (see Section 9).

Data Sharing & Disclosure

We may share your data only in the following circumstances:

• With service providers (payment processors, shipping partners) — only as needed, under strict confidentiality.
• With law enforcement or legal authorities, if required by law.
• In the case of a merger, acquisition, or sale — we will notify you and provide an opt-out if required.
• Aggregated & anonymised data may be used for analytics or reporting.

We will never sell, rent, or trade your personal information for advertising or marketing.

Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Session management (keeping you logged in).
• Site functionality (shopping cart, user preferences).
• Analytics (understanding site usage).

You can disable cookies through your browser settings, though this may affect login, cart, and preference features.

Data Storage & Security

• Data is stored securely using industry-standard encryption and hashing (especially for passwords).
• Access to your personal data is restricted to authorised personnel only.
• We use secure transport (HTTPS) in transit.
• In the event of a breach, we will notify affected users promptly as required by law.
• We do not store sensitive data (e.g. full card numbers) unless via secure third-party processors.

Data Retention & Deletion

We keep your account and order data as long as you maintain your account.

If you request account deletion, we will permanently delete your personal data (except aggregated anonymised analytics data).

You can also request partial deletion — contact us using the details in Section 13.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access personal data we hold about you.
• Correct or update inaccurate or incomplete data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing.
• Obtain a portable copy of your data.
• Revoke consent for optional processing or marketing.

If you live in Australia, the UK, EU, California, or another regulated area — contact us to exercise these rights.

Age & Children Policy

Hart is intended for users 13 years old and above.

We do not knowingly collect personal data from children under 13. If we become aware of such data, we will promptly delete it.

International Transfer of Data

Your information may be stored and processed on servers located outside your country (e.g. Vercel infrastructure, databases in the US or Asia).

By using the Site, you consent to cross-border data transfer. We maintain adequate safeguards to protect your data.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page.

We recommend reviewing this page periodically. Continued use of Hart after changes constitutes acceptance of the updated policy.