Cotopia Shop — Privacy Policy

This Privacy Policy explains how Cotopia (“we”, “us”, “our”) collects, uses, shares and protects personal information when you visit or purchase from Cotopia Shop (the “Shop”).

Last updated: 2025-10-12
Operator: Cotopia

1. Overview

This policy applies to personal information collected through the Shop, email correspondence, and any customer accounts you create. It does not apply to information collected offline or through third-party services that operate independently of Cotopia.

2. Personal Data We Collect

We collect information necessary to provide digital products and services, process payments, and communicate with you. Types of data:

  • Contact & Account Data: name, email address, billing/shipping address (if provided), username, password (hashed) and account metadata.
  • Payment & Transaction Data: transaction identifiers, payment method metadata (e.g., PayPal payer email or transaction ID), on-chain transaction hashes for crypto payments, and billing details required to process payments. We do not store full payment card data.
  • Product & Order Data: products purchased, license selections, purchase timestamps, delivery status, and fulfillment records.
  • Technical & Usage Data: IP address, device/browser information, operating system, referrer, pages visited, session timestamps, and analytics data.
  • Support & Correspondence: messages you send to support, dispute details, and any attachments you provide.

3. How We Use Your Information

We use personal data for:

  • Processing and fulfilling orders, delivering digital products, and sending receipts or download links.
  • Payment processing, fraud prevention, dispute resolution, and refunds.
  • Communicating about orders, product updates, support requests, and marketing (where you have consented).
  • Improving the Shop, analytics, debugging, and security monitoring.
  • Complying with legal obligations and enforcing our Terms & Conditions.

5. Sharing & Disclosures

We may share personal data with:

  • Payment processors: PayPal and other payment providers to process transactions and refunds.
  • Service providers: hosting, email delivery (e.g., transactional emails), analytics, and customer support tools.
  • Law enforcement & legal requests: where required by law or to protect rights, property or safety.
  • Acquirers or successors: in connection with a merger, acquisition, or asset sale you will be notified of any transfer.

We require service providers to maintain confidentiality and only use data for permitted purposes.

6. Payments & Financial Data

Payment processing is handled by third parties. Details:

  • PayPal: If you pay with PayPal, transaction processing and payer details are handled by PayPal and are subject to PayPal’s privacy policy. We receive payer email, transaction IDs, and status information necessary to fulfill orders.
  • Cryptocurrency: For crypto payments, on-chain transaction hashes and wallet addresses may be recorded for verification. Crypto transactions are pseudonymous and recorded on public blockchains; Cotopia cannot reverse on-chain transactions once confirmed.
  • Card Data: We do not store full payment card numbers. Card payments processed through payment gateways are tokenized or handled entirely by the provider.

7. Cookies & Tracking

We and our partners use cookies and similar technologies for functionality and analytics. Categories:

  • Essential cookies: required for site operation, login, and checkout.
  • Performance & analytics: aggregate usage data to improve the Shop (e.g., Google Analytics or comparable services).
  • Marketing: optional cookies used for ads or measurement by third parties (only with your consent where required).

You can manage cookie preferences in your browser and, where provided, via any consent management tool on the Shop.

8. Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration or disclosure. Measures include access controls, TLS/HTTPS, regular updates and limited access by personnel.

However, no system is completely secure. We cannot guarantee absolute security and are not liable for breaches beyond our reasonable control. We will notify affected individuals and authorities as required by law in the event of a qualifying data breach.

9. Data Retention

We retain personal data as long as necessary to provide services, comply with legal obligations (e.g., tax recordkeeping), resolve disputes, enforce agreements, and for legitimate business purposes. Typical retention periods:

  • Order and transaction records: minimum statutory tax/accounting period (varies by jurisdiction).
  • Account until account deletion plus a reasonable period for backup/archival.
  • Support correspondence: as necessary to resolve issues, typically a few years.

10. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access: request a copy of personal data we hold about you.
  • Rectification: correct inaccurate or incomplete data.
  • Deletion: request deletion of personal data (subject to legal exceptions such as tax recordkeeping).
  • Restriction or objection: limit or object to certain processing (e.g., marketing).
  • Data portability: request transfer of certain data in a machine-readable format.
  • Withdraw consent: where processing is based on consent, you may withdraw it (does not affect processing prior to withdrawal).

To exercise rights, contact us at the contact details below. We will respond as required by applicable law and may request verification to prevent unauthorized access.

11. Third-Party Links & Services

The Shop may contain links to third-party sites and integrate third-party services. We are not responsible for third-party privacy practices. Review their privacy policies before providing personal information.

12. GDPR & CCPA Notices

EU/EEA (GDPR): If you are an EU/EEA resident, you may have rights under the GDPR as described above. Our data controller details and any EU representative (if applicable) will be provided on request.

California (CCPA): If you are a California resident, you may have additional rights including the right to know categories of personal information collected, request deletion, and opt-out of sale of personal information. Cotopia does not knowingly sell personal information for monetary consideration. To exercise CCPA rights, contact us at the address below.

13. Children

The Shop is not directed to children under 13 (or a higher age where required). We do not knowingly collect personal information from children without parental consent. If you believe we have collected such data, contact us to request deletion.

14. Changes to This Policy

We may update this Privacy Policy occasionally. Material changes will be posted with an updated “Last updated” date and, where required, notified to you. Continued use after changes signifies acceptance.

15. Contact & Data Requests

For privacy inquiries, data requests, or to exercise your rights, contact:

Email: support@cotopia.org

Address: Cotopia, Wyoming

We may require identity verification before fulfilling certain requests to protect your privacy and security.

16. International Transfers

Data may be transferred to, stored, and processed in countries other than your residence, including the United States. We will take steps required by applicable law to protect your data when transferring it internationally (e.g., standard contractual clauses where appropriate).

18. Additional Information

If you use third-party integrations like analytics, advertising, payment providers, or social logins, their data practices are governed by their own policies. Cotopia’s policy covers our collection and use.

19. Acknowledgement

By using the Shop you acknowledge you have read and understand this Privacy Policy.