HerbsGold

Privacy Policy

Last updated: May 2026

1. Who we are

HerbsGold is the data controller for personal data collected through herbsgold.com. Contact us at privacy@herbsgold.com for any privacy-related requests.

2. What data we collect

  • Account data: name, email address, password (hashed), phone number.
  • Order data: delivery address, billing address, order history, invoice records.
  • Payment data: card brand, last 4 digits, expiry date. Full card numbers are never stored — processed by Stripe (PCI-DSS Level 1).
  • Usage data: IP address, browser type, pages visited, referral source (via analytics cookies, with your consent).
  • Communications: emails you send us, support tickets.

3. How we use your data

  • Processing and fulfilling your orders.
  • Sending transactional emails (order confirmation, shipping updates, invoices).
  • Managing your account and subscriptions.
  • Complying with legal obligations (VAT records, accounting).
  • Marketing communications — only with your explicit consent, which you can withdraw at any time.
  • Improving our website and services (analytics, with consent).

4. Legal basis (GDPR)

We process your data under the following legal bases:

  • Contract: to fulfil orders and manage your account.
  • Legal obligation: VAT records, accounting requirements.
  • Legitimate interests: fraud prevention, security.
  • Consent: marketing emails, analytics cookies.

5. Data sharing

We share your data only where necessary:

  • Stripe — payment processing.
  • Econt / Speedy / BoxNow / Sameday — delivery of your order.
  • Resend — transactional email delivery.
  • Cloudflare — CDN and DNS services.

We do not sell your personal data to third parties.

6. Data retention

Account data is retained for as long as your account is active. Order and invoice data is retained for 10 years to comply with Bulgarian accounting law. If you close your account, personal data is anonymised while transactional records are retained as required by law.

7. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Erase your data ("right to be forgotten") where legally permitted.
  • Restrict or object to processing.
  • Portability — receive your data in a machine-readable format.
  • Withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact us at privacy@herbsgold.com. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies to operate the site (session, cart). With your consent we also use analytics cookies and marketing cookies. You can manage your cookie preferences at any time via the cookie banner.

9. Security

We use HTTPS, encrypted passwords (bcrypt), and access controls to protect your data. Payment data is handled exclusively by Stripe. Despite best efforts, no internet transmission is 100% secure.

10. Changes to this policy

We may update this policy periodically. Significant changes will be communicated by email or a notice on the website.