Privacy Policy

Last Updated: 04-24-2025

Introduction

Welcome to Exceptional Engravings. We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect from you, how we use and share it, and your rights regarding your data. By using our website (the “Site”) and services, you agree to the practices described in this policy. If you have any questions or concerns, please contact us at hello@exceptionalengravings.com.

Information We Collect

We collect several types of information from and about our customers to provide and improve our services:

Personal Identifiers: This includes your name, email address, phone number, and billing/shipping address that you provide when placing an order or creating an account.
Payment Information: When you make a purchase, we (through our payment processors) collect payment details such as credit/debit card information. Note: Exceptional Engravings itself does not store your full payment card numbers; this information is handled securely by our third-party payment processors (like Stripe and WooPayments).
Design Uploads and Content: If you upload designs or images (for example, through our product customization tool Fancy Product Designer), we collect the files and related data. This may include any personal information contained in the design or metadata.
Account Credentials: If you create an account, we collect the username, password (stored in hashed/encrypted form), and any profile information you provide. If you choose to log in via social media (using Nextend Social Login for Facebook, Google, or other providers), we receive information from your social profile such as your name and email.
Communications: If you contact us via contact forms (powered by WPForms) or email, we collect your name, contact information, and the content of your message. We also keep records of your correspondence to address your inquiries or support needs.
Usage Data: Like most websites, we automatically collect certain information about your device and how you interact with our Site. This includes your IP address, browser type, device identifiers, pages visited, and time spent on our Site. We collect this through cookies and similar tracking technologies (explained below) to help us analyze usage and improve our website’s performance and user experience.

How We Collect Your Data

We collect personal information from you in several ways:

Directly from You: When you place an order, create an account, sign up for our newsletter, fill out a form, upload a design, or communicate with us, you provide personal data directly. For example, during checkout we ask for your name, address, email, and payment details to process the transaction. If you subscribe to our email list or promotions, you provide your email (and consent) for marketing.
Through Our Website and Plugins: Our Site uses various plugins and tools that enable functionality and collect data. For instance:
- The Fancy Product Designer plugin allows you to customize products and upload images; it collects the design data you create or upload.
- Nextend Social Login enables you to log in using social media accounts; when you do, it collects information from the social provider (like your profile name and email) to create or log in to your account on our Site.
- WooCommerce (our e-commerce platform) and related plugins collect information during the shopping process (items in your cart, order history, etc.).
Cookies and Tracking Technologies: When you visit our Site, we use cookies, pixels, and similar technologies to automatically collect usage data and to remember your preferences. For example, we use cookies to keep you logged in, to remember the items in your cart, and to analyze site traffic. See Cookies and Tracking below for more details.
From Third Parties: We may receive information about you from third-party sources that help us operate our business. For example, if you log in via Google or Facebook, those services send us your registered name and email. If we run ads and you arrive at our Site from an ad on another platform, that platform (e.g., Facebook, Google, TikTok) may send us data for ad performance tracking. We treat any information from third parties in accordance with this Policy.

Cookies and Tracking Technologies

Exceptional Engravings uses cookies and similar tracking technologies to provide core site functionality, improve your experience, and support our marketing efforts. A cookie is a small text file stored on your device by a website, which helps the site remember information about your visit. We use the following types of cookies on our Site:

Essential Cookies: These are necessary for the website to function properly. For example, WooCommerce uses cookies to remember the items you add to your cart and to manage the checkout process (such as maintaining your cart contents and session ID). Without these, you wouldn’t be able to use basic e-commerce features.
Functional Cookies: Some cookies enhance your experience, such as keeping you logged in or remembering preferences. For instance, if you use our design tool, it may use local storage or cookies (like a Fancy Product Designer cookie) to save your progress or saved designs on your device. Our YITH Wishlist feature may use a cookie to remember your wishlist items if you are not logged in.
Analytics Cookies: We plan to use tools like Google Analytics to gather information about how visitors use our Site. Analytics cookies collect data about pages visited, time on site, and other usage metrics. This helps us understand traffic patterns and improve our content and products. Google Analytics sets cookies such as “_ga” or similar to identify unique visitors.
Advertising & Tracking Cookies: We use advertising pixels and integrations that set tracking cookies to help us with marketing. For example, we intend to use the Facebook/Meta Pixel (via the Kliken Ads + Pixel for Meta plugin) and the TikTok Pixel to measure the effectiveness of our ads and to show you relevant products on those platforms. These pixels may place cookies (e.g., Facebook’s cookie _fbp or TikTok’s equivalent) that track your activity on our Site and connect it with your profile on those networks. This helps us with “re-targeting” – showing you ads on Facebook/Instagram or TikTok based on your interaction with our Site.
Email Marketing Cookies: If you interact with our marketing emails or newsletters (handled through Klaviyo), cookies or similar technologies may be used to track if you open our emails or click links. Additionally, Klaviyo may place a cookie (__kla_id or similar) on our Site to recognize visitors who click through an email, so we can better personalize communications and understand the effectiveness of our campaigns.

Cookie Consent: By using our Site, you consent to the use of cookies and tracking technologies as described. You can control or delete cookies through your browser settings. Most browsers allow you to block cookies or alert you when cookies are being sent. However, please note that disabling certain cookies may affect the functionality of our website (for example, the shopping cart might not remember items). We provide a cookie notice on our Site (especially for visitors in regions like California or the EU) to inform you about our cookie use, and where required, to obtain consent or allow you to manage cookie preferences.

How We Use Your Information

We use the collected information for various legitimate purposes related to our business and your customer experience, including:

To Process Orders and Provide Services: We use your personal information to fulfill your orders and requests. This includes processing payments, engraving or manufacturing your customized products (using the designs you upload or specify), and shipping your order to your address. We also send you order confirmations, receipts, shipping updates, and any necessary service-related communications.
To Communicate with You: We may use your contact information (email or phone) to communicate about your orders, respond to inquiries or support requests, and send important notices (such as updates to our terms or privacy policy, or notifications about product availability).
For Marketing and Promotions: If you have subscribed to our newsletter or provided consent, we will use your email to send you marketing communications, such as promotional offers, new product announcements, or newsletters. We also use data (like your browsing or purchase history) to personalize these communications and send relevant offers (for example, recommending products you might like). Note: You can opt out of marketing emails at any time (see Email Marketing below).
To Improve Our Website and Services: We analyze how users interact with our Site (via cookies and analytics) to improve our website layout, product offerings, and overall user experience. For example, usage data helps us identify broken pages, understand which products are popular, and refine our user interface.
For Advertising: Data collected through pixels and cookies may be used to create targeted advertising campaigns on third-party platforms. For instance, if you browsed our catalog but didn’t make a purchase, we might show you an ad on Facebook or TikTok featuring the product you viewed. This uses tracking data but does not reveal your identity to those ad platforms beyond what you’ve already provided to them (e.g., your Facebook user ID).
To Prevent Fraud and Enhance Security: We use information (like IP addresses and device info, and login attempt logs) to protect our Site and you. This includes detecting and preventing fraudulent transactions or unauthorized access. Our security plugins (like Loginizer) monitor login attempts and may temporarily log data such as IP addresses and usernames that attempt to breach security, in order to block malicious activity.
To Comply with Legal Obligations: We may use and retain your information as necessary to comply with laws and regulations – for example, maintaining records for tax purposes, honoring your data privacy rights, or responding to lawful requests by authorities.

Email Marketing and Your Choices

If you sign up for our mailing list, request information from us, or make a purchase, we may occasionally send you email communications about our products, services, and promotions. Here’s how we handle marketing communications:

Email Service Provider: We use Klaviyo as our email marketing platform to send newsletters, special offers, and abandoned cart reminders. By providing your email and opting in, you acknowledge that your email address and certain usage data (like email open rate or click-throughs) will be stored with our email service provider (Klaviyo) on our behalf. We may also use Klaviyo (or similar tools) to send automated cart recovery emails if you added items to your cart but did not complete checkout, or follow-up emails after a purchase for feedback.
Opt-In and Consent: We will only send you promotional emails if you have an existing relationship with us or have consented (for example, by ticking a box to subscribe during checkout or entering your email in a signup form).
How to Unsubscribe: If you no longer wish to receive marketing emails, you can opt out at any time. Every marketing email from us includes an “Unsubscribe” link at the bottom; clicking that will stop further promotional emails to your address. You can also contact us at hello@exceptionalengravings.com and request to be removed from our mailing list. We will promptly honor all opt-out requests.
Transactional Emails: Please note that even if you opt out of marketing messages, we will still send you transactional emails as needed for purchases or account activity (for example, order confirmations, shipping notices, password resets, or customer support responses). These are not promotional in nature.

Payment Processing

We take the security of your payment information seriously. Exceptional Engravings does not process or store your sensitive payment details (such as full credit card numbers) on our own servers. Instead, we rely on reputable third-party payment processors to handle transactions securely:

Stripe / WooPayments: Payments on our Site are handled via Stripe through WooCommerce Payments (WooPayments). When you enter your card information at checkout, that data is transmitted directly to Stripe/WooPayments. They specialize in payment processing and are PCI-DSS compliant (the industry standard for card data security). This means your card information is encrypted and processed securely. We do not see or store your full card number or CVV on our site. We may retain basic payment details like the card type and last four digits (for order record purposes and refunds), but full payment data remains with the processor.
Other Payment Methods: (If applicable) At this time, we primarily use Stripe via WooPayments. We do not use alternate gateways like PayPal or Klarna on our Site. If we introduce new payment options in the future, we will update this policy accordingly and ensure they are similarly secure.
Payment Confirmation: Our payment processors may share with us limited information necessary for us to confirm and complete your order – for example, a transaction ID, payment status, and your billing information. We use this information to process your purchase and for record-keeping.
Processor Privacy Policies: Our payment processors have their own privacy policies and security measures. We encourage you to review Stripe’s Privacy Policy if you want more information on how they handle your data. By making a purchase, you consent to the transfer of necessary payment information to these processors for the purpose of completing the transaction.

How We Share Your Information

We understand the importance of your personal information and share it only as needed to run our business and provide services to you. We do not sell your personal information to third parties. The situations in which we share data are:

With Service Providers (Processors): We use trusted third-party companies to perform certain business functions on our behalf, and your information may be shared with them strictly for those purposes. These providers include:
- Shipping and Delivery Partners: To deliver your orders, we share your shipping address, contact name, and in some cases phone or email (for delivery updates) with shipping carriers or fulfillment partners (e.g., USPS, UPS, FedEx, or any logistics provider we use). They require this information to ship your product to you.
- Order Management and Tax Calculation: We use WooCommerce Shipping & Tax (a service by Automattic/WooCommerce) to automatically calculate sales tax and assist with shipping label printing. This means your shipping address and purchase details may be sent to that service or its integrated third-party (for tax calculation, it may use services like TaxJar) to return accurate tax rates and facilitate postage. These providers are only allowed to use your data for these calculation and shipping purposes.
- Email Marketing & CRM: As noted, our email newsletter and marketing communications are handled through Klaviyo. If you subscribe or are on our mailing list, your name and email (and communication preferences) are stored with Klaviyo so we can send you emails. We may also use an SMTP service (configured via WP Mail SMTP plugin) to send transactional emails (order confirmations, etc.), which means those emails pass through a third-party email server (for example, an email service like Gmail, SendGrid, or our web host’s mail server). The contents of the email (which include your email address and possibly your name and order details) are handled by that email service solely to send the message.
- Analytics and Advertising Partners: We use third-party analytics and advertising services to understand usage and promote our products. This includes services like Google Analytics (for site statistics), Facebook/Meta and Instagram (for ads and analytics via the Meta Pixel), and TikTok (for ads via the TikTok Pixel). Data such as your IP address, browsing behavior on our site, and purchase conversion info may be collected by these partners through cookies or pixels on our Site. This allows us to measure ad effectiveness and reach you with relevant advertising on their platforms. These partners may combine this data with information you have provided them (e.g., your social media profile) to tailor ads to you. Important: These analytics and ad partners are not given access to your personal contact information from our databases (such as your name or email) unless you independently provided that to them through their platforms. They primarily receive online identifiers and event information (e.g., “a browser at IP X visited page Y”).
- Payment Processors: As detailed above, we share information with Stripe/WooPayments to process payments. This includes the payment details you provide and information needed for fraud prevention and transaction processing. Stripe acts as a service provider, and they may also use data for their compliance and regulatory requirements.
- Site Functionality Plugins: We utilize certain plugins to enhance site features. For example, Nextend Social Login will interact with social networks to authenticate users who choose social login – in that process, it shares and receives data (like authentication tokens, user name/email) with the respective social network. Fancy Product Designer processes design data you create; if you save a design for later or have an account, the design may be stored on our server and associated with your account or order. These plugins access data necessary to perform their tasks and may temporarily store data (e.g., a design in your browser’s storage or a login token from Google) but they do not use it for any purpose outside of providing the service on our Site.
- Website Hosting and Backup Services: Our website is hosted on servers that inevitably process all data on the site (including any personal information in our databases). We also perform regular backups (using tools like Backuply or server-level backups) to protect against data loss. These backups, which contain customer data, are stored securely (and encrypted when possible) either on our hosting provider’s systems or a secure backup location. They are only accessed for site restoration or security audits.
- Security Services: We employ security measures and plugins (e.g., Loginizer for brute-force protection, and potentially cloud security services) that may process data like IP addresses, device info, and behavior patterns to help us block malicious traffic or spam. For instance, if someone attempts to log in to our Site repetitively with incorrect passwords, Loginizer will record the IP and may share it with a security database or simply block it locally. Such data is used strictly for security monitoring and threat prevention.
With Affiliates or Business Transfers: Currently, Exceptional Engravings is a standalone business. If in the future we form any affiliates, or in the event of a merger, acquisition, or sale of business assets, your information may be transferred to the new ownership or partners. If such a change occurs, we will ensure the new owner honors the commitments made in this Privacy Policy, and we will notify you (e.g., via email or notice on our Site) of any such transfer and any choices you may have.
For Legal Reasons: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government inquiry). We may also share information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Importantly, any third parties with whom we share data for the above reasons are contractually or legally obligated to keep your information confidential and to use it only for the specific services they provide to us (except in case of legal disclosures). We do not permit these service providers to sell, rent, or use your data for their own unrelated purposes.

No Selling of Personal Data

We want to reassure you that Exceptional Engravings does not sell or rent your personal information to third parties for their marketing or any other purposes. We do not share your information with unrelated parties in exchange for money or other valuable consideration. All data sharing we do is strictly for business purposes as explained above (such as working with service providers who help us serve you). If this ever changes, we would update this policy and provide any required notice or opt-out mechanisms. But as of now and since our inception, we do not sell personal data.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Order and Account Information: If you make a purchase, we retain your order information (including personal details and purchase history) in our system for record-keeping and to facilitate any future inquiries or returns. This is also required to comply with financial and tax laws. Typically, we might retain sales records for at least several years (often 7 years in many jurisdictions) to comply with tax and accounting regulations. If you have an account with us, we will keep your account information while your account remains active. You may contact us to delete your account (see Your Rights below), in which case we will remove or anonymize personal data associated with your account, except for information we are required to keep for legal reasons.
Marketing Data: If you have subscribed to our newsletter or marketing emails, we will keep your contact information on our mailing list until you unsubscribe or ask us to remove it. Upon unsubscribing, we may keep a record of your email address on a suppression list to ensure we respect your wish not to be contacted.
Design Uploads and Files: If you upload a design for a custom engraving, we may retain that file as part of your order record. This is helpful for future reorders or references. However, if you wish these files to be deleted after order completion, you can request that from us and we will accommodate where possible (unless we need to retain them for legal defense of custom work or similar obligations).
Analytics Data: Analytics and cookie data is typically retained as long as necessary for analysis. Google Analytics (when used) can retain aggregated site usage data for a set period (e.g., 14 months or as configured), after which it may be deleted automatically. We do not directly identify individuals through analytics data, and such data may be stored in aggregate form.
Backup Data: Our backups may retain snapshots of your data for safety. These are typically rotated and kept for a limited duration (for example, backups might be kept for 30-60 days before being overwritten, or as our backup policy dictates). We ensure that backups are stored securely. When backups expire, they are deleted or overwritten.
Legal Retention: In some cases, we may retain certain information for longer if required by law. For instance, if a dispute arises or we receive a legal request, we would preserve data as necessary to resolve the issue or comply with the request. Also, information required for tax, fraud prevention, or other compliance purposes might be held beyond the standard retention period until it is no longer needed.

When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely dispose of it. This may involve deleting it from our databases, and/or anonymizing it so it can no longer be associated with you.

Data Security

We are committed to protecting your personal information and have implemented a variety of security measures to safeguard it:

Website Security: Our Site is secured via HTTPS encryption. This means that information you enter (such as personal details or payment data) is encrypted in transit between your device and our website. Always look for the padlock symbol in your browser address bar when submitting information on our Site.
Secure Payments: As noted, we use PCI-compliant payment processors (Stripe/WooPayments) to handle payment data securely. They employ encryption and tokenization to protect your card information. We never handle raw credit card data on our servers.
Account Protection: If you create an account, your password is stored in an encrypted form (we cannot see it). We recommend you choose a strong, unique password and keep it confidential. Our systems and plugins like Loginizer help protect against unauthorized logins by limiting login attempts and blocking suspicious IP addresses. For example, if multiple failed login attempts occur, Loginizer may log the IP and temporarily lock out access from that IP to prevent a breach.
Malware and Vulnerability Protection: We keep our software (WordPress, WooCommerce, and all plugins) updated to patch security vulnerabilities. We also utilize security plugins and hosting-level protections (firewalls, malware scanning) to prevent attacks. Jetpack (a tool by Automattic we use for site enhancements) also provides some security features and monitoring to help keep the site safe.
Data Storage and Access Control: Personal information collected is stored in our website’s secure database, accessible only to authorized personnel who need it to perform their job (for example, to process an order or provide support). Our team members are trained on the importance of privacy and security.
Backups: We perform regular backups of our site data (including customer information) to prevent data loss. These backups are encrypted when stored off-site. In the event of a technical issue or cyber-incident, we can restore data from these backups to ensure continuity of our services. Access to backup files is restricted to authorized administrators.
Third-Party Security: We carefully choose third-party partners (payments, plugins, etc.) that are reputable and have strong security practices. For example, our email and analytics providers employ encryption and security measures on their platforms. However, no system can be 100% secure, so we also prepare for the unexpected.
Monitoring: We monitor our Site for potential vulnerabilities and attacks. If any breach or security incident were to occur involving your personal data, we will follow all applicable laws regarding notification to affected users and take immediate steps to remediate.

While we strive to protect your information, it’s important to note that no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we do our best to protect your data. You also play a role in security: please keep your account credentials safe and notify us immediately at hello@exceptionalengravings.com if you suspect any unauthorized use of your account or any security vulnerabilities on our Site.

Your Privacy Rights

You have certain rights regarding your personal information. We are committed to honoring your rights and ensuring you have control over your data. These rights may vary depending on your location (for example, California residents and individuals in the European Union have specific statutory rights explained in the next sections), but we extend many of these core principles to all our customers. Your rights include:

Access and Transparency: You have the right to request a copy of the personal information we hold about you and information about how we use it. This includes the categories of data, the purposes for collecting it, the categories of third parties with whom we share it, and the source of the information (if not directly from you).
Correction: If any of your information is inaccurate or outdated, you have the right to request that we correct or update it. You can also log in to your account (if you have one) and update certain information directly, such as your contact details or shipping addresses.
Deletion: You have the right to request deletion of your personal data (“Right to be forgotten”). For example, if you want us to delete your customer account or remove information we have about you, you can contact us to do so. We will honor deletion requests to the extent we are not required to retain the data for legal reasons (see Data Retention above). If we must keep some information (e.g., for a completed transaction or a legal obligation), we will inform you. Otherwise, we will erase the data and confirm once completed.
Opt-Out of Marketing: As noted, you can opt out of marketing emails at any time by unsubscribing or contacting us. You also have the right to opt out of any processing of your data that is for direct marketing purposes. We do not engage in telephone or SMS marketing, but if we ever do, similar opt-out rights would apply.
Consent Withdrawal: Where we rely on your consent to process data (for example, for sending promotional emails or for certain types of cookies in jurisdictions that require consent), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we did based on your consent before withdrawal. For instance, if you consented to cookies, you can later clear cookies or use our cookie management tool (if available) to withdraw consent for non-essential cookies.
Non-Discrimination: We will not discriminate against you for exercising any of these privacy rights. That means if you request deletion or opt out of marketing, we will not deny you services, charge you different prices, or provide a different level of service, except as permitted by law (for example, if deletion of certain data makes it impossible for us to continue providing you a service, we will inform you of that outcome).

To exercise any of your rights, please contact us at hello@exceptionalengravings.com with your request. We may need to verify your identity before fulfilling certain requests (for example, to ensure that the person asking for data deletion is actually the account owner, we might ask you to confirm some identifying information). We will respond to your request within a reasonable timeframe. For California and EU residents, specific deadlines apply (usually within 30 to 45 days), and we will adhere to those.

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you are protected by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These laws grant California residents specific rights regarding their personal information, some of which are reflected in the general rights above. In compliance with CCPA/CPRA, we further provide the following details:

Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of personal information (as defined by CCPA) from consumers:

Identifiers such as name, email address, phone number, billing/shipping address, IP address, and unique online identifiers (cookies).
Customer records information, including payment information (billing details, transaction history) – note that full credit card numbers are processed by our payment provider, as described above.
Commercial information such as records of products purchased, obtained, or considered, and purchasing histories or tendencies.
Internet or other electronic network activity information, including browsing history, search history, and interactions with our Site, advertisements, or emails (through analytics and cookies, we gather information on how you interact with our online services).
Geolocation data, in the form of your shipping or billing address (which indicates general location like city/state), or IP-based location information.
Audio, electronic, visual, or similar information: Generally not collected, except if you voluntarily sent us such content (for example, if you provided a photograph in a design or left a voicemail). We do collect design image uploads as part of our service to you, but we do not collect things like call recordings or surveillance video.
Inferences drawn from the above information: We may analyze your preferences or interests (e.g., inferring what products you might like from past orders or site engagement) to personalize product suggestions or marketing to you.

Business or Commercial Purpose for Collection: We collect and use these categories of personal information for the business purposes outlined in the “How We Use Your Information” section of this policy. In summary, the purposes include fulfilling orders, providing services, processing payments, marketing and analytics, personalizing user experience, security and fraud prevention, and legal compliance.

Categories of Sources: We collect personal information directly from you (e.g., when you provide it during checkout or account registration), automatically through your interactions with our Site (e.g., via cookies/pixels capturing browsing data), and from service providers or partners (e.g., social login providers, analytics tools).

Categories of Third Parties Shared With: As described in “How We Share Your Information,” we share personal information with service providers such as payment processors, shipping companies, email and analytics providers, etc. We do not share your information with third parties for them to independently market to you.

Selling or Sharing of Personal Information: We do not sell personal information of our customers, including those under 16 years of age. We also do not “share” personal information for cross-context behavioral advertising as defined in CPRA. All data transfers we engage in are for the purposes of providing our services (service providers acting on our behalf) or for our own marketing (such as using Facebook or TikTok pixels to show ads) but we do not disclose your data to third parties for their own separate use. If you believe that our use of advertising cookies constitutes “sharing” under California law, please know that you have the right to opt out of such sharing. You can do so by disabling advertising cookies through our cookie banner or browser settings, or by contacting us to express your preferences. We honor browser-based Global Privacy Control (GPC) signals as an opt-out of sale/sharing for California residents if detected.

California Rights: California residents have the right to request that we disclose what personal information we collect, use, disclose, and sell. You also have the right to request deletion of your personal information (with some exceptions as permitted by law) and the right to opt out of the sale or sharing of your personal information. Additionally, California law provides the right to correct inaccurate personal information and the right to limit use of sensitive personal information (although we do not collect sensitive data like Social Security numbers or financial account logins beyond processing payments). You also have the right not to receive discriminatory treatment for exercising your CCPA rights.

To submit a verifiable consumer request under CCPA, you may contact us at hello@exceptionalengravings.com. We may need to verify your identity via email or other means before fulfilling your request (for example, by asking you to confirm recent purchase info or other details only you would know). We will respond to your request within 45 days as required by CCPA (or notify you if we need an extension).

For reference, you can also designate an authorized agent to make a request on your behalf. If you do so, we will require the agent to provide proof of permission and may still ask you to verify your identity directly.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you are entitled to additional rights under the General Data Protection Regulation (GDPR) or equivalent laws. We aim to provide the same level of transparency and control to all our users, but if you are an EU/EEA/UK resident, the following specifics apply:

Legal Bases for Processing: We process your personal data under several legal grounds as allowed by GDPR:
- Contractual Necessity: We process personal data to fulfill our contract with you – for example, when you place an order, we process your name, address, payment info, etc., to deliver the product you purchased.
- Consent: For marketing emails, and for certain non-essential cookies or similar technologies, we rely on your consent. You are free to withdraw that consent at any time (e.g., by unsubscribing or rejecting cookies as described).
- Legitimate Interests: We may process data for our legitimate business interests, such as improving our services, securing our Site, preventing fraud, and performing analytics. When we do so, we ensure that our interests are not overridden by your privacy rights and interests. For example, using an email address of a customer to send a one-time feedback request may be considered a legitimate interest, but you always have the option to opt out.
- Legal Obligation: In some cases, we must process and retain data to comply with laws (for instance, retaining transaction records for tax audits).
Data Subject Rights: Under GDPR, you have the following rights (some of which mirror the rights already discussed):
- Right of Access: To receive confirmation if we process your personal data and access to the personal data we have about you.
- Right of Rectification: To request correction of inaccurate personal data.
- Right to Erasure: To request deletion of your personal data when it’s no longer needed for the purposes for which it was collected, or when you withdraw consent or object (and we have no overriding grounds to continue processing), or if the data was processed unlawfully, etc.
- Right to Restrict Processing: To request that we limit processing of your data in certain circumstances (for example, while a complaint about data accuracy or processing is being resolved).
- Right to Data Portability: To request a copy of your personal data in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible (applicable to data processed by us based on your consent or for a contract with you).
- Right to Object: To object to our processing of your data in certain situations. You have an absolute right to object to direct marketing (which we will always honor). You can also object if processing is based on legitimate interests; in that case we will evaluate your request and will stop processing unless we have a compelling legitimate ground that overrides your rights or if needed for legal claims.
- Right not to be subject to automated decision-making: We do not use your data for any automated decision-making or profiling that produces legal or similarly significant effects.
International Transfers: Exceptional Engravings is based in the United States, so if you are in the EU/UK, your personal data will be transferred to the U.S. when you interact with our Site or make a purchase. The U.S. may not have the same level of data protection as your home country. We take steps to ensure appropriate safeguards when we receive and process European personal data, such as relying on your consent to transfer data to us, or processing data in a manner consistent with GDPR principles. By using our services and providing information, you consent to the transfer of your personal data to the United States. We will protect your data as described in this Privacy Policy regardless of where it is processed.
Complaints: If you have concerns about our data handling, we encourage you to contact us so we can address them. Additionally, if you are in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority. For example, in the UK this would be the Information Commissioner’s Office (ICO). We would appreciate the chance to address your concerns first, so please consider reaching out to us at hello@exceptionalengravings.com.

Children’s Privacy (Age Restrictions)

Our website and services are intended for adults 18 years of age or older. Exceptional Engravings does not knowingly collect personal information from children under 18. If you are under 18, please do not provide any personal information on this Site or use our services without parental consent. We do not sell products for purchase by children; any products for children we sell are meant to be bought by adults.

If we discover that we have inadvertently collected personal information from a minor under 18 (for example, if a child misrepresents their age to create an account or place an order), we will take immediate steps to delete that information. Parents or guardians: If you believe your child under 18 has provided personal information to us, please contact us at hello@exceptionalengravings.com. We will promptly remove the information and terminate the child’s account if one exists.

For minors aged 13 to 17 who are using the Site with parental permission, we advise that parents supervise their activity. However, our policy is to restrict our services to adults, and we may ask you to verify your age during the purchase process. In any event, individuals under 18 are not allowed to create an account on our Site. If an underage user is found, we reserve the right to cancel any orders and delete their account. Parents can also contact us to request deletion of accounts or data for minors.

Customer Accounts

Account Creation: We offer the option for customers to create an account on our Site to track orders and streamline future purchases. Creating an account is optional; you may also check out as a guest if you prefer. When you create an account, we collect personal information such as your name, email address, and a password that you set. You may also add additional info in your account profile (like default shipping addresses, phone number, etc. for convenience). This information is used to populate your details at checkout and to display your order history.

Account Usage: With an account, you can log in to view your past orders, save multiple shipping addresses, and manage your preferences. We also tie your uploaded designs or customization history to your account if you are logged in while creating designs, so you can retrieve them later. If you use social login (via Google, Facebook, etc.), our system creates an account for you using the email associated with that social login. Your social login credentials are not stored by us; we only store the information needed for your account on our Site (like your name and email).

Security of Accounts: It is your responsibility to keep your login credentials confidential. Do not share your password with others. If you suspect that your account has been compromised, please change your password immediately and contact us for assistance. We employ security measures (like Loginizer for brute force protection) to safeguard accounts, but your proactive steps are crucial.

Closing Your Account: If at any time you wish to delete your customer account, you can contact us at hello@exceptionalengravings.com with your request. We will delete or anonymize personal information associated with your account (unless we need to retain certain data for legal or transactional record purposes, as noted in Data Retention). Once your account is deleted, you will need to create a new account for any future purchases, as the old credentials will no longer work.

Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, services, legal obligations, or for other operational, legal, or regulatory reasons. When we make changes, we will post the updated policy on this page and update the “Last Updated” date at the top. For significant changes, we may also provide a more prominent notice (such as an email notification or a banner on our website) to inform you.

Please review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of our Site after any modifications to the Privacy Policy constitutes your acknowledgment of the changes and your agreement to abide by the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us:

Exceptional Engravings
Email: hello@exceptionalengravings.com

Mailing Address: 115 Jewel Dr. Altamonte Springs, FL, 32714

We will be happy to answer your questions and address any issues. Your privacy is important to us, and we are committed to resolving any concerns you may have. Thank you for trusting Exceptional Engravings with your custom engraving needs and for reviewing our Privacy Policy.