Privacy Policy
Applies to: https://soundbathspa.com, https://paistegongcentre.com, and related pages, landing pages, and subdomains (the “Sites”).
Sound Bath Spa (“we”, “us”, “our”) respects your privacy. This Policy explains what we collect, how we use it, how we share it, and your choices. We operate from British Columbia, Canada and follow PIPEDA/BC PIPA principles. Where applicable, we also align with GDPR/UK GDPR and CCPA/CPRA style rights.
We do not sell your personal information. We only share it with service providers as needed to operate our business and improve your experience.
1) Information We Collect
From you: name, email, phone, billing/shipping address, passwords, order details, service bookings, form submissions (e.g., catalog downloads, giveaways, event registrations), and marketing preferences (email/SMS opt-ins). If you contact support, we collect what you send us.
Automatically: IP address, device/browser, pages viewed, timestamps, referring/exit pages, and approximate location. We use cookies, tags, pixels, and local storage for core functions (cart, login), analytics, and advertising.
From third parties (as configured): analytics and advertising platforms (e.g., Google, Meta), e-commerce/CRM systems (Shopify, Go High Level), payment processors, shipping/tax apps, automation and hosting tools. Each processes data under its own policy.
2) What We Do With Your Information
- Provide services: process orders/payments, fulfill shipping, manage bookings and downloads, maintain your account.
- Operate and secure the Sites: remember cart, enable login, prevent fraud, diagnose performance issues.
- Customer support: respond to requests, returns, and warranty matters.
- Marketing (with consent where required): send emails/SMS, personalize content/ads, and measure performance.
- Improve products and UX: analytics and research to refine content, inventory, and services.
- Legal/compliance: taxation, bookkeeping, record-keeping, responding to lawful requests.
3) Consent & Your Choices
How we obtain consent: Providing information to complete a transaction, verify a card, place an order, arrange delivery/returns implies consent for that specific purpose. For additional purposes (e.g., marketing), we ask for your express consent or provide an opportunity to decline.
Withdraw consent: Unsubscribe from emails via the link in any message, or reply STOP to SMS. You may also email us at info@soundbathspa.com to withdraw consent for continued collection/use/disclosure where applicable.
4) Legal Bases (where GDPR/UK GDPR applies)
- Contract: to fulfill purchases or provide requested services.
- Consent: email/SMS marketing, certain cookies/ads (you can withdraw at any time).
- Legitimate interests: site security, analytics, service improvement.
- Legal obligation: tax and regulatory compliance.
5) Shopify & Payments
Our store is hosted on Shopify Inc., which provides the e-commerce platform. Your data is stored via Shopify’s data storage and databases on secure servers behind a firewall.
Payments: If you use a direct payment gateway, Shopify stores your card data encrypted in accordance with PCI-DSS. Purchase data is retained only as long as necessary to complete the transaction. All direct gateways adhere to PCI-DSS standards managed by the PCI Security Standards Council (Visa, Mastercard, AmEx, Discover). See Shopify’s Terms of Service and Privacy Policy for details.
6) Third-Party Services & International Transfers
Service providers only collect/use/disclose your information as needed to perform services for us (e.g., payments, shipping, analytics, ads, CRM, automation, hosting). Some providers may be in other jurisdictions; your information may be subject to local laws there. When you leave our Sites or are redirected to a third-party site/app (e.g., payment page, embedded media), their privacy policy governs.
7) Disclosure
We may disclose personal information if required by law or if you violate our Terms of Service. We may also disclose in connection with a business transfer (e.g., merger or acquisition).
8) Security
We use administrative, technical, and physical safeguards designed to protect personal information. If you provide credit card information, it is transmitted via SSL and stored with AES-256 encryption. No method of transmission or storage is 100% secure, but we follow PCI-DSS and generally accepted standards.
9) Cookies & Similar Technologies
We use essential, analytics, and advertising cookies. You can manage cookies via your browser settings and any cookie banner we provide. Disabling certain cookies may affect functionality (e.g., cart, checkout).
Cookie List (Typical Shopify)
This is a representative list. Theme/apps may add others. Durations and names can change.
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _session_id | Essential | Session | Stores session details (referrer, landing page). |
| _shopify_visit | Analytics | 30 minutes | Internal stats tracker. |
| _shopify_uniq | Analytics | Until next day midnight | Counts visits per customer. |
| cart | Essential | 2 weeks | Stores cart contents. |
| _secure_session_id | Essential | Session | Secure session identifier. |
| storefront_digest | Essential | Indefinite | Verifies access if the shop is password-protected. |
10) Email & SMS Marketing
With your permission, we may send emails about Sound Bath Spa, products, events, or updates. You can unsubscribe any time via the email link. For SMS, reply STOP to opt out (carrier rates may apply) or HELP for help.
11) Age of Consent
By using the Sites, you represent that you are at least the age of majority in your province/state of residence, or that you are the age of majority and have given consent for any minor dependents to use the Sites.
12) Data Retention
We retain personal information only as long as necessary for the purposes described (e.g., order records for tax/audit) or as required by law. When no longer needed, we take steps to delete or de-identify it.
13) Your Rights
Depending on your location, you may have rights to access, correct, delete, or port your data; object to or restrict certain processing; withdraw consent; and opt out of certain targeted advertising/“sharing” (as defined in some laws). To exercise rights, contact us using the details below. We may request identity verification.
14) Changes to This Policy
We may update this Policy periodically. Changes take effect upon posting. If we make material changes, we will note the update on this page and, where appropriate, notify you.
15) Contact Information
Controller/Operator: Sound Bath Spa
Email: info@soundbathspa.com