Overview
Sorcerer's Proxy Shop ("we," "us," or "our") operates sorcerersproxyshop.com . This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website or make a purchase. It applies to all visitors, customers, and users of our services.
By using our website, you consent to the practices described in this policy. If you do not agree, please discontinue use of our services.
Order info, contact details, browsing behavior, and account data
To fulfill orders, improve our site, and run our loyalty program
Access, correct, delete, or export your data at any time
1. Data We Collect
We collect personal data in the following categories. We only collect what is necessary for the stated purposes and never sell your personal information to third parties.
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Identity | First name, last name, username | Account creation, order processing | Contract |
| Contact | Email address, shipping address, phone number | Order fulfillment, customer support | Contract |
| Transaction | Order history, items purchased, discount codes used | Order management, fraud prevention | Contract |
| Financial | Last 4 digits of card, billing address (no full card numbers stored) | Payment processing via secure gateway | Contract |
| Technical | IP address, browser type, device type, OS | Security, analytics, error logging | Legitimate interest |
| Usage | Pages visited, clicks, session duration, referral source | Site improvement, analytics | Legitimate interest |
| Loyalty | Spell Points balance, transaction history, review activity | Loyalty program management | Contract / Consent |
| Communications | Support emails, review submissions, contact form messages | Customer support, dispute resolution | Legitimate interest |
Data We Do NOT Collect
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. We do not knowingly collect data from children under 13.
2. How We Use Your Data
We use your personal data only for the purposes listed below. We will never use your data for purposes incompatible with those stated here without obtaining your prior consent.
Order Fulfillment
Processing, packing, and shipping your orders; sending order confirmation and tracking emails.
Customer Support
Responding to inquiries, resolving disputes, and processing returns or refunds.
Account Management
Creating and maintaining your account, including your Spell Points balance and transaction history.
Payment Processing
Securely processing payments through our payment gateway providers. We do not store full card numbers.
Site Improvement
Analyzing usage patterns to improve navigation, product listings, and the overall shopping experience.
Fraud Prevention
Detecting and preventing fraudulent transactions, chargebacks, and abuse of our loyalty program.
Legal Compliance
Meeting our obligations under applicable law, including tax reporting and consumer protection regulations.
Marketing (with consent)
Sending promotional emails about new products, sales, and Spell Points offers โ only if you have opted in. You may unsubscribe at any time.
5. Spell Points & Accounts
Our Spell Points loyalty program requires you to create an account via Manus OAuth. When you participate, we collect and store:
Account Deletion
If you delete your account, all Spell Points data โ including your balance and transaction history โ will be permanently deleted within 30 days. Points cannot be transferred or redeemed after account deletion is initiated.
6. Payment Data
All payment transactions are processed by PCI-DSS compliant third-party payment processors. We never store your full credit card number, CVV, or complete payment card data on our servers.
What we store
What we never store
Our payment processors maintain their own privacy policies. We encourage you to review the privacy policy of your chosen payment provider for details on how they handle your financial data.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Order records | 7 years | Tax and accounting obligations |
| Customer accounts | Until deletion requested | Active account management |
| Spell Points history | Duration of account + 30 days | Loyalty program integrity |
| Support communications | 3 years | Dispute resolution |
| Analytics data | 26 months (Google Analytics default) | Site improvement |
| Server logs | 90 days | Security and error monitoring |
| Marketing preferences | Until unsubscribed or account deleted | Consent management |
8. Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
TLS Encryption
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
Secure Authentication
Account login is handled via OAuth 2.0. We never store plaintext passwords.
Access Controls
Customer data is accessible only to authorized personnel on a need-to-know basis.
Payment Security
Payment processing is handled by PCI-DSS Level 1 certified providers. No card data touches our servers.
Regular Audits
We periodically review our security practices and update them as threats evolve.
Breach Response
In the event of a data breach affecting your rights, we will notify you within 72 hours as required by applicable law.
No System Is 100% Secure
While we take every reasonable precaution, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any vulnerabilities.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all customers regardless of jurisdiction.
Request a copy of the personal data we hold about you, including your order history and Spell Points transactions.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of your personal data ('right to be forgotten'), subject to legal retention requirements.
Request your data in a structured, machine-readable format so you can transfer it to another service.
Request that we limit how we use your data while a dispute or complaint is being resolved.
Object to processing based on legitimate interests, including direct marketing. We will stop immediately upon request.
Withdraw consent for any processing based on consent (e.g., marketing emails) at any time without penalty.
California residents have the right to know, delete, opt-out of sale, and non-discrimination. We do not sell personal data.
How to Exercise Your Rights
To exercise any of the above rights, contact us at [email protected] with the subject line "Privacy Request". We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority (e.g., the FTC in the US, or the ICO in the UK).
10. Children's Privacy
Our website and services are not directed to children under the age of 13 (or 16 in the European Union). We do not knowingly collect personal data from children under these ages.
If You Believe a Child Has Provided Us Data
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will promptly delete any such information from our records.
11. Third-Party Links
Our website may contain links to third-party websites, including social media platforms, review sites, and partner services. These sites operate independently and have their own privacy policies.
We are not responsible for the privacy practices of any third-party sites. We encourage you to review the privacy policy of any website you visit via a link from our site. The inclusion of a link does not imply our endorsement of that site's privacy practices.
12. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Your continued use of our website after any changes constitutes your acceptance of the updated policy. If you do not agree with the updated terms, you should discontinue use of our services.
13. Data Deletion
You have the right to request deletion of your personal data at any time. To submit a deletion request:
Email us at [email protected] with the subject line "Data Deletion Request"
Include the email address associated with your account and any order numbers you wish to have removed
We will verify your identity and confirm receipt within 5 business days
Deletion will be completed within 30 days, except for data we are legally required to retain (e.g., tax records)
What Cannot Be Deleted
Certain data must be retained to comply with legal obligations, including order records for tax purposes (typically 7 years), fraud prevention records, and data subject to active legal proceedings. We will inform you of any such limitations when processing your request.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please reach out to us. We are committed to resolving privacy concerns promptly and transparently.