Privacy Policy — SpinShape

SpinShape (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website, make a purchase, or otherwise interact with us.

If you have questions, contact us at Spinshape.sav@gmail.com.

1) Who we are

SpinShape operates an online store offering fitness products and accessories. We are the data controller for the personal information described in this Policy (except where a service provider acts as a separate controller).

We host our store on an e-commerce platform (e.g., Shopify), which provides the online platform that allows us to sell our products. Your data may be stored through our platform provider’s data storage and databases. They store your data on secure servers behind a firewall.

2) What we collect

We collect information directly from you, automatically when you use our site, and from third parties. The categories of data we may collect include:

A. Identifiers & contact details
Name, shipping/billing address, email, phone number, order number, account credentials.

B. Commercial information
Products viewed or added to cart, purchase/return history, discount codes, customer service history.

C. Payment information
Payment method, last 4 digits of card and token (full card data is handled by our payment processor and not stored by us).

D. Device & usage data (internet activity)
IP address, device/browser type, pages viewed, links clicked, referring URL, approximate location (city/country), session logs, cookies and similar technologies.

E. User content & preferences
Product reviews, survey responses, support messages, preferences (e.g., marketing).

F. Inferences
Preferences or interests derived from the above (e.g., product affinity).

We collect the above from: you (checkout, account, forms), your device (cookies/pixels), our platform and service providers (analytics, payments, fulfillment, marketing), and publicly available sources (to prevent fraud).

3) Why we use your information (purposes & legal bases)

Order processing & account management
To process payments, fulfill and deliver orders, provide invoices, returns/exchanges, and customer support.
Legal bases (GDPR): performance of a contract; legitimate interests; legal obligation (tax/records).

Customer support & communications
To respond to inquiries and send service messages (order/shipping updates, policy or security notices).
Legal bases: performance of a contract; legitimate interests.

Personalization, analytics & improvement
To understand site usage, improve our products/services, and fix issues.
Legal bases: legitimate interests; consent (where required for cookies/analytics).

Marketing & advertising
To send newsletters and show relevant ads (including retargeting). You can opt out anytime.
Legal bases: consent (email/SMS where required); legitimate interests.

Security & fraud prevention
To detect, prevent, and investigate fraud or abuse.
Legal bases: legitimate interests; legal obligation.

Compliance
To comply with laws, regulations, tax and accounting obligations, and law-enforcement requests.
Legal bases: legal obligation.

4) Cookies & similar technologies

We use cookies, pixels, and similar tools to:

  • keep your session and cart;

  • analyze traffic and performance;

  • personalize content; and

  • measure/serve advertising.

You can manage cookies via our cookie banner (where shown) and your browser settings (blocking may affect site functionality). We may use analytics (e.g., Google Analytics) and advertising pixels (e.g., Meta/Instagram, Google Ads). These partners may set cookies and collect device/usage data for measurement and interest-based advertising. See Your rights & choices below to opt out of targeted ads.

Do Not Track: We currently do not respond to browser DNT signals due to the lack of a common standard.

5) How we share information

We share the categories of data listed above with the following types of partners for the purposes described:

  • Service providers / processors: e-commerce platform (store hosting), payment processors, fraud tools, fulfillment/warehousing, shipping carriers, customer support tools, email & SMS providers, analytics, and advertising/retargeting partners.

  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets.

  • Legal & compliance: To comply with law or protect rights, safety, and security.

Targeted advertising & “sale/share” (US CPRA/CCPA): We may disclose identifiers, device data, and internet activity to advertising partners to show personalized ads. Under some state laws, this may be considered a “sale” or “sharing.” See Your rights & choices to opt out.

We do not sell personal information for money. We do not knowingly sell or share the data of children.

6) Retention

We keep personal information only as long as necessary for the purposes above:

  • Orders & accounting records: typically 7 years (tax/legal).

  • Customer accounts: while active and up to 3 years after last activity (or earlier upon request, unless we must keep it).

  • Marketing data: until you opt out/unsubscribe or your consent is withdrawn.

  • Logs & analytics: typically 13–26 months (varies by tool) unless aggregated/anonymized sooner.

7) Security

We use administrative, technical, and physical safeguards designed to protect your data (HTTPS, restricted access, encryption at rest where applicable, least-privilege). No method of transmission or storage is 100% secure. If we believe your data may be affected by a breach, we will notify you and regulators as required by law.

8) International transfers

We may transfer, store, and process your information outside your country (e.g., the United States, Canada, EU). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

9) Your rights & choices

Your rights depend on your location. Subject to legal limits, you may have the right to:

  • Access / Portability — request a copy of your data.

  • Correction — fix inaccurate or incomplete data.

  • Deletion — ask us to delete your data.

  • Restriction / Objection — restrict or object to certain processing.

  • Withdraw consent — where processing is based on consent (e.g., marketing).

  • Opt out of marketing — unsubscribe via email footer or contact us.

  • Opt out of targeted ads / “sale” or “share” of personal information (US) — opt out of targeted advertising and certain cross-context disclosures.

  • Non-discrimination — you won’t be discriminated against for exercising your rights.

How to submit a request
Email Spinshape.sav@gmail.com with your name, email, order number (if any), and the right you want to exercise. We may need to verify your identity (e.g., via email confirmation or order details). You can designate an authorized agent as permitted by law.

Cookies/Ads choices

  • Use the cookie banner (where available).

  • Set your browser to block/clear cookies.

  • Use platform controls (e.g., Google Ads Settings, Meta Ad Preferences).

  • Use industry opt-outs (NAI/DAA where applicable).

10) Children’s privacy

Our services are not directed to children and we do not knowingly collect personal information from children under the age required by local law (e.g., 13 in the US, 16 in the EU without consent). If you believe a child has provided us data, contact us and we will delete it as required.

11) Third-party links

Our site may contain links to third-party websites or services. We are not responsible for their privacy practices. Review their policies when you visit them.

12) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we’ll post the updated Policy on this page and update the “Effective date” above. Your continued use of our services after changes means you accept the updated Policy.

13) Contact us

If you have questions or want to exercise your rights, contact:
SpinShape Privacy Team
Website: https://spin-shape.com
Email: Spinshape.sav@gmail.com