Skip to main content
Insha Makes
Free delivery over $75 CADHandmade with love

Legal

Privacy Policy

Last updated: May 1, 2026

1. Who We Are

Insha Makes ("we", "us", "our") is a home-based handcraft business operating in Ontario, Canada. We sell handmade baked goods and hand-crocheted accessories online at inshamakes.ca. Contact us at: hello@inshamakes.ca.

2. Information We Collect

We collect information you provide directly:

  • Account data: name, email address, and a hashed password — your plain-text password is never stored.
  • Order data: delivery address, phone number, order history, and delivery date preferences.
  • Payment data: processed exclusively by Stripe. We never see or store your card number, CVC, or full payment details.
  • Communication data: messages sent via our contact form or custom order requests.
  • Newsletter data: email address if you subscribe to our mailing list.

We also collect data automatically:

  • Usage data: pages visited, products viewed, and cart contents (stored locally in your browser).
  • Technical data: IP address, browser type, device type, and referral source.
  • Cookies: see Section 6 below.

3. How We Use Your Information

  • To process and fulfil your orders
  • To communicate with you about orders (confirmation, dispatch, delivery updates)
  • To respond to enquiries and custom order requests
  • To send newsletters and promotional offers (only with your explicit consent)
  • To improve our website and services
  • To comply with applicable legal obligations

Our legal bases under GDPR are: contract performance (order fulfilment), legitimate interests (operating the business), and consent (newsletters, optional analytics cookies).

4. Third-Party Services

Stripe

Payment processing is handled by Stripe, Inc. When you purchase, your payment information is sent directly to Stripe's PCI-DSS Level 1 certified servers. Stripe's privacy policy: stripe.com/privacy.

Supabase

User authentication and account data is stored via Supabase (a cloud database platform). Your email and encrypted password are held in a secure, access-controlled environment.

Cloudinary

Product images are served via Cloudinary's CDN. No personal data is shared with Cloudinary.

5. Data Sharing

We do not sell your personal data. We share data only with the service providers listed in Section 4 (for their stated purpose), or with law enforcement and regulatory bodies where legally required.

6. Cookies

We use the following types of cookies:

  • Necessary cookies: Required for site functionality — authentication sessions and cart data. These cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site. Only set with your explicit consent.
  • Marketing cookies: Used for personalised offers. Only set with your explicit consent.

You can manage cookie preferences at any time using the cookie banner shown on your first visit, or by clearing your browser cookies.

7. Data Retention

  • Order data: retained for 7 years for tax and legal compliance.
  • Account data: retained while your account is active; removed within 30 days of account deletion.
  • Newsletter subscriptions: retained until you unsubscribe.

8. Your Rights

Depending on your location, you may have the following rights:

  • GDPR (EU / UK): Right to access, rectify, erase, restrict processing, data portability, and object to processing.
  • CCPA (California): Right to know, delete, opt-out of sale, and non-discrimination.
  • PIPEDA (Canada): Right to access and correct your personal information.

To exercise any right, email hello@inshamakes.com. We will respond within 30 days. You may also delete your account at any time from your account settings page.

9. Security

We use HTTPS encryption, hashed passwords, and access controls to protect your data. No method of internet transmission is 100% secure, but we take all reasonable precautions.

10. Children's Privacy

Our website is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has submitted their information, please contact us immediately.

11. Changes to This Policy

We may update this policy from time to time. The “last updated” date at the top will reflect any changes. Continued use of our website after updates constitutes acceptance.

12. Contact

For privacy enquiries: hello@inshamakes.com