Terms of service
Privacy Policy
Last Updated: June 20, 2026
1. Introduction
Over and Under ("we," "our," or "us") operates www.over-under.store (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, including any other media form, media channel, mobile website, or mobile application related or connected thereto.
Please read this privacy policy carefully. By using the Site, you consent to the practices described in this policy.
---
2. Information We Collect
Personal Data We Collect
| Category | Examples | How Collected |
|----------|----------|---------------|
| Contact Data | Name, email address, phone number, shipping/billing address | Direct input at checkout, account creation, newsletter signup |
| Payment Data | Credit card numbers, PayPal account | Processed via Shopify Payments (we do not store card data) |
| Device Data | IP address, browser type, operating system | Automatic collection via cookies and server logs |
| Usage Data | Pages visited, time on site, clicks, referring URL | Automatic collection via cookies and analytics |
| Order History | Products purchased, order dates, tracking numbers | Direct input at checkout |
Methods of Collection
- Direct Collection: Information you provide when placing an order, creating an account, subscribing to newsletters, or contacting us.
- Automatic Collection: Cookies, web beacons, and similar technologies collect usage and device data.
- Third Parties: We may receive information from service providers (payment processors, shipping carriers, analytics providers).
---
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) | Description |
|---------|-------------------|-------------|
| Fulfill Orders | Contract performance | Process and ship orders, send order confirmations and updates |
| Customer Service | Legitimate interest | Respond to inquiries, process returns/exchanges |
| Marketing | Consent | Send promotional emails (if opted in) |
| Analytics | Legitimate interest | Understand site usage, improve user experience |
| Advertising | Consent (for cookies) | Serve targeted ads via Google Ads, Facebook, etc. |
| Fraud Prevention | Legal obligation | Detect and prevent fraudulent transactions |
| Legal Compliance | Legal obligation | Comply with applicable laws and regulations |
---
4. Cookies and Tracking Technologies
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|-------------|---------|----------|
| Essential Cookies | Required for site functionality (cart, checkout) | Session |
| Analytics Cookies | Understand site usage (Google Analytics) | 2 years |
| Marketing Cookies | Serve targeted ads (Google Ads, Facebook Pixel) | 90 days |
| Preference Cookies | Remember user settings | 1 year |
Managing Cookies
You can control or disable cookies through your browser settings. Note: Disabling essential cookies may impair site functionality.
Third-Party Tracking
We use:
- Google Analytics — for site analytics
- Google Ads — for paid advertising and conversion tracking
- Facebook Pixel — for advertising (if applicable)
- Shopify Analytics — for e-commerce reporting
Each third party has its own privacy policy governing their use of your data.
---
5. How We Share Your Information
We MAY Share Your Information With:
| Recipient | Purpose | Data Shared |
|-----------|---------|-------------|
| Shopify Payments | Process payments | Payment info (processed, not stored) |
| Shipping Carriers (USPS, UPS, FedEx) | Ship orders | Shipping address, order info |
| Dropshipping Suppliers | Fulfill orders | Shipping address, products ordered |
| Email Marketing Providers (Klaviyo, Mailchimp) | Send emails | Email address, name |
| Google Analytics | Site analytics | Anonymized usage data |
| Google Ads | Advertising | Conversion tracking data |
| Legal Authorities | Compliance | As required by law |
Dropshipping Disclosure
> Important: When you place an order, your order may be fulfilled directly by one of our trusted third-party suppliers. In such cases, we share only the information necessary to fulfill and ship your order (primarily your shipping address and product details). Our suppliers are prohibited from using your data for any purpose other than fulfilling your order.
We DO NOT Sell Your Personal Information
We do not sell, trade, or rent your personal information to third parties for marketing purposes.
---
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|-----------|-----------------|
| Order records | 7 years (tax/accounting compliance) |
| Account data | Until account deletion |
| Marketing data (consented) | Until unsubscribe |
| Device/analytics data | 26 months (Google Analytics default) |
| Cookie data | Per cookie duration (see above) |
---
7. Data Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
- SSL/TLS encryption for all data transmission
- Shopify's PCI DSS Level 1 compliance (payment processing)
- Access controls on internal systems
- Regular security assessments
No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we take reasonable measures to protect your data.
---
8. Your Rights
For All Users
You have the right to:
- Access your personal data
- Correct inaccurate personal data
- Delete your personal data ("right to be forgotten")
- Opt out of marketing emails (unsubscribe link in every email)
- Disable cookies via browser settings
For California Residents (CCPA Rights)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt out of sale of personal information (We do not sell your data.)
- Right to non-discrimination
For EU/EEA Residents (GDPR Rights)
- Right to access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
To Exercise Your Rights
Contact us at: [contact email] | [mailing address]
We will respond within 30 days. For data deletion requests, we may require identity verification.
---
9. Children's Privacy
Our Site is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent/guardian and believe your child has provided us with personal data, please contact us immediately.
---
10. Third-Party Links
Our Site may contain links to third-party websites, services, or applications not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
---
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the updated policy on this page
- Updating the "Last Updated" date
- Sending an email notification (for significant changes)
We encourage you to review this policy periodically.
---
12. Contact Us
Business Name: Over and Under
URL: www.over-under.store
Email: customersupport@over-under.store
For privacy-related inquiries, include "Privacy Request" in the subject line.
---
13. Shopify Compliance
This store operates on Shopify Inc.'s platform. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify's data storage, databases, and the general Shopify application. Shopify stores your data on a secure server behind a firewall.
For more information on how Shopify handles your data, visit: [Shopify Privacy Policy](https://www.shopify.com/legal/privacy)