Privacy Policy

Last Updated: January 2026

1. Introduction

At Grace Blooms, we respect your privacy and are committed to protecting the personal information you share with us. This policy explains how we collect, use, store, and safeguard your data when you use our website and services.

2. Information We Collect

We collect information you provide directly to us when you create an account, make a purchase, submit an inquiry, or subscribe to our newsletter. This includes:

  • Name and contact information (email, phone number)
  • Billing and shipping addresses
  • Payment information (processed securely by third-party providers)
  • Order history and preferences
  • Communications with our customer service team
  • AI chatbot conversation history (for personalized recommendations)

Automatically Collected Information:

  • Browser type and version
  • Device information and IP address
  • Pages visited and time spent on site
  • Referring website or source
  • Analytics data (via Vercel Analytics)

3. How We Use Your Information

We use your information to:

  • Process and fulfill your orders
  • Communicate with you about your account and purchases
  • Send you marketing communications (if you have opted in)
  • Provide personalized product recommendations via AI
  • Improve our website, products, and customer service
  • Detect and prevent fraud or security issues
  • Comply with legal obligations

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for website functionality (authentication, shopping cart)
  • Analytics Cookies: Help us understand how visitors interact with our site
  • Preference Cookies: Remember your settings (currency preference, theme)

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

5. Third-Party Services

We use trusted third-party services to operate our business:

  • Convex: Database and backend services for storing inquiries and user data
  • Vercel Analytics: Website analytics and performance monitoring
  • Payment Processors: Secure payment processing (we do not store payment card details)
  • Google Gemini AI: Powers our AI chatbot for customer assistance
  • Email Service: For transactional and marketing emails

These services have their own privacy policies and data protection measures.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encrypted data transmission (SSL/TLS)
  • Secure database storage
  • Regular security assessments
  • Access controls and authentication
  • Employee training on data protection

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (tax, accounting requirements)
  • Resolve disputes and enforce agreements

Account data is retained while your account is active. Upon account deletion, personal data is removed within 90 days, except where required by law.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data
  • Withdraw Consent: Unsubscribe from marketing communications

To exercise these rights, contact us at hello@graceblooms.com.

9. Marketing Communications

With your consent, we may send you marketing emails about our products, special offers, and events. You can opt-out at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your preferences in your account settings
  • Contacting us directly

10. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Please review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Related Policies

Terms of ServiceRefund PolicyShipping Policy