Privacy Policy

Changes to This Privacy Policy

We reserve the right to update or change our Privacy Policy at any time. When we make changes, we will update the "Last updated" date at the top of this page.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of the site after any changes to this Privacy Policy will constitute your acceptance of such changes.

Information We Collect

We collect information from you in several ways:

Information You Provide Directly

When you interact with our site, we may collect personal information that you voluntarily provide, including:

• Name and contact information (email address, phone number, postal address)
• Account credentials when you create an account
• Order details and purchase information
• Communications with our customer support team
• Feedback, survey responses, and other user-generated content

Information Collected Automatically

When you visit our site, we automatically collect certain information about your device and browsing activity:

• Device information (type, operating system, browser type and version)
• IP address and approximate geographic location
• Browsing behavior and interaction patterns on our site
• Cookies and similar tracking technologies
• Referring URLs and pages visited

Information from Third Parties

We may receive information about you from third-party sources, including:

• Analytics Providers: We use Umami Analytics, a privacy-focused analytics service that does not use cookies and anonymizes visitor data
• Hosting Services: Our site is hosted on AWS (Amazon Web Services) infrastructure including S3 and CloudFront for content delivery
• Future Service Providers: Payment processors and other vendors as we expand our services

Note on Fonts: We use self-hosted web fonts (via Next.js font optimization) that are served directly from our infrastructure. No external font services are used, and no third parties receive your IP address for font delivery.

Note: We do not currently process payments directly through our website. Any future payment processing will be handled by secure third-party payment processors, and this policy will be updated accordingly.

How We Use Your Information

We use the information we collect for the following purposes:

• Providing Products and Services: To process your orders, manage deliveries, and provide customer support in order to perform our contract with you
• Communication: To send you important updates about your orders, account, and our services
• Marketing and Advertising: To send you promotional materials and offers. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in selling our products, according to Article 6(1)(f) GDPR
• Service Improvement: To analyze user behavior and improve our website, products, and services. This is in our legitimate interests according to Article 6(1)(f) GDPR
• Security and Fraud Prevention: To detect, investigate, or take action regarding possible fraudulent, illegal, or malicious activity. If you are an EEA resident, the legal basis for these data processing activities is our legitimate interest in keeping our website secure for you and other customers, according to Article 6(1)(f) GDPR
• Legal Compliance: To comply with legal obligations and enforce our terms and policies

Legitimate Interest Balancing Test

When we rely on legitimate interests for processing your personal information, we perform a balancing test considering:

• The purpose of processing
• The necessity of processing
• The impact on your privacy rights

You can object to processing based on legitimate interests by contacting us using the details provided at the end of this policy.

Cookies and Tracking Technologies

We use minimal tracking technologies to enhance your browsing experience and understand how you use our site.

Analytics - Umami

We use Umami Analytics, a privacy-focused web analytics service that:

• Does not use cookies - No tracking cookies are stored on your device
• Anonymizes all data - IP addresses are anonymized and no personal information is collected
• Respects Do Not Track - If your browser sends a Do Not Track signal, we will not load analytics
• GDPR compliant - Designed with privacy as a core principle

Data collected: Anonymized page views, referrer, browser type, device type, country (via anonymized IP). Service provider: Umami Cloud. Privacy policy: https://umami.is/privacy

Do Not Track Signals

We respect Do Not Track (DNT) signals sent by your browser. When we detect a DNT signal, we will:

• Disable Umami Analytics tracking
• Prevent any usage data collection
• Ensure your browsing remains completely private

To enable Do Not Track, please check your browser's privacy settings. Most modern browsers support this feature.

Essential Cookies

Some cookies are essential for our site to function properly. These may include:

• Session cookies for site functionality
• Preference cookies to remember your settings
• Security cookies to protect against fraudulent activity

You can control cookie settings through your browser preferences. However, disabling essential cookies may limit some functionality of our site.

Sharing Your Information

We may share your personal information with third parties in the following circumstances:

• Hosting and Infrastructure: AWS (Amazon Web Services) for hosting, storage, and content delivery through S3 and CloudFront
• Analytics: Umami Cloud for privacy-focused, anonymized website analytics (respects Do Not Track)
• Future Service Providers: Payment processors, shipping companies, and other vendors as we expand our services. Each third party's access is limited to only the data they need to provide their specific service.
• Legal Requirements: When required by law, court order, or legal process, or to comply with applicable legal obligations (including to respond to subpoenas, search warrants, and similar requests)
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business
• Protection of Rights: To protect the rights, property, or safety of scOS, our users, or others, and to enforce any applicable terms of service

We do not sell your personal information. We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

Note: Business and marketing partners will use your information in accordance with their own privacy notices. With your consent, we may share personal information for advertising and marketing activities.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our specific retention periods are:

• Account Information: For the duration of your account plus 2 years after closure
• Order Records: 7 years from the date of order (to comply with UK tax and accounting requirements)
• Marketing Preferences: Until you opt out or withdraw consent
• Website Usage Data: Up to 26 months from collection
• Support Communications: For the duration necessary to resolve your inquiry plus a reasonable period for quality assurance

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.

• Right to Access / Know: You may have a right to request access to personal information that we hold about you, including details relating to the ways in which we use and share your information
• Right to Delete: You may have a right to request that we delete personal information we maintain about you
• Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you
• Right of Portability: You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions
• Right to Opt Out of Sale or Sharing or Targeted Advertising: You may have a right to direct us not to "sell" or "share" your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out.
• Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information
• Withdrawal of Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent
• Appeal: You may have a right to appeal our decision if we decline to process your request. You can do so by replying directly to our denial
• Managing Communication Preferences: We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you

You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided below.

We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity before providing a substantive response to the request. We will respond to your request in a timely manner as required under applicable law.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication requirements
• Employee training on data protection and security
• Secure hosting infrastructure with AWS

Important Security Disclaimer: Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." No method of transmission over the Internet or electronic storage is 100% secure.

In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us. If you believe your account has been compromised, please contact us immediately.

Children's Privacy

Our services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as soon as possible. If you believe we have collected information from a child, please contact us immediately.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

California Consumer Privacy Act (CCPA) Disclosures

We have disclosed the following categories of personal information and sensitive personal information about users in the past 12 months for the purposes set out in the sections "How We Use Your Information" and "Sharing Your Information":

We do not use or disclose sensitive personal information without your consent or for the purposes of inferring characteristics about you.

Each third party's access is limited to only the data they need to provide their specific service. With your consent, we may share personal information for the purpose of engaging in advertising and marketing activities.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy when transferred internationally, including the use of standard contractual clauses approved by relevant authorities.

Third-Party Websites

Our site may contain links to third-party websites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly advise you to review the privacy policy of every site you visit. These links are provided for your convenience and do not signify our endorsement of such third-party sites.

Complaints and Regulatory Authority

If you have concerns about how we handle your personal information, please contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.