Free delivery on orders over ₱5,000 within Metro Manila · Same-day delivery before 6PM
Summer Floral Studio

Legal

Privacy Policy

Last updated: May 10, 2026

Summer Floral Studio ("we", "us", "our") operates this website and is committed to protecting your personal data in accordance with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173) and applicable international standards. This policy explains what we collect, why, and how to exercise your rights.

1. Information We Collect

The data we collect varies by how you interact with us:

  • Order information: name, recipient name, billing/delivery addresses, phone numbers, order contents, gift card messages, and any notes you add at checkout.
  • Account information (if you create an account): email address, first/last name, phone number (optional), and saved delivery addresses. Authentication is handled by Shopify's Customer Account API — we never see or store your password.
  • Payment information: processed by Shopify Payments. We do not see, store, or have access to your full card or banking details.
  • Reviews and photos: if you submit a product review, we collect the rating, your name, email, optional review title, body text, and any photos you attach. Photos you upload are hosted on Shopify's CDN (cdn.shopify.com) and may also be re-hosted by Judge.me as part of their review widget.
  • Communications: messages you send us via email, contact form, or social channels.
  • Technical data: IP address, browser type, device information, pages visited, time on site, and referral source. Used for analytics, abuse prevention (rate-limiting review/login attempts), and error monitoring.
  • Marketing preferences: if you subscribe to our newsletter, we collect your email address and any consent indicators.

2. How We Use Your Information

  • Process, fulfill, and deliver your orders
  • Authenticate you when you sign in to your account
  • Verify that reviewers have actually purchased the product they're reviewing
  • Send transactional emails (order confirmation, delivery updates, review request, coupon delivery)
  • Send marketing emails — only if you have opted in, and you can unsubscribe at any time
  • Apply discount codes you redeem at checkout
  • Prevent fraud and abuse (rate-limiting, suspicious-activity detection)
  • Improve the website, products, and customer experience
  • Comply with legal, tax, and accounting obligations

3. Cookies and Local Storage

We use a small set of cookies and browser storage:

  • Essential session cookies (HttpOnly, secure): keep you signed in and remember your cart. The site cannot function without these.
  • OAuth-flow cookies (short-lived, ~5 minutes): protect the sign-in process from CSRF.
  • Analytics cookies (Google Tag Manager / Google Analytics): only set if you accept the cookie banner. Used to understand site usage in aggregate.
  • Local storage: we use your browser's localStorage to remember your cart ID and saved favorites between visits. This data stays on your device.

You can change cookie preferences at any time through the cookie banner or your browser settings. Declining analytics cookies will not affect your ability to shop.

4. Third-Party Services

We share specific data with the following providers strictly to operate our business. We do not sell your information to advertisers or data brokers.

  • Shopify, Inc. — e-commerce platform, payments, customer accounts, file hosting (cdn.shopify.com)
  • Judge.me — product review collection, moderation, and display
  • Resend — transactional email delivery (e.g. review thank-you emails with discount codes)
  • Mailchimp — marketing newsletters (opt-in only)
  • Vercel, Inc. — website hosting and serverless functions
  • Google — analytics, fonts, and tag management (analytics only fire after cookie consent)
  • Sentry — error monitoring (crash logs may incidentally include the URL you were on and a portion of your session ID; never form contents)
  • Delivery partners — to physically deliver your orders

Each provider operates under its own privacy policy. By using our site you also agree to those policies where applicable.

5. International Data Transfers

Several of our service providers are based outside the Philippines (primarily the United States and Canada). When you place an order or create an account, your data is transferred to and stored in their data centers, which may be in those jurisdictions. These providers are bound by contractual data-protection commitments and operate at industry-standard security levels.

6. Data Retention

  • Order records are kept as long as required by Philippine tax and accounting law (typically 10 years).
  • Customer account data is kept while your account is active. If you ask us to delete your account, we will remove personal data except what we're legally required to retain (e.g. invoices).
  • Reviews are retained indefinitely as they form part of the public product record. You can request the removal of your own review at any time.
  • Newsletter records are kept until you unsubscribe; we retain a minimal record of past subscriptions for compliance purposes.
  • Analytics data follows the retention defaults of the underlying provider.

7. Data Security

The site is served over HTTPS. Authentication tokens are stored in HttpOnly, Secure, SameSite=Lax cookies that JavaScript cannot read. Payments are processed entirely on Shopify's PCI-DSS-compliant infrastructure. We do not store payment-card data on our servers. Despite these safeguards, no internet transmission is 100% secure — please use a unique password and notify us promptly if you suspect unauthorized access to your account.

8. Your Rights

Under the Data Privacy Act and other applicable laws, you have the right to:

  • Be informed about how we process your data
  • Access the personal data we hold about you
  • Request correction of inaccurate or outdated data
  • Request deletion of your data (subject to legal retention obligations)
  • Object to or limit our processing
  • Receive a portable copy of your data
  • Withdraw consent at any time, including unsubscribing from marketing emails
  • File a complaint with the National Privacy Commission of the Philippines

To exercise any of these rights, email us at hello@summerfloralstudio.com. We respond within 30 days.

9. Children's Privacy

Our site is not directed at children under 13, and we do not knowingly collect personal information from minors. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted at the top of this page along with an updated revision date. Continued use of the site after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, contact us:

See also our Terms of Service.