Effective Date: August 5, 2025
Website: https://cycria.ca
Who We Are
Our website address is: https://cycria.ca.
Cycria is an independently owned Canadian ecommerce business.
Contact:
📧 cycriastore@gmail.ca (General Inquiries)
🔒 info@cycria.ca (Privacy Officer)
What Personal Data We Collect and Why
Comments
When visitors leave comments:
- We collect data shown in the comments form
- We collect the visitor’s IP address and browser user agent string for spam detection
- An anonymized string (hash) of your email may be sent to Gravatar to check if you use the service
- The Gravatar service privacy policy is available here: https://automattic.com/privacy/
- After approval, your profile picture is visible publicly with your comment
- Comments and metadata are retained indefinitely
Media
If you upload images:
- Avoid uploading images with embedded location data (EXIF GPS)
- Visitors can download and extract location data from images
Contact Forms
- Submissions retained for 12 months for customer service
- Not used for marketing unless you opt-in
Account & Purchase Data
- Name, email, addresses, phone number
- Payment details (processed via PayPal)
- Order history
- Account credentials
Legal Bases:
- Consent (for marketing)
- Contractual necessity (order processing)
- Legal obligation (7-year tax retention)
- Legitimate interest (fraud prevention)
Cookies
Comment & Review Cookies
If you leave a comment or review:
- You may opt-in to saving your name/email/website in cookies (expire after 1 year)
- For convenience so you don’t need to re-fill details
Login Cookies
- Temporary cookie to check browser acceptance (no personal data, discarded when browser closes)
- Login cookies last 2 days
- Screen options cookies last 1 year
- “Remember Me” extends login to 2 weeks
- Editing cookies indicate post ID (expire after 1 day)
Product Interaction Cookies
While browsing:
- Temporary cookies track:
- Viewed products
- Viewed recommendations
- Clicked recommended products
- These contain no personal data
- Automatically expire after 1 day
Embedded Content
Articles may include embedded content (videos, images, etc.):
- Behaves exactly as if visiting the source website
- May collect data, use cookies, and track interactions
- May monitor engagement if you’re logged into that site
Analytics
Product Interaction Data
We store aggregate information about:
- Products viewed
- Recommendations displayed
- Recommendation clicks
This cannot personally identify you
Google Analytics
- Tracks site usage (pages visited, device type, etc.)
- Opt-out available: https://tools.google.com/dlpage/gaoptout
Who We Share Your Data With
Service Providers
| Service | Purpose | Data Shared |
|---|---|---|
| WooCommerce | Ecommerce platform | Order details, accounts |
| Printful | Order fulfillment | Shipping address, items |
| PayPal | Payment processing | Billing info, order total |
| MailPoet | Email newsletters | Name, email, engagement |
Other Disclosures
- Password reset emails include your IP address
- Comments may be checked by automated spam detection
How Long We Retain Your Data
| Data Type | Retention Period |
|---|---|
| Order information | 7 years (tax compliance) |
| User accounts | Until deletion requested |
| Reviews | Indefinitely |
| Contact form entries | 12 months |
| Analytics | 26 months |
What Rights You Have Over Your Data
You can:
- Request access to your data
- Correct inaccurate information
- Request deletion (where permitted)
- Export your data (for accounts/comments)
- Withdraw consent (e.g., unsubscribe)
Contact: info@cycria.ca (response within 30 days)
Email Communications
If you:
- Subscribe to newsletters
- Create an account
- Make a purchase
You may receive:
- Transactional emails (order updates)
- Marketing emails (if opted-in)
We track via MailPoet:
- Email opens/clicks (to improve content)
- IP address at signup (for fraud prevention)
Where Your Data Is Sent
- May be transferred to the U.S. via service providers
- Protected through data protection agreements and encryption
Additional Information
How We Protect Your Data
- SSL encryption
- Secure payment processors
- Limited staff access
Data Breach Procedures
If a breach occurs:
- Immediate investigation
- Notification if real risk of harm exists
- Report to Privacy Commissioner if required
Automated Decision Making
- Product recommendations (based on browsing)
- Fraud detection
No significant automated decisions
Contact Us
For privacy requests:
📧 Email: cycriastore@gmail.ca