Privacy Policy

1. Who We Are

Kasandy Inc. (“Kasandy,” “we,” “our,” or “us”) is a handmade beauty brand based in Burnaby, British Columbia, Canada. We operate exclusively online at kasandy.com.

We are committed to protecting your personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia’s Personal Information Protection Act (PIPA), and, where applicable, the European Union’s General Data Protection Regulation (GDPR).

For any privacy-related questions or requests, please contact us at hello@kasandy.com.

2. Information We Collect

We collect personal information in the following categories:

• Identity information: first name, last name.
• Contact information: email address, phone number, shipping and billing address.
• Order information: products purchased, order history, transaction amounts, and order status.
• Payment information: payment is processed securely through Square (PCI DSS Level 1 certified). Kasandy never stores, sees, or has access to your full card number, CVV, or bank account details. Square’s privacy policy applies to payment data.
• Technical information: IP address, browser type, device type, operating system, referring URLs, and pages visited, collected automatically via cookies and analytics tools.
• Marketing preferences: whether you have opted in to receive email marketing communications from us.
• Communications: any messages you send us via email, contact forms, or social media.

We do not knowingly collect personal information from individuals under the age of 16.

3. How We Use Your Information

We use your personal information only for legitimate purposes, including:

• Processing, fulfilling, and shipping your orders.
• Communicating with you about your order status, tracking, and any issues.
• Providing customer support and responding to your enquiries.
• Sending marketing emails and promotions — only if you have opted in. You may unsubscribe at any time.
• Improving our website, product offerings, and user experience using aggregated analytics data.
• Detecting and preventing fraud or other unlawful activity.
• Complying with legal and regulatory obligations.

We will not sell, rent, or trade your personal information to third parties for their own marketing purposes.

4. Cookies

Our website uses cookies — small text files stored on your device — to enhance your experience. We use the following types of cookies:

• Essential cookies: required for the website and checkout to function. These cannot be disabled.
• Analytics cookies: used via Google Analytics 4 (GA4) to understand how visitors use our site. This data is aggregated and anonymized. You can opt out via Google’s opt-out browser add-on.
• Advertising cookies: set by Meta (Facebook/Instagram) and TikTok pixels to measure ad effectiveness and enable retargeting. These may track you across websites. You can manage these preferences through your browser settings or the relevant platform’s ad preferences.

You can control or delete cookies through your browser settings. Disabling certain cookies may affect site functionality.

5. Analytics & Advertising Pixels

We use the following third-party tracking tools:

• Google Analytics 4 (GA4): measures site traffic, user behaviour, and conversion events. Data is processed by Google LLC. View Google’s privacy policy at policies.google.com/privacy.
• Meta Pixel (Facebook/Instagram): tracks visits and purchases to measure ad performance and build custom audiences. View Meta’s data policy at facebook.com/privacy/policy.
• TikTok Pixel: tracks visits and events for TikTok advertising campaigns. View TikTok’s privacy policy at tiktok.com/legal/privacy-policy.

If you are located in the European Economic Area (EEA) or the UK, your data transferred to these services is subject to appropriate safeguards. We do not use these tools in a manner that identifies you personally without your consent.

6. Email Marketing

If you subscribe to our email list, we will send you newsletters, product announcements, and promotions. We use an email service provider to deliver these communications. Your email address and name are stored with that provider solely for this purpose.

You can unsubscribe at any time by clicking the “Unsubscribe” link at the bottom of any marketing email, or by contacting us at hello@kasandy.com. Transactional emails related to your orders (order confirmation, shipping updates) are not affected by unsubscribing from marketing.

7. How We Share Your Information

We share your personal information only as necessary with trusted third parties who assist us in operating our business:

• Square: payment processing and order management.
• Shipping carriers: Canada Post, UPS, FedEx, or equivalent — your name, address, and phone number are shared to fulfill delivery.
• Email service providers: for sending transactional and marketing emails.
• Analytics providers: Google, Meta, and TikTok, as described above.

All third parties are contractually required to handle your data securely and only for the stated purpose. We do not sell your data.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Order records are retained for a minimum of 7 years to comply with Canadian tax and accounting requirements. Marketing data is retained until you unsubscribe or request deletion.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to access: request a copy of the personal information we hold about you.
• Right to correction: request that we correct inaccurate or incomplete information.
• Right to deletion: request that we delete your personal information, subject to certain legal exceptions (e.g., we must retain financial records).
• Right to withdraw consent: withdraw your consent to data processing at any time, where processing is based on consent.
• Right to data portability: receive your personal data in a structured, machine-readable format (where applicable under GDPR).
• Right to object: object to processing of your data for direct marketing purposes.

To exercise any of these rights, please email hello@kasandy.com with your request. We will respond within 30 days.

10. Security

We take reasonable technical and organizational precautions to protect your personal information against unauthorized access, loss, or misuse. Our website uses HTTPS encryption. Payment data is handled exclusively by Square, which holds PCI DSS Level 1 certification.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., social media profiles). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. We encourage you to review this page periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or concerns, please reach out to us: