Privacy Policy

Last updated: February 21, 2026

At Stitch A Lot Studio, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and what choices you have. By using our website, you agree to the practices described in this policy.

Information We Collect

Account Information

When you create an account on our website, we collect the following personal information:

  • Your name
  • Email address
  • Phone number (optional)
  • Shipping and billing address

Order Information

When you place an order, we collect information necessary to process and fulfill it, including your shipping address and payment details. Payment information (such as credit card numbers) is processed directly by our payment providers, Stripe and PayPal, and is never stored on our servers.

Analytics Data

To help us understand how visitors use our website and to improve the browsing experience, we may collect:

  • Pages visited and time spent on each page
  • Session duration
  • Approximate geographic location derived from your IP address (your full IP address is hashed and cannot be reversed)
  • Device and browser information (e.g., screen size, operating system, browser type)

Contact Form Submissions

When you submit a message through our contact form, we collect your email address, the subject of your inquiry, and the message content so that we can respond to you.

How We Use Your Information

We use the information we collect for the following purposes:

  • Process and fulfill orders — to ship your purchases, send order confirmations, and provide customer support related to your orders.
  • Manage your account — to maintain your account, authenticate your identity, and keep your preferences up to date.
  • Improve our website — to analyze usage patterns through analytics so we can enhance site performance, content, and user experience.
  • Respond to inquiries — to reply to messages you send us through our contact form.
  • Detect and prevent fraud — to protect you and our business from fraudulent transactions and unauthorized access.

Cookies and Tracking Technologies

Cookies are small text files that websites place on your device to store information. They help websites remember your preferences and understand how you interact with the site. We use a limited number of cookies, all of which are essential to the functioning of our website.

Cookies We Use

CookiePurposeTypeDuration
sessionCartIdMaintains your shopping cart across pagesEssentialSession
cookieConsentRemembers your cookie preference choiceEssential1 year
visitorCountryDetects your country for consent requirementsEssential1 day
next-auth.session-tokenKeeps you signed in to your accountEssentialSession

Performance Monitoring

We use Vercel Speed Insights to monitor website performance and loading times. This tool is loaded only after you give your consent through our cookie banner. It collects anonymized performance metrics and does not track individual users.

No Advertising or Marketing Cookies

We do not use any third-party advertising, marketing, or tracking cookies. We do not participate in ad networks and we do not sell or share your data with advertisers.

Third-Party Services

We rely on a small number of trusted third-party services to operate our website. Each of these services has its own privacy policy governing how they handle your data:

  • Stripe — processes credit and debit card payments securely. Stripe is PCI-DSS compliant and never shares your payment information with us. Stripe Privacy Policy
  • PayPal — provides an alternative payment method for orders. PayPal Privacy Policy
  • Vercel — hosts our website and provides performance monitoring through Speed Insights. Vercel Privacy Policy

Data Retention

  • Account data is retained for as long as your account remains active. If you choose to delete your account, we will remove your personal information from our systems.
  • Order data is retained as required by applicable tax, accounting, and legal obligations. This typically means we keep order records for a minimum period required by law even after account deletion.
  • Analytics data — IP addresses collected for analytics purposes are hashed using a one-way algorithm and cannot be reversed to identify you personally.
  • Account deletion — you may request deletion of your account and associated personal data at any time by contacting us through our website's contact form.

Your Rights

Depending on where you live, you may have specific rights regarding your personal data.

For EU/EEA/UK Residents (GDPR)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the following rights under the General Data Protection Regulation:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct any inaccurate or incomplete personal data.
  • Right to erasure — you can request that we delete your personal data, subject to legal obligations.
  • Right to data portability — you can request your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
  • Right to object — you can object to the processing of your personal data for certain purposes.
  • Right to withdraw consent — where processing is based on your consent, you can withdraw that consent at any time.

For California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know — you can request information about the categories and specific pieces of personal data we have collected about you.
  • Right to delete — you can request that we delete the personal data we have collected from you.
  • Right to opt-out — you can opt out of the sale of your personal data. Note that Stitch A Lot Studio does not sell personal data.
  • Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights.

Children's Privacy

Our website is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information as quickly as possible. If you believe a child under 13 has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make changes, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.

Data Controller

The data controller responsible for your personal data is:

Stitch A Lot Studio
2435 Wood Sorrell Lane, Signal Mountain, TN

Contact Us

If you have any questions or concerns about this Privacy Policy, how we handle your personal data, or if you wish to exercise any of your rights described above, please reach out to us using the contact form on our website or at the address listed above. We will do our best to respond to your inquiry promptly.