Privacy Policy

1. Who we are

Orchid & Plum Atelier (“we”, “us”, “our”) operates the website at opatelier.com and the related sales of luxury menswear. We are the data controller for the personal information you provide on our site. You can contact us at privacy@opatelier.com.

2. Information we collect

We collect information in three ways:

You give it to us

• Account details: name, email address, phone number, password (stored hashed).
• Order details: shipping and billing address, items purchased, gift messages.
• Payment details: card information is collected and stored only by our payment processor (Stripe). We never see or store your full card number.
• Customer-service correspondence: emails, chat transcripts, returns requests.
• Marketing preferences: newsletter subscriptions, SMS opt-ins.

We collect automatically

• Device and connection data: browser type, operating system, IP address, language, time zone.
• Usage data: pages viewed, products clicked, time on site, referrer URL.
• Cookies and similar technologies (see our cookie banner for granular control).

We receive from third parties

• Fraud and risk signals from Stripe Radar.
• Address validation from shipping carriers.
• Aggregated audience information from advertising platforms (only if you have consented).

3. How we use your information

We use your information to:

• Process and fulfill your orders, including payment, shipment, and returns.
• Provide customer support and respond to inquiries.
• Send transactional messages (order confirmation, shipping updates, password resets).
• With your consent, send marketing emails and SMS about new arrivals and promotions.
• Detect and prevent fraud, abuse, and security incidents.
• Improve our website, products, and services through aggregated analytics.
• Comply with legal obligations (tax, accounting, anti-money-laundering rules).

4. Legal bases (EU/UK customers)

If you are in the EU or UK, we rely on these legal bases under the GDPR:

• Performance of a contract: processing your order.
• Legitimate interests: fraud prevention, security, and core analytics.
• Consent: marketing communications, non-essential cookies.
• Legal obligation: tax and accounting records.

5. Sharing your information

We share information only with these categories of recipients:

• Payment processors — Stripe (PCI-DSS Level 1 certified).
• Shipping carriers — UPS, FedEx, USPS, and international partners.
• Email and messaging providers — Resend (transactional email).
• Analytics providers — Vercel Analytics, Google Analytics 4 (only if you consent).
• Cloud hosting — Vercel, Inc. for the storefront; AWS for backend infrastructure.
• Professional advisers — accountants, auditors, lawyers, under confidentiality.
• Authorities — when required by law, court order, or to protect rights and safety.

We do not sell your personal information.

6. International transfers

Some of our service providers are located in the United States. When we transfer your data outside the EU/UK, we rely on the European Commission’s Standard Contractual Clauses or another approved mechanism.

7. How long we keep it

• Account data: until you delete your account, plus 90 days.
• Order records: 7 years (US tax requirement).
• Marketing preferences: until you unsubscribe.
• Analytics events: 26 months.
• Customer-service tickets: 3 years from resolution.

8. Your rights

Subject to applicable law, you can:

• Access the personal information we hold about you.
• Request correction of inaccurate data.
• Request deletion (“right to be forgotten”), subject to legal-hold exceptions.
• Object to or restrict certain processing.
• Request a portable copy of your data.
• Withdraw consent for marketing at any time.
• Lodge a complaint with your local data protection authority.

California residents: under the CCPA/CPRA, you have additional rights including the right to know categories of information collected and the right to opt out of “sale” or “share” of personal information for cross-context behavioural advertising. Submit a request via privacy@opatelier.com.

9. Cookies

We use cookies and similar technologies to operate the site, remember preferences, and (with your consent) measure performance and personalize advertising. You can manage your preferences through the cookie banner or by clearing cookies in your browser. Strictly necessary cookies cannot be disabled.

10. Children

Our site is not directed to children under 13, and we do not knowingly collect their information.

11. Security

We use industry-standard security measures (TLS 1.3, encryption at rest, role-based access control, regular audits). No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security, but we work hard to protect your information.

12. Changes to this policy

We may update this policy occasionally. Material changes will be communicated by email or a prominent notice on the site. The “Last updated” date at the top reflects the latest revision.

13. Contact

Privacy questions: privacy@opatelier.com
General inquiries: hello@opatelier.com
Mail: Orchid & Plum Atelier, New York, NY, United States