made for everywhere, worn wherever ✿
Legal · privacy

Privacy policy

A plain-English summary of what data we collect, why, and what we do with it. The short version: we collect what we need to send you your order, and nothing more.

Last updated · May 14, 2026
Operator · Billup The World LLC, Mount Vernon NY
Contact · hi@billuptheworld.com

TL;DR · the short version

We collect what we need to send you your order. Your email, shipping address, and payment info (handled by Stripe, never stored by us). We use cookies for analytics and to keep you signed in. We don't sell your data. You can email us anytime and we'll delete what we have.

What we collect

When you use this site, we collect:

  • Account info — your email address, name, and a hashed password (handled by Firebase Auth — we never see the plaintext).
  • Order info — shipping address, billing address, phone number (optional, for delivery updates), and items purchased.
  • Payment info — handled entirely by Stripe. We never see, store, or have access to your card number. Stripe sends us a token that represents your payment.
  • Usage info — how you got to our site, which pages you viewed, what you added to your bag, in anonymized form via PostHog.
  • Communications — emails you send to us, support tickets, replies to marketing emails.

Why we collect it

Each thing has a single, boring purpose:

  • To fulfill your order. Address → shipping label. Email → receipt and tracking. Phone → delivery updates.
  • To run the business. Sales records, tax compliance, fraud prevention, refunds.
  • To improve the site. Aggregated usage data helps us see what's broken or popular.
  • To tell you things you opted in for. Drop announcements, restock alerts, reviews. You can unsubscribe anytime.

Who we share with

We use a small set of trusted services to operate the store. None of them sell your data either:

  • Stripe — payment processing (Stripe's privacy policy applies to your card info).
  • Firebase (Google) — our database and authentication.
  • Resend — transactional email delivery.
  • PostHog — anonymized product analytics.
  • USPS & Pirate Ship — shipping label and tracking.
  • Vercel — website hosting.

We share only what each service needs to do its job. We never sell or rent your data to advertisers, brokers, or unrelated third parties.

Cookies & tracking

We use cookies for three things:

  • Essential — keeping you signed in, remembering your bag.
  • Analytics — anonymized PostHog cookie to measure site usage.
  • Marketing — only if you opted in. None set by default.

We don't run third-party ad pixels (no Meta Pixel, no Google Ads tag). You can disable cookies in your browser; the site will still work, but your bag won't persist between visits.

Data retention

How long we keep things:

  • Order records — 7 years (US tax requirement).
  • Customer accounts — as long as you have one. Delete your account and we delete everything except what we're legally required to keep.
  • Analytics events — 90 days then anonymized further.
  • Email logs — 12 months.

Your rights

You have the right to:

  • Access the personal data we have about you
  • Correct anything that's wrong
  • Delete your data (subject to legal retention requirements)
  • Port your data to another service
  • Opt out of marketing communications anytime
  • Lodge a complaint with a privacy regulator

To exercise any of these rights, email hi@billuptheworld.com. We'll respond within 30 days, usually within a day or two.

California residents (CCPA): you have the additional right to know what categories of data we collect and to opt out of any "sale" of your personal info. We don't sell personal info, so there's nothing to opt out of — but the right exists if our practices ever change.

Security

We protect your data with:

  • HTTPS / TLS encryption on every page
  • Encrypted data at rest in Firebase
  • Stripe-handled payment data (PCI-DSS Level 1)
  • Firebase Auth-managed credentials with hashed-and-salted storage
  • Strict access controls on our admin tooling

If we ever have a data breach that affects you, we'll email you within 72 hours of discovery.

Minors

We don't knowingly collect data from anyone under 13. If you're a parent and discover your child has provided personal info to us, email us and we'll delete it.

Updates to this policy

If we materially change this policy, we'll post the update here and email customers whose data is affected at least 30 days before changes take effect.

Questions? Email us.

hi@billuptheworld.com · usually replying within a few hours, always within a day. Real person on the other end.

— Andre & the billup team ✿
Terms of service·Help & FAQ