Who we are

MetalManiac is an independent print-on-demand apparel store operating at metalmaniac.store. We design and sell metal-inspired merchandise — apparel, drinkware, home goods — printed on demand and shipped worldwide.

For any privacy-related questions, email us at [email protected] with the subject line “Privacy Request” so we route it correctly. We respond within 1 business day.

What data we collect

We collect different types of data depending on how you interact with our store:

When you place an order

• Full name (billing and shipping)
• Email address
• Phone number (required by shipping carriers)
• Billing address
• Shipping address (if different)
• Order details (products, sizes, quantities)
• IP address (for fraud prevention)

When you subscribe to our newsletter

• Email address
• Source page (which page you subscribed from)
• IP address and browser info (for spam prevention)
• Referrer URL (where you came from before signing up)

When you start checkout but don’t complete

• Email address (if you entered it)
• Cart contents
• IP address and browser info

We use this to send abandoned cart reminder emails. You can opt out by clicking “unsubscribe” in any reminder.

When you contact support

• Your email address and the content of your message
• Order number (if you reference one)
• Photos you attach (for defect claims)

Automatically (when you visit any page)

• IP address and approximate location (country/city level)
• Browser type, device type, screen size
• Pages viewed, time on site, referrer
• Cookies (see Cookies section below)

How we use your data

We use your data only for these purposes:

• Fulfilling your order: printing, packing, shipping, and tracking
• Customer support: responding to your questions, processing returns or refunds
• Order communications: sending order confirmations, shipping notifications, delivery updates
• Marketing emails: only if you subscribed — new drops, discount codes, brand updates
• Abandoned cart recovery: reminding you about items you left behind (opt-out anytime)
• Fraud prevention: spotting suspicious orders and protecting our payment processors
• Legal compliance: tax records, dispute resolution, regulatory reporting
• Analytics: understanding how people use our site to improve it

We do not use your data for: targeted ads on other websites, profile sharing with data brokers, AI training, or any purpose unrelated to running this store.

Who we share data with

To run an online store, we have to share some data with trusted third parties. We never share more than what’s needed for them to do their job.

We may also disclose data when legally required (court order, law enforcement request) or to protect our rights, property, or safety. We do not sell your personal data to anyone — not under any definition of “sell” used in California, Virginia, or any other privacy law.

International data transfers

We’re an international business, so your data may be processed in countries outside your own — typically the United States (where PayPal, Mailchimp, and Cards Shield are based) or the country where our hosting infrastructure runs.

For customers in the European Economic Area (EEA) or United Kingdom: when we transfer your data outside these regions, we rely on standard contractual clauses approved by the European Commission, or other lawful transfer mechanisms. The third parties we use (PayPal, Mailchimp, etc.) maintain their own GDPR compliance.

How long we keep your data

We don’t keep data longer than we need it. Specific retention periods:

• Order data: 7 years (required for tax and legal records)
• Newsletter subscribers: until you unsubscribe
• Abandoned cart data: 90 days, then automatically deleted
• Support emails: 2 years after the conversation ends
• Analytics data: aggregated and anonymized after 14 months
• Server logs: 30 days, then rotated out

Cookies & tracking

Cookies are small text files stored in your browser. We use four categories:

• Essential — needed for the site to work (cart contents, login session, checkout state). Cannot be disabled.
• Functional — remembering your preferences (language, currency, recently viewed). You can disable these in your browser.
• Analytics — Google Analytics tracks page views and user flows in aggregate. Anonymized after 14 months.
• Marketing — Meta Pixel and similar tools measure ad campaign performance. You can opt out via your browser’s “Do Not Track” setting or ad-blocking extensions.

You can clear cookies anytime through your browser settings. Note that disabling essential cookies will break checkout functionality.

Your rights

Regardless of where you live, you have the right to:

• Access — request a copy of all data we hold about you
• Correct — fix anything inaccurate
• Delete — request we erase your data (subject to legal retention requirements like tax records)
• Export — receive your data in a portable format (JSON or CSV)
• Restrict processing — limit how we use your data
• Object — opt out of marketing emails or analytics tracking
• Withdraw consent — change your mind about anything you previously agreed to

To exercise any of these rights, email [email protected] with the subject line “Privacy Request”. We’ll verify your identity (to prevent unauthorized requests) and respond within 30 days.

If you’re in the EEA or UK and unhappy with how we’ve handled your data, you also have the right to file a complaint with your local data protection authority.

Children’s privacy

We do not knowingly collect data from anyone under 16 years old. If you’re under 16, please don’t submit any personal data through our site. If you’re a parent or guardian and believe your child has given us data, contact [email protected] and we’ll delete it.

Security

We protect your data using industry-standard measures: 256-bit SSL encryption for all transmissions, PCI-compliant payment processing (we never store full card numbers), restricted server access, regular security audits, and encrypted database backups.

No method of internet transmission is 100% secure. If we ever experience a data breach affecting your information, we’ll notify you within 72 hours of discovery, in line with GDPR requirements.

Changes to this policy

We may update this policy as our practices evolve or as laws change. The “last updated” date at the top of this page reflects the most recent revision. For significant changes (new data categories, new third-party sharing), we’ll notify subscribers by email and post a notice on this page for 30 days. Continued use of our site after a change means you accept the updated policy.

A note on trust

Privacy policies usually exist to protect companies from customers. We’ve tried to write this one to do the opposite — give you a clear picture of what happens with your data so you can decide whether to trust us with it. If anything here is unclear or you spot something that doesn’t match how we actually operate, email us. We’d rather rewrite a paragraph than mislead anyone.