Legal

Privacy Policy

Last updated: June 2026. This policy describes what personal data Horny Rhino Heritage collects, how it is used, and your rights regarding that data.

What we collect

We collect only what is necessary to operate the shop and respond to enquiries:

  • Account data — if you create an account, we store your email address via Firebase Authentication. You can sign in with email/password or Google.
  • Order data — when you complete a purchase, Stripe processes your payment. We store a record of your order (items, amount, shipping address) linked to your account so you can view your order history.
  • Contact form — if you send a message via the contact form, we receive your name, email, and message. This is delivered to us by email via Nodemailer and is not stored on a database.

What we do not collect

  • We do not store payment card details. All payment processing is handled by Stripe on their servers. We never see your full card number.
  • We do not use advertising trackers, third-party analytics, or sell data to any third party.
  • We do not send marketing emails unless you have explicitly opted in via our newsletter form.

Third-party services

We use the following services to operate the shop. Each has its own privacy policy:

  • Firebase (Google) — authentication and order storage. Firebase Privacy Policy
  • Stripe — payment processing. Stripe Privacy Policy
  • Google reCAPTCHA v3 — spam protection on forms. Subject to Google Privacy Policy.
  • Vercel — hosting and deployment. Standard server access logs (IP, request path) are retained for a short period per Vercel's standard policy.

Cookies

We use a single first-party session cookie to keep admin users signed in. No third-party advertising or tracking cookies are set on this site.

Your rights

You have the right to access, correct, or delete the personal data we hold about you. To request deletion of your account and associated data, contact us via the contact form and we will process the request within 30 days.

If you are located in the European Union or California, additional rights may apply under GDPR or the California Consumer Privacy Act (CCPA) respectively.

Contact

Questions about this policy or your personal data? Use the contact form and include “Privacy” in the subject line.