Privacy policy
Heartbloom
Privacy Policy
heartbloomcards@gmail.com
Effective Date: Feb 28, 2026.
At Heartbloom (“Heartbloom,” “we,” “us,” or “our”), we are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, share, and protect information when you visit our website, place an order, create an account, or otherwise interact with us.
By using our website or purchasing our products, you agree to the practices described in this Privacy Policy. If you do not agree with these practices, please discontinue use of our site and services.
1. Information We Collect
We collect information from you in a few different ways depending on how you interact with us.
Information You Provide Directly
When you create an account, place an order, subscribe to our newsletter, or contact us for support, we may collect:
• Name, billing address, and shipping address
• Email address and phone number
• Payment information (credit/debit card details, processed securely through our payment processor — Heartbloom does not store full card numbers)
• Account login credentials (username and password)
• Order history, product reviews, and return or exchange information
• Messages, personalization text, and custom content you submit for personalized card orders
• Any other information you choose to share when contacting us
Information Collected Automatically
When you browse our website, we and our service providers may automatically collect certain technical and usage information, including:
• IP address and approximate location (city/region level)
• Device type, browser type, and operating system
• Pages visited, time spent on pages, links clicked, and search terms used on our site
• Referring website or advertisement that brought you to our site
• Information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 4)
Information from Third Parties
We may receive information about you from third-party sources, such as:
• Payment processors and fraud prevention services that verify transaction information
• Shipping carriers that provide delivery status and address validation
• Analytics providers (e.g., Google Analytics) that help us understand how visitors use our site
• Social media platforms if you interact with our content or connect a social account
• Other users who provide your information to send you a card or gift through our platform
2. How We Use Your Information
We use the information we collect for the following purposes:
To Fulfill Your Orders and Provide Our Services
• Process and ship your orders and send order confirmations and tracking updates
• Produce personalized or custom card orders based on the content you submit
• Manage your account and maintain your order history
• Process returns, exchanges, and refunds
To Communicate with You
• Respond to your questions, comments, or customer service requests
• Send transactional emails (order confirmations, shipping notifications, return updates)
• Send marketing emails, promotional offers, and newsletters — only if you have opted in or as permitted by applicable law
• Notify you of changes to our policies, products, or services
To Improve Our Business
• Analyze website traffic and usage patterns to improve our website and product offerings
• Conduct internal research, analytics, and reporting
• Detect, investigate, and prevent fraud, unauthorized access, and other illegal or harmful activity
• Comply with legal obligations and enforce our Terms of Service
3. How We Share Your Information
We do not sell your personal information to third parties. We may share your information in the following limited circumstances:
Service Providers
We work with trusted third-party vendors who help us operate our business, including payment processors, shipping carriers, email marketing platforms, customer support tools, and analytics providers. These vendors are permitted to use your information only to perform services on our behalf and are contractually obligated to protect it.
Legal Requirements
We may disclose your information if required to do so by law or in good-faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the safety of our customers or the public.
Business Transfers
In the event of a merger, acquisition, sale of assets, or other business transition, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website if such a transfer occurs and your information becomes subject to a different privacy policy.
With Your Consent
We may share your information with additional third parties when you have given us your explicit consent to do so.
4. Cookies and Tracking Technologies
We use cookies and similar technologies (such as web beacons and pixels) to improve your browsing experience, remember your preferences, analyze site traffic, and support our marketing efforts.
Types of Cookies We Use
• Essential Cookies: Required for the website to function properly (e.g., keeping items in your cart, maintaining your login session). These cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our site so we can improve it (e.g., Google Analytics).
• Preference Cookies: Remember your settings and choices so you don’t have to re-enter them each visit.
• Marketing Cookies: Track your visits and interactions to deliver more relevant advertisements.
Managing Cookies
You can control or disable non-essential cookies through your browser settings at any time. Please note that disabling cookies may affect the functionality of certain parts of our website. You may also opt out of interest-based advertising by visiting the Digital Advertising Alliance (DAA) opt-out page at optout.aboutads.info or the Network Advertising Initiative (NAI) opt-out page at optout.networkadvertising.org.
5. Email Marketing & Communications
If you opt in to receive marketing communications, we may send you promotional emails about new products, seasonal sales, and special offers. You can unsubscribe at any time by clicking the “Unsubscribe” link in the footer of any marketing email or by contacting us at heartbloomcards@gmail.com.
Please note that even if you opt out of marketing emails, you will continue to receive transactional communications related to your orders, account, and customer service inquiries.
6. How We Protect Your Information
We take the security of your personal information seriously. We employ commercially reasonable administrative, technical, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction. These include:
• Secure Sockets Layer (SSL) / TLS encryption for data transmitted to and from our website
• Payment card data handled exclusively by PCI-DSS compliant third-party payment processors; we do not store full card numbers
• Restricted internal access to personal information on a need-to-know basis
• Regular review of our security and data practices
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You provide your information at your own risk.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our services, comply with our legal obligations, resolve disputes, and enforce our agreements. If you would like us to delete your personal information, please contact us at heartbloomcards@gmail.com. Please note that certain information may be retained as required by law or for legitimate business purposes even after a deletion request.
8. Children’s Privacy
Our website and services are not directed toward individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete it promptly. If you believe we may have information from or about a child, please contact us at heartbloomcards@gmail.com.
9. Your Privacy Rights
Depending on where you live, you may have certain rights regarding your personal information. We are committed to honoring those rights.
All Users
• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete information.
• Deletion: You may request that we delete your personal information, subject to certain legal exceptions.
• Opt-Out of Marketing: You may unsubscribe from marketing communications at any time.
California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
• Right to Know: The right to know what personal information we collect, use, disclose, and sell about you.
• Right to Delete: The right to request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt-Out: The right to opt out of the sale or sharing of your personal information. HeartBloom does not sell your personal information for money. However, certain cookie-based activity may qualify as “sharing” under California law. You may opt out using your browser’s privacy settings or by contacting us.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To submit a CCPA request, contact us at heartbloomcards@gmail.com. We will respond within 45 days as required by law.
European Union & UK Residents (GDPR)
If you are located in the European Union or United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, correct, delete, or restrict processing of your personal data, as well as the right to data portability and the right to object to processing. Our lawful bases for processing your data include performance of a contract (fulfilling your order), compliance with legal obligations, and legitimate interests (improving our services, preventing fraud).
To exercise any GDPR rights or to lodge a complaint, please contact us at heartbloomcards@gmail.com. You also have the right to lodge a complaint with your local data protection authority.
10. Third-Party Links
Our website may contain links to third-party websites, social media platforms, or other services. These third-party sites have their own privacy policies, which we do not control and are not responsible for. We encourage you to review the privacy policy of any site you visit through a link on our website.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
Heartbloom Cards
Email: heartbloomcards@gmail.com
We will respond to all privacy-related inquiries within 30 days.
Thank you for trusting Heartbloom with your information. Your privacy matters to us. 🌸