Privacy Policy

Last Updated: October 1, 2025

This Privacy Policy explains how Heltebrake Art (“we,” “us,” or “our”) collects, uses, and shares personal information when you visit heltebrakeart.com (including any subdomains, staging environments, redirects, or successor domains, the “Site”), contact us, or purchase products. By using the Site, you agree to this Policy.

If you have questions, contact us at mi*****@***********rt.com.

1) Who we are

  • Business Name: Heltebrake Art (Michael Heltebrake)
  • Location: Mohave Valley, AZ
  • Contact: mi*****@***********rt.com
    For EU/UK residents: Heltebrake Art is the “controller” of your personal data for purposes of applicable data protection law.

2) What we collect

We collect information that you provide directly and data collected automatically by your device/browser.

Information you provide

  • Orders (WooCommerce): name, billing/shipping address, email, phone, order details, and any notes you add at checkout.
  • Payments: we use third-party payment processors (e.g., Stripe and/or PayPal). We do not store full card numbers. Your payment data is processed by the relevant provider under their privacy policy.
  • Contact forms (Elementor Forms): name, email, and any message or files you submit.
  • Accounts (optional): username, email, password (hashed), and profile details if you create an account.

Information collected automatically

  • Device/usage data: IP address, browser type, device identifiers, pages viewed, referring/exit pages, timestamps, and similar diagnostic data.
  • Cookies & similar tech: cookies, local storage, and pixels used for site functionality, preferences, and analytics (see Cookies below).

We do not collect sensitive personal information intentionally (e.g., government IDs, health data). Please do not send sensitive information through forms or checkout notes.

3) How we use information

We use information only for customer service, order processing, and site operations. Specifically:

  • Provide the Site & Services: process and deliver orders, returns/claims, and customer support.
  • Account & Security: authenticate users, prevent fraud/abuse, and secure the Site.
  • Operations & Improvement: maintain, analyze, and improve site performance and UX.
  • Legal/Compliance: tax, accounting, and lawful requests.

We do not sell your personal information. We also do not use your data for cross-context behavioral advertising.

4) Legal bases for processing (EEA/UK only)

  • Contract: to fulfill orders, provide support, and manage your account.
  • Legitimate interests: to secure and improve the Site, prevent fraud, and understand aggregate usage.
  • Consent: for non-essential cookies/analytics where required.
  • Legal obligation: tax, accounting, and regulatory requirements.

5) Cookies & similar technologies

We use cookies to make the Site work and to understand how it’s used.

Types

  • Strictly necessary: required for core functions (cart, checkout, security).
  • Preferences: remember choices like currency or notices.
  • Analytics: help us understand site traffic and performance.

Examples (not exhaustive)

  • WooCommerce: woocommerce_items_in_cart, woocommerce_cart_hash, wp_woocommerce_session_*, store_notice*.
  • WordPress (logged-in/admin/commenters): wordpress_*, wp-settings-*, comment_author_*.
  • Analytics (Google via Site Kit): cookies set by Google (e.g., *_ga variants) — see Google’s policies for details.

Controls

  • Use your browser settings to block/clear cookies.
  • Depending on your location, you may see a cookie banner that lets you accept/decline non-essential cookies.

6) Analytics & Search Console (Site Kit by Google)

We use Site Kit to integrate Google Analytics and Google Search Console. These services collect usage data (e.g., page views, device/browser info, approximate location) to help us understand and improve the Site.

  • Data is processed by Google according to Google’s terms and privacy policies.
  • We do not use Google Analytics for targeted advertising.
  • Reports we view are aggregated and do not identify you directly.

7) Sharing of information

We share information only with service providers that help us run the Site and fulfill orders, including:

  • Hosting & infrastructure (web host/CDN).
  • WordPress plugins & platform services (including WooCommerce and Elementor).
  • Payment processors (e.g., Stripe and/or PayPal).
  • Shipping & fulfillment partners (carriers, label services).
  • Email & communications tools (transactional email).
  • Analytics providers (Google Analytics/Search Console via Site Kit).

We require providers to use information only to perform services for us and to protect it appropriately. We do not permit them to sell your information.

We may also disclose information when required by law, to protect our rights, or in connection with a business transfer (e.g., merger or sale).

8) Payments

Payments are handled by third-party processors. We do not store full payment card data on our servers. Your payment details are provided directly to the processor and are handled under their terms and privacy policy.

9) Data retention

  • Orders & transactions: kept as long as necessary for accounting/tax/legal obligations (commonly up to 7 years).
  • Contact form submissions: typically up to 12 months unless we need them longer for support or legal reasons.
  • Accounts: retained while your account is active; you can request deletion (subject to legal holds).
  • Analytics data: retained per the settings offered by Google Analytics.

We delete or anonymize data when it is no longer needed.

10) Your rights

Depending on your location, you may have rights over your personal information, including:

  • Access to the data we hold about you.
  • Correction of inaccurate or incomplete data.
  • Deletion (erasure) in certain circumstances.
  • Portability of certain data.
  • Restriction/objection to certain processing (e.g., analytics where based on legitimate interests).
  • Withdraw consent where processing is based on consent (e.g., non-essential cookies).

California (CCPA/CPRA) and other U.S. state laws: you may have the rights above plus the right to opt out of sale or sharing of personal information. We do not sell or share personal information as those terms are defined by CPRA. We do not use targeted advertising.

To exercise your rights, email mi*****@***********rt.com. We may request information to verify your identity. Authorized agents may submit requests with proof of authorization.

11) Children’s privacy

The Site is not directed to children. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided personal information, contact us and we will delete it.

12) Security

We use reasonable technical and organizational measures to protect personal information. However, no method of transmission or storage is 100% secure.

13) International data transfers

If you access the Site from outside the United States, your information may be processed in the U.S. and other countries that may not offer the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards for such transfers (e.g., standard contractual clauses).

14) Do Not Track

Your browser may send a “Do Not Track” signal. Because there is no common industry standard for DNT, we do not respond to these signals.

15) Third-party links

The Site may contain links to third-party sites or services. We are not responsible for their privacy practices or content.

16) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will post the updated Policy on this page with a new “Last Updated” date. Your continued use of the Site after changes become effective means you accept the updated Policy.

17) Contact us

If you have questions or requests about this Policy or your data: