Privacy Policy

Who we are

Our website address is: https://bound2bee.com.

Bound2Bee is a sole proprietorship owned and operated by Amy Bruce, located in Indiana, United States. We are a small business specializing in handmade journals, photo albums, and stationery.

For any questions regarding this Privacy Policy, your personal data, or to exercise your rights under applicable privacy laws (such as the CCPA or GDPR), please contact us directly at: privacy@bound2bee.com.

Comments

This site does not accept user comments. If you wish to contact us, please use the information provided on our Contact page.

Media

This website does not allow visitors to upload images or files. All images displayed on this site are uploaded solely by the site administrator.

If you are the site administrator uploading images to this site, you should avoid uploading images with embedded location data (EXIF GPS) included. While visitors to the website can download images, they cannot extract location data from images that have been properly stripped of metadata prior to upload.

Note: We do not store or process any images sent to us via email or other private channels unless we explicitly choose to publish them on the site. If we do publish such an image, we will ensure all identifying metadata is removed beforehand.

Cookies

Visitor Experience Because this site does not allow public comments, we do not set cookies to remember visitor names, email addresses, or website URLs.

Administrative Use If you are a registered administrator (the site owner), we set cookies to manage your login session and editorial preferences:

  • Login Cookies: These verify your identity and persist for 2 days (or 2 weeks if you select “Remember Me”).
  • Editor Cookies: If you edit or publish content, a temporary cookie identifies the post ID you are working on. This expires after 1 day.
  • Screen Options: Cookies that remember your dashboard display preferences last for 1 year.
  • Note: These cookies are strictly for administrative functionality and do not track your browsing activity outside of this site.

Analytics and Third-Party Tracking We use Google Analytics (via Site Kit by Google) to understand how visitors interact with our content. This service sets cookies to collect anonymous data such as page views, referral sources, and device types. This data is used solely to improve the site and is not linked to your personal identity.

You can control or delete cookies via your browser settings. Most browsers allow you to block all cookies or notify you when a cookie is set. However, blocking administrative cookies will prevent you from logging in if you are an authorized user.

Embedded Content from Other Websites

Articles on this site may include embedded content such as videos, images, or social media posts. When you interact with embedded content, it behaves as if you have visited the source website directly.

We may embed content from the following third-party services:

  • YouTube (videos): Google may collect data about you, set cookies, and track your interaction with the video. If you are logged into a Google account, YouTube may associate your viewing with your account. Privacy policy: https://policies.google.com/privacy
  • Instagram (posts/images): Meta may collect data, set cookies, and track your interaction with the embedded post. If you are logged into Instagram, Meta may link your activity to your account. Privacy policy: https://www.instagram.com/about/legal/privacy/
  • TikTok (videos): TikTok may collect data, set cookies, and track your interaction with embedded content. Note that TikTok’s embeds may set tracking cookies when the page loads, even if you do not interact with the video. If you are logged into TikTok, ByteDance may link your activity to your account. Privacy policy: https://www.tiktok.com/legal/privacy-policy-us

We do not control the data practices of these third-party services. We encourage you to review their privacy policies directly.

Who We Share Your Data With

We do not sell your personal data. However, to operate our business and website, we share data with specific third-party service providers. These providers are contractually obligated to protect your data and only use it for the services we request.

1. E-commerce and Payment Processors

  • Etsy: For orders placed on Etsy.com, your data (including name, address, and payment details) is processed by Etsy. We receive your shipping information to fulfill the order. See Etsy’s Privacy Policy: https://www.etsy.com/legal/privacy/
  • Mayhem Marketplace & Cash App: For orders placed via Mayhem Marketplace, transactions are processed directly through Cash App. When you pay via Cash App, your payment data is handled by Cash App (Block, Inc.). We receive your name and shipping address from the order details to fulfill your item, but we do not store your financial information. See Cash App’s Privacy Policy: https://cash.app/legal/us/en-us/privacy

2. Shipping Carriers To deliver your purchased items, we share your name, address, and contact information with shipping carriers (e.g., USPS, UPS, FedEx) solely for the purpose of delivery.

3. Website Analytics As noted in the “Cookies” section, we use Google Analytics. This service shares anonymous usage data with Google servers to help us understand site traffic.

4. Administrative Functions

  • Password Resets: If you request a password reset for an account on this site, your IP address is included in the reset email for security verification.
  • Hosting Provider: Your data is stored on our hosting provider, DreamHost. They have access to server logs and backups but are contractually bound to protect your data.

5. Legal Requirements We may disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

How Long We Retain Your Data

Order and Customer Data We retain order information—including customer names, shipping addresses, and order details—for a minimum of 3 years after the date of purchase. This retention period is necessary for tax reporting, order dispute resolution, and legal compliance. After this period, order data is deleted unless retention is required by law.

Contact Form Submissions Messages sent through our contact form are retained for up to 1 year, after which they are deleted. If an inquiry leads to an ongoing business relationship (e.g., a custom order), relevant details may be retained as part of your order record.

Website Analytics Google Analytics data is retained for 14 months (our configured retention period), after which it is automatically deleted. This data is anonymous and not linked to personally identifiable information.

Server Logs Our hosting provider (DreamHost) maintains temporary server logs that may include IP addresses and browser information. These logs are routinely rotated and deleted according to DreamHost’s standard retention schedule.

No User Accounts This website does not offer public user registration. We do not maintain user profiles or accounts for visitors.

What rights you have over your data

Depending on your location (e.g., the European Union, California, or other jurisdictions), you may have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure: You can request that we delete your personal data, subject to certain exceptions.
  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request that we transfer your data to another service provider in a structured, commonly used format.

How to Exercise Your Rights To exercise any of these rights, please contact us at privacy@bound2bee.com. In your request, please include:

  • Your full name and email address associated with your order or inquiry.
  • A description of the right you wish to exercise.
  • Any relevant order numbers (if applicable).

We will respond to your request within 30 days.

Exceptions to Erasure Please note that we cannot comply with a request for erasure if we are legally required to retain the data. This includes:

  • Tax and Accounting Records: We are required by law (IRS and Indiana state law) to retain order records (names, addresses, transaction amounts) for a minimum of 3 to 7 years for tax reporting and audit purposes.
  • Dispute Resolution: We may retain data necessary to resolve an ongoing dispute, warranty claim, or legal proceeding.
  • Fraud Prevention: Data may be retained if necessary to prevent fraud or secure our systems.

No User Accounts As this site does not offer public user registration, there are no user profiles to access or delete. Your data is limited to your order history, contact form submissions, and any analytics data collected.

Where Your Data Is Sent

Your personal data is primarily stored and processed within the United States. However, depending on the services we use, your data may be transferred to or accessed from locations outside the United States.

Domestic Transfers (United States) The following services process your data within the US:

  • Hosting: Your website data is hosted by DreamHost, a US-based provider.
  • Payments: Transaction data is processed by Cash App (Block, Inc.) and Etsy, both US-based companies.
  • Shipping: Your name and address are shared with US-based carriers (USPS, UPS, FedEx) for delivery.
  • Analytics: Google Analytics data is processed by Google, which operates globally but primarily serves US traffic from US servers.

International Transfers If you are accessing this site from outside the United States, your data may be transferred to the US for processing. Additionally, if you purchase from our Etsy shop, Etsy may transfer your data to other countries where they operate to fulfill your order.

Spam Detection Unlike many WordPress sites, we use Antispam Bee for spam detection. This plugin processes comments locally on our server and does not transmit your comment data or IP address to any external third-party spam detection service.

Data Protection Measures When we transfer data internationally, we rely on standard contractual clauses or the adequacy of the destination country’s data protection laws (where applicable) to ensure your data remains secure.

Last updated 04/26/2026