Privacy.

Your name, email, shipping and billing address, phone, measurements, order history, payment metadata (not the card number itself — that lives with Stripe), and site analytics. Newsletter only if you opt in.

To make the piece, ship the piece, and talk to you about the piece. We send the atelier note only if you've opted in.

No selling lists. No third-party advertising trackers. No facial recognition. No AI training on customer images.

The atelier runs on a small set of careful suppliers. Each handles a single concern, and we list them by name so you can read their policies yourself.

• Stripe

  Payment processing. PCI-DSS Level 1. Stripe-secured.

• Resend

  Transactional and marketing email — order confirmations and the atelier note.

• Cloudflare

  Image hosting and content delivery (CDN).

• Sanity

  The headless CMS where editorial copy lives.

• Microsoft Azure

  Australia East data centres — the application servers and the Postgres database. Data lives in Australia where possible.

Under Australian Privacy Principle 12, you can request a copy of the personal information we hold about you, request a correction, or request deletion. We respond within 30 days as the Act requires. Write to privacy@aratrikkaz.com.

Only the functional ones (cart, authentication). No analytics cookies until you accept the consent banner.

We don't sell to under-18s. We don't knowingly collect data from them.

If a breach occurs that's likely to cause serious harm, we notify you and the Office of the Australian Information Commissioner (OAIC) within the timelines set by the Act. Our internal NDB process is documented at /admin/ndb (atelier-internal).

This policy is versioned. Changes are shown here, and the previous version is archived so you can compare.

Write to Ketki at privacy@aratrikkaz.com or via /contact.