ru-ru
Privacy Policy
This Privacy Policy explains how Terralla collects, uses, shares, and protects information when you use terralla.com.
Last updated: May 16, 2026
§1 Information We Collect
We collect information to operate Terralla, process orders, improve the website, and respond to customer requests.
Information you provide may include name, email address, phone number, shipping address, billing address, order details, account preferences, messages, and marketing consent choices.
Information collected automatically may include browser type, IP address, device data, pages viewed, referral source, browsing history on terralla.com, cookie identifiers, language and market preference, and analytics events.
Information from third parties may include payment status from Stripe, subscription status from Klaviyo, analytics signals from GA4, advertising measurement from Meta Pixel, and delivery updates from DHL or Aramex where available.
We do not store full card numbers on Terralla systems.
§2 How We Use Your Information
We use your information for the purposes below. Where we rely on consent, you can withdraw consent at any time.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Process orders, payment, delivery, returns | Contact, address, order, payment status | Contract, GDPR Article 6(1)(b) |
| Customer support | Contact details, order details, messages | Contract and legitimate interests |
| Marketing emails | Email, consent status, preferences | Consent |
| Site analytics | Device, browsing, cookie data | Consent where required; legitimate interests |
| Fraud prevention and security | IP, order signals, payment risk data | Legitimate interests; legal obligation |
| Tax, accounting, legal records | Order, invoice, payment and delivery records | Legal obligation |
§3 Third Party Data Sharing
We share information only where needed to operate Terralla. Cross-border transfers may occur when providers process data outside your country.
For UAE PDPL, Terralla will use permitted cross-border transfer mechanisms, including transfer to jurisdictions with adequate protection or contractual safeguards where required. For GDPR, Terralla will use appropriate safeguards such as Standard Contractual Clauses where required.
We do not sell personal information for money.
| Partner | Role | Possible Processing Region |
|---|---|---|
| Stripe | Payment processor | US / EU / MENA infrastructure depending on setup |
| Klaviyo | Email service provider | US and other service regions |
| GA4 | Analytics | US and global Google infrastructure |
| Meta Pixel | Marketing measurement | US and global Meta infrastructure |
| DHL / Aramex | Shipping and delivery | MENA / global courier networks |
| Shopify | Storefront, checkout, order systems | Shopify global infrastructure |
| Supabase | Contact and operational records where used | Region selected by Terralla |
§4 Cookies
Terralla uses cookies and similar technologies. A full Cookie Policy may be published later. Until then, this section is the short cookie notice linked from the cookie banner.
You can change cookie choices in the banner settings panel where available. Browser settings may also let you block or delete cookies.
| Cookie Type | Purpose | Default |
|---|---|---|
| Necessary | Site function, security, checkout, market routing | Always on |
| Analytics | Understand site performance and usage | Off until consent where required |
| Marketing | Measure campaigns and ads | Off until consent where required |
| Preferences | Remember language, market, and display choices | Controlled by user settings where available |
§5 Your Rights
Depending on your location, you may have rights under GDPR Articles 12-22, UAE PDPL Articles 13-19, and other applicable laws.
To request a right, email kevin@terralla.com. We may verify your identity before responding.
- Access: ask for a copy of your personal data.
- Rectification: ask us to correct inaccurate data.
- Erasure: ask us to delete data where the law allows.
- Restriction: ask us to limit processing.
- Portability: ask for a portable copy of certain data.
- Objection: object to certain processing.
- Withdraw consent: withdraw consent for marketing or optional cookies.
- Complaint: lodge a complaint with a data protection authority.
§6 Data Retention
We keep personal data only as long as needed. Retention periods may change if law, tax rules, payment rules, or disputes require a different period.
| Data Type | Draft Retention Standard |
|---|---|
| Account data | Active account period + 3 years of inactivity |
| Order records | 7 years for tax, accounting, and legal records |
| Marketing records | Deleted or suppressed within 30 days after opt-out, unless suppression is needed to avoid re-contact |
| Technical logs | 90 days unless needed for security, fraud, or legal review |
| Support messages | As long as needed for service history and dispute handling |
§7 Security
We use reasonable technical and organizational measures to protect personal data.
Current intended controls include HTTPS, TLS 1.3 where supported, Stripe PCI DSS Level 1 payment processing, Supabase encryption at rest where Supabase is used, access controls, and limited internal access.
Terralla does not store full credit card numbers. Payment card data is handled by Stripe and payment providers.
No online service is completely secure. Please protect your login details and contact us if you suspect unauthorized use.
§8 Contact DPO / Controller
Data Protection Officer / Controller: Kevin Huan.
Email: kevin@terralla.com.
Address: Terralla legal address to be provided before checkout opens.
Use this contact for privacy requests, data rights, and policy questions.
§9 Updates
We may update this Privacy Policy as our store, legal obligations, providers, or markets change.
For material changes, Terralla will provide notice by email where appropriate and / or website banner for 30 days.