Data Processing Agreement

Last updated: May 14, 2025

At Leaf & Latch, we treat your personal information like we treat our favorite plants—with care, attention, and no unnecessary handling. This policy explains how we collect, process, and protect your data in accordance with global privacy laws like the GDPR (European Union) and CCPA (California).

If you interact with our website, make a purchase, or sign up for our newsletters or rewards program, this agreement applies to you.

What Data We Process

We collect and process the following types of data as necessary to fulfill orders, provide services, and maintain a functional, secure online shop:

  • Identity data: name, email address, billing and shipping address
  • Order data: product purchases, order history, transaction status
  • Account data: login credentials (encrypted), reward points, wishlist items
  • Technical data: IP address, browser type, location (based on IP), device type
  • Behavioral data:page visits, time spent, cart activity (for analytics)

Why We Process It

We process this data to:

  • Fulfill and ship your orders
  • Provide downloadable access to digital products
  • Manage your Leaf & Latch account
  • Offer customer support and refunds
  • Track Loyalty rewards via Smile.io
  • Improve our site functionality and layout
  • Deliver marketing emails (if you opt in)

We only process data when there’s a legal basis to do so, including:

  • Contractual necessity (e.g. order fulfillment)
  • Legal Compliance
  • Legitimate interest (e.g. website performance analytics)
  • Explicit consent (e.g. email list signup)

Who Processes Your Data

We do not sell or rent your data—ever.

Your information is processed only by:

  • Leaf & Latch (internal use only)
  • Shopify (storefront and checkout)
  • Printify (for physical product fulfillment)
  • Smile.io (for rewards tracking)
  • Wishlist Plus (to save products for later)
  • Google Analytics (anonymous site usage stats)

These third-party platforms are compliant with GDPR/CCPA requirements.

Your Rights (Under GDPR & CCPA)

Depending on your location, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time
  • Port your data to another platform
  • Limit or object to certain processing
  • Opt out of marketing communications
  • Request a list of data processors

To make a request, email leafandlatch.studio@gmail.com. We’ll respond within 30 days (and likely sooner).

Data Retention

We retain your personal data only for as long as it’s necessary:

  • To complete transactions or offer downloads
  • To comply with legal and tax obligations
  • To manage your loyalty or Wishlist accounts
  • Or until you ask us to delete it

After that, your data is securely deleted or anonymized.

Security Measures

We take data security seriously. Your information is encrypted where applicable and protected by Shopify’s secure infrastructure. Access is restricted to necessary personnel only.

Contact for Data Requests

To exercise any of your rights or ask questions about how your data is handled, contact us at:

Email: leafandlatch.studio@gmail.com

We’re Here to Help—Then Get You Back to the Fun

If your questions are still leafing around in your head, we’ve got you. Our inbox is always open, and we’re happy to help with anything from refunds to planner picks.

But if everything’s clear and you’re feeling ready—let’s get you back to where the real magic grows: digital planners, juicy stickers, and plant-powered joy.

Shop Leaf & LatchContact Us