Privacy Policy

Last updated: 2025-11-10

Thank you for visiting Peridot Works (the “Site”). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you browse our Site, purchase products, or otherwise interact with us.

Who we are

Peridot Works operates a product and custom-order website, hosted on Cloudflare Pages and managed with Eleventy and Decap CMS. Our primary audience is the United States, and we are based in Nevada.

Information we collect

• Information you provide (for example, when placing an order or contacting us): name, email address, phone number, billing/shipping or pickup details, order notes, and any files or messages you submit.
• Checkout & payments: We use Stripe to process payments. We do not receive or store full credit/debit card numbers. Stripe may collect payment details and device information per its own privacy policy.
• Automatically collected data: server logs, IP address, browser/user-agent, pages viewed, and request metadata collected by our hosting/CDN (Cloudflare) for security and performance.
• Cookies & similar technologies: essential cookies for cart/checkout and session management, and any cookies set by Stripe during payment. If we add analytics or advertising later, we will update this section and (where required) present consent controls.
• Admin access (Decap CMS): If you sign in to the CMS (admin-only), our GitHub OAuth proxy handles authentication tokens strictly to enable secure content management. This is not used for customer browsing or checkout.

How we use information

• To operate the Site, fulfill and deliver orders, process payments, and provide customer support.
• To communicate about orders, pickups/deliveries, refunds, and service updates.
• To maintain security, prevent fraud, and ensure site reliability and performance.
• To comply with legal obligations and enforce our terms.

Payments via Stripe

Payments are processed by Stripe. Peridot Works does not store full payment card details. Stripe acts as an independent controller or processor of your payment data as described in its privacy documentation. For details on Stripe’s practices, see Stripe’s Privacy Policy.

Hosting, CDN, and security (Cloudflare)

We use Cloudflare for hosting, content delivery (CDN), and security (DDoS protection, firewall, and caching). Cloudflare may process IP addresses and request metadata to provide these services. Cloudflare’s processing is governed by its own privacy policy.

Sharing of information

• Service providers: We share information with vendors who help us run the Site (e.g., hosting, payment processing, email). They are permitted to process data only to provide their services to us.
• Legal: We may disclose information if required by law, legal process, or to protect rights, property, and safety.
• No sale of personal information: We do not sell or “share” personal information for cross-context behavioral advertising as defined under the CPRA. If that ever changes, we will update this policy and provide opt-out mechanisms.

Data retention

We keep personal information only as long as needed for the purposes above—for example, order records for tax/audit requirements and customer service—unless a longer retention period is required or permitted by law. Payment data is retained by Stripe per its own policies.

Your choices & rights

• Marketing: If you receive marketing emails from us, you can unsubscribe at any time using the link in the email or by contacting us.
• Cookies: You can typically control cookies via your browser settings. Disabling essential cookies may impact site or checkout functionality.

California (CCPA/CPRA)

California residents have rights to access, correct, and delete certain personal information, to opt out of sale or sharing, and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise rights, contact us using the details below. We will not discriminate against you for exercising your rights.

Nevada

Nevada residents may submit a verified request to opt out of the sale of covered information. We do not sell covered information as defined by Nevada law. You may still contact us if you have questions or wish to submit a request.

European Economic Area/UK (GDPR)

If you are in the EEA/UK, you may have rights to access, rectification, deletion, restriction, portability, and to object to processing, as well as the right to lodge a complaint with your local supervisory authority. Our legal bases include performance of a contract (e.g., fulfilling an order), legitimate interests (e.g., security, improvement), consent (where applicable), and compliance with legal obligations.

Children’s privacy

Our Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it.

Security

We employ reasonable physical, technical, and organizational measures to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

International transfers

Our services and vendors may operate in multiple countries. Where applicable, we use appropriate safeguards to protect personal information transferred across borders.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date above indicates the latest revision. Material changes will be posted on this page, and where required, we will seek your consent.

Contact us

If you have questions or wish to exercise your privacy rights, contact us at:
Email: hello@peridotworkslv.com
Website: https://peridotworkslv.com
Business location: Las Vegas, Nevada, USA

If you have questions about this policy or your order, see our FAQ or email build@peridotworkslv.com.