Eleven Spectacles logo

Privacy Policy

Welcome to Eleven Spectacles! Your privacy is important to us, and this Privacy Policy explains how we collect, use, and protect your personal data when you interact with our website.

What data do we collect?

We may collect personal identification information from you, such as your name, email address, and order details. This information is essential for processing your orders, providing customer support, and enhancing your shopping experience.

How do we collect your data?

Eleven Spectacles collects part of the data you provide directly. We gather and process your data when you:

  • Place an order on our website, including entering your name, address, and payment details.
  • Contact us via the contact page or through customer support channels.
  • Voluntarily complete a customer survey or provide feedback through message boards, email, or reviews.

Additionally, we may receive your data indirectly from the following sources:

Railway

Railway provides cloud hosting services that enable you to manage and store data on behalf of users. Railway commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Data Security

Railway implements comprehensive security protocols to protect the personal data it hosts. These include encryption both at rest and in transit, strict access controls, and continuous monitoring to safeguard data from unauthorized access. Railway’s platform leverages advanced security best practices to ensure that data is kept secure, including regular security updates and patches, vulnerability management, and proactive monitoring.

GDPR Compliance

Railway is committed to helping you comply with the General Data Protection Regulation (GDPR). As a data processor, Railway provides tools and features that allow you to manage and control the data your customers provide. Railway adheres to GDPR’s principles of data protection and provides features like data encryption, data access controls, and audit logs, which help ensure your compliance with GDPR requirements.

Additionally, Railway supports the exercise of data subjects' rights under GDPR, such as access, rectification, and deletion of personal data. You can manage your data retention and deletion practices via Railway’s platform to comply with GDPR’s right to erasure (the “right to be forgotten”).

Data Incident Notification

In the unlikely event of a data incident affecting personal data hosted on Railway’s infrastructure, Railway commits to notifying affected parties without undue delay. As per GDPR requirements, Railway will inform you of any data incident within 72 hours of becoming aware of the issue. You will be provided with the necessary information to notify your users, if applicable.

Stripe

Stripe acts primarily as a data processor for businesses that use its payment processing services. When you integrate Stripe into your website or app to handle transactions, personal data related to those transactions — such as names, email addresses, and payment details — are processed by Stripe. This means that Stripe collects and processes personal data indirectly.

Data Security

Stripe implements robust security measures to protect the personal data it processes, including virtual access control, data access control, disclosure control, entry control, availability control, and separation control.

GDPR Compliance:

Stripe has taken steps to ensure GDPR compliance, including providing mechanisms for data subjects to exercise their rights under GDPR, such as rectification, erasure, portability, objection, and access.

Data Incident Notification

In the event of a data incident affecting personal data subject to GDPR, Stripe commits to notifying affected parties without undue delay, which is no later than 48 hours after becoming aware of the incident.

Brevo

Brevo, similar to Stripe, handles personal data on behalf of its clients, particularly in the context of email marketing and marketing automation. When you use Brevo's services, personal data collected through these channels is processed by Brevo.

GDPR Compliance

Brevo has implemented measures to comply with GDPR, including enabling users to rectify their personal information, cancel subscriptions and erase their data, request data portability, unsubscribe from specific uses of their information, and access and modify their personal data.

Posthog

PostHog is an open-source analytics platform that offers a variety of features, including product analytics, session recording, feature flags, and experimentation. One of its notable capabilities is the ability to perform cookieless tracking, which is particularly relevant for organizations concerned about user privacy and compliance with regulations such as GDPR or HIPAA. Here's how PostHog facilitates cookieless tracking and its implications for GDPR compliance

Cookieless Tracking

Traditionally, analytics tools like PostHog store user information in the browser using cookies. This method enables tracking users across sessions, caching feature flag data, and more. However, PostHog recognizes that there are situations where using cookies might not be desirable or permissible due to privacy concerns or regulatory restrictions. To address this, PostHog offers a cookieless tracking option.

Storing Data Without Cookies

Instead of relying on cookies, PostHog can store user data in page memory during cookieless tracking. This approach uses a JavaScript object that persists only for the duration of the page view. Since the data does not persist beyond the current session, it does not create permanent user profiles, aligning with stricter privacy requirements.

Privacy and Compliance

By avoiding the use of cookies, PostHog's cookieless tracking mode helps organizations meet stringent privacy standards and comply with regulations like GDPR and HIPAA. This is particularly beneficial for businesses operating in jurisdictions with strict data protection laws.

GDPR Compliance

PostHog's support for cookieless tracking is part of its broader commitment to GDPR compliance. By offering EU cloud hosting and the option to self-host, PostHog ensures that user data can be kept within the EU, further aligning with GDPR requirements. Additionally, PostHog's open-source nature and configurable consent mechanisms provide organizations with the flexibility to tailor their analytics practices to meet specific compliance needs

How will we use your data?

Eleven spectacles collects your data so that we can:

  • Process your order and manage your account.
  • Email you with special offers on other products and services we think you might like.
  • Improve user experience by collecting anonymous data using Posthog.

When Eleven spectacles processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.

How do we store your data?

Eleven spectacles securely stores your data using Railway’s cloud infrastructure. Railway provides strong security measures, including encryption at rest and in transit, along with compliance to industry-standard security frameworks and regulations such as GDPR. Railway’s security strategy emphasizes product security, platform security, and infrastructure security, with continuous vulnerability management and proactive security measures.

Eleven spectacles will retain your (Name, email address & order information) for five years. After this period, we will securely delete your data by removing all associated entries from the database.

Marketing

Eleven spectacles would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies.

Brevo

If you have agreed to receive marketing, you may always opt out at a later date. You have the right at any time to stop Eleven spectacles from contacting you for marketing purposes or giving your data to other members of the Eleven Spectacles Group. If you no longer wish to be contacted for marketing purposes, please click here.

What are your data protection rights?

Eleven Spectacles would like to make sure you are fully aware of all of your data protectionrights. Every user is entitled to the following:

  • The right to access – You have the right to request Eleven spectacles for copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification – You have the right to request that Eleven Spectacles correct any information you believe is inaccurate. You also have the right to request Eleven Spectacles to complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that Eleven Spectacles erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that Eleven Spectacles restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to Eleven Spectacles’s processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that Eleven Spectacles transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email support@elevenspectacles.com

Privacy policies of other websites

Our website may contain links to other websites. Please note that once you click on a link to leave Eleven Spectacles, we are not responsible for the privacy practices of other websites. We encourage you to review their privacy policies to understand how they handle your data.

Changes to our privacy policy

Eleven Spectacles keeps its privacy policy under regular review and places any updates on this web page.