Skip to content Skip to footer
0 items - $0.00 0
Request a Quote
0 items - $0.00 0
Request a Quote

Privacy Policy

Close
1. Introduction
Golden Wood Art (“Golden Wood Art,” “we,” “us,” or “our”) operates the website located at https://goldenwoodartoc.com (the “Site”), an online storefront showcasing and selling handcrafted wood artwork and related products. We are based in Orange County, California, USA. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit the Site, place an order, contact us, or interact with our content. By using the Site, you agree to this Privacy Policy and to our Terms of Service (and Cookie Notice, where applicable). If you do not agree, please do not use the Site. We handle personal information in accordance with applicable laws, including the California Consumer Privacy Act (CCPA/CPRA) and, where relevant, the EU/UK GDPR. If you have questions or wish to exercise your privacy rights, please reach us through our Contact page.
2. Data Collected
Data Storage Location
We are a California-based small business and our website is hosted by third-party providers with servers located in the United States. Depending on your location, your information may be transferred to and processed in the U.S. We use administrative, technical, and physical safeguards to help protect your data.
Account / Registration Data
If you create an account (e.g., during checkout or via “My Account”), we store your username, name, email address, and any billing/shipping details or other information you add to your profile. You can view and edit your information in your account at any time (except your username). Website administrators can also view and edit this information to fulfill orders and provide support.
Order & Purchase Data
When you place an order, we collect your name, email address, phone number (optional), billing and shipping addresses, items purchased, order notes, and transaction amounts (including taxes, shipping, and discounts). Payment details (such as credit card numbers) are processed securely by our payment processors (e.g., Stripe or PayPal) and are not stored on our servers. We retain order information for accounting, tax, and warranty/record-keeping purposes.
Customer Support
If you contact us via our contact form, email, or social media, we collect the information you provide (including any attachments) so we can respond to your inquiry. We keep these submissions only for customer service and record-keeping; they are not used for marketing without your consent.
Comments & Reviews
When visitors leave product reviews or comments, we collect the data shown in the form, as well as the visitor’s IP address and browser user agent string to help with spam detection. If we use avatar services (e.g., Gravatar), an anonymized string created from your email address may be provided to that service to display an avatar (see the Gravatar privacy policy at Automattic Privacy Policy).
Contact Form
Information submitted through our contact form is emailed to our team and may be stored in our website system for backup and troubleshooting. These submissions are kept only for customer service purposes and are never shared with third parties for marketing.
Analytics
We use Google Analytics to understand how visitors use our site (pages viewed, time on page, device type, etc.). This reporting is aggregated and does not identify you directly. To opt out of Google Analytics, you can use Google’s browser add-on here: Google Analytics Opt-out.
Cases for Using Personal Data
We use your personal information to:
  • Verify/identify users during website use and maintain account security;
  • Process and deliver orders, payments, returns, and customer support;
  • Send transactional updates about orders, shipping, and important changes to our services;
  • Detect and prevent fraud and protect the security of our website and customers’ information;
  • Personalize content, remember your preferences, and improve your shopping experience;
  • Analyze site performance and administer the website (including troubleshooting and debugging);
  • Comply with legal, tax, and regulatory obligations.
3. Embedded Content

Pages on this site may include embedded content (for example, videos, social media posts, or maps). Embedded content from other websites behaves in the same way as if you visited those websites directly. Those services may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with the embedded content (including if you are logged in to those services).

Where our cookie banner blocks third-party embeds until consent is given, requests to those services (including your IP address) are not sent until you consent.

Instagram

We may embed Instagram posts or use an Instagram feed. Instagram (Meta) sets its own cookies and processes data per its policies. Learn more here: Instagram Privacy Policy.

YouTube

We embed YouTube videos, typically using “privacy-enhanced mode” (youtube-nocookie.com) when available. YouTube may set cookies and collect usage data. Learn more here: Google/YouTube Privacy Policy.

Facebook

We may display our Facebook page or posts via Facebook plugins. Facebook sets its own cookies and processes data per its policies. Learn more here: Facebook Privacy Policy.

Google Maps

We may embed Google Maps to show locations (e.g., events or pickup points). Google may set cookies and collect usage data. Learn more here: Google Privacy Policy.

Other Embeds

From time to time, we may embed content from additional providers (e.g., Pinterest or Vimeo). Any such use will be governed by the provider’s own privacy policy.

4. Cookies

This site uses cookies (small text files stored on your device) to make the website work, remember your preferences, enable secure checkout, and help us understand how the site is used. Some cookies are “strictly necessary” for core functionality; others are used for analytics and improvements. You can manage non-essential cookies via our cookie banner or disable cookies in your browser settings.

Your Choices
  • Use our cookie banner to accept or reject non-essential cookies.
  • Control cookies in your browser (see the Help section of your browser for instructions).
  • Opt out of Google Analytics here: Google Analytics Opt-out.
Strictly Necessary Cookies (all visitors)
  • Security & performance (Cloudflare) – helps protect the site from bots and abuse and keeps it fast. Examples: __cf_bm, cf_clearance. These do not track you across sites.
  • Session – maintains a basic session across pages so the site functions as you navigate. Examples: PHPSESSID or a WordPress session cookie.
  • Consent – remembers your cookie choices so we don’t re-ask on every visit. Example: a cookie named similar to cookie_consent_*.
Functional & Account Cookies (additional for logged-in customers)
  • wordpress_logged_in_{hash}, wordpress_sec_{hash} – authenticate logged-in visitors and keep you logged in.
  • wordpress_test_cookie – checks whether cookies are enabled.
  • wp-settings-{UID}, wp-settings-time-{UID} – customize your view of the WordPress admin and, in some cases, the main site interface.
Shopping (WooCommerce)
  • woocommerce_cart_hash, woocommerce_items_in_cart – track cart data; no personal data is stored in these cookies.
  • wp_woocommerce_session_{hash} – stores a unique code so WooCommerce can retrieve cart/order data from the database for your session.
  • store_notice[notice id] – remembers if you’ve dismissed site notices.
Analytics
  • We use Google Analytics to collect aggregated, anonymous statistics (pages visited, time on page, device type) to improve our site. Example cookies: _ga, _gid, _gat. Learn more: Google Privacy Policy.
Payments (only when you use checkout)
  • Stripe – sets cookies to prevent fraud and remember your payment session. Examples: __stripe_mid, __stripe_sid. Policy: Stripe Privacy Policy.
  • PayPal (if used) – may set cookies like ts, ts_c, x-pp-s for fraud prevention and checkout. Policy: PayPal Privacy Policy.

Note: Cookie names may change as our site or providers are updated. We treat any replacements with the same purpose and protections described above.

5. Who Has Access to Your Data

If you browse our site without creating an account or placing an order, we generally do not collect information that directly identifies you beyond essential cookies and aggregated analytics. If you create an account, place an order, or contact us, access to your personal information is limited to the people and service providers who need it to operate our business. We apply the principle of least privilege and role-based access. We do not sell your personal information.

Access within Golden Wood Art
  • You – You can access and update your own account details.
  • Site administrators – Limited to what is necessary to manage the website, fulfill orders, handle returns, and provide support.
  • Customer support personnel/contractors – Only when needed to respond to your requests and service your order.
Access by our service providers (processors)

We share data with trusted providers solely to deliver our services. They are bound by contracts that require them to protect your data and use it only for our instructions:

  • Payment processors (e.g., Stripe, PayPal) – process your payment. Card details are sent directly to them and are not stored on our servers.
  • Fulfillment & shipping partners (e.g., USPS/UPS or similar) – receive your name, address, and contact details to deliver your order.
  • Website hosting, security, and performance (e.g., web host/CDN/backup services) – may process IP addresses and technical logs to keep the site secure and available.
  • Email & communications tools – used to send order confirmations, updates, and replies to your inquiries.
  • Analytics & anti-fraud tools – process pseudonymous/technical data to help improve the site and prevent abuse.
Legal and compliance
  • We may disclose information when required by law, a valid legal request, or to protect our rights, users, or the security of our services.

Note: We only share the minimum necessary information with each party, and we require our providers to protect it and not use it for their own marketing or unrelated purposes.

6. Third-Party Access to Your Data

We do not sell your personal information. We only share limited data with trusted service providers (“processors”) so we can operate our store, process payments, ship orders, secure the website, and improve your experience. Each provider is contractually required to protect your data and use it only to deliver the service to Golden Wood Art.

Payments
  • Stripe (if you pay by card) – receives your payment details directly and may set fraud-prevention cookies.
    Policy: Stripe Privacy Policy.
  • PayPal (if selected at checkout) – processes your payment and may set fraud-prevention cookies.
    Policy: PayPal Privacy Policy.
E-commerce Platform
  • WooCommerce (Automattic) – powers our store functionality. Order data is stored on our site; related extensions may process limited data to provide features (e.g., taxes, shipping rates).
    Policy: Automattic Privacy Policy.
Hosting, Security & Performance
  • Web host/CDN/Backups (e.g., Cloudflare) – may process IP addresses, basic request headers, and security signals to keep the site fast and protected.
    Cloudflare policy: Cloudflare Privacy Policy.
Shipping & Fulfillment
  • Carriers (e.g., USPS, UPS) – receive your name, shipping address, email/phone (for updates) to deliver your order.
    USPS policy: USPS Privacy Policy · UPS policy: UPS Privacy Notice.
Email & Communications
  • Transactional email/SMTP – we use an email service to send order confirmations, shipping notices, and replies to your inquiries. Data shared is limited to what’s needed to deliver those messages.
Analytics
  • Google Analytics – processes pseudonymous usage data to help us understand traffic and improve the site.
    Policy: Google Privacy Policy.
Embedded Media & Social
  • When you interact with embedded content (e.g., YouTube/Instagram/Facebook), those providers may collect data per their own policies. See Section 3 (Embedded Content) for details and links.

Note: We share only the minimum information necessary with each provider and retain records as required for legal, tax, anti-fraud, and warranty purposes.

7. How Long We Retain Your Data

We keep personal information only as long as necessary for the purposes described in this Policy, including operating our store, providing customer support, complying with legal and tax obligations, resolving disputes, and enforcing agreements. When data is no longer needed, we delete or anonymize it. Some records must be retained for set periods under U.S. law.

Typical Retention Periods
  • Orders & invoices: retained for up to 7 years for tax, accounting, and warranty/record-keeping.
  • Customer accounts: kept while the account is active and up to 24 months after last activity or request to close (unless we must keep certain records longer by law).
  • Comments & product reviews: kept indefinitely so prior discussions remain visible, or until you delete them or request removal. Basic moderation logs may be kept for up to 12 months.
  • Customer support messages: retained for up to 24 months after the ticket/conversation is closed.
  • Marketing emails: kept until you unsubscribe. We keep a suppression list indefinitely to honor opt-out requests.
  • Analytics data (Google Analytics): event-level data retained for approximately 2–14 months, depending on our settings.
  • Security/server logs: retained for up to 12 months (typically ~90 days) to detect and investigate abuse.
  • Backups: encrypted backups are stored only for the backup rotation period (usually 30–90 days) and are not used for marketing.
Your Controls

If you have an account, you can view and edit your profile information at any time (except your username). You may also contact us to request deletion or a copy of your data. We will honor these requests unless we need to retain certain information to meet legal or contractual obligations (e.g., tax records).

8. Security Measures
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization. In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
9. Your Data Rights
General Rights

If you have an account on this site, placed an order, or left comments/reviews, you may request:

  • Access/Export: a copy of the personal data we hold about you.
  • Correction: that we update or correct inaccurate information.
  • Deletion: that we delete your personal data. (We may retain what is required for legal, tax, fraud-prevention, or security purposes—e.g., basic order records.)
  • Restriction/Objection: that we limit certain processing or stop using your data for specific purposes where applicable.
  • Portability: a machine-readable copy of certain information you provided to us.

If you request full deletion, we will no longer be able to provide account-based features or product-related support tied to that data.

How to Make a Request

To exercise your rights, please contact us via our Contact page. We may ask you to verify your identity (for example, by confirming your account email, recent order number, or other reasonable details). We respond within the timeframes required by law.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights (subject to exceptions):

  • Right to Know: request details about the categories and specific pieces of personal information we collected, sources, purposes, and categories of third parties we disclosed it to.
  • Right to Delete: request deletion of personal information we collected from you.
  • Right to Correct: request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: we do not sell or share personal information for cross-context behavioral advertising as defined by the CPRA. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
  • Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information for purposes requiring a “limit” right under the CPRA.
  • Non-Discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.

You may also use an authorized agent to submit a request on your behalf. We will require proof of authorization and may still need to verify your identity.

EU/UK GDPR Rights

If you are in the EU/UK, you have rights under the GDPR/UK GDPR, including:

  • Access, Rectification, Erasure (“right to be forgotten”), and Restriction of processing;
  • Portability of certain data you provided to us;
  • Objection to processing based on legitimate interests or for direct marketing;
  • Withdraw Consent where processing is based on consent (withdrawal does not affect prior lawful processing);
  • Lodge a complaint with your local supervisory authority.

We will respond to GDPR requests within one month (extendable by up to two additional months for complex requests).

Marketing & Cookies Choices
  • Email marketing: you can unsubscribe at any time using the link in our emails or by contacting us.
  • Analytics & cookies: manage non-essential cookies via our cookie banner or your browser settings. You can also use the Google Analytics Opt-out add-on.
10. Release of Your Data for Legal Purposes

Golden Wood Art may access, preserve, and disclose your information when we believe in good faith
that it is reasonably necessary to: (i) comply with applicable law, regulation, legal process, or
a valid governmental request (e.g., subpoena or court order); (ii) enforce our Terms and other
policies; (iii) detect, investigate, prevent, or address fraud, security, or technical issues; or
(iv) protect the rights, property, or safety of Golden Wood Art, our customers, or the public.

Where legally permitted and feasible, we will provide advance notice of a request for your
information so that you may seek to challenge it. However, we may be prohibited from providing
notice, and we are not obligated to challenge every request. We may also preserve information as
required to comply with legal obligations.

Any disclosure will be made in accordance with applicable laws (including U.S. law and, where
relevant, the laws of your place of residence such as the CCPA/CPRA or GDPR). To the extent
permitted by law, Golden Wood Art is not liable for damages arising from disclosures made in
good-faith compliance with legal requests.

If you have questions about how we handle legal requests, please contact us via our
Contact page.

+1 (714) 277-2875

info@goldenwoodartoc.com