隐私政策

1. 我们收集的数据

We collect the following categories of personal data:

• Account data: Email address, username, and password hash. Required to create and manage your account.
• Order data: Shipping name, address, phone number, and order history. Required to fulfill your purchases.
• Payment data: We do not store your card number. Payments are processed by Stripe, Inc. We receive only a payment reference and the last four digits of your card.
• Usage data: Browser type, device, pages visited, time on site, and referral source — collected only with your consent via Google Analytics.
• Communications: Emails and support messages you send us.

2. 我们如何使用您的数据

We use your personal data only for the following purposes:

• Processing and fulfilling your orders
• Managing your account and authentication
• Sending order confirmation and shipping notifications
• Responding to customer support enquiries
• Detecting and preventing fraud
• Improving our platform (only with analytics consent)

We do not sell your personal data. We do not use it for profiling or automated decision-making that produces legal or similarly significant effects.

3. 处理的法律依据（GDPR）

For users in the European Economic Area (EEA), our legal basis for processing personal data is:

• Contract performance: Account data, order data, and payment references are processed to fulfill our contract with you.
• Legitimate interests: Fraud detection and platform security.
• Consent: Analytics cookies (Google Analytics) are loaded only with your explicit consent via our cookie banner.

4. 第三方服务

We share limited data with these trusted third parties solely to operate our service:

5. Cookie

We use the following types of cookies:

You can change your cookie preferences at any time by clicking “Cookie Preferences” in the site footer, or by clearing your browser's localStorage for this site.

6. 数据保留

We retain your account data for as long as your account is active. Order data is retained for 7 years to comply with financial and tax record obligations. Analytics data collected via Google Analytics follows Google's standard 26-month data retention period.

If you delete your account, we remove your personal profile data within 30 days, except where retention is required by law (e.g., order records for tax purposes).

7. 国际数据传输

Our servers are located in the United States (Render cloud infrastructure). If you are located in the EEA, your data is transferred to the US under standard contractual clauses (SCCs) or the EU–US Data Privacy Framework where applicable.

8. 您的权利（GDPR和CCPA）

Depending on your jurisdiction, you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your personal data (“right to be forgotten”).
• Portability: Receive your data in a machine-readable format.
• Restriction: Ask us to restrict processing of your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw analytics consent at any time via cookie settings.

To exercise any of these rights, email support@kinxklub.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. 安全性

We use industry-standard security measures including encrypted HTTPS connections, hashed passwords (bcrypt), and access controls to protect your data. Payment card data is never stored on our servers — it goes directly to Stripe's PCI-compliant infrastructure.

No system is 100% secure. If we become aware of a breach that affects your personal data, we will notify you and the relevant authorities as required by law.

10. 联系方式

For privacy-related enquiries, to exercise your rights, or to report a concern, contact us at:

11. 本政策的变更

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the site or emailing registered users. Continued use of KinxKlub after changes constitutes acceptance of the updated policy.