Privacy Policy

Last updated: May 14, 2026

ChosenOneLife Studio LLC (“we”, “us”) operates http://druvixora.store. This policy explains what information we collect, how we use it, and your rights — written for the GDPR (EU/EEA/UK), CCPA/CPRA (California), and US state privacy laws generally.

1. Data we collect

  • Order data: email address, order ID, product purchased, amount, currency.
  • Payment data: handled by Stripe; we receive only the payment status and an opaque payment identifier — never your card number.
  • Contact form data: name, email, message, hashed IP for spam prevention.
  • Server logs: hashed IP, request URL, status code, timestamp (retained 30 days).
  • Cookies: only essential session cookies (admin login, CSRF) — no analytics or ad cookies are set without your consent.

2. How we use it

We process the data above to (a) deliver the product you purchased, (b) issue download links and receipts, (c) provide customer support, (d) prevent fraud, and (e) comply with legal obligations (tax, accounting). The legal basis under GDPR is (i) contract performance for orders, (ii) legitimate interest for fraud prevention and logs, and (iii) legal obligation for tax and accounting records.

3. Sharing

We share data only with the following processors, each under written DPAs:

  • Stripe, Inc. — payment processing (United States; SCC + DPF).
  • Resend, Inc. — transactional email delivery (United States).
  • Cloudflare, Inc. — DDoS protection / CDN (United States).
  • Hetzner Online GmbH or DigitalOcean LLC — server hosting (US/EU region depending on instance).

We do not sell or rent your personal information. We do not engage in “cross-context behavioural advertising”.

4. Retention

Order records are retained for 7 years to meet US tax requirements. Server logs: 30 days. Contact form submissions: 12 months unless converted into an open support ticket. Subscriber list: until you unsubscribe.

5. Your rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Have it corrected if inaccurate
  • Request deletion (subject to legal retention obligations)
  • Object to or restrict certain processing
  • Receive a portable copy of your data
  • (California residents) Opt out of any sale or share of personal information

Contact [email protected] with the subject line “Privacy request”. We respond within 30 days. You may also lodge a complaint with your local data-protection authority.

6. International transfers

We are a US company. Personal data of EU/EEA/UK residents is transferred to the US under Standard Contractual Clauses (SCC) and the EU–US Data Privacy Framework (DPF) where applicable.

7. Security

We use HTTPS (TLS 1.3) for all transport, store passwords using argon2id, hash IP addresses before logging, and bind download tokens to a one-time-use cryptographic signature. No system is perfectly secure; please report security concerns to [email protected].

8. Children

The Site is not directed at children under 16, and we do not knowingly collect data from them.

9. Changes

We will post any updates here with a revised “Last updated” date. Material changes will be announced on the homepage for 14 days.

10. Contact

Privacy queries: [email protected] · Postal: ChosenOneLife Studio LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, US.