Privacy policy

We keep this simple and human. Here's exactly what we collect, why, and what we do with it. No surprises — Bex promises.

Last updated: May 2025

Privacy at a glance

We collect your email

Only if you subscribe to our newsletter — and only to send you words. That's it.

Orders go through Stripe

We never see or store your card details. Stripe handles all payment data.

Printify gets your address

Your shipping address is shared with Printify, our fulfilment partner, to ship your order.

We never sell your data

Your information is never sold or shared with advertisers. Ever. Full stop.

1. Who we are

Word Bestie is operated by Bex, based in Toronto, Ontario, Canada. The website is wordbestie.com. For any privacy-related questions, contact us at hello@wordbestie.com.

We operate under Canadian federal privacy law (PIPEDA — the Personal Information Protection and Electronic Documents Act) and, where applicable, the EU General Data Protection Regulation (GDPR) and UK GDPR for visitors in those regions.

2. What information we collect

Information you give us directly

  • Name and email address — when you subscribe to our newsletter or contact us.
  • Shipping address, name, and email — when you place an order. This is collected by Stripe at checkout and passed to Printify for fulfilment.
  • Payment information — processed entirely by Stripe. We never see, store, or have access to your card number, CVV, or full payment details.
  • Messages — if you email us, we keep that correspondence to help resolve your query.

Information collected automatically

  • Basic analytics — if we use an analytics tool (such as Netlify Analytics or Plausible), we may collect anonymised data including pages visited, approximate location (country/city level), device type, and referral source. We do not use Google Analytics. Any analytics we use are privacy-first and do not track individuals.
  • Server logs — Netlify (our hosting provider) may log IP addresses and request data for security and performance purposes. These logs are not used for marketing and are retained according to Netlify's own privacy policy.

Information we do NOT collect

  • We do not use advertising trackers or third-party marketing pixels.
  • We do not build behavioural profiles of our visitors.
  • We do not collect sensitive personal data (health, ethnicity, religion, etc.).

3. How we use your information

We use personal information only for the purposes it was collected:

  • To fulfil your order — your name, email, and shipping address are passed to Printify to print and ship your product.
  • To send order confirmation and tracking emails — so you know your order is on its way.
  • To send the newsletter — if you subscribed, we send you a new word every week. You can unsubscribe at any time using the link in any email.
  • To respond to your enquiries — if you email us, we use your contact details to reply.
  • To improve the website — anonymised analytics help us understand which words and products are most popular.
  • To comply with legal obligations — we may be required to retain certain records (e.g. transaction records for tax purposes).

Legal basis for processing (EU/UK GDPR)

  • Contract — processing your order requires using your personal data.
  • Consent — sending newsletter emails is based on your explicit opt-in.
  • Legitimate interests — anonymised analytics and fraud prevention.
  • Legal obligation — financial record-keeping.

4. Who we share your information with

We only share personal data with trusted third-party service providers who are necessary to operate the business. We do not sell, rent, or trade your data to anyone.

Stripe

RolePayment processing
Data sharedPayment card details, billing address, email
LocationUSA (EU–US Data Privacy Framework compliant)
Their policy View →

Printify

RoleOrder fulfilment & shipping
Data sharedName, shipping address, email, order contents
LocationUSA / EU (multiple fulfilment locations)
Their policy View →

Netlify

RoleWebsite hosting
Data sharedIP addresses (via server logs), basic request data
LocationUSA (GDPR compliant)
Their policy View →

We may also disclose personal information if required to do so by law, court order, or government authority.

5. Cookies

Our website uses a minimal number of cookies — only those necessary for the site to function and for basic anonymised analytics. We do not use advertising, tracking, or third-party marketing cookies.

  • Functional cookies — used to remember your cart contents during a shopping session. These expire when you close your browser.
  • Analytics cookies — if we use privacy-first analytics (e.g. Plausible), these collect no personally identifiable information and do not track you across other websites.

You can disable cookies in your browser settings. Note that disabling functional cookies may affect the shopping cart experience.

6. Your rights

Depending on where you live, you have the following rights regarding your personal data. To exercise any of these rights, email hello@wordbestie.com. We will respond within 30 days.

Access

Request a copy of the personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete information.

Deletion

Ask us to delete your personal data (subject to legal obligations).

Portability

Receive your data in a structured, machine-readable format (EU/UK residents).

Objection

Object to processing based on legitimate interests.

Withdrawal of consent

Unsubscribe from the newsletter at any time via the link in any email.

Canadian residents: you have rights under PIPEDA, including the right to access and correct your personal information. You may also file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

EU/UK residents: you have additional rights under the GDPR/UK GDPR, including the right to lodge a complaint with your local supervisory authority.

7. How long we keep your data

  • Order data — retained for 7 years for tax and legal compliance purposes, as required by Canadian law.
  • Newsletter subscribers — retained until you unsubscribe. After unsubscribing, your email is removed within 30 days.
  • Support emails — retained for up to 2 years, then deleted.
  • Analytics data — anonymised and retained for up to 2 years.

8. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These include:

  • HTTPS encryption on all pages (provided by Netlify)
  • No storage of payment card data on our servers (handled entirely by Stripe)
  • API keys stored as environment variables, never in code
  • Access to production systems restricted to essential personnel

No method of internet transmission is 100% secure. If you become aware of any security issue, please notify us immediately at hello@wordbestie.com.

9. Children's privacy

Word Bestie is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this privacy policy from time to time. When we do, we'll update the "Last updated" date at the top of the page. For significant changes, we'll notify newsletter subscribers by email. Continued use of the website after changes constitutes acceptance of the updated policy.

11. Contact us

For any questions, requests, or complaints about this privacy policy or how we handle your personal data:

Word Bestie

Toronto, Ontario, Canada

Email: hello@wordbestie.com

We aim to respond to all privacy requests within 30 days.