Privacy policy

Last updated: April 12, 2026

This Privacy Policy describes how Dear Person Behind Me ("we", "us", or "our") collects, uses, discloses, and protects your personal information when you visit, interact with, or make a purchase from dear-person-behind-me.com (the "Site") or otherwise communicate with us (collectively, the "Services").

We are a family-owned business based in Quebec, Canada, serving customers in the United States, Canada, and around the world. We take your privacy seriously and we have written this policy in plain language so you can understand exactly what we do with your information and what choices you have.

Person responsible for the protection of your personal information

In accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25), we have designated a Privacy Officer who is responsible for ensuring our compliance with applicable privacy laws and for handling any questions, requests, or complaints related to your personal information.

Privacy Officer
Dear Person Behind Me
Contact: dear-person-behind-me.com/pages/contact

What personal information we collect

Information you give us directly:

  • Contact details: name, email address, phone number, shipping and billing address.
  • Order information: items purchased, order history, payment confirmation (we do not store full credit card numbers — see below).
  • Account information, if you create an account: username, password (encrypted), order history.
  • Customer support communications: the content of any message you send us through our contact page.
  • Marketing preferences: if you subscribe to our newsletter or SMS list.

Information collected automatically when you visit the Site:

  • Device and browser information: IP address, browser type, operating system, screen size, language.
  • Usage data: pages visited, links clicked, items viewed, time spent on the Site, referring website.
  • Approximate location: derived from your IP address (city/region level).

This information is collected through cookies and similar tracking technologies. See the Cookies and tracking section below.

Information we receive from third parties: our service providers (such as Shopify, our payment processor, and our shipping carriers) provide us with information needed to fulfill your orders. If you interact with our content on social media, the platform may share certain information with us depending on your privacy settings on that platform.

How we use your personal information

  • To fulfill your order — process payment, produce your made-to-order item, ship it, handle returns or exchanges, and provide customer support. (Legal basis: performance of our contract with you.)
  • To manage your account, if you have one. (Performance of contract.)
  • To send you marketing communications — newsletters, promotions, new product announcements — but only if you have opted in. You can unsubscribe at any time. (Legal basis: your consent.)
  • To personalize advertising shown to you on third-party platforms (Meta, Google, TikTok). This only occurs if you have consented through our cookie banner. (Legal basis: your consent.)
  • To improve our Site and Services — analyze how visitors use the Site, fix bugs, develop new features. (Legal basis: your consent for analytics cookies; legitimate interest for essential improvements.)
  • To prevent fraud and protect the Site — detect suspicious orders, prevent unauthorized access. (Legal basis: legitimate interest, legal obligation.)
  • To comply with legal obligations — tax records, accounting, responding to lawful requests from authorities. (Legal basis: legal obligation.)

We do not make decisions about you using automated processing alone that produce significant effects (such as automated approval or refusal of orders). All meaningful decisions involve a human review.

Cookies and tracking

We use cookies and similar technologies on our Site. When you first visit, our cookie consent banner lets you choose which categories you accept:

  • Strictly necessary cookies — required for the Site to work (shopping cart, checkout, security). These cannot be turned off.
  • Analytics cookies — help us understand how visitors use the Site (Google Analytics).
  • Marketing cookies — used to show you relevant ads on other websites and platforms (Meta Pixel, Google Ads, TikTok Pixel, Shopify Audiences).

You can change your cookie preferences at any time using the cookie settings link in the footer of the Site. You can also block or delete cookies through your browser settings, though doing so may affect how the Site works for you.

Who we share your personal information with

We share your personal information only with the following categories of recipients, and only to the extent necessary for the purposes described above:

  • Shopify Inc. — our e-commerce platform, hosting the Site and processing orders. Shopify privacy policy.
  • Payment processors (Shopify Payments, PayPal, and others depending on your chosen payment method) — to process your payment securely. We do not store full credit card numbers.
  • Our production and fulfillment provider — receives your name, shipping address, and order details to produce and ship your made-to-order item.
  • Shipping carriers (such as Canada Post, UPS, USPS, DHL, and others depending on your destination) — to deliver your order.
  • Klaviyo / Mailchimp — our email marketing platform, used to send newsletters and order-related emails (only if you have opted in for marketing).
  • Meta (Facebook and Instagram) — through the Meta Pixel, for advertising measurement and targeting (only if you have consented to marketing cookies). Meta privacy policy.
  • Google — Google Analytics for site usage analysis, and Google Ads for advertising (only if you have consented to the relevant cookie categories). Google privacy policy.
  • TikTok — through the TikTok Pixel, for advertising measurement and targeting (only if you have consented to marketing cookies). TikTok privacy policy.
  • Shopify Audiences — to help us reach relevant audiences for our advertising (only if you have consented to marketing cookies). You can opt out specifically at privacy.shopify.com.
  • Authorities and legal advisors — when required by law, by court order, or to protect our legal rights.
  • Buyers or successors, in the event of a merger, sale, or restructuring of our business — your information would be transferred subject to this Privacy Policy.

We do not sell your personal information for money. Some of the advertising-related sharing described above (such as the use of Meta and TikTok pixels) may qualify as "selling" or "sharing" personal information under certain US state privacy laws, including the California Consumer Privacy Act. You can opt out of all such sharing through our cookie banner or by contacting our Privacy Officer.

International data transfers

Because we serve customers worldwide and use service providers based in different countries, your personal information may be transferred to, stored in, and processed in countries other than your own — including in particular Canada, the United States, and the European Union.

Before entrusting personal information to a service provider located outside Quebec, we conduct a privacy impact assessment to confirm that the information will receive a level of protection equivalent to what is required under Quebec law. This includes reviewing the provider's security practices, contractual commitments, and applicable legal frameworks. Where personal information of customers in the European Union or the United Kingdom is transferred outside those regions, we rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, where applicable.

By using the Site, you understand that your personal information may be transferred internationally for these purposes.

How long we keep your personal information

Order and transaction records 7 years after the order, to comply with Quebec and Canadian tax and accounting obligations.
Account information For as long as your account is active, plus 2 years of inactivity, after which the account is deleted or anonymized.
Marketing contacts (newsletter subscribers) Until you unsubscribe, or after 3 years of no engagement, whichever comes first.
Customer support communications 3 years from the date of the last message.
Analytics and usage data Up to 26 months (Google Analytics default), in aggregated form thereafter.
Cookie consent records 13 months, after which we ask for consent again.

When the retention period ends, we securely delete or irreversibly anonymize your personal information.

Your rights

Depending on where you live, you have the following rights regarding your personal information. To exercise any of them, contact our Privacy Officer through our contact page. We will respond within 30 days.

For all customers:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — ask us to delete your personal information, subject to our legal obligations to retain certain records.
  • Withdraw consent — at any time, where we rely on consent (such as marketing emails or non-essential cookies).
  • Portability — receive your personal information in a structured, commonly used electronic format, or have it transferred directly to another organization where technically feasible.
  • Object or restrict — ask us to stop or limit how we process your information in certain circumstances.

Additional rights for Quebec residents under Law 25:

  • De-indexing and cessation of dissemination — request that we stop disseminating your personal information, or that a hyperlink to that information be de-indexed, where dissemination causes serious injury that outweighs the public interest.
  • Information about automated processing — if a decision about you is based exclusively on automated processing, you have the right to be informed and to submit observations.
  • File a complaint with the Commission d'accès à l'information du Québec (CAI) — if you are not satisfied with our response, you may contact the CAI at www.cai.gouv.qc.ca.

Additional rights under other laws:

  • United States residents — depending on your state of residence, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and similar laws in other states. These typically include the right to know what information we have collected, the right to delete it, the right to opt out of the "sale" or "sharing" of personal information, and the right to non-discrimination for exercising your rights. California residents may also designate an authorized agent to make requests on their behalf.
  • European Union, United Kingdom, and other regions — you may have additional rights under the GDPR, the UK GDPR, or equivalent local laws, including the right to lodge a complaint with your local data protection authority.

Contact our Privacy Officer through the contact page to exercise any of these rights. We may need to verify your identity before responding to your request. We will not charge a fee unless your request is manifestly unfounded or excessive, in which case we will explain the fee in advance. We will not discriminate against you for exercising your rights.

Security and confidentiality incidents

We take reasonable physical, technical, and organizational measures to protect your personal information against loss, unauthorized access, disclosure, alteration, or destruction. These include encryption of data in transit (HTTPS), restricted access to personal information on a need-to-know basis, and selection of service providers with appropriate security standards.

No system is perfectly secure, and we cannot guarantee absolute security. In the event of a confidentiality incident (a security breach involving your personal information) presenting a risk of serious injury, we will notify the Commission d'accès à l'information du Québec, the affected individuals, and any other authorities required by applicable law, and we will keep a register of all such incidents.

Children

Our Services are not directed at children under 14, and we do not knowingly collect personal information from children under 14 without the consent of a parent or guardian. We also comply with the United States Children's Online Privacy Protection Act (COPPA), which protects children under 13. If you believe a child has provided us with personal information, please contact our Privacy Officer through our contact page and we will take steps to delete it.

Third-party links

Our Site may contain links to third-party websites, including social media platforms. We are not responsible for the privacy practices of those websites, and we encourage you to read their privacy policies before sharing information with them.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, our service providers, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice on the Site.

Contact

For any question, request, or complaint about this Privacy Policy or about how we handle your personal information, contact our Privacy Officer through our contact page.