Privacy Policy

GeckoGrain ("we", "us", "our") operates the website at geckograin.com and the related custom cutting board service (the "Service"). This Privacy Policy explains what information we collect, how we use it, the legal bases on which we rely, and the choices you have. By using the Service you agree to the practices described here.

1. Information we collect

• Account data: name, email address, and password hash when you create an account or sign in with Google.
• Order data: the size, wood combination, inlay prompt, and generated inlay design you choose, plus shipping address and contact details you provide at checkout.
• Payment data: we use Stripe to process payments. We do not receive or store your full card number; we receive a transaction ID and limited billing metadata from Stripe.
• Usage data: IP address, browser type, pages visited, and timestamps, collected automatically through server logs and cookies.
• Communications: messages you send us by email or contact form.

2. How we use information

• To create and manage your account and orders.
• To generate inlay designs from the prompt you provide, using a third-party AI model.
• To process payments and deposits.
• To send order confirmations, build-progress updates, and shipping notices.
• To prevent fraud, debug issues, and improve the Service.
• To comply with legal obligations.

3. Legal bases (EEA/UK users)

Where the GDPR applies, we rely on the following legal bases: performance of a contract (to fulfil your order), legitimate interests (to secure and improve the Service), consent (for non-essential cookies and marketing email, where applicable), and legal obligation (to keep tax and accounting records).

4. Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and to remember cart state. We may use analytics cookies (for example Google Analytics) to understand aggregate usage. You can control cookies through your browser settings; disabling strictly necessary cookies may break parts of the Service.

6. International transfers

Our service providers may process data outside your country, including in the United States. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

7. Data retention

We keep account and order records for as long as your account is active and for a reasonable period afterwards to comply with tax, accounting, and legal obligations (typically up to 7 years). Server logs are kept for up to 90 days.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to processing or withdraw consent. To exercise these rights, contact us at the address below. We will respond within the timeframe required by applicable law.

9. Children

The Service is not directed to children under 13 (or under 16 in the EEA), and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will delete it.

10. Security

We use encryption in transit (HTTPS), encrypted storage at rest, hashed passwords, and role-based access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. Changes to this Policy

We may update this Policy from time to time. We will post the new version with an updated "Last updated" date and, when changes are material, notify you by email or in-app notice.

5. How we share information

We share personal information only with:

• Service providers that host our infrastructure, store data, send email, process payments (Stripe), and generate AI imagery, strictly to provide the Service on our behalf.
• Authorities when required by law, subpoena, or to protect rights, property, or safety.
• Successors in the event of a merger, acquisition, or sale of assets, subject to this Policy.

We do not sell personal information.

12. Contact

Questions or requests? Email hello@geckograin.com.