Privacy Policy
This policy explains how Medusa Commerce collects, uses, stores, and protects personal data when you browse the storefront, place an order, create an account, or contact the team.
Policy details
This Privacy Policy explains how Medusa Commerce collects, uses, stores, and shares personal data in connection with the storefront, customer accounts, orders, support requests, reviews, and related services.
Effective date: 25 April 2026
Controller: Medusa Commerce
Location: Vilnius, Lithuania
1. Data Controller
For the purposes of applicable data protection law, including the General Data Protection Regulation (GDPR), the data controller for personal data processed through this storefront is Medusa Commerce. If you have any questions about this policy or wish to exercise your data protection rights, you can contact us at info@medusa-commerce.de.
2. Personal Data We Collect
The data we collect depends on how you use the site.
Account and checkout details
Name, email address, phone number, billing address, shipping address, and other information required to create an account, place an order, or manage delivery.
Order and transaction records
Purchased products, cart contents, totals, shipping selections, delivery status, refunds, and related customer support history.
Payment-related information
Payment details are processed by our payment providers. We do not store full payment card details on this site.
Profile and saved account data
Saved addresses, login-related details, and order history associated with your customer account.
Communications, review, and technical data
Information you provide when contacting support, subscribing to email updates, or submitting a review, as well as IP address, browser type, device data, referral source, page views, and cookie-related data needed to operate and measure the storefront.
3. How We Use Personal Data
- Storefront operations: To run the site, maintain sessions, preserve cart state, and support region or account preferences.
- Order fulfilment: To confirm purchases, arrange payment, coordinate shipping, and provide order updates.
- Customer support: To respond to delivery questions, returns, account issues, and product-related requests.
- Service improvement: To understand site usage and improve navigation, search, product discovery, and checkout.
- Marketing communications: To send updates only where you have requested them or where otherwise permitted by law.
- Security and abuse prevention: To detect fraud, spam, misuse, and malicious activity affecting public-facing forms or commerce flows.
- Legal compliance: To keep records required for tax, accounting, consumer protection, fraud prevention, and dispute handling.
4. GDPR Legal Bases for Processing
Where GDPR applies, we process personal data on one or more of the following legal bases:
| Purpose | Legal basis |
|---|---|
| Creating accounts, maintaining carts, processing orders, and delivering purchases | Performance of a contract or steps taken at your request before entering into a contract |
| Handling support requests, product questions, and post-purchase care | Performance of a contract and our legitimate interests in providing customer support |
| Keeping financial records, tax records, and compliance documentation | Compliance with a legal obligation |
| Preventing fraud, spam, abuse, and misuse of the storefront | Our legitimate interests in protecting the business, customers, and platform integrity |
| Analytics and non-essential measurement technologies | Consent, where required |
| Newsletter and promotional emails | Consent or, where permitted by law, our legitimate interests in promoting our products |
5. Cookies and Similar Technologies
We use cookies and similar technologies to operate the storefront and, where permitted, understand how visitors use it. Essential cookies are used to keep the ecommerce experience functional. Analytics cookies are only enabled after you explicitly accept them through our cookie banner.
| Cookie category | Why we use it | Examples in Medusa Commerce |
|---|---|---|
| Strictly necessary | Required to keep the storefront secure and support core ecommerce functions. | Cart continuity, login sessions, region selection, checkout state, and security-related preferences. |
| Analytics | Used only after consent to understand how visitors interact with the site and where improvements are needed. | PostHog analytics used to improve product discovery, navigation, and checkout flows. |
You can manage your cookie preferences through the cookie banner. If you want to reset your choice later, you can clear cookies in your browser and set your preference again on your next visit.
6. How We Share Personal Data
We do not sell personal data. We may share it with trusted providers where necessary to run the business, including:
- commerce and infrastructure providers that support product, cart, order, and account operations;
- payment providers that authorize and process transactions securely;
- delivery and logistics partners that ship products and support tracking;
- analytics, marketing, and subscription tools used in accordance with your settings and applicable law;
- security and verification providers, including bot-protection tools used on public-facing forms;
- authorities, advisers, or counterparties where disclosure is required by law or needed to protect our rights and customers.
7. Reviews, Forms, and Customer Communications
If you submit a support request, join a mailing list, or leave a product review, we process the information you provide so we can respond, moderate submissions, improve service quality, and maintain appropriate records.
We may use verification tools such as Cloudflare Turnstile on public-facing forms to reduce spam and automated abuse. Information processed through those tools is used for security purposes.
8. Data Retention
We keep personal data only for as long as necessary for the purpose for which it was collected, including customer support, order fulfilment, security, and legal compliance.
| Data type | Typical retention approach |
|---|---|
| Account profile data | Retained while your account remains active and for a reasonable period afterward where needed for support, fraud prevention, or legal claims. |
| Order and transaction records | Retained for as long as necessary to fulfil the order and meet accounting, tax, refund, and consumer protection obligations. |
| Contact and support messages | Retained for as long as needed to handle the request and maintain a support history where reasonably necessary. |
| Review submissions | Retained while the review remains published or needed for moderation, dispute handling, or abuse prevention. |
| Analytics and cookie-related data | Retained according to the settings of the relevant analytics provider and your cookie preferences. |
| Security and verification logs | Retained only as long as needed to monitor abuse, investigate incidents, and protect the storefront and its users. |
9. International Transfers
Some of our service providers may process personal data outside your country. Where this happens, we rely on appropriate safeguards required by applicable law, such as contractual protections or other recognized transfer mechanisms.
10. Data Security
We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure. No online service or storage system can be guaranteed completely secure, so we cannot promise absolute security.
11. Your Rights
Depending on your location and the laws that apply, you may have the right to request access to your personal data, ask us to correct inaccurate data, request deletion, object to certain processing, restrict processing, request portability, or withdraw consent where consent is the basis for processing.
You may also opt out of marketing communications at any time by using the unsubscribe link in the message or by contacting us directly.
12. Complaints and Supervisory Authority
If you believe that our processing of your personal data does not comply with applicable data protection law, we ask that you contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the supervisory authority responsible for data protection in your place of residence, work, or the place of the alleged infringement.
13. Third-Party Links
The site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and you should review their own policies before providing personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to the storefront, our services, legal requirements, or our data practices. The latest version will always be published on this page with the revised effective date.
15. Contact Us
For privacy questions or data protection requests, contact Medusa Commerce at info@medusa-commerce.de.
Location: Vilnius, Lithuania
Clear support from cart to delivery.
A smoother purchase experience with helpful shipping, payment, and support information exactly where shoppers expect it.
Free shipping
Qualifying orders ship free with clear delivery expectations before checkout.
Shipping details
Secure payment
Protected checkout, trusted payment methods, and transparent order confirmation.
Payment info
Human support
Get help with product questions, order updates, shipping, and returns.
Contact support