Legal
Privacy Policy
Last updated: April 2026 · Effective date: April 2026
Canary Patterns ("we," "us," or "our") is operated by a sole proprietor based in Washington State, USA. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit canarypatterns.com or purchase any Canary Patterns product or service. It also describes the rights you have with respect to your personal information under applicable laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). By using this site, you agree to the practices described in this policy.
1. Information We Collect
Information you provide directly
- Email address — collected when you join a waitlist, make a purchase, subscribe to our mailing list, or contact us directly.
- Purchase information — when you buy a product, our payment processor (Stripe) collects your payment card details and billing information. We do not receive or store your full card number. We may receive your email address and a transaction identifier from Stripe to confirm your purchase.
- Communications — if you contact us by email, we retain the content of that communication and your email address in order to respond.
Information collected automatically
- Usage data — pages visited, time spent, referring URLs, and general navigation patterns.
- Device and browser information — browser type, operating system, screen resolution, and similar technical data.
- IP address — collected automatically by our hosting provider (Netlify) as part of standard web server logging. Used for security and aggregate analytics only, not individual tracking.
Information we do not collect
We do not collect sensitive personal information such as government identification numbers, full financial account details, health or medical information, precise geolocation, racial or ethnic origin, religious beliefs, or biometric data.
2. How We Use Your Information
- To fulfill purchases — delivering digital products you have purchased and providing post-purchase support.
- To communicate with you — sending transactional emails related to your purchase, responding to support inquiries, and sending product updates or announcements to subscribers who have opted in.
- To operate and improve the site — understanding how visitors use our site, diagnosing technical issues, and improving content and user experience.
- To maintain security — detecting and preventing fraud, abuse, and unauthorized access.
- To comply with legal obligations — retaining records as required by applicable law and responding to lawful requests from authorities.
We do not use your personal information to make automated decisions that produce legal or similarly significant effects, and we do not use it for targeted advertising, behavioral profiling, or sale to third parties.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
- Performance of a contract — processing necessary to fulfill a purchase you have made or to provide services you have requested (Article 6(1)(b) GDPR).
- Legitimate interests — processing necessary for our legitimate business interests, including operating and securing the site and improving our products, where those interests are not overridden by your rights (Article 6(1)(f) GDPR).
- Consent — where you have given us explicit consent, such as opting in to our email list or marketing communications (Article 6(1)(a) GDPR). You may withdraw consent at any time by unsubscribing or contacting us, without affecting the lawfulness of prior processing.
- Legal obligation — processing required to comply with applicable laws and regulations (Article 6(1)(c) GDPR).
4. How We Share Your Information
We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:
- Service providers — we share information with trusted third-party services that help us operate our business (see Section 5). These providers are permitted to use your information only to perform services on our behalf and are bound by appropriate data protection obligations.
- Legal requirements — we may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business transfers — in the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We would provide notice before your information becomes subject to a materially different privacy policy.
- With your consent — in any other circumstances, we will ask for your explicit consent before sharing your information.
5. Third-Party Services
We use the following third-party services to operate Canary Patterns. Each processes data according to their own privacy policies:
- Stripe — payment processing. Stripe collects and processes your payment information directly and securely. We do not store full card numbers. Stripe Privacy Policy
- Mailchimp (Intuit) — email list management. Your email address is stored in Mailchimp when you join a waitlist or subscribe to updates. Mailchimp Privacy Policy
- Netlify — website hosting and delivery. Netlify processes standard server data including IP addresses. Netlify Privacy Policy
- Substack — newsletter and writing platform. Your email address may be shared with Substack if you subscribe to our newsletter. Substack Privacy Policy
6. Cookies and Tracking
Our site uses a minimal number of cookies. We do not use cookies to serve targeted advertising or to track you across other websites.
Types of cookies we may use
- Strictly necessary cookies — required for the site to function. These cannot be disabled without affecting site functionality.
- Analytics cookies — used to understand how visitors use the site in aggregate. These collect anonymized data and are not used to identify individuals.
You can control cookies through your browser settings. If you are in the EEA or UK, we will seek your consent before placing any non-essential cookies.
7. Email Communications
- Transactional emails — order confirmations, product delivery, and responses to your direct inquiries. These are not subject to marketing opt-out.
- Marketing and product update emails — sent only to subscribers who have opted in. Every such email includes a clear unsubscribe link.
To unsubscribe from marketing emails, click the unsubscribe link in any email or contact us at hello@canarypatterns.com. We will process your request within 10 business days.
8. Data Retention
- Purchase records — retained for a minimum of 7 years to satisfy financial recordkeeping requirements.
- Email list data — retained until you unsubscribe or request deletion.
- Support communications — retained for up to 2 years after the matter is resolved.
- Server logs — typically retained by Netlify for up to 30 days.
9. Data Security
We implement reasonable technical and organizational measures to protect your personal information, including HTTPS encryption, use of reputable third-party processors, and limiting access to personal data. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. International Data Transfers
Canary Patterns is based in the United States. If you are accessing the site from outside the United States, your information may be transferred to, stored, and processed in the US. Where required under GDPR, we rely on service providers' use of standard contractual clauses (SCCs) or other lawful transfer mechanisms.
11. Your Rights — All Users
- Access — request a copy of the personal information we hold about you.
- Correction — request that we correct inaccurate or incomplete information.
- Deletion — request that we delete your personal information, subject to legal retention requirements.
- Opt out of marketing — unsubscribe from marketing emails at any time.
To exercise any of these rights, email hello@canarypatterns.com. We will respond within 30 days.
12. Your Rights — California Residents (CCPA / CPRA)
Under the CCPA/CPRA, California residents have rights including the right to know, delete, correct, and opt out of sale or sharing of personal information. We do not sell or share your personal information. To submit a request, email hello@canarypatterns.com with the subject line "California Privacy Request." We will respond within 45 days.
13. Your Rights — EEA, UK & Switzerland (GDPR)
Under the GDPR, you have rights including access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. You also have the right to lodge a complaint with your local supervisory authority. To exercise your GDPR rights, email hello@canarypatterns.com. We will respond within 30 days.
14. Children's Privacy
Canary Patterns is intended for professional adult users and is not directed at children. We do not knowingly collect personal information from anyone under the age of 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
15. Do Not Track
We do not currently alter our data collection practices in response to "Do Not Track" signals, as there is no universally accepted standard for responding to them.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of the site after changes are posted constitutes your acceptance of the updated policy.
17. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy, contact us: