Privacy Policy

Last updated: May 7, 2026

This privacy policy explains what data Peace Love Decor (the "Site") collects, why we collect it, and what rights you have under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Children's Online Privacy Protection Act (COPPA).

1. Who we are

Peace Love Decor is operated by the editors out of Lisbon, Portugal. For data-protection questions, email hello@peacelovedecor.com or use our GDPR data request form.

2. What we collect

• Newsletter: email address, opt-in timestamp, IP. We use double opt-in.
• Contact form: name, email, message, IP, timestamp.
• Server logs: URL requested, referrer, user-agent, IP. Rotated weekly, kept 30 days.
• Cookies: see our Cookie Policy. Non-essential cookies (analytics, advertising) are blocked until you consent.

3. Third-party processors

We rely on a small set of services that may process your data on our behalf, only with your consent where required:

• Hosting (server logs and uptime).
• Analytics (only if you accept analytics cookies; aggregate, IP-anonymized).
• Ad networks (only if you accept advertising cookies; we work only with networks that contractually accept GDPR/CCPA obligations).
• Email delivery for the newsletter and transactional confirmations.

4. Legal basis (GDPR Art. 6)

• Newsletter and analytics: your consent.
• Contact form responses: our legitimate interest in answering you.
• Server logs: legitimate interest in keeping the site secure.

5. Retention

• Newsletter: until you unsubscribe, then erased within 30 days.
• Contact form: 24 months unless you request earlier deletion.
• Server logs: 30 days, rotated weekly.
• Backups: 90 days, then overwritten.

6. Your rights

You can request access, correction, deletion, portability, or restriction of your personal data, and you can object to processing or withdraw consent at any time. Use our GDPR data request page or email hello@peacelovedecor.com. California residents have the same rights under CCPA, plus the right to opt out of "sale or sharing" — we do not sell or share personal data outside the consent-bound purposes above.

7. Children

The Site is not aimed at children under 13. We do not knowingly collect data from them. If you believe a minor has submitted information, contact us and we'll delete it.

8. Security

HTTPS-only with HSTS, prepared SQL statements, hashed admin passwords, content security policy with nonces. We will notify affected users of any breach within 72 hours of discovery.

9. Changes

If this policy changes materially, we'll post a notice on the homepage for 30 days and email active subscribers.