Privacy Policy

At AZ Apparel, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website and make purchases of our authentic Moroccan apparel.

1. Information We Collect

Personal Information

We collect the following personal information when you:

• Create an account: Name, email address, password (encrypted with BCrypt)
• Google OAuth Login: Google profile information, email, and unique Google ID
• Make a purchase: Billing and shipping address, phone number
• Contact us: Any information you provide in your messages
• Session data: Authentication tokens and secure session identifiers

Payment Information

We use Stripe to process payments securely. We do not store your complete credit card information on our servers. Stripe handles all payment data in compliance with PCI DSS standards. Authentication and session management are handled securely through Passport.js and Express Session middleware.

Automatic Information

• IP address and browser information
• Pages visited and time spent on our site
• Shopping cart contents and purchase history
• Cookies and similar tracking technologies

2. How We Use Your Information

We use your information to:

• Process and fulfill your orders through our secure PostgreSQL database
• Authenticate users via Google OAuth 2.0 or secure local login with BCrypt
• Calculate shipping costs using Shippo API
• Communicate about your orders and account
• Provide customer support with order tracking and reviews
• Improve our website and services
• Send promotional emails (with your consent)
• Maintain secure sessions with Passport.js authentication
• Comply with legal obligations

3. Information Sharing

We share your information only in the following circumstances:

• Shipping Partners: Address information with carriers for delivery
• Payment Processing: Payment details with Stripe for transaction processing
• Google OAuth: Profile verification with Google for secure authentication
• Service Providers: With third parties who help us operate our business
• Database Security: Encrypted data storage with PostgreSQL hosting providers
• Legal Requirements: When required by law or to protect our rights

We never sell your personal information to third parties.

4. Data Security

We implement appropriate security measures to protect your information:

• SSL encryption for all data transmission
• BCrypt password hashing for secure credential storage
• PostgreSQL database with encrypted data storage
• Secure session management with Express Session middleware
• Google OAuth 2.0 integration for enhanced authentication security
• Passport.js authentication framework for secure login management
• Secure server hosting with regular security updates
• Limited access to personal information by authorized personnel
• Regular security audits and monitoring

5. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correct: Update inaccurate or incomplete information
• Delete: Request deletion of your personal data
• Opt-out: Unsubscribe from marketing communications
• Portability: Request your data in a portable format

6. International Shipping

For international orders, your information may be transferred to shipping partners in various countries. We ensure appropriate safeguards are in place for international data transfers to over 30 countries we serve.

7. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it promptly.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date.