Privacy Policy

1. Introduction

Opium ("we", "our") is committed to protecting your privacy. This privacy policy explains how we collect, use and protect your personal data in accordance with GDPR (General Data Protection Regulation).

2. Data Collected

3. Data Usage

We use your data to:

• Manage your account and authentication
• Process your transactions and payments
• Display your products and store
• Send you important notifications (orders, payments)
• Improve our services and user experience
• Prevent fraud and ensure security
• Comply with our legal obligations

4. Data Sharing

We share your data only in the following cases:

• Stripe: For payment processing (subject to their own privacy policy)
• Public information: Store name, products, reviews are publicly visible
• Legal obligations: If required by law or a competent authority

We never sell your personal data to third parties.

5. Data Storage

We use essential session storage for:

• Authentication: Keep you logged in (mandatory)
• Shopping cart: Remember your cart items (mandatory)

All data is stored securely and encrypted.

6. Data Security

We implement technical and organizational security measures to protect your data:

• Password encryption (bcrypt)
• HTTPS/SSL connections
• Secure storage on protected servers
• Limited access to personal data
• Regular backups

7. Your Rights (GDPR)

In accordance with GDPR, you have the following rights:

• Right of access: View your personal data
• Right to rectification: Correct inaccurate data
• Right to erasure: Delete your data ("right to be forgotten")
• Right to portability: Retrieve your data in a structured format
• Right to object: Oppose the processing of your data
• Right to restriction: Limit processing in certain cases

To exercise these rights, contact us at: privacy@joinopium.com

8. Data Retention

• Active account: As long as your account exists
• Transaction data: 10 years for tax obligations
• Security logs: 12 months
• Deleted account: 30 days then permanent deletion (except legal obligations)

9. International Transfers

Your data is mainly stored in the European Union. If transfers to third countries are necessary (e.g. Stripe in the USA), we ensure that they comply with appropriate GDPR safeguards.

10. Minors

Our service is intended for people aged 18 and over. We do not knowingly collect data from users under 18 years of age.

11. Modifications

We may modify this privacy policy. Any changes will be posted on this page with a new update date. Significant changes will be notified to you by email.

12. Contact

For any questions regarding this policy or your personal data:

• 📧 Email: privacy@joinopium.com
• 📄 DPO (Data Protection Officer): dpo@joinopium.com

You also have the right to file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr