Privacy policy

Last updated: June 1, 2026

This Privacy Policy explains how VaatCraft OÜ ("we", "us", "our") operating under the brand Sepsu collects, uses, and shares your personal data when you use our website and services (the "Services").

By using the Services, you agree to the practices described in this Privacy Policy.

If you do not agree, please do not use our Services.

Who We Are

Sepsu is operated by:

VaatCraft OÜ
Registry Code: 14262784
Pikk 64e, Kuressaare, 93815, Estonia
Email: info.sepsu@gmail.com

For the purposes of applicable data protection laws, we are the data controller of your personal data.

Personal Data We Collect

We may collect the following categories of personal data:

  • Contact information: name, billing address, shipping address, email address, phone number
  • Payment information: payment method, transaction details (payments are processed securely by third-party providers; we do not store full card details)
  • Order information: products purchased, returns, exchanges, cancellations
  • Account information: login details, preferences (if applicable)
  • Communications: messages you send to customer support
  • Device and technical data: IP address, browser type, device information
  • Usage data: how you interact with our website, pages viewed, actions taken

How We Collect Personal Data

We collect personal data:

  • directly from you (e.g. checkout, account creation, customer support)
  • automatically via cookies and similar technologies
  • from service providers (e.g. Shopify, payment processors, shipping providers)
  • from analytics and marketing partners

How We Use Your Data

We use your personal data for the following purposes:

To provide our services

  • processing and fulfilling orders
  • handling payments, returns, and deliveries
  • customer support
  • managing your account (if applicable)

To improve our services

  • analytics and performance improvements
  • understanding customer behaviour and preferences

Marketing and advertising

  • sending marketing emails (where permitted)
  • showing relevant ads and product recommendations
  • measuring effectiveness of campaigns

You may opt out of marketing communications at any time.

Legal and security purposes

  • fraud prevention and detection
  • compliance with legal obligations
  • enforcing our terms and policies
  • responding to legal requests

Legal Basis for Processing (EEA & UK users)

We process personal data under the following legal bases:

  • performance of a contract (order fulfilment)
  • legal obligations (tax, accounting, compliance)
  • legitimate interests (fraud prevention, improving services, basic marketing)
  • consent (where required, such as certain marketing communications)

Sharing Your Personal Data

We may share your personal data with:

  • Shopify (store platform provider)
  • payment providers (to process transactions)
  • shipping and logistics partners (to deliver orders)
  • service providers (analytics, IT, customer support)
  • marketing partners (to support advertising and campaigns, where permitted by law)
  • legal authorities, if required by law
  • business transfers, such as mergers or restructuring

We only share data to the extent necessary for these purposes.

Shopify and Third-Party Processing

Our store is hosted by Shopify.

Shopify processes personal data to provide and improve its services, including hosting, payment infrastructure, and analytics.

Some data may be processed outside your country, including outside the EU/EEA. Where this occurs, appropriate safeguards such as Standard Contractual Clauses are used.

For more information, see Shopify’s privacy policy: https://www.shopify.com/legal/privacy

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • enable core website functionality
  • analyze traffic and usage
  • personalize content and advertising

You may control cookies through your browser settings.

Data Retention

We retain personal data only as long as necessary for:

  • fulfilling orders and providing services
  • legal and tax obligations
  • dispute resolution
  • fraud prevention

After this period, data is deleted or anonymized.

Your Rights

Depending on your location, you may have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion of your data
  • request data portability
  • object to certain processing
  • withdraw consent (where applicable)

EEA and UK residents also have the right to restrict processing in certain cases.

To exercise your rights, contact us at:

info.sepsu@gmail.com

Marketing Choices

You may opt out of marketing emails at any time using the unsubscribe link in our emails.

You may still receive non-marketing messages (e.g. order confirmations).

Data Transfers

Your personal data may be transferred outside your country, including outside the EEA or UK.

When this occurs, we use appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.

Data Security

We use reasonable technical and organizational measures to protect your personal data.

However, no method of transmission or storage is 100% secure.

Children’s Data

Our Services are not intended for children under the age of majority in their jurisdiction. We do not knowingly collect data from children.

If you believe a child has provided us with personal data, please contact us so we can delete it.

Complaints

If you have concerns about how we process your data, please contact us first.

You also have the right to lodge a complaint with your local data protection authority.

Changes to This Policy

We may update this Privacy Policy from time to time.

Updates will be posted on this page with a revised “Last updated” date.

Contact

VaatCraft OÜ
Email: info.sepsu@gmail.com
Pikk 64e, Kuressaare, 93815, Estonia