Privacy Policy

Isla Electronics ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our support portal and related services.

Data We Collect

We collect the following types of information:

• Account Information — Your name, email address, and username when you create an account or submit a support ticket.
• Support Tickets — The content of support requests, including any files or screenshots you attach.
• Analytics Data — Page views, sessions, device/browser type, approximate location (country/region, derived from a truncated IP), and acquisition source. We use Google Analytics 4 for this, with IP anonymization enabled, and no data collection runs until you accept analytics cookies. We do not use analytics data to build advertising profiles.
• Order & Checkout Data — When you place an order, payment and shipping details are handled by Shopify on our behalf. We receive order line items, shipping address, and customer contact details so we can fulfil the order.

Use of Cookies

We use two categories of cookies:

• Essential cookies — required for authentication, session management, and remembering your cart. These are always active because the site cannot function without them.
• Analytics cookies — set by Google Analytics (_ga, _ga_*) only after you accept them via the cookie banner. They let us understand which pages and products are most useful to visitors. You can withdraw consent at any time by clearing site data in your browser.

We do not use advertising cookies and we do not share your data with ad networks.

Data Storage

Your data is stored securely using Supabase, hosted in the EU region. All data is encrypted in transit (TLS) and at rest. We follow industry best practices for database security, access control, and backup procedures.

Third-Party Services

We use a limited number of third-party services to operate the platform:

• Cloudflare — For DNS, CDN, and DDoS protection. Cloudflare may process your IP address and request metadata to provide these services.
• Supabase — Our database and authentication provider, hosted in the EU region. Account, ticket, and order data is stored here.
• Shopify — Processes checkout, payment, and fulfilment for orders. Payment card details are handled by Shopify directly; we never see or store your card information.
• Google Analytics (GA4) — Aggregated site analytics with IP anonymization. Only active after you accept analytics cookies via the banner. Google processes this data in the United States; the transfer relies on the EU-US Data Privacy Framework adequacy decision, and Google is DPF-certified. You can withdraw consent at any time via the "Cookie Preferences" link in the footer.
• Resend — For transactional email delivery (password resets, ticket notifications). Your email address is shared with Resend solely for the purpose of delivering these messages.

We do not sell, trade, or otherwise transfer your personal information to any other third parties.

Your Rights

You have the right to:

• Access your personal data — request a copy of all data we hold about you.
• Delete your account and all associated data.
• Export your data in a portable, machine-readable format.
• Rectify any inaccurate personal data we hold about you.
• Object to the processing of your personal data in certain circumstances.

How Long We Keep Your Data

• Account information — retained for as long as your account is active. If you request account deletion, we remove personal data within 30 days, except where longer retention is required by law (see below).
• Support tickets — retained for up to 3 years after the ticket is closed, so we can reference past issues if you contact us again.
• Orders and invoices — retained for 6 years after the order date. This is required by UK and EU tax and accounting legislation.
• Analytics data — Google Analytics data is retained for 14 months before automatic deletion.
• Email logs — transactional-email delivery logs (kept by Resend) are retained for 30 days.

International Data Transfers

Most of your data is stored and processed in the European Union (Supabase, Cloudflare EU edges, Resend). Some third-party services may process data in the United States:

• Google Analytics — Google LLC processes analytics data in the US under the EU-US Data Privacy Framework adequacy decision (Google is DPF-certified).
• Cloudflare — request routing may touch Cloudflare's global edge network; transfers outside the EEA are covered by Cloudflare's Standard Contractual Clauses.

GDPR Compliance

Isla Electronics is committed to compliance with the General Data Protection Regulation (GDPR). We process personal data only with a lawful basis, minimize the data we collect, and ensure your rights as a data subject are fully respected. Our data is stored in the EU region, and we maintain appropriate technical and organizational measures to protect your information.

Data Requests

To exercise any of your rights, or if you have questions about this Privacy Policy, please contact us at [email protected]. We will respond to all data requests within 30 days.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.