Privacy Policy

Privacy Policy

Sassy Saints B.V.

Effective Date: 07/04/2026 | Last Updated: 07/04/2026


I. Introduction

This Privacy Policy describes how Sassy Saints B.V., registered with the Dutch Chamber of Commerce (KvK) under number 78771307, with an address at Keizersgracht 62, 1015 CS, Amsterdam, the Netherlands ("Sassy Saints", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use, or make a purchase through www.sassysaints.com and any other websites, mobile sites, services, applications, and platforms operated by Sassy Saints (collectively, the "Sites" or "Services"). We process personal data in accordance with the General Data Protection Regulation ("GDPR") and other applicable privacy legislation.


Sassy Saints is powered by Shopify, which enables us to provide the Services to you. If there is a conflict between our Terms of Use and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.


Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.


II. Personal Information We Collect

When we use the term "personal information", we refer to information that identifies or can reasonably be linked to you. Personal information does not include anonymised or de-identified information. Depending on how you interact with the Services, we may collect the following categories of personal information:


A. Information You Provide Directly

  • Account Information. When you register for an account, we collect your name, email address, password, account preferences (such as preferred language), and any other information you provide when setting up your account.

  • Purchases and Orders. When you place an order, we collect your name, email address, shipping address, billing address, and phone number. We also collect transaction details including product details, purchase price, quantity, and transaction date. Payment card information is collected directly by our third-party payment processor (Shopify Payments) and is never stored by us. If you choose to save your payment details for future purchases, those details are stored solely by the payment processor.

  • Inquiries and Customer Support. When you contact us or our customer support team, we collect your name, email address, phone number, and any information you include in your communication. Please note that some customer support interactions may be handled or assisted by AI-powered tools (see Section VI for more details).

  • Reviews. When you submit a product review, we collect your name, email address, any photos you submit, and metadata associated with your review.

  • Marketing Communications. When you sign up to receive news, offers, or alerts from us via email or SMS/text message, we collect your email address and/or phone number, along with your communication preferences.

  • Promotions and Surveys. If you participate in a promotion, sweepstakes, or survey, we collect the information required to participate, such as your name, email address, and any responses you provide.


B. Information Collected Automatically

When you access or use the Services, we and our third-party partners automatically collect certain information, including:


  • Device and Technical Information. Browser type and version, device type, operating system, IP address, cookie identifiers, unique device identifiers, and screen resolution.

  • Usage Information. Pages visited, time spent on pages, referring URLs, search terms used on the Sites, scroll depth, and interaction patterns.

  • Shopping Behaviour. Products you view, items added to your cart or wishlist, items purchased, returned, or cancelled, cart abandonment events, and past transaction history.

  • Location Information. General location information derived from your IP address.

  • Tracking Technologies. We use cookies, pixels, web beacons, and similar technologies to collect information about your interactions with the Services and with third-party advertising platforms. This includes data collected through Meta Pixel, Google Ads tags, TikTok Pixel, Pinterest Pixel. For full details, please refer to our Cookie Policy: https://www.sassysaints.com/pages/cookie-policy

Please note that cart abandonment data may be used to send you reminder communications. If you are a registered user, we will add automatically collected information to your user profile over time.


C. Information from Third-Party Sources

We may receive personal information about you from the following third-party sources:


  • Social Media Platforms. If you access the Services through a social media account or interact with our social media pages, we may receive information such as your name, email address, and profile picture. Please note that this Privacy Policy does not apply to third-party social media platforms.

  • Advertising and Analytics Partners. We may receive information from our advertising and analytics partners to help us measure campaign performance and understand our customer base.

  • Business Partners and Data Providers. We may occasionally receive information from business partners and data providers and combine this with information we already hold about you.


D. Financial Information

Financial information including credit card, debit card, and financial account numbers, payment card information, transaction details, form of payment, and payment confirmation are processed exclusively by our third-party payment processors. We do not store raw payment card data on our systems.


III. How We Use Your Personal Information

We use your personal information for the following purposes. Where required by law, the lawful basis for each processing activity is indicated in brackets:


  • Order Fulfillment. To process and ship your orders, inform you of order status, facilitate returns and exchanges, and follow up on your satisfaction. [Lawful basis: Performance of contract]

  • Account Management. To create and maintain your account, verify your identity, administer account-related programmes, and provide customer support. [Lawful basis: Performance of contract]

  • Payment Processing. To process payments securely through our third-party payment processors. [Lawful basis: Performance of contract]

  • Shipping and Logistics. To arrange delivery of your orders through our fulfilment partners. [Lawful basis: Performance of contract]

  • Email Marketing. To send you marketing communications about our products, offers, and promotions via email. For existing customers, this is based on our legitimate interest in marketing similar products. For new subscribers, this requires your consent. You may opt out at any time. [Lawful basis: Legitimate interest (existing customers) / Consent (new subscribers)]

  • SMS Marketing. To send you promotional and personalised marketing text messages (SMS/MMS) including cart reminders and special offers, where you have opted in. Consent is not a condition of purchase. [Lawful basis: Consent]

  • Personalisation and Recommendations. To personalise your browsing experience, remember your preferences, and recommend products based on your activity. [Lawful basis: Legitimate interest]

  • Analytics and Site Improvement. To monitor and analyse usage trends and improve the performance and content of the Services. [Lawful basis: Legitimate interest]

  • Targeted Advertising. To show you relevant advertisements on third-party platforms such as Meta, Google, TikTok, and Pinterest, based on your activity on the Services. [Lawful basis: Consent (for non-essential tracking cookies and pixels)]

  • Fraud Detection and Security. To detect, investigate, and prevent fraudulent or illegal activity, protect our customers, and secure our platform. [Lawful basis: Legitimate interest]

  • Customer Service. To respond to your enquiries, resolve complaints, and provide support. Some support interactions may be handled or assisted by AI tools. [Lawful basis: Legitimate interest / Performance of contract]

  • Surveys and Feedback. To conduct customer surveys and gather feedback to improve our products and services. [Lawful basis: Legitimate interest / Consent]

  • Legal and Compliance Purposes. To comply with applicable laws, respond to legal process, enforce our Terms of Use, and protect our legal rights. [Lawful basis: Legal obligation / Legitimate interest]

  • Financial Record Keeping. To maintain accurate financial and tax records as required by Dutch law (7-year retention requirement). [Lawful basis: Legal obligation]

  • Corporate Transactions. In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the relevant successor entity. [Lawful basis: Legitimate interest]


IV. Relationship with Shopify

The Services are hosted and powered by Shopify Inc. ("Shopify"), which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services. Information you submit through the Services will be transmitted to and shared with Shopify, as well as with third parties that may be located in countries other than where you reside.


Shopify acts as a data processor on our behalf for the purposes of operating the Services, and as an independent data controller for certain purposes related to its own platform. To learn more about how Shopify uses your personal information and to exercise any rights you may have in connection with Shopify's processing, please visit the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy and the Shopify Privacy Portal at https://privacy.shopify.com/en.


V. How We Share Your Personal Information

We will not sell your personal information to third parties. We may share your personal information in the following circumstances:


A. E-Commerce Platform

  • Shopify. Our store is hosted on Shopify, which has access to all data necessary to operate the Services including order data, customer data, and payment data.


B. Payment Processing

  • Shopify Payments and other payment processors. We share financial information with our payment processors solely to process your transactions. These processors are PCI-DSS compliant and do not use your payment data for any other purpose.


C. Email Marketing and On-Site Personalisation

  • Klaviyo. We share your name, email address, and purchase history with Klaviyo to send you marketing emails and personalised communications.

  • OptiMonk. We use OptiMonk for on-site personalisation and pop-up campaigns. OptiMonk may access browsing behaviour and email data to personalise your experience.


D. SMS Marketing

  • SMSBump (by Yotpo). We use SMSBump to send SMS/MMS marketing messages to customers who have opted in. SMSBump processes your phone number and purchase data to deliver and personalise text messages. SMSBump is the operator of our SMS messaging platform for TCPA compliance purposes.


E. Customer Support and AI-Assisted Communications

Some customer support interactions are handled or assisted by AI-powered tools. When you contact our customer support, your message and associated account data may be processed by one or more of the following:

  • Gorgias. Our primary customer support helpdesk, which processes your name, email, order history, and communications.

  • Minimal AI. An AI-powered tool that assists with customer support responses. Your communications and relevant account data may be processed by this tool.

  • Brandwise AI. An AI-powered tool used to assist with customer support and brand communications. Your communications and account data may be processed by this tool.


You are informed in the footer of AI-assisted communications that you are interacting with an AI tool. You have the right to request escalation to a human agent at any time by contacting us at wegotyou@sassysaints.com.


F. Reviews

  • Judge.me. We use Judge.me to collect and display product reviews. Your name, email address, and order information are shared with Judge.me to invite and verify reviews.


G. Analytics and Attribution

  • Triple Whale. We use Triple Whale for e-commerce analytics and attribution. Triple Whale processes order data, customer data, and marketing attribution data.

  • Google Analytics. We use Google Analytics to understand how visitors interact with our Sites. Google Analytics collects browsing behaviour, device information, and usage data. Google acts as an independent data controller for certain analytics purposes.


H. Advertising and Retargeting

We use the following advertising platforms to show you relevant advertisements. These platforms act as independent data controllers and collect data through pixels and cookies on our Sites:

  • Meta (Facebook and Instagram). We use Meta Pixel and Meta's advertising tools to show you targeted ads on Facebook and Instagram based on your activity on our Sites and other websites.

  • Google Ads. We use Google Ads to show you targeted advertisements across Google's advertising network.

  • TikTok. We use TikTok Pixel to show you targeted advertisements on TikTok.

  • Pinterest. We use Pinterest Pixel to show you targeted advertisements on Pinterest.


Each of these platforms has its own privacy policy governing their use of your data. Depending on where you reside, you may have the right to opt out of this data sharing for targeted advertising purposes. See Section X for more information on your rights.


I. Subscription Management

  • SKIO. We use SKIO to manage subscription orders and recurring billing. SKIO processes your name, email address, payment information, and subscription preferences.


J. Shipping, Fulfilment, and Order Tracking

To fulfil and deliver your orders, we share your name, shipping address, and order details with our fulfilment and logistics partners:

  • Portless. Order fulfilment partner responsible for picking, packing, and shipping your orders.

  • Monta. Order fulfilment partner responsible for picking, packing, and shipping your orders.

  • Pipe17. Order management and integration platform that routes order data between our systems and fulfilment partners.

  • Huboo. Logistics integration platform used for order data management.

  • Aftership. Order tracking platform. Your name, email address, and order details are shared with Aftership to provide you with shipping tracking updates.


K. Surveys

  • Zigpoll. We use Zigpoll to conduct customer surveys. If you participate in a survey, your responses and associated email address may be processed by Zigpoll.


L. Other Sharing

  • Professional Advisors. We may share your information with our legal, financial, and other professional advisors where necessary to protect and manage our business interests.

  • Law Enforcement and Legal Process. We may disclose your information when required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

  • Business Transfers. In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred to the relevant successor entity. Users will be notified of any such transfer.


VI. Automated Processing and AI Tools

We use AI-powered tools to assist with certain business operations, including customer support. Specifically:


  • Minimal AI and Brandwise AI assist our customer support team in drafting and responding to customer communications. These tools process the content of your messages and relevant account data.

  • When you receive a communication assisted by AI, this is disclosed in the footer of the message.

  • These AI tools do not make legally significant automated decisions about you. They assist human agents who retain oversight of all customer interactions.

  • You have the right to request that your query be handled by a human agent by contacting us directly at wegotyou@sassysaints.com.


We do not use automated decision-making systems that produce legal or similarly significant effects on you without human oversight.


VII. How We Protect Your Information

The Sites use Secure Socket Layer (SSL) / TLS encryption software to protect your information when you interact with the Services. Only employees, contractors, and agents of Sassy Saints may access user information on a need-to-know basis and only for the purposes set forth in this Privacy Policy.


We apply appropriate technical and organisational measures to ensure the confidentiality and security of your data, and we require our service providers and data processors to maintain equivalent levels of protection. Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the security of data transmitted over the Internet. You assume the risk of any such transfer.


VIII. How Long We Retain Your Information

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. The criteria we use to determine how long we keep your data include:


  • The purpose for which the data was collected. We keep data only as long as needed to serve the purpose it was collected for. For example, account data is retained for as long as your account is active and for a reasonable period thereafter to allow you to reactivate it or resolve any outstanding matters.

  • Legal obligations. Some data must be kept for a minimum period required by law. In particular, financial and order records are retained for 7 years as required by Dutch tax law (Belastingdienst). We may also be required to retain certain data by other applicable laws or regulatory obligations.

  • Your consent. Where we rely on consent as the basis for processing, we retain data until you withdraw your consent. For example, marketing data such as your email address or phone number is retained until you opt out or withdraw consent, after which we will suppress your details from future communications.

  • Disputes and legal claims. Where data is relevant to an actual or potential legal dispute, complaint, or regulatory investigation, we may retain it for as long as necessary to establish, exercise, or defend legal claims.


When we are no longer required to retain your personal information, we will securely delete, destroy, or de-identify it. You may request deletion of your personal information at any time by contacting us at wegotyou@sassysaints.com, subject to our legal obligations to retain certain data.


IX. International Transfers of Personal Information

As a Shopify-powered store, your personal information may be transferred to and processed in countries outside the European Economic Area (EEA) or the United Kingdom, including the United States and Canada where Shopify's infrastructure is primarily located. Some of our other service providers are also located outside the EEA, including:


  • Portless. Order fulfilment partner responsible for picking, packing, and shipping your orders.

  • Klaviyo, Triple Whale, SMSBump, Aftership, and others — US-based providers


Where we or our processors transfer your personal information out of the EEA or UK, we rely on recognised transfer mechanisms, including the European Commission's Standard Contractual Clauses (SCCs), or any equivalent contracts issued by the relevant competent authority of the UK, unless the transfer is to a country that has been determined to provide an adequate level of data protection.


X. Your Rights and Choices

Depending on where you live, you may have some or all of the following rights in relation to your personal information. These rights are not absolute and may apply only in certain circumstances:


  • Right to Access / Know. You may request access to the personal information we hold about you.

  • Right to Delete. You may request that we delete personal information we maintain about you.

  • Right to Correct. You may request that we correct inaccurate personal information.

  • Right of Portability. You may request a copy of your personal information in a structured, machine-readable format.

  • Right to Opt Out of Sale or Sharing for Targeted Advertising. Depending on where you reside, you may have the right to opt out of the sharing of your personal information for targeted advertising purposes. You may exercise this right by contacting us at wegotyou@sassysaints.com or by enabling the Global Privacy Control (GPC) signal in your browser.

  • Managing Email Communications. You may unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link in any of our emails or by contacting us at wegotyou@sassysaints.com. You will continue to receive transactional emails related to your orders and account.

  • Managing SMS Communications. To stop receiving SMS marketing messages, reply STOP to any text message from us. You will receive a one-time confirmation of your opt-out. You will continue to receive transactional messages related to your orders.


We will not discriminate against you for exercising any of these rights. To submit a request, please contact us using the details in Section XVIII. We may need to verify your identity before processing your request.


Global Privacy Control

If you visit the Sites with the Global Privacy Control (GPC) opt-out preference signal enabled, we will treat this as a request to opt out of data sharing for targeted advertising for the device and browser you are using. Where we are able to associate the device with a Sassy Saints account, we will apply the opt-out to your account as well. To learn more about GPC, visit https://globalprivacycontrol.org/. Other than GPC, we do not currently recognise other Do Not Track signals, as no uniform industry standard has been adopted.


Authorized Agents

Where permitted by applicable law, you may designate an authorised agent to submit privacy rights requests on your behalf. We will require proof of authorisation before acting on any such request, and may require you to verify your identity directly with us.


XI. GDPR Rights for EEA and UK Residents

If you reside in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) or equivalent legislation applies to our processing of your personal information. Sassy Saints B.V., Keizersgracht 62, 1015 CS, Amsterdam, the Netherlands, is the data controller of your personal information.


In addition to the rights described in Section X, you also have the following rights under GDPR:


  • Right to Object to Processing. You may object to our processing of your personal information where we rely on legitimate interests as the lawful basis, including for direct marketing purposes.

  • Right to Restrict Processing. You may request that we restrict the processing of your personal information in certain circumstances.

  • Right to Withdraw Consent. Where we rely on consent as the lawful basis for processing, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

  • Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority. As a Dutch-established company, our lead supervisory authority is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority), reachable at https://www.autoriteitpersoonsgegevens.nl. You may also contact the data protection authority in your own country of residence.


To learn more about how Shopify uses your personal information and any rights you may have related to data processed by Shopify, visit https://privacy.shopify.com/en.


XII. Rights of California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, correct, and opt out of the sale or sharing of your personal information. To exercise these rights, please contact us at wegotyou@sassysaints.com. We will not discriminate against you for exercising your rights.


As of the effective date of this Privacy Policy, we do not have actual knowledge that we sell or share the personal information of individuals under 16 years of age.


For a dedicated California Privacy Policy, please visit: https://www.sassysaints.com/pages/california-privacy-policy


XIII. Cookies and Tracking Technologies

The Sites use cookies, pixels, web beacons, and similar tracking technologies to collect information about your interactions with the Services and with third-party advertising platforms. Non-essential cookies and tracking technologies — including advertising pixels such as Meta Pixel, Google Ads, TikTok Pixel, and Pinterest Pixel — are only activated after you have provided your consent through our cookie consent mechanism.


For full details of the cookies and tracking technologies we use, how to manage your preferences, and how to withdraw consent, please refer to our Cookie Policy: https://www.sassysaints.com/pages/cookie-policy.


XIV. Children's Data

The Services are not intended for use by children. We do not knowingly collect personal information from individuals under the age of 16. If you are a parent or guardian and believe your child has provided us with their personal information, please contact us at wegotyou@sassysaints.com and we will delete the information as soon as reasonably practicable.


XV. Links to Third-Party Sites

The Sites may contain links to third-party websites. We do not operate, control, monitor, endorse, or guarantee those third-party websites. This Privacy Policy does not apply to the collection and use of information by such third-party websites. We suggest that you carefully read the privacy policy of all third-party websites you visit. We provide links to third-party websites only for the convenience of our users and it is not a recommendation to access such third-party websites.


XVI. Complaints

If you have complaints about how we process your personal information, please contact us using the details in Section XVIII. We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.


If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For EEA residents, our lead supervisory authority is the Autoriteit Persoonsgegevens (https://www.autoriteitpersoonsgegevens.nl). A full list of EEA supervisory authorities can be found at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.


XVII. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated Privacy Policy on this page and update the "Last Updated" date. Where changes are material, we will provide notice as required by applicable law — for example by email or a prominent notice on the Sites — before the changes take effect.


XVIII. Contact Information

If you have any questions or comments about this Privacy Policy, wish to exercise any of your rights, or have a complaint about our privacy practices, please contact us:


  • Email: wegotyou@sassysaints.com

  • Address: Sassy Saints B.V., Keizersgracht 62, 1015 CS, Amsterdam, the Netherlands


For the purpose of applicable data protection laws, Sassy Saints B.V. is the data controller of your personal information.