Privacy Policy

This policy explains how Yarnmuffin (“Yarnmuffin”, “we”, “us”) collects, uses, and protects your personal information. It applies to yarnmuffin.com and any related services.

Yarnmuffin is operated by Sue-ann Lim trading as Yarnmuffin, [ABN: XX XXX XXX XXX], based in [Business address — suburb/state/postcode only].

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

What we collect

When you shop with us, we collect:

  • Order details: name, billing and shipping address, email, phone number, and the items you ordered.
  • Payment information: processed directly by Stripe or PayPal. We don’t see or store your card numbers. We do see the last 4 digits of the card and the transaction reference, for refund and accounting purposes.
  • Account information (if you create an account): username, password (hashed), order history.
  • Communications: emails or messages you send us, including the content.
  • Website analytics: anonymous data about pages visited, time on site, browser type, country. We use this to improve the site, not to identify you personally.

How we use it

Your information is used only for:

  • Processing and shipping your orders.
  • Sending order confirmations, shipping notifications, and customer service replies.
  • Issuing refunds when needed.
  • Improving the website and product range.
  • If you’ve opted in: sending occasional newsletters about new yarn drops and sales. You can unsubscribe at any time.

Who we share it with

We share the minimum information required, only with these third parties:

  • Stripe and PayPal: payment processors. Your card or PayPal details go directly to them, not through us. Their privacy policies apply: stripe.com/privacy and paypal.com/au/legalhub/privacy-full.
  • Australia Post: shipping address only, to deliver your parcel.
  • Brevo: our transactional email provider. They send the order confirmations and shipping emails on our behalf. They access your email address only.
  • Hosting and infrastructure providers: DigitalOcean (server hosting), Cloudflare (DNS). They handle data in transit; they don’t access your order content.

We never sell, rent, or trade your personal information.

Where your data is stored

Your data is stored on servers located in Singapore (DigitalOcean SGP1 region). It’s encrypted in transit (HTTPS) and protected by industry-standard security on the server (firewall, automated security updates, daily backups, access logs).

Stripe stores payment data in the United States and European Union; PayPal stores in their own multi-region infrastructure. Both are PCI-DSS Level 1 certified (the highest security tier in payment card processing).

How long we keep it

  • Order records: 7 years (Australian Taxation Office requirement for business records).
  • Account data: for as long as your account exists. Delete your account by emailing us and we’ll delete it within 30 days (except for what we must retain for tax purposes — see above).
  • Email subscribers: until you unsubscribe or request deletion.
  • Customer service emails: 12 months from the last message.

Your rights

Under Australian privacy law, you can:

  • Ask what personal information we hold about you.
  • Ask us to correct it if it’s wrong.
  • Ask us to delete it (subject to our tax retention obligations).
  • Ask us to stop sending you marketing emails (one click in any email; or email us).

Email hello@yarnmuffin.com with the subject “Privacy request” and we’ll respond within 14 days.

Cookies

Yarnmuffin uses essential cookies to keep your cart contents and login session working. We don’t use advertising cookies or third-party tracking. Your browser settings can block cookies, but checkout won’t work without the session cookie.

Children

Yarnmuffin is intended for adult customers. We don’t knowingly collect personal information from anyone under 13. If you believe we have, please email us and we’ll delete it.

Changes to this policy

We may update this policy occasionally. Material changes (anything affecting how we use or share your data) will be notified on the website. The “last updated” date below shows the most recent version.

Complaints

If you’re unhappy with how we’ve handled your information, email hello@yarnmuffin.com first — we’ll work with you to fix it. If we can’t resolve it, you can complain to the Office of the Australian Information Commissioner: oaic.gov.au

Last updated: 16 May 2026.