Privacy Policy

Privacy Policy

This Privacy Policy explains what personal data Blaster Source ("Blaster Source", "we") collects, how we use it, and what your rights are. We follow the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA) where they apply, plus applicable data-protection law of the People's Republic of China.

1. Who we are

  • Controller: Blaster Source (registered in the People's Republic of China). Current registered address available on request — email privacy@blastersource.com.
  • Data Protection contact: privacy@blastersource.com

2. What we collect

You give us:

  • Name, email, phone (optional), shipping and billing address.
  • Order history and items you've bought.
  • Account login (if you create one).
  • Customer-support messages and review content.

We collect automatically:

  • Device and browser info, IP address (truncated where possible).
  • Pages viewed, actions on the Site, referring source.
  • Cookie/identifier data — see Cookies below.

From third parties:

  • Payment confirmation tokens from our payment processor (we do not store full card numbers).
  • Fraud and risk signals from our payment and platform providers.
  • Marketing analytics aggregates.

3. How we use it

  • Take and fulfill orders, including shipping and returns.
  • Process payments, prevent fraud, and meet tax and accounting obligations.
  • Answer your support questions.
  • Send order updates (transactional — you can't opt out of these while an order is active).
  • Send marketing emails only if you opt in, with an unsubscribe link in every email.
  • Improve the Site — what's working, what isn't, what crashes.
  • Comply with law and protect our rights.

4. Legal bases (GDPR / UK GDPR users)

  • Contract — to fulfill orders.
  • Legal obligation — tax, accounting, fraud reporting.
  • Legitimate interests — Site security, basic analytics, fraud prevention.
  • Consent — marketing email and non-essential cookies. You can withdraw consent any time.

5. Who we share data with

We share the minimum data needed with:

  • Shopify — store platform.
  • Payment processors — Shop Pay (Shopify Payments).
  • Shipping carriers — DHL Express (international tracked) and regional last-mile partners as needed. We share name, address, phone, and email to deliver your order.
  • Email and SMS providers — the email / SMS service providers we use to send order updates and (with consent) marketing.
  • Analytics — Shopify Analytics + Google Analytics 4 (GA4). We use anonymized/aggregated data wherever possible.
  • Professional advisors and authorities — when legally required.

We do not sell your personal information. We do not share it for cross-context behavioral advertising without your consent.

6. International transfers

We operate from China and ship worldwide, so your data may be transferred to and stored in countries other than yours. Where data leaves China, the EU/UK, or your home region, we rely on appropriate safeguards (e.g. Standard Contractual Clauses, adequacy decisions, or equivalent processor commitments under applicable law).

7. Data retention

  • Order records: 7 years for tax and accounting compliance under applicable tax-record-keeping law.
  • Account data: until you ask us to delete it, or after 3 years of inactivity.
  • Marketing data: until you unsubscribe, plus a short suppression record so we don't email you again.
  • Support tickets: 2 years after the case is closed.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete data (subject to legal retention obligations).
  • Object to or restrict certain processing.
  • Withdraw consent (e.g. marketing).
  • Data portability.
  • Lodge a complaint with your data protection authority in your jurisdiction.

To exercise a right, email privacy@blastersource.com. We verify your identity and respond within the timeframe required by law (typically up to 30 days).

9. Cookies and similar technologies

  • Essential cookies — keep the cart and login working. You can't opt out without breaking the Site.
  • Analytics cookies — help us understand traffic and improve the Site. Drop on consent where required.
  • Marketing cookies — only if you consent.

We show a cookie banner where required by your region's law.

10. Children

The Site is not directed to children under 13 (or the higher minimum age that applies in your country — e.g. 16 across most of the EU under GDPR). We don't knowingly collect personal data from children. If you believe a child has given us data, email us and we'll delete it.

11. Security

We use industry-standard technical and organizational measures to protect your data. No system is 100% secure — if a breach affects you, we notify you and the relevant authority as required by law.

12. Changes to this policy

We may update this policy. The version posted on the Site at any time is the active one. The last-updated date sits below; for material changes, we give advance notice where required.

13. Contact

Email privacy@blastersource.com for any privacy question or request.

_Last updated: set automatically at publish time._