Privacy Policy

Last updated: 28 June 2026

This Privacy Policy explains how Duckpawl (“Duckpawl”, “we”, “us”, or “our”) collects, uses, shares, and protects your personal information when you visit duckpawl.com (the “Site”) or place an order with us. We’ve written it to match what our Site actually does — we sell a single product (an interactive treat dispenser for pets) and we try to collect as little about you as possible.

Who we are

Duckpawl is a small online store based in Austin, Texas, USA. For any privacy question or request, contact us at hello@duckpawl.com. For data-protection purposes, Duckpawl is the controller of the personal information described here.

Information we collect, and where

  • Orders & checkout. When you buy something, we collect your first and last name, email address, billing address, shipping address, and (optionally) your phone number, along with the details of what you ordered. You check out as a guest — we do not offer customer accounts, so we don’t ask you to create a username or password.
  • Payment information. Card payments are handled by Stripe. Your card number is entered into Stripe’s secure fields and tokenized by Stripe — we never see or store your full card details on our servers. Stripe shares back only what we need to recognize the payment (such as the card brand, last four digits, and authorization result).
  • Comments. If you leave a comment on the Site, we collect the information in the comment form (your name and email, and an optional website), the comment itself, and your IP address and browser user-agent to help detect spam. A one-way hashed version of your email address may be sent to the Gravatar service to display an avatar.
  • Analytics. With your consent, we use Google Analytics 4 to understand how visitors use the Site, including pages viewed and shopping actions (viewing the product, adding to cart, starting checkout, and completing a purchase). See Cookies & analytics below.
  • Server logs. Like most websites, our hosting keeps standard technical logs (IP address, browser/user-agent, and timestamps) to keep the Site secure and running.

Cookies & analytics

We use Google Analytics 4 (GA4) together with Google Consent Mode v2. Analytics is switched off by default. When you first visit, a cookie banner asks whether you accept analytics cookies:

  • If you Decline (or ignore the banner), no analytics cookies are stored on your device. Google’s tools may still receive an anonymous, cookieless signal that a page was viewed, but it is not used to identify you or build a profile.
  • If you Accept, GA4 sets analytics cookies (named like _ga and _ga_<id>, which typically last up to ~13 months) to tell repeat visits apart and measure how the store is used.

We remember your banner choice in a first-party cookie called dp_consent (about 12 months) so we don’t ask again on every visit. We do not use Google Ads or any advertising/remarketing features — advertising signals stay turned off.

Our store’s built-in WooCommerce analytics (sales totals and product stats) are calculated from order data in our own database and are not shared with third parties.

The Site loads web fonts (Inter and Poppins) from Google Fonts. When your browser fetches these fonts, your IP address is necessarily shared with Google to deliver them.

Your choices. You can change your mind at any time using the Cookie settings link in the footer (or by visiting /?dp-consent=reset), by clearing cookies in your browser, or by using your browser’s privacy controls. You can also install Google’s Google Analytics Opt-out Browser Add-on. For more on how Google handles data, see Google’s Privacy Policy and how Google uses information from sites that use its services.

How we use your information

  • To process, fulfil, and ship your order, and to send order confirmations and shipping/tracking updates.
  • To provide customer support and to handle returns and refunds (we offer free US shipping and a 21-day returns window).
  • To take payment and help prevent fraudulent transactions (via Stripe).
  • To keep the Site secure, available, and working correctly.
  • To understand how the Site is used and improve it — only if you accept analytics cookies.
  • To meet our legal, tax, and accounting obligations.

Legal bases for processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to process and deliver the order you place.
  • Legal obligation — to keep tax and accounting records.
  • Legitimate interests — to secure the Site, prevent fraud, and operate our business, balanced against your rights.
  • Consent — for analytics cookies and Google Analytics, which you can withdraw at any time.

Who we share your information with

We share personal information only with the service providers needed to run the store, and only as much as they need:

  • Stripe — payment processing. See Stripe’s Privacy Policy.
  • Google — Google Analytics 4 (analytics events, only with your consent) and Google Fonts (font delivery).
  • Automattic / Gravatar — a hashed email to show comment avatars, if you comment. See Automattic’s Privacy Policy.
  • Shipping & fulfilment partners — our warehouse and the carrier that delivers your order receive your name and shipping address.
  • Hosting & infrastructure providers — the companies that host and operate the Site on our behalf.

We may also disclose information if required by law, or to protect our rights, safety, or property. We do not sell or rent your personal information, and we do not share it for cross-context behavioral advertising.

International data transfers

We are based in the United States, and some of our providers (such as Google and Stripe) operate globally. Where personal information is transferred outside your country, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses or the providers’ own approved transfer frameworks.

How long we keep your information

  • Orders are retained for as long as needed to provide the product and support, and to meet legal, tax, and accounting requirements.
  • Analytics data is retained according to our Google Analytics settings (currently up to 14 months).
  • Cookies expire on their own — the dp_consent choice cookie after about 12 months, and Google’s _ga cookies after up to ~13 months.
  • Comments and their metadata are kept until you ask us to remove them.

Security

We use reasonable technical and organizational measures to protect your information, our live site is served over HTTPS, and card data is handled by Stripe, a PCI-DSS Level 1 certified provider, rather than stored by us. No method of transmission or storage is ever 100% secure, but we work to protect your information and to limit what we collect.

Children’s privacy

The Site is intended for adults and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact us and we will delete it.

Your rights (EEA/UK — GDPR)

If you are in the EEA or UK, you have the right to:

  • access the personal information we hold about you;
  • have inaccurate information corrected;
  • have your information erased;
  • restrict or object to certain processing (including processing based on legitimate interests);
  • receive your information in a portable format;
  • withdraw consent to analytics at any time; and
  • lodge a complaint with your local data-protection supervisory authority.

Your rights (California — CCPA/CPRA)

If you are a California resident, you have the right to know/access the personal information we collect, to request deletion, to request correction, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA, so there is nothing to opt out of. You also have the right not to be discriminated against for exercising your rights. The categories of personal information we collect are: identifiers (such as name and email), commercial information (your orders), internet activity (analytics, only with consent), and approximate geolocation (the region of your shipping address). We do not sell sensitive personal information.

How to exercise your rights

Email us at hello@duckpawl.com and tell us what you’d like to do. We may need to verify your identity (for example, by confirming the email address used on an order) before we act, and we’ll respond within the timeframe required by law. You may use an authorized agent where the law allows.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we’ll revise the “Last updated” date at the top, and any material changes will be reflected on this page.

Contact us

Questions about this policy or your information? Email hello@duckpawl.com — we’re a small, friendly team and we’re happy to help.

Scroll to Top