Privacy Policy

Effective Date: April 30, 2026 Last Updated: April 30, 2026

KITTY CAT HABITAT ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit or purchase from kittycathabitat.ca (the "Site") or otherwise interact with us.

We comply with applicable privacy laws, including Canada's PIPEDA and British Columbia's PIPA, the EU/EEA GDPR, the UK GDPR, Japan's APPI, and applicable U.S. state privacy laws. If any part of this Privacy Policy conflicts with mandatory rights under your local law, your mandatory rights prevail.

1. Personal information we collect

We collect personal information in three ways:

A. Information you provide directly

When you place an order, create an account, subscribe, or contact us, we may collect:

  • Identifiers and contact details such as name, email, phone number, shipping and billing addresses.
  • Order details such as items purchased, order history, and notes/messages you send us.
  • Account information such as username, password, and preferences (if you create an account).
  • Communications such as emails or messages, reviews, or feedback.

Payment information is processed by Shopify Payments, PayPal, or other processors. We do not store full card numbers; payment processors handle that securely.

B. Information collected automatically

When you browse the Site, we may collect:

  • Device data such as IP address, browser type, device identifiers, and operating system.
  • Usage data such as pages viewed, products viewed, cart activity, referral sources, approximate location (based on IP), and interactions with the Site.
  • Cookie and similar technology data as described in Section 6.

C. Information from third parties

We may receive information from Shopify (store services, analytics, and Enhanced Services as described in Section 4a), payment processors (payment status confirmations), shipping carriers (delivery updates), and advertising/analytics partners (campaign performance and audience metrics).

2. How we use personal information

We use your information to:

Provide and fulfill orders

  • Process payments and deliver purchases.
  • Send order confirmations, shipping updates, and service messages.
  • Provide customer support and administer defect claims per our policies.

Operate and improve our business

  • Maintain Site security, prevent fraud, and verify orders.
  • Analyze store performance and improve products and customer experience.
  • Maintain records for accounting, tax, and legal compliance.

Marketing (with appropriate consent)

  • Send newsletters or promotions if you opt in.
  • Show relevant ads or offers where enabled.
  • Measure marketing effectiveness.

You can unsubscribe from marketing emails any time using the link in the email or by contacting us.

3. Legal bases for processing (EU/UK customers)

If you are in the EU/EEA or UK, we process your personal data under these legal bases:

  • Contract, to fulfill your order or provide requested services.
  • Legitimate interests, to run and improve our business, prevent fraud, and secure our Site (balanced against your rights).
  • Consent, for optional marketing and certain cookies/trackers.
  • Legal obligation, for tax, consumer protection, and compliance duties.

4. How we share personal information

We share only what's necessary for the purposes above, with:

Service providers

  • Shopify (store hosting, checkout, analytics, fraud prevention, and Enhanced Services). Our store is hosted by Shopify Inc. Shopify collects and processes your personal information to operate the Site, and also pools certain data (such as purchase activity, device identifiers, and customer interaction data) with data from other Shopify merchants to provide Enhanced Services to us. Enhanced Services include improved product recommendations, ad targeting (Shopify Audiences), fraud detection, checkout optimization, and email marketing automation. No other merchant can see your individual data. To learn more, see Shopify's Consumer Privacy Policy at https://www.shopify.com/legal/privacy/customers. To opt out of Shopify's processing of your data for these Enhanced Services, visit Shopify's Privacy Portal at https://privacy.shopify.com.
  • Payment processors (Shopify Payments, PayPal, etc.).
  • Shipping carriers (Canada Post, USPS, FedEx, DHL, etc.).
  • Email/marketing tools used for newsletters or customer communications.
  • Analytics and advertising partners (such as Google Analytics, Meta Pixel, Pinterest Tag) where consent is given.

These providers are authorized to use your data only as needed to provide services to us, except as described in Section 4a regarding Shopify Network Intelligence.

Legal and compliance disclosures

We may disclose information if required by law, court order, or to protect rights, safety, or prevent fraud.

Business transfers

If we reorganize, sell, or merge the business, personal information may be transferred as part of that transaction, subject to confidentiality and law.

With your consent

We may share information for another purpose only if you specifically agree.

4a. Shopify Network Intelligence

Our store uses Shopify's Network Intelligence feature, which means Shopify securely combines our customer data with data from other Shopify merchants to provide us with Enhanced Services as described above. This pooling enables features such as improved ad targeting on platforms like Meta and Google, more relevant product recommendations, better fraud detection, and email marketing automation.

Under certain US state privacy laws (including California's CCPA/CPRA, Colorado's CPA, and similar laws), this pooling and the resulting use of your data may be considered a "sale" or "sharing" of personal information, or "targeted advertising." If you are a resident of an applicable US state, you may opt out of this sale or sharing using our Your Privacy Choices page at https://kittycathabitat.ca/pages/data-sharing-opt-out or by enabling the Global Privacy Control signal in your browser.

Customers in any jurisdiction may also opt out of Shopify's processing of their data for Enhanced Services directly through Shopify's Privacy Portal at https://privacy.shopify.com. When you opt out via our cookie banner, our data sharing opt-out page, or the Global Privacy Control signal, your data will not be used by Shopify Network Intelligence for advertising purposes.

5. Your rights and choices

Your rights depend on where you live. We honor all applicable rights.

Canada (PIPEDA / BC PIPA)

You may request access to your personal information, ask us to correct inaccuracies, and withdraw consent where processing is based on consent.

EU/EEA and UK (GDPR / UK GDPR)

You may have the right to access, correct, delete, restrict processing, object to processing, data portability, and withdraw consent (for consent-based processing). You can also lodge a complaint with your local data protection authority.

United States (state privacy laws, including California CPRA/CCPA, Colorado CPA, and others)

Where applicable, you may request access, correction, deletion, and information about certain disclosures. We do not sell your personal information for money. However, we do share certain identifiers (cookies, device IDs, purchase activity) with advertising partners and with Shopify for Enhanced Services as described in Section 4a. Under California, Colorado, and other applicable US state laws, this sharing may be considered a "sale" or "sharing" of personal information.

You may exercise your right to opt out of this sale or sharing by:

You may also opt out of Shopify's processing of your data for Enhanced Services by visiting Shopify's Privacy Portal at https://privacy.shopify.com.

Japan (APPI)

You may request disclosure of the personal information we hold about you, correction/cessation if inaccurate, and suspension of use or deletion where permitted by law.

To exercise any rights, email info@kittycathabitat.ca with your request and enough detail to verify your identity. We may need to confirm identity before responding.

6. Cookies and tracking technologies

We use cookies and similar storage and access technologies on our Site, including pixels, tags, local storage, and device identifiers. Some of these are strictly necessary for the Site to work; the rest are loaded only with your consent. This section describes what we use, why, and how you can control it.

6.1 Categories of cookies we use

Strictly necessary cookies. These are required for core Site functionality such as your shopping cart, checkout, account login, security, fraud prevention, and traffic routing. They are set by Shopify (which operates the Site platform) and by our payment processors. They cannot be turned off through our cookie banner because the Site will not function properly without them. You can still block or delete them through your browser, but parts of the Site (such as adding to cart and checkout) will not work if you do.

Analytics cookies. These help us understand how visitors use the Site so we can improve it. We use Google Analytics 4, which collects a pseudonymous device/browser identifier, your IP address, the pages you view, the time you spend on each page, and how you arrived at the Site, and transmits this data to Google in the United States. Analytics cookies are loaded only with your consent.

Marketing and advertising cookies. These measure marketing campaign performance and, where you consent, allow us to show you relevant ads on other sites. We use Meta Pixel and Pinterest Tag, which collect a unique browser/device identifier, your IP address, the pages you view, products you view or add to cart, and purchase events. This data is transmitted to Meta Platforms Inc. and Pinterest Inc. respectively, both in the United States. Marketing cookies are loaded only with your consent.

Preference cookies. These remember choices you have actively made, such as language and currency, and recently viewed products, so the Site behaves the way you expect on return visits. Where a preference cookie is strictly necessary to deliver a feature you have requested (for example, switching the Site to French after you click a language toggle), it is loaded without consent under the user-interface customisation exception. Other preference cookies are loaded only with your consent.

Most of our cookies are set in the first-party context (on our domain), but the data they collect is shared with the third parties named above.

6.2 Managing your consent

When you first visit the Site from the EEA, the UK, Switzerland, or Quebec, you will see a cookie banner with three options: Accept, Decline, and Manage preferences. The Manage preferences option opens a panel where you can accept or decline analytics, marketing, and personalization cookies independently and save your choices. No analytics or marketing cookies are set, and no related tags are loaded, until you have given consent.

You can change your choices at any time by clicking the Cookie settings link in the Site footer. If you withdraw consent, we stop loading the corresponding tags on subsequent page loads; previously set non-essential cookies are deleted on consent withdrawal where technically possible.

We honour the Global Privacy Control (GPC) browser signal as an opt-out of the sale or sharing of personal information. Where a browser sends a GPC signal, we will treat it as a withdrawal of consent for marketing cookies for that visit.

You can also block or delete cookies through your browser settings. Note that blocking strictly necessary cookies will prevent parts of the Site (including the cart and checkout) from working.

6.3 Retention

Cookie lifetimes range from the end of your browsing session up to two years. Most marketing cookies persist for 90 days to one year; analytics cookies persist for up to two years (typically capped to about 13 months by browser policy); strictly necessary cookies range from a few minutes to up to two weeks, or the lifetime of an active login. You can delete cookies manually at any time through your browser.

6.4 Lawful basis (EEA, UK, and Swiss customers)

Strictly necessary cookies are set without consent under the "strictly necessary" exception in Article 5(3) of the ePrivacy Directive and Regulation 6(4) of PECR. To the extent we then process personal data via these cookies, our GDPR/UK GDPR Article 6 lawful basis is performance of a contract with you (Article 6(1)(b)) and our legitimate interest in the security and integrity of the Site (Article 6(1)(f)).

Analytics, marketing, and non-exempt preference cookies are set on the basis of your consent, under Article 5(3) of the ePrivacy Directive and Article 6(1)(a) of the GDPR/UK GDPR. You can withdraw your consent at any time using the Cookie settings link in the Site footer; withdrawal does not affect the lawfulness of processing carried out before withdrawal.

6.5 International transfers

Google Analytics, Meta Pixel and Pinterest Tag transmit data to the United States. We rely on the EU–US Data Privacy Framework (and, for UK transfers, the UK Extension to the Framework), to which Google LLC, Meta Platforms Inc. and Pinterest Inc. are self-certified, as the transfer mechanism under Chapter V of the GDPR/UK GDPR. See our International Transfers section for further detail.

6.6 Canadian customers

For customers in Canada, we treat the GDPR-style opt-in framework above as the standard across all provinces. Quebec residents (covered by the Act respecting the protection of personal information in the private sector, as amended by Law 25, in force since September 2023) and customers elsewhere in Canada (covered by PIPEDA, BC PIPA, or the equivalent provincial statute) accordingly receive the same prior-consent banner, the same Cookie settings control, and the same right to withdraw consent at any time.

7. International data transfers

We are based in British Columbia, Canada, but we sell internationally. Your information may be stored or processed in Canada, the United States, or other countries where we or our providers (such as Shopify) operate.

For EU/UK customers, transfers are protected using recognized safeguards such as contractual protections required under GDPR/UK GDPR, including the EU–US Data Privacy Framework where applicable.

8. Data retention

We retain personal information for the following periods: order and customer data for 7 years after the last transaction (Canadian tax and accounting requirements); marketing email subscriptions until you unsubscribe; customer accounts for 3 years from last login or order, whichever is later; cookie data per the expiration periods set out in Section 6. We may retain limited data longer where required by law or to resolve disputes.

9. Data security

We use reasonable administrative, technical, and physical safeguards to protect personal information. No online system is 100% secure, so we can't guarantee absolute security, but we work to protect your data appropriately.

10. Children's privacy

Our Site is not intended for minors. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact us and we will remove it where required.

11. Third-party links

Our Site may link to third-party sites (social media, payment, etc.). Their privacy practices are separate from ours. Please review their policies independently.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the Effective Date. Changes apply from the posted date onward.

13. Contact us / Privacy Officer

For questions, requests, or complaints about privacy, contact:

Controller / Organization: Kitty Cat Habitat (sole proprietorship, British Columbia, Canada) Privacy Officer: Privacy Officer, Kitty Cat Habitat Email: info@kittycathabitat.ca