Privacy Policy

We collect information that you provide directly to us when you create an account, place an order, contact customer care, or subscribe to our newsletter. This typically includes your name, billing and shipping address, email, phone number, and payment details.

We also collect limited information automatically when you visit our store: device type, browser, IP address, pages viewed, and referring site. This is used to keep the site secure, measure performance, and improve your experience.

We use your information to:

• Process orders, payments, and deliveries.
• Provide customer care and respond to enquiries.
• Send transactional emails such as order confirmations and shipping updates.
• Send marketing communications, where you have opted in.
• Detect, prevent, and address fraud or technical issues.
• Comply with legal and regulatory obligations.

We never see or store your full payment card details. Payments are processed by PCI-DSS compliant providers, including Shopify Payments and other regulated payment processors. All transactions are encrypted in transit using industry-standard TLS.

We share personal information only with service providers who help us run our business, such as payment processors, shipping carriers, IT and analytics platforms, and email service providers. These partners are contractually bound to use your information solely to provide their service to us.

We never sell your personal information. We may disclose information if required by law, court order, or to protect the rights, property, or safety of EXA, our customers, or others.

We use cookies and similar technologies to keep you signed in, remember the items in your bag, measure how the store is used, and deliver relevant advertising. You can control cookies through your browser settings. Disabling cookies may affect the functionality of the store.

We retain personal information for as long as your account is active, as needed to provide our services, and as required to meet legal, tax, and accounting obligations. When no longer required, information is securely deleted or anonymised.

Depending on your jurisdiction, you have the right to access, correct, update, port, or request deletion of your personal information. You may also object to or restrict certain processing, and withdraw consent for marketing at any time.

To exercise these rights, email privacy@exa.com. We will respond within the timeframe required by applicable law.

We protect your information with administrative, technical, and physical safeguards: encryption in transit, access controls, regular audits, and continuously monitored infrastructure. No system is perfectly secure, so we ask you to keep your account credentials confidential and notify us of any suspicious activity.

Our store is not directed to children under 16, and we do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.

Your information may be processed in countries outside the one in which you reside, including those that have different data protection laws. Where required, we put safeguards in place to ensure your information receives an equivalent level of protection.

We may update this Privacy Policy from time to time. Material changes will be announced on this page along with an updated effective date. Continuing to use our store after changes take effect constitutes acceptance of the revised policy.

Questions about this Privacy Policy or how we handle your data can be addressed to privacy@exa.com.