Effective date: September 1, 2025

Hilltop Creations is a brand operated by OfficeStream, Inc. (collectively, “Hilltop Creations,” “OfficeStream,” “we,” “us,” or “our“). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit or make a purchase from our websites, including any storefronts powered by WooCommerce, and when you interact with our products, services, and communications (together, the “Services“).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Scope

This policy applies to personal information processed by us in connection with the Services, including:

  • Our primary website(s) and online store(s) (the “Site”);

  • Order placement, fulfillment, customer support, and warranty/returns;

  • Email, SMS, chat, social media, and other communications;

  • Events, promotions, surveys, and giveaways.

This policy does not apply to third-party websites, apps, or services that we do not control, even if linked from the Services. Please review their privacy policies.

2. Data Collected

We collect information in three ways: (a) you provide it to us, (b) automatically through the Services, and (c) from third parties.

a) Information You Provide

      • Account & Profile: name, display name, email, password, phone, billing/shipping addresses.

      • Orders & Payments: order details (products, price, discounts), shipping preferences, gift messages. Payment card data is processed by payment processors (e.g., Stripe, PayPal); we do not store full card numbers.

      • Customer Support: messages, call/chat recordings (where allowed), troubleshooting notes.

      • Customization/Uploads (e.g., embroidery or quilting designs): images, artwork, thread preferences, notes, sizing, and other content you submit.

      • Marketing Preferences: newsletter/SMS opt‑ins, contest entries, survey responses.

b) Information Collected Automatically

      • Device & Usage: IP address, browser type, device identifiers, operating system, referring/exit pages, clickstream, date/time stamps.

      • Cookies & Similar Technologies: cookies, pixels, local storage, and SDKs used for essential site functions (e.g., cart), analytics, and advertising. See Cookies below.

      • Approximate Location: derived from IP or shipping address to estimate tax and shipping.

c) Information From Third Parties

      • Payment Processors: payment status, tokenized payment identifiers, fraud signals.

      • Fulfillment & Shipping Partners: tracking numbers, delivery confirmations.

      • Marketing/Analytics Providers: campaign performance, attribution, audience insights.

      • Social Media/Single Sign-On: if you choose to link or sign in, we receive profile information per your settings.

3. How We Use Information

We use personal information to:

  • Provide, operate, and improve the Services (including order processing and delivery);

  • Personalize your experience and remember your preferences (e.g., saved carts);

  • Communicate with you about your account, orders, and support requests;

  • Send marketing and promotional communications (you may opt out at any time);

  • Conduct analytics, research, and product/service development;

  • Detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activity;

  • Comply with legal obligations and enforce our terms and policies.

Legal Bases for Processing (EEA/UK/Switzerland)

Where required by law, we process personal information based on:

  • Contract (to fulfill orders and provide the Services);

  • Legitimate Interests (e.g., to secure and improve Services);

  • Consent (e.g., optional analytics/marketing cookies, SMS/email marketing);

  • Legal Obligations (e.g., tax, accounting, and regulatory compliance).

Note: These parties may collect information directly from your browser/device via cookies, pixels, or SDKs. Their use is governed by their own privacy policies. Where required, we obtain your consent for non‑essential cookies.

4. WooCommerce & Third‑Party Integrations

Our storefront uses WooCommerce, which may interact with third‑party plugins and services. Depending on your selections, these parties may process personal information as independent controllers or processors on our behalf.

Common categories of third parties include:

  • Payment Processors (e.g., Stripe, PayPal, Apple Pay, Google Pay);

  • Fraud Prevention & Risk tools;

  • Shipping & Logistics providers (e.g., USPS, UPS, FedEx, DHL, freight);

  • E‑commerce Plugins (e.g., tax calculation, coupons, subscriptions, wishlist, product reviews);

  • Email/SMS & Marketing tools (e.g., Mailchimp, marketing automation, push notifications);

  • Analytics (e.g., Google Analytics, Meta pixel).

5. Cookies & Online Tracking

We and our partners use cookies and similar technologies to:

  • Remember items in your cart and your sign‑in status;

  • Enable site functionality, performance, and security;

  • Measure traffic, usage, and campaign effectiveness;

  • Offer relevant ads and limit ad frequency.

You can manage cookies via your browser settings and (where provided) our cookie banner or preferences center. If you disable certain cookies, some features may not function.

Do Not Track/Global Privacy Control (GPC): Where legally required and technically feasible, we honor browser‑based opt‑out signals such as GPC for targeted advertising and certain data sales/shares.

6. How We Share Information

We share personal information with:

  • Service Providers/Processors who perform services for us under contract (IT, hosting, payment, logistics, customer support, marketing, analytics, security);

  • Business Partners & Plugins necessary to operate WooCommerce features (e.g., payment gateways, shipping rate calculators);

  • Legal/Compliance recipients (law enforcement, regulators, tax authorities) when required;

  • Corporate Transactions: in connection with a merger, acquisition, financing, or sale of assets.

We do not sell personal information for money. Some laws define “sale” or “sharing” more broadly to include certain advertising/analytics disclosures. Where applicable, you may opt out of such activities.

7. Data Retention

We retain personal information for as long as necessary to provide the Services (e.g., to complete orders and handle returns), comply with legal obligations (e.g., tax/accounting), resolve disputes, and enforce agreements. Retention periods vary by data type, context, and legal requirements.

8. Security Measures

We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization.

In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.

9. Your Choices & rights

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal information;

  • Port your data to another provider (data portability);

  • Object to or restrict certain processing (including targeted advertising);

  • Withdraw consent at any time (does not affect prior processing);

  • Lodge a complaint with your supervisory authority.

To exercise rights, contact us at privacy@hilltopcreations.art (see Contact Us). We may verify your request to protect your information. Authorized agents may submit requests where permitted by law.

10. Region‑Specific Disclosures
California/Colorado/Connecticut/Virginia/Utah (and similar U.S. state laws)

  • Categories of personal information collected: identifiers (name, email, phone, addresses), commercial information (orders), internet activity (usage, analytics), geolocation (approximate), inferences (preferences), and user‑generated content.

  • Sensitive data: We do not seek to collect sensitive personal information; if provided for a specific purpose (e.g., accessibility accommodations), we use it only for that purpose.

  • Sale/Share: We do not sell personal information for money. We may “share” data for targeted advertising or disclose for analytics; you can opt out via our cookie preference tools or Do Not Sell or Share My Personal Information link where applicable.

  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive data for purposes requiring a right to limit.

  • Non‑discrimination: We will not discriminate against you for exercising your privacy rights.

EEA/UK/Switzerland (GDPR)

  • Controller: OfficeStream, Inc. (for Hilltop Creations) is the controller of personal data processed via the Services.

  • International Transfers: When transferring data outside your region, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and implement additional measures as needed.

  • DPO/Contact: See Contact Us below for how to reach us and (if appointed) our Data Protection Officer.

11. User‑Generated Content & Designs

If you submit designs, images, reviews, or other content, you are responsible for ensuring you have the rights to share that content and that it does not include personal information of others without permission. Content you post publicly (e.g., product reviews) may be visible to others.

12. Communications

  • Transactional: We may send emails/SMS about orders, shipping, and account activity. These are not marketing and you cannot opt out of essential transactional messages.

  • Marketing: With your consent (where required), we may send promotional emails/SMS. You can opt out via the message itself (unsubscribe link or STOP reply) or by contacting us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective date” will reflect the latest version. Material changes will be posted on the Site or communicated as required by law.

14. WooCommerce‑Specific Notes (Informational)

The following details are provided to help you understand how a WooCommerce storefront typically handles data. Actual processing may vary depending on your specific plugins and configuration:

What we collect and store:

  • Products you view: we may use this to, for example, show you items you’ve recently viewed;

  • Location, IP address, and browser type: we use this for purposes like estimating taxes and shipping;

  • Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order;

  • We’ll also use cookies to keep track of cart contents while you’re browsing our site.

When you purchase from us, we’ll ask you to provide information including:

  • Name, billing/shipping address, email address, phone number, payment details (tokenized via gateway), and account credentials. We’ll use this information to:

    • Send you information about your account and order;

    • Respond to your requests, including refunds and complaints;

    • Process payments and prevent fraud;

    • Set up your account for our store;

    • Comply with any legal obligations we have, such as calculating taxes;

    • Improve our store offerings.

Who on our team has access:

  • Members of our team (e.g., administrators, shop managers, customer support) have access to the information you provide to help fulfill orders, process refunds, and support you.

Payments:

  • We accept payments through third‑party gateways. When processing payments, certain data will be passed to the payment processor, including purchase total and billing information. Please see the processor’s privacy policy for more details.