Effective July 10, 2026. This page replaces the seven regional privacy statements and six cookie policies that used to live on this site. One store, one policy.
I am Richard Lewis, and I run Richard Lewis Jewelry from Santa Rosa, California. I make opal and pearl jewelry by hand and sell it through this site. This policy explains what information richardlewisjewelry.com collects while you browse and buy, and what happens to it. The short version: I collect what an online store needs to work, I use Google’s tools to understand traffic and measure ads, and I do not sell your personal information to anyone.
What I collect
- When you place an order. Your name, billing and shipping address, email, phone number if you give one, and what you bought. Card details go straight to my payment processor (WooPayments, built on Stripe) and never touch my server. I see the payment result and the last four digits of the card, nothing more.
- If you create an account. An account is optional, guest checkout works fine. If you make one, I store your email, username, encrypted password, and order history.
- When you get in touch. Whatever you write in the contact form, plus your name and email so I can reply. The same goes for phone calls and emails.
- Automatically. Standard server and security logs (IP address, browser type, pages requested) that my hosting company keeps to run and protect the site, and the cookies and tags described below. Google Analytics reports on traffic in aggregate and does not log or store individual IP addresses.
How I use it
- Filling and shipping your order, and sending the emails that go with it (receipt, shipping confirmation). I do not send a marketing newsletter.
- Answering questions and quoting custom work.
- Running your account if you have one.
- Calculating sales tax from your address.
- Spotting fraud and keeping the site secure.
- Understanding which pages and pieces people look at, and knowing when an ad click led to an order.
- Meeting legal obligations, mostly tax and accounting records.
Who sees it
A one-person shop leans on service providers. These are the categories of companies that handle some of your data on my behalf, and why:
- Payment: WooPayments (Stripe) processes card, Apple Pay, and Google Pay transactions.
- Delivery: shipping carriers and the postage service that prints my labels get your name and address, because that is how packages find you.
- Taxes: WooCommerce Tax (Automattic) computes sales tax from your address at checkout.
- Google: Analytics for site statistics, Google Ads for measuring ad results, AdSense for the ads shown on article pages, and Google Shopping listings for my products. Details in the next two sections.
- Infrastructure: my hosting company (Hostinger) and its content delivery network serve the site, deliver its email, and keep encrypted backups.
- Legal: I will disclose information if a court or law genuinely requires it.
I do not sell, rent, or trade your personal information. There is no data broker at the end of this policy.
Cookies and similar tools
Cookies are small files your browser stores so the site can remember things, like what is in your cart. Here is what this site actually sets:
| Set by | Cookies | What it does | When it runs |
|---|---|---|---|
| WooCommerce | woocommerce_cart_hash, woocommerce_items_in_cart, wp_woocommerce_session_* | Keeps your cart working from page to page | Always (essential) |
| WooCommerce order attribution | sbjs_* | Remembers which site or search brought you here so I know where orders come from | Always (first party) |
| WordPress | wordpress_logged_in_*, wordpress_sec_* | Signs you in to your account | Only if you log in |
| Stripe (WooPayments) | __stripe_mid, __stripe_sid | Fraud prevention during checkout | Cart and checkout |
| Google Analytics | _ga, _ga_* | Anonymous statistics about which pages get read | Off if your browser sends GPC or DNT, and off by default for EU and UK visitors |
| Google Ads | _gcl_* | Tells me when an ad click led to an order | Same controls as Analytics |
| Google AdSense | Cookies from google.com and doubleclick.net | Serves and measures the ads on my article pages | Non-personalized under GPC or DNT, limited for EU and UK visitors |
Worth saying plainly: this site has no session replay, no screen or keystroke recording, no heat maps, no chat widget, and no Facebook or TikTok pixel. Forms send only what you choose to submit. Google describes how it uses data from partner sites like this one at policies.google.com/technologies/partner-sites.
Because Google serves and measures ads here, Google may collect information about your visits to this and other websites over time. The opt-outs below stop that for your browser.
Your choices: opt-outs, Do Not Track, and Global Privacy Control
This site honors both Global Privacy Control (GPC) and Do Not Track (DNT). When your browser sends either signal, the site disables Google Analytics and Google Ads measurement for your visit and asks Google to serve only non-personalized ads. You do not have to click anything for this to work. You can learn about GPC and turn it on at globalprivacycontrol.org.
Other controls that work here:
- Google’s Analytics opt-out browser add-on.
- Ad personalization settings at adssettings.google.com and the industry opt-out at optout.aboutads.info.
- Your browser’s cookie settings. You can block or delete cookies at any time, though the essential ones above have to work for the cart and checkout to function.
California privacy rights
I run this business from California, and this page is written to satisfy the California Online Privacy Protection Act: what I collect, who sees it, how I respond to Do Not Track, and how you can ask about your data are all covered above and below.
The California Consumer Privacy Act (CCPA) applies to businesses above certain size thresholds, like $25 million in annual revenue or data on 100,000 or more consumers. My one-person shop is nowhere near them. I follow its spirit anyway. At your request I will tell you what information I hold about you, correct it, or delete it, with one exception: completed order records stay on file because tax law requires that. Make a request through the contact form, by phone, or by mail (details at the bottom), and I will confirm it against the email or order information on file before acting. I will never treat you differently for exercising any of these rights, and since I do not sell personal information, there is nothing to opt out of selling. Residents of other US states with privacy laws can make the same requests and get the same treatment.
Visitors outside the United States
I ship to a limited list of countries shown at checkout, and this site is operated from and processes data in the United States. If you visit from the European Economic Area, the United Kingdom, or Switzerland, Google’s analytics and advertising tags default to denied consent for you, which means they run without cookies and without personalized ads. If you are in one of those places you also have the rights your local law gives you, including access, correction, deletion, and objection. Ask through any of the contact methods below and I will honor it.
Keeping it, and keeping it safe
Order records stay for as long as tax and accounting rules require, which in practice means about seven years. Accounts last until you ask me to remove yours. Messages stick around while we are talking and get cleaned out when they are no longer needed. Backups age out on a rolling cycle.
The whole site runs over HTTPS with strict transport security, payments are handled by a PCI-compliant processor, and admin access is limited to the people who actually run the store, which is a short list.
Children
This store is not directed at children under 13 and I do not knowingly collect information from them. If you believe a child has given me personal information, contact me and I will delete it.
When this policy changes
If I change how the site handles your information, I will update this page and the effective date at the top. A material change gets called out here in plain terms, not buried.
How to reach me
The fastest route is the contact form. You can also call +1 (707) 292-8325 or write to Richard Lewis Jewelry, 1415 Fulton Road, STE 205-112, Santa Rosa, CA 95403, USA.