CabinetALL
Sign in

Privacy Policy

Last updated: 2026-06-29

1. Who we are

This portal is operated by Cabinetry("we", "us"). We act as a data controller for personal data collected through this site. For privacy enquiries, access requests, or to exercise the rights listed below, contact us at privacy@example.com.

2. Data we collect

  • Account data — email, full name, phone (optional), role, last-login time.
  • Order data — delivery address, cabinet selection, prices and totals, purchase order names.
  • Invoice data — billing contact, line items, payment status.
  • Reseller end-customer data— when a reseller generates an invoice for their own client, we retain a truncated display name ("Jane D.") and the email-domain only; the full address is used to send the email and immediately discarded.
  • Operational data — IP address (for fraud / abuse detection only), request IDs, audit records of privileged admin actions.

3. How we use it

  • To fulfil your orders and deliver invoices (legal basis: contract).
  • To prevent fraud, abuse, and unauthorised access (legal basis: legitimate interest).
  • To comply with tax, accounting, and consumer-protection law (legal basis: legal obligation).
  • To send transactional emails about your orders. We do not send marketing emails without opt-in consent. Every email contains a one-click unsubscribe header (RFC 8058).

4. Third parties

We use the OpenStreetMap Nominatim geocoding service to estimate shipping distance. Before any call we reduce the address to a coarse locality (city, postal code, country) — the street line, unit number, and customer name are never transmitted.

Transactional emails are delivered through your configured SMTP provider over TLS. We do not use third-party analytics or advertising trackers.

5. Retention

  • Pending join requests are kept until reviewed.
  • Reviewed (approved / denied) join requests are anonymised after 90 days.
  • Orders and invoices are retained for the period required by tax law (typically 7 years).
  • Admin audit logs are retained for 2 years.

6. Your rights

Under GDPR Art. 15-22 (and similar provisions in CCPA / PDPA / LGPD) you have the right to:

  • Access a copy of your data — call GET /api/me/data-export while signed in, or email us.
  • Erasure of your account and PII — call POST /api/me/erase while signed in, or email us. Records required by tax law are retained but stripped of identifying details.
  • Rectification — update your details from your profile page.
  • Objection — reply "unsubscribe" to any of our emails.
  • Complaint — you may lodge a complaint with your local supervisory authority.

7. Security

Passwords are stored as bcrypt hashes; we never see the cleartext. Authentication tokens are short-lived and re-checked against the active-user list on every request. Bank details and payment instructions are visible to staff and to the customer whose invoice they apply to only while payment is outstanding.

8. Cookies

We set exactly two cookies and use no third-party cookies:

  • poc.hint — a flag (no PII) set on sign-in so the page renderer can show the right navigation. Cleared on sign-out. Strictly necessaryunder ePrivacy.
  • cabinetry.theme — your light / dark preference.

9. Changes

We will post any changes to this page and, where the changes are material, notify affected users by email. Continued use of the platform after the effective date constitutes acceptance.

← Back to home