handmade with lovefree shipping over 150₾water-resistant canvastwo sides, one bagmade in tbilisihandmade with lovefree shipping over 150₾water-resistant canvastwo sides, one bagmade in tbilisi
TISSU
Legal

Privacy policy

Last updated: 2026-04-23

Tissu ("we", "us") is a small handmade-bag studio in Tbilisi, Georgia. This policy explains what personal data we collect when you use tissu-page.up.railway.app and related services, why we collect it, how we store it, and what rights you have over it.

1. Who we are

Tissu Shop · Tbilisi, Georgia · contact: hello@tissu.ge. We are the data controller for the information described below.

2. What data we collect

When you place an order

  • Full name
  • Email address
  • Phone number
  • Shipping address
  • Order details (products, prices, timestamps)

When you create an account

  • Email and a hashed password (via Supabase Auth)
  • Optional profile data you choose to add

Payment data

We do not store your card details. Payments are processed by third-party providers (e.g. Stripe, bank card gateways). Those providers receive the card data directly and return only a transaction result to us.

Technical data

  • IP address and approximate location (for fraud prevention and analytics)
  • Browser and device type
  • Pages visited and timestamps (minimal, aggregated)

3. Why we use it

  • To fulfil your order (ship the product, confirm payment, contact you about delivery)
  • To provide customer support
  • To comply with Georgian tax and accounting law
  • To improve the site (aggregated analytics)
  • To send marketing emails only if you opted in

4. Third parties we share data with

  • Supabase — account authentication and database hosting
  • Cloudinary — product image delivery (no customer data)
  • Railway — application hosting
  • Payment processor (Stripe / TBC / BOG) — when you check out
  • Shipping provider — to deliver your order

We do not sell your data. We do not share it for advertising purposes without explicit consent.

5. How long we keep it

  • Order records: 7 years, as required by Georgian accounting law
  • Account data: until you delete your account
  • Email newsletter list: until you unsubscribe
  • Anonymised analytics: up to 26 months

6. Your rights

Under Georgian law and GDPR (if you are in the EU/EEA), you can:

  • Request a copy of the data we hold about you
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Object to or restrict certain processing
  • Receive your data in a portable format
  • Withdraw consent to marketing at any time

Email hello@tissu.ge and we will respond within 30 days.

7. Security

Passwords are hashed (never stored in plaintext). Communication with the site uses HTTPS. Access to personal data inside our systems is restricted to authorised staff. If a breach occurs, we will notify affected users and the Georgian Personal Data Protection Service within 72 hours, as required by law.

8. Cookies

We use strictly necessary cookies for login, cart, and site functionality. We may use minimal analytics cookies. We do not place third-party advertising cookies without your consent.

9. Changes to this policy

We may update this policy. Material changes will be announced on the site and, if you have an account, by email. The "last updated" date above reflects the most recent change.

10. Contact

Questions about this policy or a data request? Email hello@tissu.ge.