Hilly Shore Inc. operates BabyShowerShow.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit and use our Service. Please read it carefully.
1. Data Controller
The data controller responsible for your personal information is:
Hilly Shore Inc.
California, United States
2. Information We Collect
a) Information You Provide Directly
Email address — collected when you make a purchase, used to verify your access and provide customer support.
b) Information Collected Automatically
When you visit the Service, we or our service providers may automatically collect:
Log data — IP address, browser type and version, pages visited, time and date of visit, time spent on pages, and referring URL
Device information — device type, operating system, and screen resolution
Usage data — which games were played and general interaction patterns with the Service
Session storage — we use browser session storage (not cookies) to remember your unlock status during an active browser session. This data is cleared when you close your browser
c) Payment Information
We do not collect or store payment card information. All payment processing is handled directly by Stripe, Inc. We receive only a confirmation of your payment and your email address from Stripe. See Section 6 for more details.
3. How We Use Your Information
We use the information we collect to:
Verify your purchase and grant or restore access to unlocked content
Provide customer support
Maintain and improve the Service
Detect, prevent, and address fraud, abuse, and security incidents
Comply with applicable legal obligations
Enforce our Terms of Service
We do not use your email address for marketing or promotional emails. We will never send you unsolicited communications.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for collecting and processing your personal data depends on the information concerned and the context:
Contract performance — processing your email address is necessary to fulfill our service agreement with you
Legitimate interests — processing log and usage data to maintain security, prevent fraud, and improve the Service
Legal obligation — processing necessary to comply with applicable laws and regulations
5. Cookies and Local Storage
Cookies and similar technologies we use:
Google Analytics (_ga, _ga_G-5RZS4E0ENR) — measures how visitors use the Service so we can improve it (up to ~13 months). These analytics cookies are set only after you consentin regions that require prior consent (EU/EEA, UK, Switzerland, Brazil), or by default elsewhere. See "Your Privacy Choices" below to review or change your choice.
Vercel Analytics & Speed Insights — privacy-friendly performance measurement that does not store cookies on your device.
Admin authentication cookie — strictly necessary; used solely to maintain admin login sessions for authorized administrators. This is an httpOnly, secure session cookie and is not used for tracking.
Browser session and local storage — strictly necessary; remembers your unlock status and the preferences you set (such as your game theme). This data stays on your device and is not sent as a tracking cookie.
Payment provider cookies (Stripe) — used only when you proceed to checkout, and set by Stripe on Stripe's own hosted checkout page (checkout.stripe.com) as a strictly-necessary payment and fraud-prevention measure. We do not set or read these cookies.
We do not use advertising or cross-site behavioral tracking cookies, and we do not run Google Ads.
Your Privacy Choices
We tailor analytics consent to your location:
EU/EEA, UK, Switzerland, and Brazil: analytics is disabled by default and is only enabled if you click "Accept" on our consent banner (using Google Consent Mode v2).
California and other US states with privacy laws: we show a notice and let you opt out of analytics at any time.
Global Privacy Control (GPC): if your browser sends a GPC signal, we automatically treat it as an opt-out.
You can review or change your choice at any time: . We do not sell or share your personal information for third-party advertising.
6. Payment Processing — Stripe
All payment transactions are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you make a purchase:
You are redirected to Stripe's secure hosted checkout page
Stripe collects and processes your payment card details, billing address, and related financial information directly
We never see, store, or have access to your full card number, CVV, or billing address
We receive only a payment confirmation and your email address from Stripe
We do not sell, rent, trade, or otherwise share your personal information with third parties for their own marketing purposes.
We may share your information only in the following limited circumstances:
Service providers — with Stripe solely for payment processing purposes
Hosting — our Service is hosted on Vercel, Inc. Infrastructure providers may process data as part of service delivery and are bound by appropriate data processing agreements
Legal compliance — if required by law, regulation, court order, or governmental authority
Protection of rights — to protect the rights, property, or safety of Hilly Shore Inc., our users, or others
Business transfers — in connection with a merger, acquisition, or sale of assets, in which case we will provide notice before your information is transferred
8. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy:
Email addresses associated with purchases are retained for a minimum of 10 years from the date of purchase. This extended retention period is necessary to: (i) verify historical purchases; (ii) maintain accurate business and financial records; and (iii) comply with applicable tax and accounting obligations.
Log and usage data may be retained for up to 12 months for security and operational purposes.
Upon the expiration of applicable retention periods, or upon a valid deletion request (subject to legal obligations), data will be securely deleted or anonymized.
9. Data Security
We implement reasonable and appropriate technical and organizational security measures to protect your personal information, including:
HTTPS encryption for all data transmitted between your browser and our Service
Secure, encrypted database storage with access controls
httpOnly and Secure flags on authentication cookies
No storage of payment card data (handled entirely by Stripe)
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your information.
10. Children's Privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us via our website and we will promptly delete such information from our records.
We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly allow users under 13 to create accounts or make purchases.
11. Your Privacy Rights
For All Users
Regardless of your location, you may contact us via our website to:
Request a copy of the personal data we hold about you
Request correction of inaccurate data
Ask questions or raise concerns about your data
California Residents (CCPA)
Under the California Consumer Privacy Act, California residents have the right to:
Know what personal information we collect, use, disclose, and sell
Delete personal information we have collected (subject to exceptions)
Opt out of the sale of personal information — we do not sell your personal information
Non-discrimination — we will not discriminate against you for exercising your CCPA rights
Correct inaccurate personal information
To submit a CCPA request, contact us via our website.
EEA, UK, and Switzerland Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the right to:
Access your personal data and obtain a portable copy
Rectification of inaccurate or incomplete personal data
Erasure ("right to be forgotten") in certain circumstances
Restriction of processing in certain circumstances
Object to processing based on legitimate interests
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with your local supervisory authority
To exercise any of these rights, contact us via our website.
12. International Data Transfers
Hilly Shore Inc. is based in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
If you are located in the EEA or UK, such transfers are made subject to appropriate safeguards in accordance with applicable data protection law.
13. Do Not Track and Global Privacy Control
We do not track users across third-party websites for behavioral advertising. While there is no industry standard for responding to browser "Do Not Track" (DNT) signals, we do honor the Global Privacy Control (GPC)signal: if your browser sends a GPC signal, we automatically treat it as an opt-out of analytics. See "Your Privacy Choices" in Section 5.
14. Third-Party Links
The Service may contain links to third-party websites, including Etsy and Stripe. These links are provided for your convenience. We are not responsible for the privacy practices of any third-party sites.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.
16. Contact Us
For questions, concerns, or requests regarding this Privacy Policy, please contact us via our website.