Privacy & Terms.

What we collect.

• Your email address, when you give it to us, at checkout, in a dispatch signup, or when you write to us. We use it to send you what you signed up for.
• Your shipping address and order details, when you place an order. We use them to put your package in the mail.
• A cart ID, stored in your browser's localStorage, so the cart you started yesterday is still there today. It identifies a cart, not a person.
• Your dispatch preferences, also in localStorage, so we don't show you the same email signup three times in one visit.
• Standard server logs from the host that runs this site: IP address, browser type, the URL you requested. Used to keep the site running and to investigate the rare time someone tries to break it. Rotated out after thirty days.
• Basic site analytics through Google Analytics (measurement ID G-LT3H1DSXEB): pages visited, general traffic patterns, and browser type. Used to understand how people find and use the site. We don't use it for advertising.

What we don't collect.

• No advertising trackers. There is no Facebook pixel and no third-party ad network watching what you click.
• No cross-site cookies. The cookies we set are for our own session and cart. They don't follow you to other sites.
• No card numbers. We don't ever see them; payment is handled entirely by Shopify, which is PCI-compliant and stores card data on its own infrastructure. The mercantile only sees the order summary.
• No data sold to anyone. Your email, address, and order history are not for sale, not shared with brokers, and not used by any partner other than the shipping carrier and the payment processor.

No ad networks, no data sold. The web does not have to feel like that.

Who handles payment.

Payment is processed by Shopify Payments. When you enter a card number at checkout, it goes directly to Shopify's payment infrastructure, not to us, not through our servers. Shopify is responsible for the security of card data and for compliance with the relevant payment-card standards. Their privacy policy governs that part of the transaction; ours governs everything before and after it.

How long we keep things.

• Order records: seven years, because the IRS asks us to.
• Email subscribers: until you unsubscribe.
• Customer support emails: three years, then deleted.
• Server logs: thirty days.
• Cart and preference data in your browser: until you clear it, or until your browser does.

How to unsubscribe.

Every dispatch we send has an unsubscribe link at the bottom. One click and you're out of the list, immediately. If the link ever doesn't work for you, write to info@midnightsunmercantile.com and we'll remove you by hand.

How to ask us for your data, or to delete it.

Write to info@midnightsunmercantile.com with the email address you used on your orders and a sentence about what you'd like: an export of everything we have, deletion of everything we can delete, or correction of something that's wrong. We'll do it within thirty days. The only thing we can't delete on request is the order record itself, because the tax authorities require us to keep it; we can, however, scrub the personal details from it once the seven-year window closes.

Cookies, in one paragraph.

We use a small number of first-party cookies and a few items in your browser's localStorage. They store: the contents of your cart, whether you've already seen the seasonal-dispatch popup, and a session token that keeps you signed in if you create an account. Google Analytics may set its own cookies to measure site traffic. We don't use third-party cookies for advertising.

Children.

This site is not directed at children under thirteen, and we don't knowingly collect information from them. If you believe a child has placed an order or signed up for emails, write to us and we'll delete the account immediately.

Terms, in plain language.

By placing an order, you agree to pay the price shown at checkout, including shipping and any sales tax that applies in your state. We agree to ship what you ordered, in the condition described, within the timeline laid out on the Shipping & batches page. If something goes wrong, the Returns page describes how we handle it.

The photographs, illustrations, and written copy on this site are ours, written by us, photographed on the homestead. Please don't reproduce them commercially without asking. For editorial use, write to us; we usually say yes.

Nothing on this site (including the Field Notes articles and any descriptions of botanical or homestead practices) is medical advice. We are a medic and a carpenter. Talk to your own clinician before changing anything about your medical care.

Changes to this page.

If we change anything material here (what we collect, who we share it with, how long we keep it) we'll update the date at the top and, for anyone with an account, send a one-time email noting the change. Cosmetic edits don't get an email.

This page is prototype copy, written plainly so we know what we mean. Before launch, the production version will be reviewed by a lawyer who knows the relevant state and federal requirements. If you spot something we missed, write to us; we'd genuinely like to hear it.