Lavender Cup Cottage – Privacy Policy

Effective date: September 14, 2025

This Privacy Policy explains how Lavender Cup Cottage (“we,” “us,” “our”) collects, uses, shares, and protects personal information when you use our websites, products, and services, including our MemberVault site for the Mosaic Crochet Pattern Club, and when you purchase or access our digital crochet patterns and resources (together, the “Services”).

If you have questions, contact us at [email protected].

Controller: Lavender Cup Cottage (owner: Lynette Kosar)
Address: 26444 Maple Dr., Cambridge Springs, PA 16403
Email: [email protected]
Governing law for our website: Pennsylvania, USA

1) Scope & who this covers

This Policy applies to:

Our main website (e.g., lavendercupcottage.com) and our MemberVault site for the Mosaic Crochet Pattern Club.

Our shops and listings hosted by third parties (e.g., Ravelry and Etsy).

Emails, communities, lessons, downloads, and related content we provide.

Third-party platforms (e.g., Ravelry, Etsy, MemberVault, Stripe/PayPal, AWeber) have their own privacy policies that also apply when you use them.

2) Information we collect

Information you provide directly:

Account, profile, and contact data (name, email, password).

Purchase details (items bought, plan type, billing frequency).

Communications and community content (comments, posts, testimonials, support requests).

Preferences (newsletter opt-ins, cookie choices).

Information collected automatically:

Device and usage data (IP address, browser type, pages viewed, timestamps).

Cookies and similar technologies (see Section 7).

Information from third parties:

Payment/transaction info from payment processors (e.g., Stripe/PayPal via MemberVault/ThriveCart/Ravelry/Etsy).

Email marketing and automation tools (e.g., AWeber, Make/Integromat) for subscription management and campaign performance.

Analytics/ad tech (e.g., Google Analytics/Ads if enabled).

We do not collect or store full credit card numbers; those are handled by compliant payment processors.

3) How we use your information (purposes & legal bases)

We use personal information to:

Provide the Services: create/manage accounts, deliver digital patterns and membership content, process orders (contract).

Operate communities: host comments, posts, member groups, and support a safe environment (legitimate interests/contract, and consent where required).

Communicate: send service emails (account, billing, updates), respond to support (contract/legitimate interests).

Improve & secure: debug, analyze usage, prevent fraud/abuse (legitimate interests).

Marketing: send newsletters and offers if you opt in; you can unsubscribe anytime (consent/legitimate interests depending on region).

Compliance: keep records required by tax, accounting, and legal obligations (legal obligation).

Where we rely on consent, you can withdraw it at any time via the links in our emails, the Manage Cookies link in our footer, or by emailing [email protected].

4) Sharing your information

We share information only as needed to run our business, for example with:

Service providers / processors: hosting, MemberVault, payment processing (Stripe/PayPal, Ravelry/Etsy checkouts), email marketing (AWeber), automation (Make), analytics/ad vendors (if enabled).

Community tools: moderated community spaces for the Pattern Club.

Legal & safety: to comply with law or protect rights, safety, and security.

Business changes: if we undergo a merger, acquisition, or asset transfer.

We do not sell your personal information for money. Some jurisdictions consider certain advertising/analytics “sharing” or “targeted advertising”; see Section 9 for opt-out options.

5) International data transfers

We are based in the United States and may transfer personal information internationally (e.g., to the U.S., EU/UK, or other countries) via our providers. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or providers’ approved transfer mechanisms. You can request more information at [email protected].

6) Data retention

We keep personal information only for as long as necessary to deliver the Services and for legitimate business or legal purposes (e.g., tax/audit). Typical retention periods:

Account & membership records: while active and up to [6 years] after closure.

Transaction records: up to [7 years] for tax/audit.

Marketing data: until you unsubscribe or [2 years] of inactivity.

Community content: while the community post/thread remains active or until removal upon request (where feasible).

7) Cookies & similar technologies

We use cookies and similar technologies to operate the site (e.g., login/session) and—with your consent where required—to measure performance and personalize marketing.

Strictly necessary cookies (always on): security, login, access control.

Performance/analytics cookies (consent-based in EU/UK).

Advertising/marketing cookies (consent-based in EU/UK).

You can choose Accept all, Reject non-essential, or Customize via our banner, and change your choice anytime using Manage Cookies in the footer. Non-essential cookies are not set until you consent if you are in the EU/UK. (Regulators require prior consent for non-essential cookies and prohibit pre-ticked boxes; users must be able to withdraw consent. ICO+1)

If we use Google tags, we implement Google Consent Mode v2 so tags adapt to your consent choices for EU/UK visitors. Google Help+1

Cookie table: A dynamic list of cookies (names, purposes, durations) is available via our cookie banner/preferences tool. You’ll also find it linked from the Manage Cookies page.

8) Community content & testimonials

If you share posts, WIP/FO photos, or testimonials in our communities or send them to us, you grant us a non-exclusive, worldwide, royalty-free license to display and share them for community engagement and promotion (e.g., on our site, MemberVault, or social media). If you’d like us not to reuse a specific item you shared, email [email protected] and we’ll remove it where reasonably possible going forward.

9) Your privacy choices

Email marketing: Unsubscribe any time via the link in our emails or by contacting us.

Cookie consent: Use Manage Cookies in the footer to adjust preferences or withdraw consent.

Targeted advertising & analytics (U.S. states like CA): If we “share” personal information for targeted ads as defined by law, you may opt out via the Do Not Sell or Share My Personal Information link (if available) and we honor Global Privacy Control (GPC) browser signals as an opt-out preference where required. California AG

10) Your rights (EEA/UK, California, and others)

EEA/UK (GDPR/UK GDPR): You may have the right to access, rectify, erase, restrict or object to processing, and data portability, plus rights related to automated decision-making. We respond within the timelines required by law. European Data Protection Board

California (CPRA/CCPA): You may have the right to know/access, correct, delete, opt out of sale/share, and limit use of sensitive personal information, and to not be discriminated against for exercising your rights. We honor GPC signals as an opt-out preference where required. California AG

How to exercise your rights:
Email [email protected] with “Privacy Request” in the subject. We may need to verify your identity (and, where permitted, an authorized agent may act for you).

11) Children’s privacy

Our Services are not intended for children under 13. We do not knowingly collect personal data from children under 13.
For the EU/UK, when consent is the legal basis and services are offered directly to a child, parental/guardian consent may be required if the child is under the “digital age of consent” (often 16 under GDPR, 13 in the UK). GDPR+1
If you believe a child provided personal information without appropriate consent, contact [email protected] and we’ll take steps to remove it.

12) Security

We use reasonable technical and organizational measures to protect personal information (e.g., encryption in transit, access controls). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

13) Do Not Track (DNT) & GPC

Some browsers send “Do Not Track” (DNT) signals; there is no industry standard for DNT, so we don’t respond to DNT. Where applicable law requires it (e.g., California), we honor Global Privacy Control (GPC) signals as an opt-out preference. California AG

14) Changes to this policy

We may update this Policy from time to time. We’ll change the Effective date at the top and, if changes are material, we’ll provide a more prominent notice. Your continued use of the Services after an update means you accept the changes.

15) Contact us

Questions or requests?
Email: [email protected]
Mailing address: 26444 Maple Dr., Cambridge Springs, PA 16403