pixel

Withfriends — Privacy Policy

Effective: October 3, 2025

This Privacy Policy explains how Withfriends Shops, Inc. (“Withfriends,” “we,” “us”) collects, uses, and shares personal information when we (a) provide membership and event services to bookstores (the “Services”) and (b) operate our websites and hosted pages (the “Sites”).

1) Who we are & roles

  • When we process information from a bookstore’s POS/E‑commerce Platforms to operate that bookstore’s membership program or bookstore events, the bookstore (Merchant) is the controller/business and Withfriends acts as a processor/service provider.
  • For information we collect about our own Sites, accounts, and support, Withfriends is the controller/business.

2) Information we process

From a bookstore’s systems (Customer Data): name, email address, phone number, order and ticket information (items purchased, totals, timestamps; ticket purchases/RSVP), membership status, and perks usage.

From our Sites: account details you provide (e.g., name, email), support communications, and strictly necessary cookies or similar technologies needed to operate and secure the Sites. We do not use third‑party advertising cookies.

3) Sources

We receive information (a) directly from the bookstore’s POS/E‑commerce Platforms (e.g., Bookmanager, IndieCommerce, Basil, Square, Anthology, Eventbrite, Shopify, and others), (b) from bookstore staff, and (c) from you if you contact us for support or create an account on our Sites.

4) How we use information (purposes)

We use personal information only to operate the membership program and bookstore events for the bookstore that sent it to us and to operate our Sites, including to:

  • present upsells during checkout and manage subscriptions,
  • provide a self‑serve subscription dashboard and member perks (discounts/early access),
  • sell and manage bookstore event tickets/RSVPs,
  • provide support, prevent fraud/abuse, and maintain service reliability, and
  • generate aggregated, de‑identified analytics to help the bookstore understand and improve its membership and events programs.

We do not sell or share personal information for targeted advertising.

5) How we share information

We share personal information only as needed to provide the Services:

  • Service providers (subprocessors): Stripe for payment processing; Printful for perk fulfillment if chosen by the bookstore.
  • Integrations: bookstore‑selected POS/E‑commerce Platforms (Bookmanager, IndieCommerce, Basil, Square, Anthology, Eventbrite, Shopify) to receive data and send back membership/event updates at the bookstore’s instruction. These platforms are the bookstore’s providers, not ours.
  • Legal/safety/corporate events: as required by law or to protect rights and safety; or in a merger, acquisition, or similar event.

6) Retention & deletion

We retain personal information only as long as needed to provide the Services to the bookstore or operate the Sites, and we delete or return information on request or when the Services end, subject to legal obligations and routine backup cycles.

Shopify merchants. If a bookstore uses Shopify, we honor Shopify’s mandatory GDPR webhooks for customer data requests and redaction, and shop redaction on uninstall. This enables access and deletion through Shopify’s standard process.

7) Your choices & rights

  • If you are a Customer of a bookstore: Please contact your bookstore first for access, deletion, correction, or portability requests. We assist the bookstore as its processor. If you prefer, you can also contact us directly using the instructions on our Data Requests page.
  • If you have a Withfriends account or interacted with our Sites: You can request access or deletion directly from Withfriends via the Data Requests page.

Depending on your location, you may have rights under state privacy laws (e.g., to access, delete, correct, port data, or opt out of certain uses). We do not sell or share personal information for targeted advertising.

8) Security

We use industry‑standard safeguards, including encryption in transit and at rest, least‑privilege access with 2FA for staff, access logging, and a documented incident response process.

9) International transfers

If personal information is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) as required by law. Details are available on request or, if applicable, via a DPA executed with your bookstore.

10) Children

Our Services and Sites are not directed to children under 13, and we do not knowingly collect their personal information.

11) Third‑party links

Our Sites may link to third‑party sites or services. Their handling of personal information is governed by their own policies.

12) Changes to this Policy

We may update this Policy from time to time. The “Effective” date shows the latest version. If changes materially affect how we use personal information, we will provide notice as appropriate.

13) Contact

Withfriends Shops, Inc.
120 Buck Hill Road
Easton, CT, 06612
Privacy contact: legal@withfriends.co

DPA on request. If your bookstore requires a Data Processing Addendum (DPA), we will sign the Common Paper DPA (v1.1) or a mutually acceptable equivalent on request.