Privacy Policy

Last updated: March 2026

1. Who We Are

Workbench Supplies ("we", "our", or "us") operates the online store at workbenchsupplies.co.nz. We sell custom-cut materials and deliver them to customers in New Zealand and Australia. This policy explains what personal data we collect, why we collect it, and your rights over it.

2. What Data We Collect

  • Account data: email address, first and last name, phone number (optional), hashed password.
  • Order data: shipping address, items ordered, quantities, lengths, prices, payment status, and order history.
  • Payment data: we do not store card numbers. Payments are processed by Stripe — see Stripe's Privacy Policy.
  • Guest checkout data: an optional email address for order notifications; a temporary guest account is created for order tracking.
  • Technical data: request IDs and server-side logs for security monitoring. Logs do not contain passwords or card data.

3. How We Use Your Data

  • Processing and fulfilling your orders.
  • Sending order confirmation, shipping, and status update emails.
  • Allowing you to view your order history and reorder.
  • Securing your account (password reset, login notifications).
  • Complying with legal obligations (financial records, fraud prevention).

We do not sell your data to third parties or use it for advertising.

4. Data Retention

We retain order records for a minimum of 7 years for accounting and legal compliance. Personal profile data is retained while your account is active. If you delete your account, personal identifiers (name, email, phone) are removed from your profile, and your email address is anonymised on retained order records. Orders themselves are kept for legal purposes.

5. Your Rights

You have the right to:

  • Access your data — download a full copy of everything we hold on you from your account page.
  • Correct your data — update your profile and shipping addresses at any time.
  • Delete your account — remove your personal data from your account page. Order records are retained anonymised for legal compliance.
  • Data portability — the data export download is machine-readable JSON.

For requests you cannot fulfil yourself, contact us at support@workbenchsupplies.co.nz.

6. Cookies

We use session-local storage (not cookies) to keep you logged in. No tracking or advertising cookies are used.

7. Third-Party Services

  • Stripe — payment processing. Card data never touches our servers.
  • SMTP2GO — transactional email delivery.

8. Security

Passwords are hashed with bcrypt and never stored in plaintext. All API communication is encrypted via HTTPS in production. We apply rate limiting, request sanitisation, and security headers to protect against common web vulnerabilities.

9. Contact

Questions about this policy? Contact us or email support@workbenchsupplies.co.nz.