KSKitSourcing

Privacy Policy

How KitSourcing collects, uses, shares, secures, retains, and protects personal data.

Last updated: July 13, 2026 · Policy version: 2026-07-13

Der englische Richtlinientext ist maßgeblich, während lokalisierte Rechtstexte geprüft werden.Englische Richtlinie lesen

Privacy requests and contact

KitSourcing processes personal data for this website and its customer services. For privacy requests, email support@kitsourcing.com with the subject “Privacy Request”. We may ask for information needed to verify that a request concerns your account before disclosing, correcting, exporting, or deleting data.

Personal data we collect

We collect account and authentication data such as email address, password hash, email-verification activity, session information, and security/rate-limit records. For an order, we collect name, email, phone or WhatsApp number if provided, shipping address, ordered products, shipping calculation, order status, payment-provider order and transaction identifiers, and support correspondence.

For RFQs and support, we collect the information you submit, such as part requirements, model details, BOM text, destination, and messages. We also process limited technical information used to secure and operate the site, including request metadata, security events, country code derived by Cloudflare, and hashed analytics identifiers when you choose analytics cookies. We do not intentionally collect card numbers or full payment credentials.

Why we use data

We use personal data to create and secure accounts; quote, price, accept, process, and fulfill orders; calculate shipping and taxes; communicate about orders, delays, support, returns, and security; prevent fraud and abuse; comply with legal, tax, accounting, and recordkeeping duties; and measure site usage only where analytics consent has been given. Depending on the context, processing is necessary to perform a contract, comply with law, pursue legitimate interests in secure store operation, or is based on consent where consent is required.

Service providers and disclosures

We disclose only the data needed for the service to Cloudflare for hosting, security, database, storage, and Access controls; PayPal for payment processing; Resend for transactional email; carriers, freight providers, customs brokers, suppliers, and fulfillment partners for sourcing and delivery; and professional advisers or authorities when legally required. We do not sell personal information or share it for cross-context behavioral advertising.

The optional FAQ assistant is restricted from receiving customer addresses, payment details, order data, or administrator data. It cannot make refunds, change orders, or access other customers’ information.

International processing

Because we source and ship internationally and use global infrastructure providers, personal data may be processed in countries outside your home country, including China and locations where our service providers operate. We limit transfers to what is necessary for the relevant service and use contractual, technical, organizational, or other safeguards required by applicable law when they apply.

Cookies, local storage, and analytics

Essential cookies and similar storage support sign-in, cart continuity, security, language preferences, PayPal checkout, and Cloudflare bot protection. They are necessary for requested site functions. Analytics uses a locally generated visitor identifier and session identifier that are hashed before storage on our server; it records no email address, IP address, full referrer URL, or browser fingerprint. Analytics remains off until you choose “Accept analytics” in the consent banner, and you can change that choice through “Privacy choices” in the footer.

We do not use advertising, retargeting, or social-media tracking cookies. Declining analytics does not prevent you from browsing, signing in, or checking out, although essential storage remains necessary for those functions.

Retention and security

Expired OTPs, sessions, anonymous carts, and rate-limit records are removed by scheduled cleanup. Analytics events are retained for up to 13 months. Raw PayPal webhooks are minimized after 30 days; shipping and payer snapshots are retained for 24 months after the final financial or fulfillment event unless a legal hold applies; payment-ledger and audit evidence are retained for 7 years. We use access controls, encryption-capable managed services, audit logs, rate limits, and data minimization, but no internet transmission can be guaranteed completely secure.

Your choices and rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, or portability of personal data, withdraw consent for optional analytics, and complain to a competent data-protection authority. You may also request a copy of account data or request account anonymization after a fresh email verification. We may retain information needed for completed transactions, fraud prevention, legal claims, tax, accounting, and other lawful obligations after an account is anonymized.

Children and policy changes

The site is not directed to children under 14, and we do not knowingly collect their personal data. We may update this policy when our practices or legal requirements change. Material changes apply prospectively and are posted with a revised date and version; we will provide additional notice where required by law.

WhatsApp