Privacy Policy
Last updated: May 2026
1. Who We Are
Bellechasse is a brand of Belle Labs SAS, a French simplified joint-stock company registered in France (hereinafter “Belle Labs”).
- Registered address: 30 Lieu dit Queric, 56470 La Trinité-sur-Mer, France
- SIRET: 93360353200013
- Contact: hello@withbellechasse.com
Belle Labs is the data controller for the personal data described in this policy. This means we determine the purposes and means of processing your personal data.
If you have questions about how we handle your data, please contact us at hello@withbellechasse.com.
2. What Data We Collect
We collect different types of data depending on how you interact with us:
Data you give us directly
- Email address — when you sign up for our interest list or join as a founding member (Fondatrice)
- Name and shipping address — when you place an order
- Payment card details — collected by Shopify Payments during checkout (we never see or store your full card number on our servers)
Data collected automatically
- Browsing data — pages visited, time on site, referral source, device type, browser, and operating system (via Google Analytics GA4)
- Session recordings and heatmaps — mouse movements, clicks, and scroll behavior (via Microsoft Clarity). Clarity automatically masks sensitive input fields.
- Advertising and measurement data — pages visited, actions taken (such as email signups and reservations), device information, and browser data (via the Meta Pixel). This data helps us measure the effectiveness of our advertising campaigns and reach people who may be interested in our products.
- Approximate location (country level) — we use a third-party IP geolocation service to determine your country so we can apply the appropriate cookie consent requirements. We do not store your IP address or determine your precise location.
- Cookies and similar technologies — see our Cookie Policy for full details
3. Why We Collect Your Data
Under the GDPR and UK GDPR, we must have a lawful basis for each processing activity. Here is how we use your data and the legal basis for each:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Process your order and deliver your coffee | Name, email, address, payment | Contract performance |
| Save your card for the Fondatrice deferred-charge model | Payment card (via Shopify) | Contract performance |
| Send you product updates and marketing emails | Email address | Consent (you can unsubscribe at any time) |
| Understand how visitors use our site (analytics) | Browsing data, cookies | Consent (via cookie banner) |
| Improve website usability (session recordings) | Session recordings, heatmaps | Consent (via cookie banner) |
| Measure advertising effectiveness and reach relevant audiences | Browsing data, actions on site, device info | Consent (via cookie banner for EU/EEA/UK visitors). For visitors in the United States and other regions without prior-consent requirements, this processing operates on an opt-out basis as permitted by applicable state law (CCPA/CPRA and equivalent). Opt out anytime via “Do Not Sell or Share My Info” in the footer or by enabling Global Privacy Control in your browser. |
| Determine your country for cookie consent requirements | IP-derived country code | Legitimate interest (legal compliance) |
| Comply with legal and tax obligations | Order records, invoices | Legal obligation |
| Prevent fraud and secure our services | IP address, browsing data | Legitimate interest |
4. Who We Share Your Data With
We do not sell your personal data. We share it only with trusted service providers who process data on our behalf, under strict contractual obligations:
- Shopify Payments (Shopify Inc., Canada/US) — payment processing, order management, and checkout
- Klaviyo (Klaviyo Inc., US) — email marketing and the interest list
- Google Analytics GA4 (Google LLC, US) — website analytics
- Microsoft Clarity (Microsoft Corp., US) — session recording and heatmaps
- Meta Platforms (Meta Platforms Inc., US) — advertising measurement, audience building, and campaign optimization via the Meta Pixel
- ipapi (kloudend Inc., US) — IP-based country detection for cookie consent compliance (country code only; IP address is not stored by us)
- Cloudflare (Cloudflare Inc., US) — website hosting and content delivery
- PreProduct (PreProduct Ltd) — pre-order management and payment card vaulting for deferred charge orders
Where data is transferred outside the European Economic Area (EEA) or the UK, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs) or the service provider's participation in a recognized adequacy framework.
5. How Long We Keep Your Data
- Account and order data: for the duration of your relationship with us, plus 5 years for tax and legal compliance (as required under French commercial law)
- Marketing email addresses: until you unsubscribe, after which we delete your email within 30 days
- Analytics and session data: retained according to each provider's standard retention period (Google Analytics: 14 months; Microsoft Clarity: 30 days; Meta Pixel: per Meta's data retention policy)
- Cookie data: see our Cookie Policy for individual cookie durations
6. Your Rights
If you are in the EU (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate or incomplete data
- Erasure — ask us to delete your data (the “right to be forgotten”)
- Restriction — ask us to temporarily limit how we process your data
- Data portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, withdraw it at any time (this does not affect the lawfulness of processing before withdrawal)
To exercise any of these rights, email us at hello@withbellechasse.com. We will respond within one calendar month.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL): www.cnil.fr
If you are in the UK (UK GDPR)
You have the same rights listed above under the UK General Data Protection Regulation. If you are unsatisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk
If you are in California (CCPA / CPRA)
Under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), California residents have specific rights regarding their personal information.
Categories of personal information we collect:
- Identifiers (name, email address, shipping address)
- Commercial information (order history, products purchased)
- Internet or network activity (browsing data, pages visited, referral source)
- Financial information (payment card details, collected and stored by Shopify Payments — we do not access your full card number)
Sources: directly from you (at checkout and through forms on our site), automatically via cookies and analytics tools, and from Shopify (order and transaction data).
Business purposes: processing and fulfilling your order, communicating with you about your order and account, email marketing (with consent), website analytics and improvement, fraud prevention and security.
We do not sell your personal information. We may share certain browsing data with Meta Platforms through the Meta Pixel for advertising measurement and optimization purposes. Under the CPRA, this may be considered “sharing” of personal information for cross-context behavioral advertising. You have the right to opt out of this sharing — see your rights below.
Your rights under the CCPA/CPRA:
- Know what personal information we collect, the sources, the purposes, and the third parties we share it with
- Delete your personal information
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information. We do not sell personal information for money, but the Meta Pixel transmits browsing data to Meta for cross-context behavioral advertising, which the CPRA defines as “sharing.” You can opt out at any time by clicking Do Not Sell or Share My Info in the footer of any page, or by using your browser’s Global Privacy Control (GPC) signal — we honor GPC automatically and treat it as a valid opt-out.
- Non-discrimination — we will not treat you differently for exercising your rights
To make a CCPA request, email hello@withbellechasse.com with the subject line “CCPA Request.” We will respond within 45 days.
If you are in another US state (VA, CO, CT, UT, TX, OR, MT, IA)
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and Iowa state privacy laws each give residents rights that substantially mirror those described in the California section above:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data
- Data portability — receive a copy of your data in a portable format
- Opt out of targeted advertising — use the same Do Not Sell or Share My Info footer link or enable Global Privacy Control in your browser
Where applicable state law provides for an appeal of a denied rights request, you may also appeal by replying to our response email. We will respond to verifiable requests within the timeframe each state requires (typically 45 days, with a possible 45-day extension where permitted).
Some states (notably Washington under the My Health My Data Act) impose stricter consent requirements for “consumer health data.” We do not knowingly collect or process consumer health data through this website. If you believe we have, please contact us and we will delete it promptly.
If you are in Australia (Privacy Act 1988)
Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:
- Access — request access to the personal information we hold about you
- Correction — ask us to correct personal information that is inaccurate, out of date, incomplete, or misleading
- Complaint — make a complaint if you believe we have breached the APPs
To exercise these rights, email hello@withbellechasse.com. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): oaic.gov.au
7. Supervisory Authorities
As a French company, our lead supervisory authority is the:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
www.cnil.fr
For UK residents, the relevant authority is the Information Commissioner's Office (ICO): ico.org.uk
8. Cookies
We use cookies and similar technologies on our website. For full details about which cookies we use, their purpose, and how to manage them, please see our Cookie Policy.
9. Security
We take reasonable technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls, and choosing data processors with strong security practices. Payment card data is handled entirely by Shopify Payments, which is PCI DSS Level 1 certified — your card details never touch our servers.
10. Children's Privacy
Our products and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time. When we make material changes, we will notify you by email (if we have your address) or by posting a notice on our website. The “Last updated” date at the top of this page reflects the most recent revision.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please reach out:
- Email: hello@withbellechasse.com
- Post: Belle Labs, 30 Lieu dit Queric, 56470 La Trinité-sur-Mer, France