Privacy Policy
Last updated: 2026-03-31
Buna Science ("we," "us," "our") is committed to protecting your personal information. This policy explains what data we collect, why, how we use it, and your rights under applicable privacy laws worldwide.
1. Who We Are
Buna Science, based in Sarasota, Florida, USA. Contact: [email protected]
2. What We Collect
We collect only what is necessary to fulfill your orders and improve our service:
- Order information: name, email, shipping address, payment details (processed by our payment provider — we do not store card numbers)
- Account information: email, password (hashed), preferences
- Device information: browser type, operating system, screen size (for site functionality only)
- Communications: emails you send us, support requests
What we do NOT collect: We do not use cookies for tracking or advertising. We do not use third-party analytics (no Google Analytics, no Meta Pixel). We do not sell, share, or trade your personal information. We self-host all fonts — no requests to Google, Adobe, or any third party when you visit our site.
3. Why We Collect It (Legal Basis)
| Purpose | Legal Basis (GDPR) | Legal Basis (CCPA) |
|---|---|---|
| Fulfill your order | Contract performance (Art. 6(1)(b)) | Business purpose |
| Send order updates | Contract performance | Business purpose |
| Respond to support requests | Legitimate interest (Art. 6(1)(f)) | Business purpose |
| Send marketing emails (only with consent) | Consent (Art. 6(1)(a)) | With opt-in consent |
| Comply with tax/legal obligations | Legal obligation (Art. 6(1)(c)) | Legal obligation |
4. How Long We Keep It
- Order data: 7 years (tax/legal requirements)
- Account data: Until you delete your account
- Support communications: 2 years
- Marketing consent: Until withdrawn
5. Who We Share With
- Payment processor: Stripe (PCI DSS Level 1 certified)
- Shipping carriers: USPS, UPS, FedEx, DHL (name + address only)
- Email service: For transactional emails only (order confirmations, shipping updates)
We do not sell or share your personal information with advertisers, data brokers, or any third party for their own purposes.
6. International Transfers
Your data is processed in the United States. For EU/EEA/UK customers, transfers are conducted under Standard Contractual Clauses (SCCs) as approved by the European Commission. For customers in other jurisdictions, transfers are made with appropriate safeguards as required by local law.
7. Your Rights
All Customers
- Access your personal data
- Correct inaccurate data
- Delete your data
- Withdraw consent for marketing
EU/EEA/UK Customers (GDPR / UK GDPR)
- Right to data portability (receive your data in machine-readable format)
- Right to restrict processing
- Right to object to processing based on legitimate interest
- Right not to be subject to automated decision-making
- Right to lodge a complaint with your local supervisory authority
California Customers (CCPA/CPRA)
- Right to know what personal information is collected, used, shared
- Right to delete personal information
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information — we do not sell or share your information
- Right to non-discrimination for exercising your rights
Brazil Customers (LGPD)
- Right to confirmation of processing, access, correction, anonymization, deletion, portability
- Right to information about entities with which data has been shared
- Right to revoke consent
Other Jurisdictions
If you are in Japan (APPI), South Korea (PIPA), India (DPDPA), South Africa (POPIA), Canada (PIPEDA), Australia, or any other jurisdiction with data protection laws, we honor the rights granted to you under your local law. Contact us to exercise your rights.
8. Children
We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.
9. Security
We protect your data with encryption in transit (TLS 1.3), encryption at rest, access controls, and regular security reviews. Payment data is handled entirely by Stripe and never touches our servers.
10. Changes
We will notify you of material changes via email. The latest version is always available at this URL.
11. Contact
Privacy inquiries: [email protected]
Data subject requests: Submit a request
Buna Science, Sarasota, FL, USA