All orders and payments made through Thistlebookshop.ca
are processed and stored locally at our physical location or in the form of asymmetrically encrypted (RSA) backup data in the physical possession of Thistle Bookshop. The decryption key to this data is known only to Thistle Bookshop and is not stored or recoverable by third parties.
We collect and store our customers' information at their discretion. This information may include home and/or business address(es), contact names, email addresses, phone numbers, and credit card information. We use RSA encryption for credit cards, 2048 bit, and the private key is blowfish-cbc encrypted. All customer information collected is encrypted and stored locally on the Thistle Bookshop premises.
We do not provide, share, or sell customer information to third parties. The information we collect at the time of checkout or account creation is used for order fullfillment, communications about orders or purchases, and for occasional (12 times per year) email marketing. We do not provide our customer's information or activity to any third parties for analytical use.