Skip to content
Talvika Bazaar

Privacy Policy

Last updated: June 2025

1. Who We Are

Talvika is a sole trader based in the United Kingdom, operating the online store at bazaar.talvika.com. We are the data controller for personal data collected through this website.

Contact: hello@talvika.com

2. Data We Collect

We collect the following personal data:

  • Account information: email address (used for authentication via magic link)
  • Order information: name, email, shipping address, order history
  • Communications: item request descriptions, review content, site feedback
  • Technical data: IP address (for rate limiting only, not stored long-term)

3. How We Use Your Data

We process your personal data for the following purposes:

  • To fulfil and deliver your orders
  • To provide customer support and respond to item requests
  • To send transactional emails (order confirmations, shipping updates, stock alerts)
  • To enable product reviews and site feedback
  • To protect against fraud and abuse (rate limiting)

We do not send marketing emails. All communications are strictly transactional.

4. Legal Basis for Processing

We process your data under the following lawful bases:

  • Contract performance: processing orders, managing your account
  • Legitimate interests: fraud prevention, service improvement
  • Consent: stock alert notifications (you may unsubscribe at any time)

5. Data Storage and Third Parties

Your data is stored and processed using the following services:

  • Supabase (database and authentication) — your account details, orders, reviews, and requests are stored in Supabase PostgreSQL
  • Stripe (payment processing) — payment card details are handled entirely by Stripe; we never see or store your card information
  • Cloudinary (image hosting) — product images only; no personal data
  • Resend (email delivery) — processes your email address to deliver transactional emails
  • Upstash Redis (rate limiting) — temporarily stores hashed IP addresses for abuse prevention

6. AI Data Processing

We use AI services to enhance the shopping experience. Here is how your data interacts with these services:

  • Groq (LLM inference): processes product data (titles, descriptions, review text) to generate descriptions, price suggestions, and review sentiment summaries. No personal customer data is sent to Groq.
  • HuggingFace (embeddings): processes product titles and descriptions to enable semantic search. Search queries you type are converted to numerical vectors — the original text is not stored by HuggingFace.

We do not use your personal data (name, email, address) for AI training or processing. Only product catalogue data and anonymised review text are sent to AI providers.

7. Cookies and Local Storage

We use the following browser storage mechanisms:

  • Session cookies: essential for authentication (Supabase auth tokens). These are strictly necessary and do not require consent.
  • localStorage: stores your shopping cart contents when browsing as a guest. This data remains on your device and is not transmitted to third parties.

We do not use analytics cookies, advertising cookies, or tracking pixels.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate personal data
  • Erasure: request deletion of your personal data (subject to legal obligations)
  • Data portability: receive your data in a structured, commonly used, machine-readable format
  • Restriction: request that we limit processing of your data
  • Objection: object to processing based on legitimate interests

To exercise any of these rights, please email us at hello@talvika.com. We will respond within 30 days.

9. Data Retention

We retain your personal data only as long as necessary for the purposes set out in this policy:

  • Account data: retained until you request deletion
  • Order data: retained for 6 years (UK tax and legal requirements)
  • Rate limiting data: automatically expires within 60 seconds

10. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), row-level security policies in our database, and secure authentication via magic links (no passwords stored).

11. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.