Privacy Policy

Last updated: January 2025

1. Who We Are

BuyMeBricks ("we", "us", "our") operates the website buymebricks.com, a GoBricks parts ordering service. This policy explains what personal data we collect, why we collect it, and how we protect it.

2. Data We Collect

When you create an account or place an order, we collect:

  • Identity data: first name, last name, username.
  • Contact data: email address, phone number.
  • Address data: delivery address, city, state/region, postal code, country.
  • Order data: part lists, order history, total amounts paid.
  • Payment data: we receive a PayPal transaction ID only; we never see or store your card number or bank details.

We also collect basic server logs (IP address, browser type, pages visited) for security and performance purposes. These are not linked to your account and are deleted after 30 days.

3. How We Use Your Data

  • To process and fulfil your orders.
  • To send order confirmations and shipping updates by email.
  • To provide customer support.
  • To detect and prevent fraud.
  • To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

4. Legal Basis (GDPR)

If you are in the European Union, our legal basis for processing your data is:

  • Contract performance – processing necessary to fulfil your order.
  • Legitimate interest – fraud prevention and service security.
  • Legal obligation – tax and accounting records.

5. Data Sharing

We share your data only with:

  • GoBricks – your delivery address and order details are shared to fulfil your order.
  • PayPal – to process payments securely.
  • Shipping carriers – your name and address are included on the shipping label.

All third parties are contractually required to keep your data secure and use it only for the purpose stated.

6. Data Retention

We retain your account data for as long as your account is active. Order records are kept for 7 years to comply with accounting and tax regulations. You may request deletion of your account at any time (see Section 7).

7. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data via your account settings.
  • Erase your account and associated data (subject to legal retention obligations).
  • Port your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.

To exercise any of these rights, email contact@buymebricks.com. We will respond within 30 days.

8. Cookies

We use a single session cookie to keep you logged in during your visit. This cookie is essential for the service to function and is deleted when you close your browser or log out. We do not use tracking or advertising cookies.

9. Security

Passwords are stored hashed using bcrypt. Connections to this site are encrypted via HTTPS. Payment processing is handled entirely by PayPal's PCI-compliant infrastructure.

10. Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated by email. The date at the top of this page reflects the latest revision.

11. Contact

For privacy-related questions or requests: contact@buymebricks.com

← Back to Home