Privacy policy

Tesoro is the store operator and data controller for information collected through this website. Tesoro is based in Spain and can be contacted through the contact page for privacy questions, customer requests, or data rights requests.

We may collect your name, email address, phone number, billing details, delivery details, order details, product selections, clothing sizes, colour choices, custom design instructions, uploaded reference images, uploaded design files, contact messages, payment references, and basic technical information needed to keep the website secure.

Tesoro does not store raw card numbers. Card, PayPal, Stripe, and Bizum-related payments should be processed by the relevant payment provider.

We use customer information to process orders, provide quotes, prepare custom embroidery or decoration work, manage the shopping bag and checkout, answer messages, handle delivery, prevent fraud, maintain the website, comply with accounting and legal duties, and improve the customer experience.

For custom clothing, uploaded images and design notes are used to understand and produce the requested item.

We process order and delivery information because it is needed to perform a contract with the customer. We process contact messages because the customer has asked us to respond. We keep limited records where required for legal, tax, accounting, fraud prevention, and customer service purposes. Marketing messages are only sent where allowed by law and, when required, with consent.

We may use trusted providers for hosting, database storage, file storage, payment processing, fraud prevention, email, delivery, analytics, and customer support. These providers should only process customer data for the service they provide to Tesoro.

The current technical setup may include services such as Vercel, Supabase, PayPal, Stripe, delivery providers, and email tools if enabled.

Order, payment reference, and invoice information may be kept for the period required by tax, accounting, and consumer protection rules. Contact messages and custom request files are kept only for as long as needed to answer the request, produce the order, handle support, or keep reasonable business records.

You can ask Tesoro to delete non-essential uploaded references or messages when they are no longer needed.

Depending on the situation, you may have the right to request access, correction, deletion, restriction, portability, objection, or withdrawal of consent. You can contact Tesoro through the contact page to exercise these rights.

If you believe your data has not been handled correctly, you can contact the Spanish data protection authority or your local supervisory authority.

Tesoro uses reasonable technical and organisational measures to protect customer data. No website can guarantee absolute security, so customers should avoid sending unnecessary sensitive information in free-text message fields or uploaded images.

The website is intended for customers who can legally place orders. Minors should use the website only with permission from a parent or guardian.

Tesoro may update this privacy policy when the website, legal requirements, or service providers change. The latest version will be published on this page.