Privacy Policy.

Within Tea (“Within”, “we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase.

We process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area and the California Consumer Privacy Act (CCPA) for California residents.

We collect information that you provide directly to us, as well as information collected automatically when you use our site:

Information you provide:

• Contact information: your name and email address, provided when you create an account, subscribe to our newsletter, or place an order.
• Shipping information: your postal address and phone number, provided when you place an order for delivery.
• Payment information: payment details are collected and processed securely by Shopify, our third-party payment processor. We do not store your credit card number, CVV, or full payment details on our servers.
• Communications: any information you include in correspondence with us, such as customer support inquiries.

Information collected automatically:

• Device and browser information: your IP address, browser type, operating system, and device identifiers.
• Usage data: pages visited, time spent on pages, referring URLs, and other browsing behavior on our site.

We use the information we collect for the following purposes:

• To process and fulfill your orders, including shipping and payment processing.
• To communicate with you about your orders, account, or customer support requests.
• To send you marketing communications, such as newsletters and product announcements, if you have opted in to receive them. You may unsubscribe at any time.
• To improve and optimize our website, products, and services.
• To comply with legal obligations and enforce our terms of service.

We do not sell, trade, or rent your personal information to third parties.

We may share your information only in the following limited circumstances:

• Service providers: we share information with trusted third-party service providers who assist us in operating our business, such as Shopify (payment processing and e-commerce platform), shipping carriers, and email marketing services. These providers are contractually obligated to use your information only as necessary to perform services on our behalf.
• Legal requirements: we may disclose your information if required by law, regulation, legal process, or governmental request.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Our website uses cookies — small text files placed on your device — to improve your browsing experience.

We use the following types of cookies:

• Essential cookies: necessary for the site to function, such as maintaining your shopping cart and session.
• Analytics cookies: we use privacy-focused analytics to understand how visitors interact with our site. This data is aggregated and anonymized and is used solely to improve our website experience.

We do not use advertising or tracking cookies. You may disable cookies in your browser settings at any time, though this may affect your ability to use certain features of the site.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Order data is retained for a minimum period as required by applicable tax and commercial law.

If you subscribe to our newsletter but do not make a purchase, we retain your email address until you unsubscribe.

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: you may request a copy of the personal data we hold about you.
• Right to rectification: you may request that we correct any inaccurate or incomplete data.
• Right to deletion: you may request that we delete your personal data. We will comply with your request unless we are required to retain the data for legal or contractual obligations.
• Right to restrict processing: you may request that we limit the processing of your data in certain circumstances.
• Right to data portability: you may request a copy of your data in a structured, commonly used, machine-readable format.
• Right to object: you may object to the processing of your personal data for direct marketing purposes at any time.

To exercise any of these rights, please contact us at info@withintea.co. We will respond to your request within 30 days.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data transmitted between your browser and our site is encrypted using SSL/TLS technology.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post the revised policy on this page with an updated “last updated” date. We encourage you to review this policy periodically.

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your rights, please contact us at info@withintea.co.

Last updated: April 2026.