Privacy policy

Last updated May 2026.

This privacy policy explains what personal information BootsVault collects when you visit, contact, or buy from us, what we do with it, and the rights you have over your own data.

BootsVault is operated from Adelaide, South Australia. When you order from us, we're the entity responsible for how your personal information is handled.

(01) What we collect

When you buy something:

Name, shipping address, email address, phone number

Order history and the items you've bought

IP address and device/browser information

When you pay:

We don't store your card details. Payments are processed by Shopify Payments, Afterpay, or PayPal depending on what you choose at checkout. Each one handles card information directly and has its own privacy practices.

When you contact us:

- Your name, email, the message you send, and any photos you attach (for example, when offering us a pair to buy)

- Instagram DMs and replies, if you reach us there

When you sign up for the email list:

- Your email address and, if you provide it, your name

When you browse the site:

- Pages visited, time on site, products viewed, referring source

- Cookies and similar technologies used for cart functionality, analytics, and marketing (see Section 04)

(02) How we use it

We use what we collect to:

- Process your orders, take payment, and ship your boots

- Communicate with you about your order (confirmations, tracking, queries)

- Respond to your messages, questions, or sourcing requests

- Send marketing emails about new drops, but only if you've opted in

- Detect and prevent fraud, including counterfeit attempts

- Meet our tax, customs, and other legal obligations

- Improve the website, our listings, and our customer experience

We don't sell your information. Not to anyone, ever.

(03) Who we share it with

We share personal information with third parties only where it's necessary to run the business:

- Shopify — our store platform, where order and customer data is hosted

- Payment processors — Shopify Payments, Afterpay, PayPal (each only receives the data needed to handle the transaction)

- Couriers — Australia Post and any other shipping carrier used for your order (name, address, contact details, parcel information)

- Customs authorities — when shipping internationally, basic order and recipient details may be required for customs clearance and duties assessment

- Email and marketing platforms — for sending order confirmations and, with your consent, newsletters

- Analytics providers — to help us understand how people use the site

- Professional advisors — accountants, lawyers, and similar, where strictly necessary

We don't share data with advertising networks for cross-site advertising without your consent.

(04) Cookies and tracking

We use cookies and similar tools for three purposes:

- Essential — making the cart, checkout, and account login work

- Analytics — anonymous usage data so we know what's working

- Marketing — measuring the effectiveness of any ads we run, and showing relevant content

You can refuse non-essential cookies through your browser settings or our cookie banner. Doing so won't break the site, but it may limit some features.

(05) International data transfers

If you're outside Australia — including in the UK, EU, US, or anywhere else — your personal information will be transferred to and processed in Australia, and may also be processed by service providers in other countries (for example, where Shopify's servers are based).

We rely on standard contractual safeguards with our processors to ensure your data is handled to a standard equivalent to your home jurisdiction's protections.

(06) How long we keep it

- Order records: 7 years, to meet Australian tax and accounting obligations

- Customer accounts: until you ask us to delete them

- Marketing list: until you unsubscribe (one click in any email we send)

- Support emails and DMs: generally 2 years after the last contact

- Analytics data: typically 14–26 months, depending on the provider

After these periods, we either delete the data or anonymise it so it can no longer be linked back to you.

(07) Your rights

You have the right to:

- Access the personal information we hold about you

- Correct anything that's inaccurate

- Delete your data (subject to the retention exceptions in Section 06 for tax records)

- Opt out of marketing at any time — every email we send has an unsubscribe link

- Object to or restrict certain processing

- Withdraw consent you've previously given

- Lodge a complaint with the relevant data protection authority

To exercise any of these, email contact@bootsvault.com and we'll respond within 30 days. We may need to verify your identity before acting on a request.

If you're in Australia and you're not satisfied with how we've handled a privacy complaint, you can contact the Office of the Australian Information Commissioner at oaic.gov.au. If you're in the UK or EU, you can complain to your local data protection authority.

(08) Security

We store data on systems protected by industry-standard safeguards: encrypted connections (HTTPS), access controls, and managed platforms like Shopify that handle a significant share of the security work for us.

No system is perfectly secure, but if we ever become aware of a breach that's likely to cause serious harm, we'll notify affected customers and the relevant authorities as required by law.

(09) Children

BootsVault isn't directed at children under 16. We don't knowingly collect data from anyone under that age. If you believe we have, contact us and we'll delete it.

(10) Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of the page will reflect the most recent revision. For material changes, we'll also flag the update on the site or by email.