DiplomaCraftDiplomaCraft

Privacy Policy

Last updated: February 25, 2026

1. Introduction

DiplomaCraft ("we," "us," "our") operates the website located at diplomacraft.com (the "Site"). This Privacy Policy describes how we collect, use, store, protect, and share your personal information when you visit the Site, place an order, create an account, or otherwise interact with our services (the "Services").

By using the Site or the Services, you consent to the data practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Site and the Services immediately.

We reserve the right to update this Privacy Policy at any time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Services after changes are posted constitutes your acceptance of the updated policy.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

  • Place an order: Name, email address, mailing address (for physical orders), and order details (document specifications such as names, dates, and institutions you provide for inclusion on your document).
  • Create an account: Name, email address, and password.
  • Contact us: Name, email address, subject line, and the content of your message submitted through our contact form or sent via email.
  • Submit a custom order: All information above, plus any reference images, files, or additional instructions you upload or provide.

2.2 Payment Information

All payment transactions are processed securely by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you make a payment, your credit card number, CVV, expiration date, and billing details are transmitted directly to Stripe's servers. DiplomaCraft does not receive, process, store, or have access to your full payment card information. We only receive a transaction confirmation, the last four digits of your card for reference, and the payment amount from Stripe. For information about how Stripe handles your payment data, please review Stripe's Privacy Policy.

2.3 Information Collected Automatically

When you visit the Site, we may automatically collect certain information about your device and usage, including:

  • Device information: Browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log data: IP address, referring/exit URLs, pages viewed, date and time of visit, time spent on pages, and clickstream data.
  • Cookies and similar technologies: We use essential cookies to operate the Site (e.g., session management, CSRF protection). We may also use analytics cookies to understand how visitors use the Site. See Section 7 (Cookies) below for details.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Order fulfillment: To produce, deliver, and manage your orders, including sending order confirmation emails, digital document delivery emails, shipping notifications, and tracking information.
  • Customer support: To respond to your inquiries, resolve issues, and provide assistance.
  • Account management: To create and maintain your account, if you choose to register.
  • Communication: To send you transactional emails related to your orders. We will never send unsolicited marketing emails without your explicit opt-in consent.
  • Site improvement: To analyze how the Site is used so that we can improve its functionality, content, and user experience.
  • Security and fraud prevention: To detect, prevent, and address fraud, abuse, security vulnerabilities, and technical issues.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. How We Share Your Information

We do not sell, trade, rent, or otherwise share your personal information with third parties for their marketing purposes. We may share your information only in the following limited circumstances:

  • Payment processor (Stripe): To process your payment securely.
  • Email service provider (Resend): To send transactional emails such as order confirmations and delivery notifications. We share only your email address and name for this purpose.
  • Cloud storage (Cloudflare R2): To store digital documents securely for delivery. Documents are stored with encryption and access is controlled via time-limited signed URLs.
  • Shipping carrier (USPS): To ship physical orders. We share your shipping name and mailing address with USPS only as necessary to fulfill your order.
  • Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
  • Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, including:

  • Order data: We retain order information for a period necessary to provide customer support, comply with our legal obligations (including tax and accounting requirements), resolve disputes, and enforce our agreements.
  • Account data: If you create an account, your account information is retained until you request deletion of your account.
  • Digital documents: Digital documents are stored on secure servers for a limited period to allow re-download. After this period, they are automatically deleted.
  • Contact form submissions: Retained for a reasonable period to respond to and resolve your inquiry.

When personal information is no longer needed, we securely delete or anonymize it.

6. Data Security

We take the security of your personal information seriously and implement industry-standard technical and organizational measures to protect it, including:

  • HTTPS/TLS encryption for all data transmitted between your browser and our servers.
  • Encrypted storage for sensitive data at rest.
  • PCI-DSS compliant payment processing through Stripe (DiplomaCraft never handles your full card details).
  • Access controls that limit employee and contractor access to personal information on a need-to-know basis.
  • Regular security assessments and updates to our systems and practices.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. You use the Site and provide your information at your own risk.

7. Cookies and Tracking Technologies

Cookies are small text files that are stored on your device when you visit a website. We use the following types of cookies:

  • Essential cookies: These are strictly necessary for the Site to function and cannot be disabled. They include session cookies, CSRF protection tokens, and authentication cookies. Without these cookies, the Site cannot operate correctly.
  • Analytics cookies: We may use analytics tools (such as Google Analytics or similar services) to understand how visitors interact with the Site. These cookies collect information in an aggregated and anonymized form. You can opt out of analytics cookies by adjusting your browser settings or using available opt-out tools.

We do not use advertising cookies, tracking pixels for targeted advertising, or social media tracking cookies.

Most web browsers allow you to control cookies through their settings preferences. However, disabling essential cookies may affect the functionality of the Site. For information about how to manage cookies in your browser, refer to your browser's help documentation.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of access: You may request a copy of the personal information we hold about you.
  • Right to rectification: You may request that we correct any inaccurate or incomplete personal information.
  • Right to deletion: You may request that we delete your personal information, subject to certain legal exceptions (e.g., data we are required to retain for legal or accounting purposes).
  • Right to restrict processing: You may request that we restrict the processing of your personal information in certain circumstances.
  • Right to data portability: You may request that we provide your personal information in a structured, commonly used, machine-readable format.
  • Right to object: You may object to the processing of your personal information in certain circumstances.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at support@diplomacraft.com. We will respond to your request within 30 days. We may need to verify your identity before processing certain requests.

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale of your personal information (we do not sell your information), and the right to non-discrimination for exercising your privacy rights. To exercise your California privacy rights, please contact us at support@diplomacraft.com.

8.2 European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, you have rights under the General Data Protection Regulation (GDPR). The legal bases for our processing of your personal information include: performance of a contract (order fulfillment), your consent, our legitimate interests (Site improvement and security), and legal obligations. You have the right to lodge a complaint with your local data protection authority. To exercise your GDPR rights, contact us at support@diplomacraft.com.

9. Third-Party Links

The Site may contain links to third-party websites or services that are not operated or controlled by DiplomaCraft (e.g., Stripe for payment). This Privacy Policy does not apply to those third-party services. We are not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

The Site and the Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and you become aware that your child has provided us with personal information, please contact us at support@diplomacraft.com, and we will take steps to delete such information from our systems.

11. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for what a website should do when it receives a DNT signal, we do not currently respond to DNT signals. We will update this policy if a uniform standard is adopted.

12. International Data Transfers

DiplomaCraft is based in the United States. If you are accessing the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Site, you consent to the transfer of your information to the United States.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Terms of Service|Refund Policy|FAQ|Contact Us