HARLU&CO← Back

Privacy Notice

Last updated: May 30, 2026

This Privacy Notice explains how HARLU&CO ("HARLU&CO", "we", "us") collects, uses, and shares personal data when you visit harluandco.com or purchase The Vendor Vault. HARLU&CO is the data controller for personal data collected through this site.

1. Personal Data We Collect

  • Order data — your email address, country, and order details, so we can deliver the Vault.
  • Support data — the contents of any emails you send us.
  • Technical data — IP address, device, browser, referrer, and basic usage information collected automatically when you visit the site.
  • Cookies — strictly necessary cookies to operate the checkout, and (where applicable) anonymized analytics cookies to understand site performance.

Payment card details are collected directly by Paddle (our Merchant of Record). We do not see or store your full card details.

2. How We Use Your Data

  • To deliver the Vault and the download link to your email (legal basis: performance of contract).
  • To provide customer support and handle refund or delivery issues (performance of contract).
  • To prevent fraud, abuse, and unauthorized redistribution of the Vault (legitimate interests).
  • To improve the site and the product (legitimate interests).
  • To comply with legal obligations, including tax and accounting (legal obligation).

3. Who We Share Your Data With

  • Paddle — our Merchant of Record, who processes the sale, handles payments and tax compliance, sends invoices, and manages refunds and chargebacks.
  • Hosting & infrastructure providers — providers who host the site, database, file storage, and transactional email delivery.
  • Professional advisers — accountants and lawyers, where required.
  • Authorities — where required by law or to protect our legal rights.

We do not sell your personal data.

4. International Transfers

Some of our service providers (including Paddle, hosting, and email providers) may process data outside your country of residence, including in the US and the EU. Where such transfers occur from the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Data Retention

Order and delivery data is retained for as long as needed to provide lifetime access to the Vault and to comply with our tax, accounting, and legal obligations (typically up to 7 years). Support emails are retained as long as needed to resolve the matter and for a reasonable period afterwards. Technical and analytics data is retained for short periods only.

6. Your Rights

Depending on your country, you may have the right to: access the personal data we hold about you; correct or update it; request deletion; restrict or object to processing; request portability; and withdraw any consent you have given. You may also have the right to lodge a complaint with your local data protection authority. To exercise your rights, email hello@harluandco.com. We will respond within one month.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and signed/revocable download links so the Vault can only be accessed by the buyer.

8. Cookies

We use strictly necessary cookies to operate the checkout and to keep the site working. Where used, analytics cookies are anonymized. You can control cookies through your browser settings; blocking strictly necessary cookies may break the checkout.

9. Changes

We may update this Notice from time to time. Material changes will be reflected by updating the "Last updated" date above.

10. Contact

Privacy questions: hello@harluandco.com.