Privacy Policy

1. Information We Collect

We collect the following types of information when you use AHF Auto Parts:

• Account information: Name, email address, phone number, password (hashed)
• Order information: Shipping address, order history, payment method (card type and last 4 digits via Stripe — we never store full card numbers)
• Usage data: Pages visited, search queries, cart activity, device type, IP address
• Communications: Messages sent via the contact form, WhatsApp, or email

2. How We Use Your Information

• Processing and fulfilling your orders
• Sending order confirmations, shipping updates, and receipts
• Responding to customer service inquiries
• Improving our product catalog and website experience
• Sending newsletters (only if you subscribed — unsubscribe anytime)
• Fraud prevention and security
• Legal compliance

3. Information Sharing

We do not sell your personal information. We share data only with trusted service providers:

• Stripe: Payment processing. Stripe handles all payment data under their own privacy policy.
• Shipping carriers: (Japan Post, Yamato, Sagawa, DHL, FedEx) — name and shipping address only
• Cloudinary: Image hosting for product photos only (no personal data)
• Resend: Transactional email delivery
• Neon (PostgreSQL): Secure database hosting

We may also disclose information if required by law or to protect our rights and customers.

4. Cookies & Tracking

We use cookies and similar technologies for:

• Cart persistence: Storing your cart items between sessions (localStorage)
• Authentication: Keeping you logged in (session cookie)
• Preferences: Dark/light mode setting
• Analytics: Understanding how visitors use our site (anonymised)

You can control cookies through your browser settings. Disabling cookies may affect cart functionality.

5. Data Retention

• Account data: Retained while your account is active, deleted 30 days after account deletion request
• Order history: Retained for 7 years for tax/legal compliance
• Contact inquiries: Retained for 2 years
• Session data: Expires after 30 days of inactivity

6. Your Rights

Under the Act on Protection of Personal Information (APPI, Japan) and applicable laws, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and personal data
• Portability: Request your data in a machine-readable format
• Objection: Opt out of marketing communications

To exercise these rights, contact us at info@ahfautoparts.com.

7. International Data Transfers

AHF Auto Parts is based in Japan. If you access our services from outside Japan, your data may be transferred to and stored in Japan and other countries where our service providers operate. We ensure appropriate safeguards are in place for all international transfers.

8. Security Measures

We protect your data with:

• HTTPS encryption on all pages and API calls
• Passwords hashed with bcrypt (never stored in plain text)
• Payment data handled exclusively by Stripe (PCI DSS Level 1 certified)
• Database access restricted to server-side only (no client-side DB access)
• Regular security reviews and dependency updates

9. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at: