Privacy policy.

When you place an order or send a custom-quote request we collect: your name, email, phone (if provided), shipping address, and the items + customizations you ordered. Payments are made directly to our Touch ’n Go eWallet via DuitNow QR or DuitNow Transfer — we don’t store or process your card details, and no payment data passes through our servers.

Strictly to fulfill your order, contact you about it, and meet our tax + bookkeeping obligations. We don’t sell or share your data, and we don’t use it for marketing without your explicit consent.

Order data lives in Supabase (a hosted Postgres database) and email transactions go through Resend. Both are reputable providers with industry-standard security. Payments themselves never touch our servers — they go directly bank-to-bank via DuitNow.

We use a session-only cart cookie (cleared when you close the browser tab) and basic analytics via Vercel Analytics and Google Analytics 4 in aggregate.

You can request a copy of your data, ask us to correct it, or ask us to delete it (subject to our legal record-keeping obligations). Email hello@thingit.storeand we’ll handle it within 21 days.