Privacy policy
Last updated: 11 May 2026
Template Drawer is a brand of SIA Cyber Unicorn, registered in Latvia (reg. no. 40203002129). This page explains what data we collect, why, how long we keep it, and what rights you have over it under the EU General Data Protection Regulation (GDPR) and the Latvian Personal Data Protection Law.
1. Who we are
Data controller: SIA Cyber Unicorn, Latvia (reg. 40203002129).
Contact for privacy questions: wren@templatedrawer.com
Supervisory authority: Datu valsts inspekcija (Latvia), dvi.gov.lv.
2. What we collect, and why
| Data | When | Purpose | Legal basis |
|---|---|---|---|
| Email address, name, billing details | At checkout | Fulfilling your order, invoicing, support | Contract performance |
| Order history, products purchased | At checkout | Account history, support, refunds, license tracking | Contract performance |
| IP address, device, browser | Site visit | Fraud prevention, analytics, technical operation | Legitimate interest |
| Cookies (analytics, preferences) | Site visit | See Cookie policy | Consent |
| Email engagement (open / click) | If you opt in to emails | Improve content, segment | Consent |
| Discord username (Patrons only) | On joining | Community access | Contract performance |
3. Who else processes your data
We use these third-party processors. Each has its own privacy policy worth reading:
- Shopify (CA, US, IE) - storefront, checkout, customer database. Privacy policy
- Stripe (IE) - payment processing. Privacy policy
- Klaviyo (US/EU) - email delivery if you opt in. Privacy policy
- GoAffPro - affiliate tracking, only if you arrived via an affiliate link. Privacy policy
- Loox - product reviews (if you submit one). Privacy policy
- Discord - Patron community channel (if you join). Privacy policy
We don't sell your data. We don't share it with advertisers beyond what's needed for ads we run (and only aggregated audience signals, never your personal details).
4. How long we keep it
- Order data: 10 years (Latvian tax + accounting law)
- Customer profile: while your account is active, plus 3 years (in case of returning customer)
- Email list: until you unsubscribe
- Server logs: 90 days
- Discord membership: while you remain a Patron and the channel is active
5. Your rights under GDPR
You can ask us, by email at wren@templatedrawer.com, to:
- Access all data we hold on you
- Correct any inaccurate data
- Delete your data (subject to our 10-year invoice retention obligation)
- Restrict processing while we investigate a request
- Object to processing based on legitimate interest
- Port your data to another provider (CSV / JSON)
- Withdraw consent for any consent-based processing at any time
We respond inside 30 days. If we can't do something you've asked, we'll explain why.
6. International transfers
Some of our processors (notably Shopify and Klaviyo) operate servers in the United States. Transfers to the US rely on EU Commission adequacy decisions or Standard Contractual Clauses. The processors listed in section 3 are all certified under the EU-US Data Privacy Framework or equivalent.
7. Security
We use HTTPS site-wide. Payment data never touches our servers (handled by Stripe/Shopify Payments directly). Internal access is limited to the SerpCtrl team, all under NDA. We use 2FA on admin accounts. We log access.
If we suffer a data breach affecting you, we notify you and Datu valsts inspekcija within 72 hours, as GDPR requires.
8. Children
Template Drawer products are not directed to anyone under 16. We don't knowingly collect data from minors. If you're a parent and we have your child's data by mistake, email Wren and we'll delete it.
9. Changes to this policy
If we change anything material, we update the date at the top and email anyone who's bought from us. Minor edits (typos, clarifications) we just update silently.
Draft 2026-05-11. Pending legal review by SIA Cyber Unicorn counsel before treating as final.