// legal

Privacy Policy

Last updated: March 2025

Overview

Graphene Phone ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over it.

By placing an order through our website, you agree to the collection and use of information as described in this policy.

Information We Collect

We collect only what is necessary to fulfill your order. This includes:

Full name — used to address your shipment and confirm your identity
Email address — used to send your order confirmation and shipping notification
Shipping address — used to deliver your order (street address, city, state/region, postal code, country)
Phone number — optionally collected at checkout for carrier delivery notifications
Payment information — card number, expiry, and CVV. Note: we never store or see your raw card data. All payment data is handled directly by Stripe (see Third-Party Services below)

We do not collect browsing history, device fingerprints, or behavioral analytics. We do not use cookies for tracking or advertising.

How We Use Your Information

To process and fulfill your order (install GrapheneOS, prepare your device, ship it)
To send your order confirmation email and shipping tracking number
To contact you if there is an issue with your order
To comply with legal obligations (e.g. tax records, fraud prevention)

We do not use your information for marketing or advertising without your explicit consent. We do not sell your personal data to any third party.

Third-Party Services

We use a small number of trusted third-party services to operate our business:

      Stripe — Payment processing. When you enter your card details at checkout, that information is transmitted directly to Stripe and is never stored on our servers. Stripe is PCI DSS Level 1 certified. Their privacy policy is available at stripe.com/privacy.
    

      EasyPost — Shipping label generation and carrier integration. We share your name and shipping address with EasyPost to create your shipping label. EasyPost passes this to the carrier (USPS, UPS, or FedEx). Their privacy policy is available at easypost.com/privacy.
    

These are the only third parties that receive your personal data. We do not share data with analytics platforms, advertising networks, or social media companies.

Data Retention

We retain your order information (name, email, shipping address, order details) for up to 3 years to handle returns, warranty claims, and legal compliance. After that period, your data is permanently deleted.

Payment data is not retained by us at any point — it exists only within Stripe's systems, subject to their retention policy.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — Request a copy of the personal data we hold about you
Correction — Ask us to correct inaccurate or incomplete data
Deletion — Request that we delete your data (subject to legal retention requirements)
Portability — Request your data in a structured, machine-readable format
Objection — Object to certain types of processing

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

Security

All data transmitted between your browser and our servers is encrypted using TLS. We follow security best practices and conduct periodic reviews of our data handling processes. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of it.

Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: [email protected]

We respond to all privacy-related inquiries within 5 business days.