Heavenly Pools - Pool Supply Direct

    Privacy Policy

    Last updated: May 18, 2026

    1. Introduction

    Heavenly Pool Supplies (“we,” “us,” or “our”) operates heavenlypoolsupplies.com and related services. This Privacy Policy describes how we collect, use, process, store, share, and dispose of your personal information and any data obtained through third-party integrations, including marketplace platforms.

    2. Information We Collect

    We collect the following categories of information:

    • Account information: Name, email address, company name, phone number, and business license information provided during registration.
    • Order information: Billing address, shipping address, items purchased, payment method type (not full card numbers), and order history.
    • Usage data: Pages visited, search queries, session duration, browser type, device identifiers, and IP address, collected automatically via server logs and analytics tools (including Google Analytics 4 and Meta Pixel).
    • Communications: Emails, chat messages, or support inquiries you send us.
    • Marketplace order data: For orders placed through third-party marketplaces, we receive the information necessary to fulfill your order (ship-to address, items ordered, shipping method). This data is received solely for fulfillment purposes.

    3. How We Use Your Information

    We use collected information to:

    • Process and fulfill orders
    • Operate and improve our platform and services
    • Communicate with you regarding your orders, account, and support requests
    • Apply applicable sales tax calculations
    • Detect and prevent fraud and security incidents
    • Measure site performance and marketing effectiveness through analytics and advertising platforms (see Section 4)
    • Comply with legal obligations

    We do not sell your personal information for monetary consideration.

    4. How We Share Your Information

    We share your information only as necessary to operate our business:

    • Fulfillment partners: We transmit order fulfillment details (ship-to address, SKU, quantity) to our fulfillment partner solely to arrange physical delivery of your order.
    • Payment processors: Payment card data is handled by our PCI-compliant payment processor. We do not store full card numbers.
    • Tax calculation: We use Avalara to calculate applicable sales tax based on your shipping address and order contents.
    • Error monitoring: We use Sentry to capture application errors for engineering diagnostics. Error reports are configured to exclude personally identifiable information from log payloads.
    • Analytics and advertising providers: We use Google Analytics 4 (GA4), Google Ads, and Meta (Facebook) Pixel to measure site usage, attribute conversions, and serve interest-based advertising. These providers receive identifiers such as cookies, device IDs, and IP address. We may also enable Google Signals, which supplements Google Analytics 4 with aggregated demographics, interests, and cross-device behavior reported by signed-in Google users who have opted in to ads personalization within their Google account. Where email addresses or phone numbers are transmitted to Google (for Enhanced Conversions) or Meta (for the Conversions API and Advanced Matching), they are converted into a SHA-256 hash before transmission. SHA-256 is a one-way cryptographic transformation: the resulting hash cannot be reversed back into the original email or phone number, but it allows the receiving platform to match users it already knows by computing the same hash from data it holds. Under the California Consumer Privacy Act (CCPA/CPRA) and similar state laws, this activity may qualify as “sharing” of personal information for cross-context behavioral advertising. You can opt out using the “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” links in the site footer, or by adjusting your cookie preferences.
    • Infrastructure providers: Our platform is hosted on Vercel (application) and Supabase (database), both operating on AWS infrastructure in the United States.

    5. Data Storage and Security

    Your data is stored in a PostgreSQL database hosted on Supabase on AWS infrastructure in the United States. We implement the following security controls:

    • Encryption in transit (TLS 1.2+) for all data transfers
    • Encryption at rest (AES-256) for database storage and backups
    • Role-based access controls with least-privilege principles
    • Multi-factor authentication required for all administrative system access
    • Automated daily backups with point-in-time recovery (PITR) capability
    • Geographically separated backup storage

    6. Data Retention

    We retain your personal information for as long as your account is active or as needed to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Order records are retained for a minimum of 7 years for tax and accounting compliance. Upon account deletion request, personal information is removed from active systems within 30 days and from backup archives within 90 days.

    7. Marketplace Data

    When orders are placed through third-party marketplaces, we receive and process only the information necessary to fulfill those orders. Marketplace-sourced customer data is used exclusively for order fulfillment, is not combined with our marketing data, and is disposed of by secure deletion once the fulfillment obligation is complete.

    8. SMS / Text Messaging Communications

    If you provide your phone number and opt in to receive SMS text messages from Heavenly Pool Supplies (for example, by checking the SMS consent box on our contact form), the following terms apply to those communications:

    • Voluntary opt-in: Consent to receive SMS messages is entirely voluntary and is not a condition of purchasing any product or service from us.
    • Message frequency and cost: Message frequency varies based on your interactions with us. Message and data rates may apply, depending on your mobile carrier and plan.
    • Opt-out at any time: You may opt out at any time by replying STOP to any SMS message we send. After you reply STOP, we will send one final confirmation message and will not send you further SMS messages unless you opt in again.
    • Help: Reply HELP to any SMS message for assistance, or contact us at support@heavenlypoolsupplies.com.
    • No third-party marketing sharing: Phone numbers collected for SMS purposes will not be shared, sold, or rented to third parties for their marketing purposes. We only share SMS-related information with service providers strictly necessary to deliver the messages on our behalf.
    • Managing preferences: To update or remove your SMS preferences at any time, reply STOP to any message or contact us at privacy@heavenlypoolsupplies.com and we will remove your number from our SMS list.

    9. Cookies and Tracking

    We use cookies and similar tracking technologies for three purposes: (1) essential cookies required for site operation (session management, authentication, cart state); (2) analytics cookies (Google Analytics 4) that help us measure site performance and understand how visitors use our site; and (3) advertising cookies (Meta Pixel and Google Ads tags) used to measure ad effectiveness and serve interest-based advertising on third-party platforms. Analytics and advertising cookies load only after you grant consent through our on-page cookie banner. You can change your choices at any time by clicking “Cookie Preferences” in the site footer. You may also disable cookies in your browser settings; however, certain site features may not function without essential cookies.

    Our consent banner integrates with Google Consent Mode v2, which sends four signals to Google's tags: ad_storage, ad_user_data, ad_personalization, and analytics_storage. When you decline a category, the corresponding signals are set to denied, which prevents the affected tags from writing cookies or reading existing identifiers and causes Google to receive only cookieless, anonymized pings instead of standard event data.

    10. Your Rights

    Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, and to opt out of the sale or sharing of personal information. To exercise these rights, submit a request through our intake form (linked from the site footer as “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information”) or contact us at privacy@heavenlypoolsupplies.com. We respond within the timeframes required by applicable law (typically 30–45 days). Our rights-intake form is provided through Termly, which we use solely to receive and route privacy rights requests.

    11. Children's Privacy

    Our services are not directed at individuals under 18. We do not knowingly collect personal information from minors.

    12. Changes to This Policy

    We may update this policy periodically. Material changes will be communicated via email or a notice on our website. The “Last updated” date at the top of this page reflects the most recent revision.

    13. Cookies and Tracking Technologies

    We may use cookies and similar tracking technologies (like web beacons and pixels) to collect and store information. You can usually choose to set your browser to remove or reject cookies. If you choose to remove or reject cookies, this could affect certain features or services of our website.

    14. Do-Not-Track Features

    Most web browsers include a Do-Not-Track (DNT) feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this privacy notice.

    15. California Residents — Specific Privacy Rights

    California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please contact us using the contact information provided below. If you are under 18 years of age, reside in California, and have a registered account with us, you have the right to request removal of unwanted data that you publicly post on the website.

    Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), our use of third-party analytics and advertising tags (such as Google Analytics 4 and Meta Pixel) may qualify as “sharing” of personal information for cross-context behavioral advertising. You may exercise your right to opt out at any time by using the “Do Not Sell or Share My Personal Information” or “Limit the Use of My Sensitive Personal Information” links available in the site footer.

    16. Updates to This Policy

    We may update this privacy notice from time to time. The updated version will be indicated by an updated date and will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

    17. SMS Opt-In and Mobile Data Privacy

    Mobile information will not be shared with third parties/affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

    18. Contact

    For privacy-related questions or requests:

    Heavenly Pool Supplies
    Email: privacy@heavenlypoolsupplies.com