Privacy Philosophy
Not a policy.
A position.
When you purchase from Christopher Lawrence, you share information with us. That information does not become ours. It remains yours.
Ownership does not transfer on contact.
The prevailing model of the internet treats every interaction as a data collection opportunity. Information flows in, gets stored, gets analyzed, gets sold. Individuals are expected to opt out of arrangements they never agreed to.
We reject that model. Information about you extends from you. The fact that it passed through our systems does not make it ours. We are temporary custodians — nothing more.
Custody is not title.
We hold your information because a transaction requires it — not because we want it. Every element we collect has a specific, declared purpose. Nothing is gathered speculatively or retained beyond its function.
We place the burden on ourselves to justify each data element. If we cannot articulate why we need it, we do not collect it.
What We Collect
Only what the transaction requires.
Contact Information
Your name and email address — to confirm your order, send shipping updates, and respond if something goes wrong.
Shipping Address
Where to deliver your order. Used for fulfillment only. Never shared with any party outside the delivery chain.
Purchase Context
What you ordered and when. Retained as a mutual business record for the duration described below.
We do not collect browsing behavior, device fingerprints, or activity outside your direct interaction with us. We do not build profiles. We do not track you across the web.
Before Purchase
You can request complete deletion.
If you have shared information with us — through a contact form, account creation, or inquiry — and no purchase has been completed, you may request that we delete everything we hold. We will confirm deletion within five business days.
After Purchase
Six years. Then gone.
Once an order is placed, your information becomes a mutual business record. We retain it for exactly six years post-purchase — the standard retention window for commercial records — and then permanently delete it.
Categories retained: purchase orders, delivery confirmations, and payment records. Nothing beyond what describes the transaction.
Infrastructure
Four partners. Named. Bounded. Encrypted.
We do not share your data with advertisers, data brokers, or analytics platforms. Our infrastructure partners are limited to four services, each with a specific, necessary function. All data encrypts client-side before transmission — the platforms store ciphertext, not content.
Netlify
Site hosting
Serves the website. No data storage.
Supabase
Encrypted data storage
Stores order and customer data — encrypted before upload.
Resend
Order notifications
Name and email only, for transactional messages.
Stripe
Payment processing
Handles payment data under PCI DSS. We do not store card numbers.
Our Commitments
Five principles, not five clauses.
Ownership
Your data belongs to you. Our possession of it is temporary and functional.
Minimalism
We collect only what the transaction demands. Nothing speculative, nothing ambient.
Control
Deletion rights before purchase. Time-bounded retention — six years — after.
Named Custodians
Four infrastructure partners. Bounded, encrypted, and disclosed by name.
Standards
We comply with law as a floor, not a ceiling. Our practice exceeds legal minimums by design.
"Privacy is not a feature we offer.
It is a condition we refuse to violate."
Christopher Lawrence · Updated April 2026
A MEXICONNECT brand. Same philosophy. Same infrastructure. Same commitment.