At www.zoomstep.shop, we prioritize your privacy as much as you value your comfort. Trust is the foundation of our relationship with customers, and we are committed to transparently handling your personal data. This policy outlines how we collect, use, and protect your information while you explore our curated footwear collection.

We gather two types of data: automated and voluntary. When you browse, our system records technical details like your IP address, device type, and browser version to optimize performance. Cookies (small text files) help remember preferences such as language or cart items. For purchases or account creation, you may share contact details, shipping addresses, and payment information—all encrypted during transmission.

Your information enables seamless experiences: processing orders for our cushioned loafers or durable hiking boots, personalizing recommendations (e.g., suggesting breathable sneakers based on past views), and resolving customer inquiries. We also analyze aggregated trends—like popularity of suede flats versus brogues—to refine our inventory and marketing strategies.

Cookies enhance functionality (e.g., keeping adjustable sport sandals in your cart) and analytics (measuring traffic to classic leather oxfords). Third-party tools like Google Analytics help us understand broader patterns without identifying individuals. You can manage cookie preferences via browser settings, though disabling them may limit features like one-click checkout.

We employ industry-standard safeguards: SSL encryption for transactions, regular security audits, and restricted employee access to sensitive data. Payment details are tokenized or processed through PCI-compliant gateways like Stripe. While no system is 100% invulnerable, we continuously update protocols to thwart unauthorized access.

Trusted partners assist in operations: couriers (FedEx, DHL) receive shipping labels; payment processors handle transactions; and marketing platforms (e.g., Meta Ads) display relevant promotions—only if you consent. We vet all third parties for GDPR/CCPA compliance and prohibit data misuse. No personal details are sold to unrelated entities.

You may request access to, correction of, or deletion of your data (unless retained for legal obligations). To exercise these rights or report concerns, email us at [email protected]. We respond within 30 days and never discriminate against privacy-focused users. For California residents: see our separate CCPA notice for opt-out details.