Privacy Policy

Last updated: June 2026

Lit a Candle ("we", "us") operates litacandle.com. This policy explains what personal data we collect, why we collect it, and your rights under the GDPR.

1. What data we collect

• Email address and name — provided at checkout, used to send your order confirmation and candle link.
• Names for prayer — the names you enter for health or repose prayers. These are sent to the monastery on your behalf and stored securely.
• Payment data — processed entirely by Stripe. We never see or store your card number.
• IP address and browser info — collected automatically by our hosting provider (Vercel) for security purposes.

2. How we use your data

• To deliver your order and send your candle page link.
• To transmit your prayer request to the monastery.
• To issue an invoice where applicable.
• To notify you if your candle triggered a milestone monastery visit.

We do not sell your data, share it with advertisers, or use it for any marketing without your explicit consent.

3. Third-party services

• Stripe (stripe.com) — payment processing. Subject to Stripe's own privacy policy.
• Resend (resend.com) — transactional email delivery.
• Supabase (supabase.com) — secure database hosted in the EU.
• Vercel (vercel.com) — website hosting.

4. Cookies

We use only essential cookies necessary for the site to function (e.g. admin session authentication). We do not use advertising or tracking cookies unless you explicitly consent via our cookie banner.

5. Data retention

Order data is retained for 7 years in compliance with Greek tax law. You may request deletion of personal data not subject to legal retention obligations.

6. Your rights (GDPR)

If you are in the EU/EEA, you have the right to: access your data, correct inaccurate data, request erasure, object to processing, and lodge a complaint with your national data protection authority.

7. Contact

For any privacy-related requests, contact us at info@lv8.gr.