Privacy Policy

Irving Books is operated by Focal Point International LLC ("Irving Books", "we", "us", or "our"), with addresses at 701 Tillery St, Austin, TX 78702, USA and 81 Cambridge Gdns, London W10 6JE, United Kingdom. This Privacy Policy explains how we handle personal information when you use irvingbooks.com, buy from us, create an account, join the newsletter, use rewards, contact support, submit a manuscript, donate, or interact with our services.

We aim to collect only what we need to run the shop, fulfil orders, support customers, keep the site secure, improve the catalogue, and send marketing only where we have permission or a lawful basis.

• We use order, address, and contact details to take payment, send books and downloads, process returns, and answer support requests.
• We do not store your full card number. Card payments are handled by Stripe. Crypto checkout, if used, is handled through Coinbase Commerce.
• Physical fulfilment partners and carriers receive the delivery details needed to send your order.
• Newsletter and marketing emails are opt-in or otherwise sent only where legally allowed. You can unsubscribe from marketing emails at any time.
• Analytics and Google Tag Manager load only if you accept analytics cookies by choosing "Allow Analytics". Essential checkout, cart, login, and security storage still works without analytics consent.
• We use your account purchases, cart, wishlist, and recently viewed books to recommend books you have not bought yet. This is shop personalisation, not a legal or financial decision.
• The support chat may use AI providers and can pass a support handoff to Adam by Telegram if you ask for help from a person.
• We do not sell or rent your personal information.

Depending on how you use the site, you may give us:

• Account details such as name, email address, password-managed login credentials, phone number, addresses, and profile updates.
• Order and checkout details such as cart contents, shipping address, billing details, selected shipping method, discount codes, gift-card codes, and order notes.
• Gift-card details such as purchaser name and email, recipient name and email, gift message, theme, scheduled send date, and purchase record.
• Donation details such as name, email, amount, currency, recurring status, message, and whether you asked to remain anonymous publicly.
• Student-discount details such as student email address, eligibility status, issued code, usage count, and account notice status.
• Rewards and referral details such as points ledger, tier, redemptions, reward notes, ebook selections, acknowledgement names, and fulfilment status.
• Contact, support, refund, return, review, back-in-stock, newsletter, manuscript-submission, and chat details that you choose to send us.
• Uploaded manuscript files or supporting files if you submit them through a form that accepts uploads.

Please do not send full card numbers, passwords, government ID numbers, medical information, or other sensitive information through contact forms, reviews, manuscript submissions, or chat unless we specifically ask for it and provide a suitable channel.

When you use the website, we and our service providers may process technical and usage information, including:

• IP address, approximate location, device type, browser, user agent, referring page, requested URLs, timestamps, and server or security logs.
• Cart ID, cart contents, checkout state, session information, login token, cookie consent choice, region/currency choice, theme preference, wishlist, and recently viewed product slugs.
• Product views, search terms, add-to-cart events, checkout steps, purchase events, donation checkout starts, newsletter signups, heatmaps, session recordings, and similar analytics events, but only where analytics consent is active for application-controlled analytics.
• Rate-limit and security signals used to prevent fraud, spam, brute-force login attempts, support-chat abuse, and webhook or checkout abuse.
• Content-security-policy reports, error traces, and diagnostic logs that help us keep the site working and secure.

Irving Books replaced an older WordPress/WooCommerce store. We imported some legacy customer, order, address, download, and purchase records so customers can see previous purchases, recover eligible downloads, and receive support for old orders.

Old WooCommerce passwords were not copied into the new store. If your old order history appears in a new account, it is matched by the email address you used on the old site.

• To create and manage accounts, authenticate users, sync carts, show order history, and provide account downloads.
• To take payment, verify successful payment, prevent duplicate orders, issue receipts, send confirmations, and handle chargebacks, refunds, donations, subscriptions, gift cards, and store credit.
• To fulfil physical books through print partners, office stock, carriers, tracking updates, and dispatch notifications.
• To deliver ebooks, audiobooks, samples, replacement download links, and account-library access.
• To answer enquiries, process returns and refund requests, investigate missing orders, handle support escalations, and maintain admin audit trails.
• To run rewards, referrals, student discounts, membership benefits, gift cards, wishlists, back-in-stock alerts, and personalised book recommendations.
• To send newsletters, launch updates, product alerts, abandoned cart messages, membership notices, and other marketing where you have opted in or where the law allows.
• To measure site performance, product interest, campaign performance, checkout reliability, and customer experience where analytics is allowed.
• To protect the website, customers, staff, and partners against fraud, spam, abuse, security incidents, and operational errors.
• To comply with tax, accounting, payment, consumer-protection, recordkeeping, and legal obligations.

Where GDPR or UK GDPR applies, we rely on the following legal bases depending on the activity:

• Contract: to process orders, provide accounts, deliver downloads, fulfil memberships, issue gift cards, process returns, and provide customer support.
• Consent: for analytics cookies/tags, certain marketing signups, optional newsletter subscriptions, and any other consent-based feature.
• Legitimate interests: to secure the site, prevent fraud, improve catalogue quality, personalise book recommendations, run rewards, manage support, maintain audit logs, and understand broad business performance.
• Legal obligation: to keep accounting records, respond to lawful requests, manage tax records, and comply with payment, consumer, and regulatory requirements.

Card payments, wallets such as Apple Pay or Google Pay where available, memberships, and many donations are processed by Stripe. Stripe receives information needed to process the transaction, prevent fraud, authenticate the payment, issue receipts, and support refunds or disputes. We do not store your full card number.

If you use crypto checkout, relevant payment and order information is sent to Coinbase Commerce so the charge can be created and confirmed.

For physical products, we share the minimum practical order and delivery details with fulfilment partners, print partners, and carriers. This may include print partners, office fulfilment, Royal Mail, USPS, international postal services, courier services, and tracking providers.

Shared details may include name, shipping address, email address, products ordered, quantities, fulfilment source, tracking references, and order identifiers. Fulfilment partners use this information to print, pack, ship, track, replace, or investigate orders.

Transactional emails, such as order confirmations, download links, receipts, account notices, gift-card emails, refund updates, and security messages, are sent because they are needed to provide the service you requested.

Marketing emails and newsletters may be handled through Omnisend, Postmark, Resend, or another configured email provider. We may store subscription status, source, form location, confirmation status, unsubscribe status, and email-event history so we can respect your preferences and troubleshoot delivery.

Every marketing email should include an unsubscribe option. You can also contact us to unsubscribe or correct your marketing preferences.

Essential cookies and local storage keep the store working. They support cart persistence, checkout, login, account access, region/currency display, wishlist, recently viewed books, theme preference, and your analytics consent choice.

Application-controlled Google Tag Manager, Google Analytics, Microsoft Clarity, and Umami analytics are loaded only after you choose "Allow Analytics". If you choose "Essential Only", those application-controlled analytics events stay off.

Analytics helps us understand product interest, search behaviour, checkout reliability, campaign performance, and purchase events. Microsoft Clarity may provide heatmaps and session recordings on public shopping pages so we can find usability problems. We configure Google consent so ad storage, ad user data, and ad personalisation are denied by default.

For more detail, see the Cookie Policy.

We may use purchase history, legacy order history, cart items, wishlist items, recently viewed products, product categories, and catalogue relationships to recommend books that are likely to be relevant and to avoid showing logged-in customers books they already bought.

This personalisation is used to improve the shopping experience. It does not make legal, credit, employment, housing, education, or similarly significant decisions about you. You can reduce local recommendation signals by clearing your browser storage, wishlist, cart, and recently viewed items; logged-in purchase history remains part of your account/order record.

The Ask Librarian/support chat may send your messages, recent chat context, page context, and tool results to AI providers such as Anthropic or Groq so the assistant can answer. The chat can also search the catalogue, estimate shipping, look up an order only when you provide both order token and email, and escalate to Adam when a human response is needed.

We log limited chat analytics for quality and abuse prevention: page, truncated IP prefix, the latest user question with obvious emails/phone/card-like numbers redacted where detected, tool names, escalation flag, error flag, and timing. Assistant responses are not stored in that analytics table.

If a chat is escalated, the customer email you provide, summary, page, IP information, and recent transcript may be sent to Adam through Telegram. Do not paste card details, passwords, or sensitive personal information into chat.

Reviews, testimonials, comments, manuscript submissions, contact messages, support messages, and uploaded files may be visible to authorised staff in the admin area. Approved reviews or testimonials may be published with the name or display name you provide.

Manuscript submissions may include author name, email, phone, book title, genre, synopsis, manuscript status, how you heard about us, original file name, uploaded file, review status, and staff notes.

We share personal information only where needed to run the business, provide the service, protect the site, or comply with law. Categories of recipients include:

• Payment processors such as Stripe and Coinbase Commerce.
• Ecommerce/account systems such as Medusa.
• Print, fulfilment, warehouse, and carrier partners.
• Email, newsletter, notification, and marketing providers.
• Analytics, consent, diagnostics, hosting, CDN, and security providers.
• Address lookup providers such as Google Places or OpenStreetMap/Nominatim when used.
• AI and chat providers used to answer support questions.
• Professional advisers, accountants, banks, insurers, and legal advisers.
• Authorities or counterparties where required for law, fraud prevention, disputes, chargebacks, or legal claims.

We do not sell or rent your personal information. We also do not intentionally disclose personal information for cross-context behavioural advertising. If you do not want analytics sharing, choose "Essential Only" in the cookie notice or clear this site's storage and do not allow analytics.

We are based in the United States and serve customers internationally. Your information may be processed in the United States, United Kingdom, European Economic Area, and other countries where our service providers operate.

Where required, we rely on appropriate safeguards such as provider contracts, data-processing terms, standard contractual clauses, and the provider's published privacy and security commitments.

We keep personal information for as long as needed for the purpose collected, and longer where required for tax, accounting, legal, fraud-prevention, warranty, refund, chargeback, or operational reasons.

• Order, payment, donation, gift-card, fulfilment, refund, and accounting records are usually kept for up to seven years, or longer if needed for disputes or legal obligations.
• Account records are kept while the account is active and for a reasonable period afterwards. Some order records may remain even if an account is closed.
• Legacy order records are kept so customers can view previous purchases and recover eligible downloads.
• Newsletter records are kept until you unsubscribe, plus suppression information needed to avoid emailing you again by mistake.
• Contact, support, refund, chat, and submission records are kept while needed to handle the request, improve support, prevent abuse, and keep an operational history.
• Security logs, access logs, CSP reports, and diagnostic logs are rotated or reviewed periodically, but may be retained longer when investigating incidents.

Some older operational tables do not yet have automatic deletion rules for every record type. If you want a specific record reviewed, corrected, exported, or deleted, contact us.

We use HTTPS, access controls, role-based admin permissions, server-side validation, rate limiting, webhook signature checks, payment-provider security, audit logs, and limited staff access to protect personal information.

No website or transmission method is completely secure. If you believe your account, order, gift card, student code, or personal information has been compromised, contact us promptly.

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of your personal information. You may also have the right to withdraw consent where processing is based on consent.

UK and EEA residents may have rights under UK GDPR or EU GDPR. California and other US state residents may have rights under applicable state privacy laws, including the CCPA where it applies, with rights to know, delete, correct, opt out of sale or sharing where applicable, and avoid discrimination for exercising privacy rights.

We may need to verify your identity before fulfilling a privacy request. Some requests may be limited by legal obligations, fraud-prevention needs, accounting records, active orders, chargebacks, security investigations, or other lawful exceptions.

Email info@irvingbooks.com with the subject "Privacy Request". Tell us what you want us to do and which email address or order you are asking about.

You can unsubscribe from marketing emails using the unsubscribe link in the email. You can disable analytics by choosing "Essential Only" in the cookie notice or clearing this site's cookies/local storage and declining analytics again.

The website is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, contact us and we will review and delete it where appropriate.

We may update this Privacy Policy as the website, fulfilment routes, payment options, analytics setup, rewards, memberships, laws, or business operations change. The updated date at the top shows when it was last revised.

Questions, privacy requests, unsubscribe requests, correction requests, or deletion requests can be sent to: