Privacy Policy

1. Data We Collect

Category Purpose Examples

Identifiers Account creation, fraud prevention Name, email, IP, device ID

Commercial Data Order processing, analytics Purchase history, cart items

Geolocation Tax calculation, delivery GPS (with consent), ZIP code

Sensitive Data Payment processing Card last 4 digits (PCI DSS)

Category	Purpose	Examples
Identifiers	Account creation, fraud prevention	Name, email, IP, device ID
Commercial Data	Order processing, analytics	Purchase history, cart items
Geolocation	Tax calculation, delivery	GPS (with consent), ZIP code
Sensitive Data	Payment processing	Card last 4 digits (PCI DSS)

2. How We Use Data

Core Services: Process orders, send tracking, manage accounts.

Marketing: Send offers (opt-out anytime via [link]).

Analytics: Improve site UX via Google Analytics 4 (IP anonymized).

Security: Detect bots via reCAPTCHA v3.

3. Data Sharing

Recipient Data Shared Purpose

Payment Processors Card last 4 digits Charge processing (Stripe/PayPal)

Carriers Address, phone Delivery (UPS/FedEx)

Ad Networks Cookies, device ID Retargeting (Meta CAPI)

Legal Compliance As required by law Subpoenas, fraud investigations

Recipient	Data Shared	Purpose
Payment Processors	Card last 4 digits	Charge processing (Stripe/PayPal)
Carriers	Address, phone	Delivery (UPS/FedEx)
Ad Networks	Cookies, device ID	Retargeting (Meta CAPI)
Legal Compliance	As required by law	Subpoenas, fraud investigations

4. Your Rights (CCPA/CPRA)

Know/Access: Request data categories collected in past 12 months.

Delete: Ask to erase personal data (exceptions: tax records, etc.).

Opt-Out of Sale/Sharing: Click "Do Not Sell My Personal Information" in footer.

Non-Discrimination: No penalty for exercising rights.

5. Children's Privacy (COPPA)

Age Limit: Service not intended for <13 years old.

Verification: If child data collected inadvertently, contact

fallonamiadfvp@gmail.com to delete.

6. International Data (GDPR)

EU-US DPF: Adheres to EU-US Data Privacy Framework principles.

SCCs: Use Standard Contractual Clauses for data transfers outside DPF areas.

7. Security & Retention

Encryption: AES-256 for data at rest, TLS 1.3 for data in transit.

Retention:

Active users: Data kept until account deletion

Inactive users: Anonymized after 3 years

8. Policy Updates

Changes posted 30 days prior at [Policy URL]. Material changes emailed to users.