POLICY, PRIVACY
Privacy Policy.
Short, honest, no dark patterns. What we collect, how we use it, what you can ask us to delete.
What we collect.
When you place an order we collect: your email address (for receipts, order confirmations, and shipping updates), your shipping address (to ship), and the contents of your cart. That's it.
We do not collect or store payment card information. All payments are processed via Venmo or Zelle. Card numbers never touch our servers and we never see them.
How we use it.
- Fulfill your order (process, pack, ship)
- Send transactional emails (order confirmation, shipping notification, COA delivery)
- Send occasional educational emails (you can unsubscribe with one click)
- Maintain order history so you can re-order or request support
- Comply with tax and legal record-keeping requirements (7 years per IRS)
What we do not do.
- We do not sell your data. Ever. To anyone.
- We do not share your data with third-party advertisers
- We do not run third-party tracking pixels (no Meta Pixel, no TikTok Pixel, no LinkedIn Insight)
- We do not target ads to you based on your purchase history
Cookies + analytics.
We use first-party cookies to remember your cart contents and your age verification status. These are essential for the site to work.
We use Google Analytics 4 for aggregate traffic counting (page views, session duration, traffic sources). GA4 uses cookies. The data is anonymized at the IP level and we do not connect it to your personal information.
We also use Vercel Analytics and Vercel Speed Insights for site performance monitoring. These are privacy-preserving by design and do not use cookies.
Your rights.
You can request at any time:
- Access: a copy of all data we have about you
- Correction: updates to any incorrect personal information
- Deletion: removal of your data from our systems (subject to legal retention requirements)
- Portability: your data in a machine-readable format
- Marketing opt-out: one-click unsubscribe from every email we send, or just email us
Email [email protected] with your request. We respond within 7 business days.
Data security.
Your data is stored on US-based servers (Vercel, Mailchimp, Resend) with industry-standard encryption at rest and in transit. We use HSTS, CSP, and other security headers to harden the site against attack.
If a data breach occurs that affects your information, we will notify you by email within 72 hours of discovery.
Children.
Our site and products are intended for adults 21 years of age or older. We do not knowingly collect data from anyone under 21. If you believe a minor has provided us with information, email [email protected] and we will delete it immediately.
Updates to this policy.
If we make material changes to this policy, we will email everyone on our list with the changes summarized in plain English, and post a notice on this page. We will not retroactively reduce your rights without your consent.
Contact.
For privacy questions, data requests, or anything in this policy: [email protected].