LEGAL

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly when creating an account, placing an order, or interacting with our Site:

  • Name, email address, and phone number
  • Shipping and billing address
  • Account credentials (password stored securely hashed)
  • Order history and product preferences
  • Rewards program activity (points earned, redeemed, expired)
  • Coupon usage and discount history
  • Back-in-stock notification preferences
  • Email subscription preferences

We also collect information automatically when you use our Site:

  • Session identifiers (anonymous, stored in your browser's local storage)
  • Cart contents and checkout form data (persisted for convenience)
  • Approximate visitor presence data (anonymous session-based, automatically deleted after 1 hour of inactivity)
  • Browser type and device information provided by Cloudflare Turnstile for bot protection

2. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders, including shipping label generation
  • Communicate order confirmations, shipping updates, and delivery notifications
  • Manage your account and rewards program participation
  • Validate coupon eligibility and prevent fraud
  • Send back-in-stock alerts you have subscribed to
  • Calculate applicable taxes based on your shipping address
  • Improve our website, products, and customer experience
  • Comply with legal and regulatory obligations
  • Detect, prevent, and address fraud and security issues

3. Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our business. These providers are contractually obligated to use your information only for the specific services they provide to us:

  • Payment Processors: We use third-party payment processors to handle transactions. Your payment information is transmitted directly to these processors and is not stored on our servers. We retain only transaction reference IDs for order tracking.
  • Shipping (EasyPost): Your name and shipping address are shared with our shipping label provider to generate shipping labels and tracking information.
  • Address Validation (Radar): When you use address autocomplete during checkout, your partial address input is sent to Radar for validation and suggestions.
  • Email (Resend): Your email address and name are shared with our email service provider to deliver transactional emails (order confirmations, shipping notifications, account verification).
  • Bot Protection (Cloudflare Turnstile): We use Cloudflare Turnstile to protect forms from automated abuse. Cloudflare may collect device and browser data as part of this verification.
  • Database Infrastructure (Convex): Your data is stored and processed using Convex's serverless database platform, hosted in the United States.

4. Cookies & Local Storage

We use minimal browser storage, limited to what is essential for Site functionality:

  • Session ID: A randomly generated identifier stored in local storage to maintain your cart and associate your browsing session. This is not a tracking cookie and contains no personal information.
  • Authentication Tokens: Session tokens stored securely to keep you signed in to your account.
  • UI Preferences: Minor interface state (e.g., sidebar open/closed) stored in cookies with a 7-day expiry.

We do not use third-party advertising cookies or cross-site tracking pixels. We do not sell or share your browsing data with advertisers.

5. Affiliate & Rewards Data

If you use a coupon code associated with an affiliate partner, we track that the coupon was used in connection with your order for the purpose of calculating affiliate commissions. Your personal information is not shared directly with affiliates; only aggregated order and commission data.

Rewards program data (points balance, transaction history, redemption records) is linked to your account and retained for the duration of your account plus any applicable legal retention period.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encrypted connections (HTTPS/TLS), secure password hashing, HMAC-verified webhook communications, and CAPTCHA-protected forms. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active.
  • Order records: Retained for a minimum of 7 years for tax and legal compliance.
  • Cart & session data: Automatically deleted after 24 hours of inactivity.
  • Visitor presence data: Automatically deleted after 1 hour of inactivity. This data is anonymous.
  • Rewards points: Available points expire 90 days after the associated order ships (or as otherwise configured). Ledger history is retained for auditing.
  • Email subscriptions: Retained until you unsubscribe or request deletion.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information. You can update most information directly in your account profile.
  • Deletion: Request deletion of your personal information, subject to legal retention obligations (e.g., tax records).
  • Portability: Request your data in a commonly used, machine-readable format.
  • Opt-out: Unsubscribe from marketing emails at any time via the unsubscribe link in any email or by contacting us.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Children's Privacy

Our Site is not intended for individuals under the age of 21. We do not knowingly collect personal information from anyone under 21. If we become aware that we have collected data from someone under 21, we will delete it promptly.

10. International Users

Our Site is operated from the United States. If you access the Site from outside the US, your information will be transferred to and processed in the United States. By using our Site, you consent to this transfer and processing.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected, the purposes for collection, and any third parties with whom it was shared. You also have the right to request deletion. We do not sell your personal information. To make a request, contact [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically. Material changes will be communicated via email to registered account holders.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].