How Information Is Collected About You
The Site is hosted by Shopify, Inc. (“Shopify”). Shopify provides us with the online ecommerce platform that allows us to sell our products to you. Shopify’s web server automatically recognizes the IP address of each visitor, but it does not gather information regarding the visitor’s domain or e-mail address. As you use the Site, passive tracking mechanisms in the form of “cookies” collect information about your use of the Site. One type of cookie, a “session cookie,” remains active only for as long as the Site is being used during a given session. More permanent cookies are used when you set up an Account on the Site, in which case some cookies are placed and stored as small data on the hard drive of your computer. These cookies are accessible only by Shopify, the Company, and their authorized agents. A visitor or User may block or disable one or more cookies during a given session, but certain webpages of the Site may not fully function during the session as a result.
According to Shopify, the following is a list of cookies that are used:
(1) _session_id, unique token, sessional (allows Shopify to store information about your session (referrer, landing page, etc.);
(2) _shopify_visit, no data held, persistent for 30 minutes from the last visit (used by our website provider’s internal stats tracker to record the number of visits);
(3) _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day (counts the number of visits to the Site by a single visitor or User);
(4) _secure_session-id, unique token, sessional;
(5) storefront_digest, unique token, indefinite (if the Site has a password, this is used to determine if the current visitor has access); and
(6) PERF, persistent for a very short period (set by Google and tracks who visits the Site and from where).
Why Information Is Collected and How It Is Used
When Information is Shared with Others
If and when any personal information is shared with a third party, it is shared only on an as-needed basis with appropriate personnel or contractors, and only to the extent necessary to the task to be accomplished. Nonetheless, the Company will disclose visitor or User information as necessary to comply with applicable law, regulation, or legal proceeding, or to defend itself against any claims from a visitor, User, or third party.
How the Company Tries to Protect Information
The Company, via Shopify, uses security technologies and procedures to help protect personal information from unauthorized access, use, or disclosure. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the internet or electronic storage is 100% secure, Shopify follows all PCI-DSS requirements and implement additional generally accepted industry standards.
California Privacy Rights
The Site collects and uses information in a manner that is intended to comply with the Children’s Online Privacy Protection Act of 1998. All parents and legal guardians are strongly encouraged to discuss privacy and restrictions on their children’s use of the Site before permitting their children to use this Site.
The Company tries to limit the information collected from Users who have identified themselves as children under 13 to information that is not personally-identifiable. Generally, the only personally-identifiable information that the Site collects on all Users, regardless of age, is age, email address, and zip code. As further described under “Uses of Information” above, personal information is used to convey communications about the Site, to respond to communicated questions or problems about the Site or the Company, and for internal diagnostic and analytic purposes. If the Company sponsors any events or promotions, additional personal information (e.g., name and address) from Users may be required for participation.
If a child is under age 13 and a User, the parent or legal guardian may request information about the child’s activities on the Site via the “Parental Access Request Form”. That form permits a parent or legal guardian to (i) review any personally-identifiable information the Site has collected from or about the child, (ii) update, revise or otherwise edit the child’s information, (iii) delete the child’s information, and/or (iv) stop the Site from collecting any more personally-identifiable information from the child. Before releasing any personally-identifiable information about Users under the age of 13, the Company uses no less than industry-standard verification measures to help ensure that only the child’s parent or legal guardian can obtain information about the child’s usage of the Site. The verification process may change from time to time. The Company will report to appropriate State and Federal law enforcement officials any effort to obtain personally-identifiable information about a child that the Company considers unauthorized or illegal.
Changes to this Policy
December 20, 2015