Privacy policy
SECTION 1 – WHAT INFORMATION DO WE COLLECT?
When you make a purchase on our website, we collect the personal details you provide during the checkout process, including your name, address, and email address. This information is necessary to process and fulfill your order.
When you browse our website, we automatically receive your device’s Internet Protocol (IP) address, which helps us learn about your browser, operating system, and overall site navigation behavior.
Email marketing (if applicable): With your explicit permission, we may send you emails regarding our store, new product releases, and other relevant updates.
SECTION 2 – CONSENT
How do you obtain my consent?
When you provide personal information to complete a purchase, verify a payment method, place an order, coordinate delivery, or request a return, we infer that you consent to our collecting and using that information strictly for those activities.
If we request your personal information for an additional purpose—such as marketing—we will ask you directly for your explicit consent or provide you with a clear option to decline.
How can I withdraw my consent?
If you change your mind after opting in, you may withdraw your consent at any time for future contact or for the continued collection, use, or disclosure of your personal information. To do so, please contact us at: contact@balaclava-mask.com.
SECTION 3 – DISCLOSURE
We may disclose your personal information if required to comply with U.S. law, or if you violate our Terms of Service.
SECTION 4 – SHOPIFY
Our store is hosted by Shopify Inc., which provides the e-commerce platform enabling us to offer products and services to you.
Your data is stored securely within Shopify’s data storage systems, databases, and the Shopify application itself. Shopify maintains secure servers protected by advanced firewalls.
Payment:
If you select a direct payment gateway at checkout, Shopify stores your credit card information. This data is encrypted following the Payment Card Industry Data Security Standard (PCI-DSS). Your transaction details are retained only for the duration necessary to complete your purchase, after which the information is deleted.
All direct payment gateways follow PCI-DSS standards as managed by the PCI Security Standards Council—a collaborative effort between major brands such as Visa, Mastercard, American Express, and Discover.
PCI-DSS compliance ensures the secure handling of your payment information by both our store and its service providers.
For additional information, you may review Shopify’s official policies:
Shopify Terms of Service | Shopify Privacy Policy.
SECTION 5 – THIRD-PARTY SERVICES
In general, third-party service providers engaged by us will only collect, use, or disclose your information to the extent necessary for them to provide the specific services we rely on.
However, certain third-party providers—such as payment processors—maintain their own privacy policies related to the information we must supply to them for purchase-related transactions.
We strongly recommend reviewing their privacy policies to understand how your information is handled by these entities.
Some providers may operate or store data in jurisdictions different from yours or ours. If you proceed with a transaction involving such a provider, your information may become subject to the laws of the jurisdiction in which that provider or its data facilities are located.
For example, if you reside in Canada and your transaction is processed through a U.S.-based payment gateway, your information may be subject to disclosure under U.S. legislation.
Once you leave our website or are redirected to a third-party site/app, this Privacy Policy and our Terms of Service no longer apply.
Links
When you click external links on our site, they may redirect you away from our platform. We are not responsible for the privacy practices of external websites and encourage you to review their privacy policies.
SECTION 6 – SECURITY
We follow industry-standard security practices to safeguard your personal information from misuse, loss, unauthorized access, disclosure, alteration, or destruction.
If you provide credit card information, it is encrypted using Secure Socket Layer (SSL) technology and stored using AES-256 encryption. While no system is 100% infallible, we comply with all PCI-DSS requirements and follow widely recognized industry security standards.
SECTION 7 – COOKIES
Below is a list of cookies we use. This allows you to decide whether you want to opt out of cookies:
- _session_id: unique token, session-based – Stores session info (referrer, landing page, etc.).
- _shopify_visit: no data held, persists for 30 minutes – Used for internal stats tracking.
- _shopify_uniq: no data held, expires at midnight of the next day – Counts visits by a single customer.
- cart: unique token, persists for 2 weeks – Stores cart contents.
- _secure_session_id: unique token, session-based.
- storefront_digest: unique token, indefinite – Used to verify access if the store is password protected.
SECTION 8 – AGE OF CONSENT
By using our website, you confirm that you are at least the legal age of majority in your state or place of residence, or that you are the age of majority and have authorized your minor dependents to use this site.
SECTION 9 – CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time. Updates take effect immediately upon being posted on our site.
If significant changes are made, we will notify users via this page so you remain informed about what data we collect, how it is used, and under what circumstances it may be disclosed.
If our store is acquired or merged with another company, your information may be transferred to the new entity so that service continuity is maintained.
QUESTIONS AND CONTACT INFORMATION
To access, correct, amend, or delete any personal information we hold about you—or if you wish to file a complaint or request additional information—please contact our Privacy Compliance Officer at:
contact@balaclava-mask.com.