Welcome to Tobettie ("we," "us," or "our"). Protecting your privacy and personal information is a top priority for us. This Privacy Policy outlines how we collect, use, disclose, secure, and retain your information when you access our website (the "Site") or use our products and services (collectively, the "Services"). By using the Services, you confirm that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.
Important Notice: This Privacy Policy is governed by United States law, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable federal and state privacy laws. It does not apply to the personal information of employees, job applicants, or independent contractors. If you access the Services from outside the U.S., you acknowledge that your personal information may be transferred to and processed in the U.S., and you consent to such transfer in accordance with the "Cross-Border Data Transfers" section below.
1. What Information Do We Collect?
We collect personal information to deliver, maintain, and enhance our Services, fulfill your requests, and comply with legal obligations. The information we gather falls into two primary categories:
1.1 Information You Voluntarily Provide
- Contact and Shipping/Billing Details: Full name, email address, phone number, shipping address, and billing address (provided when placing orders, creating an account, or contacting support).
- Payment Information: Credit card, debit card, or other payment method details (processed and stored securely by third-party payment processors—see Section 3 for details).
- Account Credentials: Username, encrypted password, and account preferences (created when registering for an account).
- Communication Content: Emails, chat messages, phone call records, or other communications you send to us (e.g., support inquiries, product feedback, or complaint details).
- Optional Information: Product preferences, survey responses, or any other details you choose to share with us.
1.2 Information Collected Automatically
When you interact with our Services, we use cookies, web beacons, and similar tracking technologies to collect certain data automatically. This includes:
- Technical and Device Data: IP address, device model, operating system (OS) version, browser type and version, unique device identifiers, and internet service provider (ISP).
- Usage Analytics: Pages visited, links clicked, time spent on the Site, search queries, navigation paths, and other interaction patterns with the Services.
- Cookies & Similar Technologies: We use two types of cookies to support the Services:
- Essential Cookies: Required for core functionality (e.g., enabling login, maintaining shopping carts, or processing payments). These cannot be disabled without disrupting the Services.
- Performance Cookies: Used to analyze usage trends, improve website performance, and optimize the user experience (e.g., identifying popular features or fixing technical issues). These can be disabled in your browser settings.
We do not use targeted advertising cookies without your explicit consent. Third-party cookies (e.g., from analytics providers like Google Analytics) may be used in line with their privacy policies, and you can manage or disable these via your browser settings.
2. How Do We Use Your Information?
We use your personal information solely for legitimate business purposes aligned with this Privacy Policy and applicable law, including:
- Fulfilling orders: Processing payments, arranging shipping, and delivering products or services to you.
- Communicating with you: Responding to inquiries, sending order confirmations, shipping updates, account notifications, and customer service follow-ups.
- Enhancing the Services: Analyzing usage data to improve functionality, add new features, refine product offerings, or optimize website navigation.
- Marketing and promotions: Sending promotional emails about new products, exclusive offers, discounts, or other relevant updates (you may opt out at any time—see Section 6).
- Security and fraud prevention: Detecting and preventing fraudulent activity, unauthorized access, data breaches, or other security risks; monitoring suspicious transactions.
- Legal compliance: Adhering to applicable laws, regulations, legal processes, or governmental requests (e.g., subpoenas, court orders, or tax obligations).
- Internal operations: Conducting data analysis, audits, and administrative tasks to ensure operational efficiency and compliance.
3. When Do We Share Your Information?
We do not sell your personal information to third parties for marketing purposes, except as required by law. We may share your information in the following limited scenarios, only with parties that agree to protect your data in accordance with this Privacy Policy and applicable law:
3.1 Trusted Service Providers
We share information with third-party vendors who perform services on our behalf, including:
- Payment processors (e.g., PayPal, Stripe) to process payments securely and comply with PCI DSS standards.
- Shipping and logistics partners (e.g., USPS, FedEx) to deliver orders and provide tracking updates.
- Analytics providers to analyze Service usage and inform improvements.
- Customer service platforms to manage and respond to your inquiries.
All service providers are contractually obligated to use your information only for the specified services, maintain appropriate security measures, and not disclose or use your information for other purposes.
3.2 Legal Obligations
We may disclose your information if required by law, regulation, legal process, or enforceable governmental requests (e.g., from courts, law enforcement agencies, or regulatory authorities). We may also disclose information to protect our rights, privacy, safety, or property, or that of our users, employees, or the public (e.g., investigating fraud or enforcing our Terms of Service).
3.3 Business Transitions
In the event of a merger, acquisition, sale of all or substantially all assets, reorganization, liquidation, or other business transfer (e.g., bankruptcy), your personal information may be transferred to the acquiring entity as part of the transaction. The acquiring entity will be bound by this Privacy Policy or a similar policy with equivalent protections.
3.4 Your Explicit Consent
We may share your information with third parties if you provide explicit consent (e.g., sharing shipping details with a gift recipient or participating in a partner promotion).
4. How Do We Protect & Retain Your Information?
4.1 Data Security Measures
We implement reasonable technical, administrative, and physical security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit (via SSL/TLS) and at rest (using industry-standard encryption protocols).
- Access controls limiting access to personal information to authorized personnel and service providers only.
- Regular security audits, vulnerability assessments, and employee training on data protection best practices.
No internet transmission or electronic storage method is 100% secure. We cannot guarantee absolute security, and you acknowledge that providing information is at your own risk. If a data breach affecting your personal information occurs, we will notify you and relevant authorities in compliance with applicable law (e.g., CCPA breach notification requirements).
4.2 Data Retention Periods
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law (e.g., tax, accounting, or legal obligations). Retention periods vary by data type:
- Order-related data (e.g., purchase history, shipping details): Retained for 3 years after order completion, unless law requires a longer period.
- Account information: Retained while your account is active, or 3 years after deactivation (whichever is longer), unless law mandates extended retention.
- Marketing-related data: Retained for 6 months after you opt out of marketing communications, unless law requires otherwise.
- Customer service communications: Retained for 2 years after the last interaction to address follow-up inquiries or disputes.
When information is no longer needed, we securely delete or anonymize it (so it no longer identifies you). If anonymization is not feasible, we store the data securely and restrict access until deletion is possible.
5. Cross-Border Data Transfers
If you access the Services from outside the U.S., your personal information may be transferred to and processed in the U.S. or other countries where our service providers operate. Some of these countries may have different data protection laws than your country of residence. We ensure cross-border transfers comply with applicable privacy laws by:
- Using European Commission-approved Standard Contractual Clauses (SCCs) for transfers to the EEA or other regions recognizing SCCs.
- Requiring international service providers to maintain appropriate security measures and comply with this Privacy Policy.
- Notifying you of cross-border transfers and protection mechanisms, as required by law.
You have the right to request details about cross-border transfers (e.g., destination countries, purposes, protection measures). To exercise this right, contact us as outlined in Section 10.
6. Your Privacy Rights & Choices
6.1 Opt Out of Marketing Communications
You may opt out of promotional marketing emails at any time by clicking the "unsubscribe" link in the email or contacting us at cs@tobettie.com. Service-related messages (e.g., order confirmations, shipping updates) are necessary for the Services and cannot be opted out of.
6.2 Privacy Rights Under Applicable Law
Depending on your location (e.g., California under CCPA/CPRA, or other U.S. states with privacy laws), you may have the following rights:
- Right to access: Request a copy of personal information we hold about you.
- Right to correction: Request correction of inaccurate or incomplete personal information.
- Right to deletion: Request deletion of your personal information (subject to exceptions like legal obligations).
- Right to data portability: Request personal information in a structured, machine-readable format (if required by local law).
- Right to opt out of third-party marketing sharing: Opt out of disclosing personal information to third parties for their marketing purposes (if applicable).
6.3 Exercising Your Rights
To exercise these rights, email us at cs@tobettie.com with your full name, account-associated email address, and detailed request. We will verify your identity before processing (e.g., confirming account details).
Under CCPA/CPRA, reasonable access or deletion requests are free. We may charge a reasonable fee for excessive, repetitive, or unfounded requests, and will notify you of any fee before processing.
7. Children's Privacy
Our Services are not intended for individuals under 18 ("Children"). We do not knowingly collect personal information from Children. If we learn we have collected Children’s personal information without parental/guardian consent, we will delete it promptly. Parents/guardians may request deletion by contacting us at cs@tobettie.com.
8. Third-Party Website Links
Our Services may include links to third-party websites or services not owned or controlled by us. We are not responsible for third parties’ privacy practices, content, or terms of service. We encourage you to review their privacy policies before interacting with these sites, as we have no control over and assume no liability for their actions.
9. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect practice changes, legal requirements, or Service updates. Continuing to use the Services after an update constitutes acceptance of the revised Policy. If you disagree with the updated terms, stop using the Services and delete your account. We recommend reviewing this Policy regularly.
10. Contact Us
For questions, concerns, or to exercise your privacy rights, contact cs@tobettie.com