1. Data Controller & Contact

Data Protection Officer (DPO):

2. Types of Cookies & Legal Basis

Cookie Classification Table

CategoryPurposeExamplesLegal BasisOpt-Out Method
Strictly NecessarySite functionalitySession IDs, cart tokensLegitimate InterestCannot be disabled
PerformanceAnalytics & speed optimizationGoogle AnalyticsConsentContact Us
MarketingAds & retargetingMeta Pixel, Google AdsConsentAdChoices

Advanced Tracking Disclosures:

  • Device Fingerprinting: Browser/OS detection via FingerprintJS (classified as “Performance”).
  • CNAME Cloning: First-party tracking for Meta/Google (classified as “Marketing”).

3. Consent Management

A. Granular Controls

  • Cookie Consent Banner: Built via Cookiebot CMP.
  • Pre-Ticked Boxes: None. Users must manually opt-in to non-essential categories.

B. Automated Signals

  • Global Privacy Control (GPC): We honor browser/app-level opt-out signals.
  • Legitimate Interest Assessment (LIA): Conducted quarterly via OneTrust.

4. Third-Party Cookies & Partners

Vendor List

ProviderPurposePrivacy PolicyData Transfers
Google Analytics 4Traffic analysisGoogle PolicyEU-US DPF Certified
Meta PixelAd targetingMeta PolicySCCs + TI
Microsoft ClarityHeatmaps & recordingsMicrosoft PolicyISO 27001 Certified

5. Cookie Retention Periods

Cookie TypeRetentionJustification
Session CookiesUntil browser closureCart functionality
Analytics Cookies14 monthsGA4 default
Advertising Cookies90 daysMeta’s user matching window
Fraud Prevention3 yearsChargeback disputes

6. User Rights & Requests

A. CCPA/GDPR Rights

  • Withdraw Consent: Reset preferences by clicking link in the footer below.

B. Automated Tools

7. Policy Updates & Changelog

Version History:

  • 1.4: Added CNAME cloning disclosure.
  • 1.3: Integrated GPC compliance.

Notification Method:

  • Banner alert on site for 14 days post-update.

Contact & Disputes

Queries:

Legal Address: 681 Leavesley Rd, STE 98, Gilroy, CA 95020