Privacy policy

Effective Date: September 1, 2025
Last Updated: September 1, 2025

Welcome to Crate Charms ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website cratecharms.com (the "Website") and purchase our products (collectively, the "Services").

By using our Services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Services.

Our Services are operated in the United States but can be accessed worldwide.

If you are located in the European Economic Area ("EEA"), Switzerland, or the United Kingdom ("UK"), we are the Controller of your data under the UK General Data Protection Regulation ("UK GDPR") and EU General Data Protection Regulation ("EU GDPR").

California residents should consult the section titled "Your California Privacy Rights" for additional rights that apply to them.

If you have questions about this Policy, please contact us at info@cratecharms.com.

Table of Contents

  1. Information We Collect and How We Use It
  2. Third-Party Service Providers
  3. Social Media Integration
  4. Cookies and Tracking Technologies
  5. Remarketing and Targeted Advertising
  6. SMS/Text Message Marketing
  7. Marketing Communications
  8. Sharing of Information
  9. Data Retention
  10. Data Security
  11. Automated Decision Making and Profiling
  12. Children's Privacy
  13. Third-Party Links
  14. Your Privacy Rights
  15. Your California Privacy Rights
  16. Your Nevada Privacy Rights
  17. Additional Information for Certain U.S. Residents
  18. International Data Transfers
  19. Rights of EEA, Swiss, and UK Residents
  20. Rights of Canadian Residents
  21. Changes to This Privacy Policy
  22. Contact Us

1. Information We Collect and How We Use It

Types of Information

We may collect the following types of information through our Services:

  • (1) Personal Data such as your name, email address, phone number, shipping address, billing address, and other information that can be used to directly identify and contact you.
  • (2) Payment Information including credit card details and billing information (processed securely through our payment processor and not stored by us directly).
  • (3) Device Information relating to the computer or device you use when accessing our Services, such as IP address, mobile device identifiers (including Apple IDFA or Android Advertising ID), browser type, operating system, internet service provider, and device settings.
  • (4) Usage Data related to your use of the Services such as pages visited, sites used before or after visiting ours, actions within the Services, content accessed, date and time stamps, log files, and diagnostic reports.
  • (5) Audio, Electronic, Visual, or Similar Information such as voicemails on our customer service phone line or video of product usage if submitted.
  • (6) Geolocation Data if you grant permission through our mobile app or browser.

How We Collect Information

Information You Provide: You provide Personal Data when you create an account, make a purchase, contact customer service, subscribe to our newsletter, sign up for SMS messages, participate in contests or promotions, submit product reviews, complete surveys, or otherwise interact with our Services.

Automatically Collected Information: We automatically collect Device Information and Usage Data through cookies, web beacons, SDKs, and similar technologies whenever you use our Services.

Information from Third Parties: We may receive information from social networks (if you connect your account), payment processors, shipping carriers, and marketing partners.

How We Use Your Information

We use your information to:

Order Processing and Service Delivery

  • Process and fulfill orders
  • Send order confirmations and shipping notifications
  • Handle returns, exchanges, and refunds
  • Provide customer support
  • Prevent fraud and unauthorized access

Account Management

  • Create and manage your account
  • Remember preferences and settings
  • Authenticate users

Marketing and Communications

  • Send promotional emails about new products and special offers (with your consent)
  • Send SMS marketing messages (with your consent)
  • Personalize your shopping experience
  • Conduct market research and surveys
  • Send transactional emails (order confirmations, shipping updates)

Website Improvement

  • Analyze website usage and trends
  • Improve products, services, and website functionality
  • Develop new products and features
  • Conduct A/B testing and analytics

Legal and Security

  • Comply with legal obligations
  • Protect against fraud
  • Enforce our Terms of Service
  • Resolve disputes

2. Third-Party Service Providers

We share your information with third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for specified purposes.

E-Commerce Platform

Shopify, Inc. hosts our website and processes orders. Shopify automatically logs IP addresses and other information about your visit. Review Shopify's privacy policy at: https://www.shopify.com/legal/privacy

Payment Processors

We use third-party payment processors to handle all credit and debit card transactions. We do not directly access, handle, or store your credit or debit card information. Payment processors we may use include:

Shipping Carriers

We share shipping information with carriers including USPS, UPS, and FedEx.

Email Service Providers

We use email service providers (such as Klaviyo or Mailchimp) to send marketing and transactional emails.

Analytics Services

Google Analytics - We use Google Analytics to understand how visitors use our Services.

To opt out of Google Analytics:

Advertising and Remarketing Partners

We work with third-party advertising networks including:

Google Ads - For targeted advertising and remarketing. To opt out:

Meta (Facebook/Instagram Pixel) - For measuring ad effectiveness. For information about how Meta processes your data:

3. Social Media Integration

We may provide functionality allowing you to connect to our Services through social networks such as Facebook, Twitter, or Instagram.

If you connect through a social network, we may collect Personal Data from your profile, such as your name, username, and email address. We will use that data for the purposes set forth in this policy.

Our Services may offer social sharing features allowing you to "Share" or "Like" on social networks. Using these features may allow sharing and collection of information both to and from such networks. Check the privacy policy of each social network before using such features.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Remember preferences and settings
  • Authenticate users and prevent fraud
  • Analyze website traffic and behavior
  • Deliver targeted advertising
  • Improve website performance

Types of Cookies

  • Essential Cookies - Required for website functionality (shopping cart, checkout)
  • Performance Cookies - Help understand how visitors use our website
  • Functional Cookies - Remember preferences and settings
  • Advertising Cookies - Deliver relevant ads based on interests

Other Tracking Technologies

(1) Web Beacons - Small pieces of code placed on web pages or in emails to monitor behavior and collect data. Used to count users, deliver cookies, and measure email campaign effectiveness.

(2) Mobile SDKs - Software Development Kits incorporated into mobile apps to collect information such as mobile identifiers, geolocation, and usage data.

Cookie Control

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our Services.

5. Remarketing and Targeted Advertising

We participate in advertising networks that collect information about your visits to our Services and other websites to target advertisements. This is called "online behavioral advertising."

Opting Out of Targeted Advertising

General Opt-Out Resources:

Mobile Device Settings:

  • iOS: Enable "Limit Ad Tracking" in Settings
  • Android: Enable "Opt Out of Interest-Based Ads" in Settings

Opting out will not affect your use of the Services but you may still see generic (non-targeted) advertisements.

6. SMS/Text Message Marketing

With your consent, we may send you promotional text messages about products, special offers, and updates.

How to Opt Out:

  • Reply STOP to any text message from us
  • For assistance, reply HELP or contact us at info@cratecharms.com
  • Message and data rates may apply

You can opt out at any time without affecting your ability to use our Services or receive transactional messages.

7. Marketing Communications

Email Marketing

With your consent, we may send promotional emails about new products, special offers, and updates.

How to Unsubscribe:

  • Click "unsubscribe" link in any email
  • Update preferences in your account settings
  • Email us at info@cratecharms.com with subject line "Opt Out"

Important: You cannot opt out of transactional emails (order confirmations, shipping notifications) as they are necessary for our Services.

8. Sharing of Information

We do not sell, rent, or disclose your Personal Data to third parties for their direct marketing purposes.

Service Providers

We share information with service providers who perform services on our behalf. These providers can only use your information to perform services for us.

Aggregated/Anonymized Data

We may share Device Information and Usage Data in aggregated, anonymized form. This information cannot be linked to you personally.

Legal Requirements

We may share your information:

  • In response to subpoenas, court orders, or legal process
  • When required by law
  • To investigate or prevent illegal activities
  • To protect rights, property, or safety
  • To enforce our Terms of Service

Corporate Transactions

We may share your information in connection with a merger, acquisition, or asset sale.

9. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this Privacy Policy and comply with legal obligations.

Typical Retention Periods:

  • Order Information: 7 years (tax and accounting)
  • Account Information: Until deletion request or 3 years of inactivity
  • Marketing Data: Until unsubscribe or deletion request
  • Analytics Data: Aggregated data retained indefinitely; individual data anonymized after 26 months

10. Data Security

We implement reasonable security measures to protect your information:

  • Encryption: SSL/TLS encryption for data transmission
  • Secure Payment Processing: PCI-DSS compliant payment processors
  • Access Controls: Limited employee access to Personal Data
  • Regular Security Audits: Periodic security practice reviews

However, no internet transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

If you believe your Personal Data is being improperly used, immediately notify us at info@cratecharms.com.

11. Automated Decision Making and Profiling

We do not engage in profiling or automated decision-making activities that produce legal or similarly significant effects upon you, except to the extent Personal Data is used by third-party ad networks for online behavioral advertising as described in this policy.

12. Children's Privacy

Our Services are intended for individuals of legal age of majority who can form legally binding contracts.

We do not knowingly collect information from children under 13. If you are under 13, do not send any Personal Data to us.

If we learn we have collected Personal Data from a child under 13, we will delete it immediately.

If you are a parent/guardian and believe your child has provided us with Personal Data, contact us at info@cratecharms.com.

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and do not share your Personal Data with them (except as described in this policy).

We suggest you read the privacy policies of third-party websites before submitting any Personal Data to them.

14. Your Privacy Rights

Opting Out of Communications

Email:

SMS:

Disallowing Cookies

You can opt out of cookies by changing browser settings. Note: Disabling cookies may prevent you from using some features of our Services.

Do Not Track & Opt-Out Signals

We process and comply with web browser "Do Not Track" signals where required by law.

Global Privacy Control (GPC): Residents of certain U.S. states may opt out using the Global Privacy Control. Visit https://globalprivacycontrol.org/ for compatible browsers. Enable GPC for each browser you use.

15. Your California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

For detailed information about your rights and how to exercise them, see the "Additional Information for Certain U.S. Residents" section below.

To exercise your California privacy rights, contact us at info@cratecharms.com.

16. Your Nevada Privacy Rights

Nevada residents may request that we not sell their Personal Data (as defined under Nevada law), even if we are not currently selling it.

To submit a Nevada opt-out request, email info@cratecharms.com with subject "Nevada Opt-Out Request."

17. Additional Information for Certain U.S. Residents

This section applies to individuals in U.S. states with comprehensive data protection laws (including California, Virginia, Colorado, Connecticut, Utah) where such laws apply to our processing of your Personal Data.

Sensitive Personal Data

We may collect precise geolocation data only with your permission and consent (such as when using our mobile app).

We use geolocation for purposes directed by you, with your consent, to protect legal interests, or to carry out legal obligations.

We do not sell or share sensitive Personal Data with third parties for cross-context behavioral advertising.

You can disable geolocation sharing at any time through your device settings.

Categories of Personal Data We Collect

  • Identifiers: Name, email, phone, address, IP address, device IDs
  • Commercial Information: Purchase history, payment info, shopping behavior
  • Internet/Network Activity: Browsing history, interactions with our Services
  • Geolocation Data: Precise or general location (with consent)
  • Audio/Visual Information: Customer service recordings
  • Inferences: Preferences and characteristics

Disclosures to Third Parties for Business Purposes

We disclose the following categories to service providers:

  • Identifiers to payment processors, shipping carriers, email providers, analytics providers, customer service tools
  • Commercial Information to payment processors, fraud prevention services, analytics providers
  • Internet/Network Activity to analytics providers, advertising partners
  • Audio/Visual Information to customer service providers, cloud storage providers

Your Rights

  • Right to Confirm, Access, and Portability - Access and receive a copy of your Personal Data
  • Right to Correct - Correct inaccurate Personal Data
  • Right to Delete - Delete Personal Data we've collected (with certain exceptions)
  • Right to Opt-Out of Targeted Advertising - Opt out of tracking for advertising
  • Right to Opt-Out of Sale/Sharing - Opt out of sale or sharing of Personal Data
  • Right to Limit Use of Sensitive Personal Data - Limit use of sensitive data
  • Right to Non-Discrimination - Be free from discrimination for exercising rights
  • Right to Appeal - Appeal denial of privacy requests

Selling and Sharing Personal Data

We do not sell your Personal Data as traditionally understood (exchange for money). However, applicable laws define "selling" and "sharing" to include disclosures for cross-contextual behavioral advertising (targeted advertising and remarketing).

Categories We "Sell" or "Share" in the Past 12 Months:

(1) Identifiers (cookies, device IDs, IP addresses)

  • Shared with: Google Ads, Meta (Facebook/Instagram), advertising networks
  • Purpose: To display targeted advertisements on other websites based on your browsing behavior

(2) Internet/Network Activity (browsing history, pages visited, links clicked)

  • Shared with: Google Analytics, Meta Pixel, advertising networks
  • Purpose: To analyze your interests and deliver relevant advertising

How to Opt Out of Sale/Sharing and Targeted Advertising

Method 1: Global Privacy Control (GPC)

  • Enable GPC in your browser or browser extension
  • Visit https://globalprivacycontrol.org/ for compatible browsers
  • GPC must be enabled separately for each browser you use

Method 2: Contact Us

How to Exercise Other Rights

To exercise your rights (access, correct, delete), submit a verifiable request by emailing info@cratecharms.com.

Verification Process

To protect your privacy, we must verify your identity before fulfilling requests. You must provide sufficient information to reasonably verify you are the person about whom we collected Personal Data.

Authorized Agents: You may designate an authorized agent (where permitted by law) to make requests on your behalf. We will require proof that the agent is authorized to act on your behalf.

Response Timeline: We will respond to verified requests within 45 days (with possible 45-day extension if needed).

Appeal Process: If we deny your request, you can appeal by contacting us at info@cratecharms.com. If your appeal is denied, you may file a complaint with your state Attorney General.

18. International Data Transfers

If you are located outside the United States, your Personal Data will be transferred to and processed in the United States.

The United States may have different data protection laws than your country. By using our Services, you acknowledge and consent to transfer, storage, and processing of your data in the United States.

For EEA, Switzerland, and UK transfers: We use Standard Contractual Clauses adopted by the European Commission or applicable UK regulator to ensure adequate data protection.

19. Rights of EEA, Swiss, and UK Residents

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the following rights under the GDPR:

  • Right to Access and Portability - Access your Personal Data and receive a copy in a portable format
  • Right to Rectification - Update and correct inaccurate Personal Data
  • Right to Erasure ("Right to be Forgotten") - Have Personal Data deleted in certain circumstances
  • Right to Restrict Processing - Restrict how we process your Personal Data in certain situations
  • Right to Object - Object to processing of your Personal Data, including for direct marketing
  • Right to Withdraw Consent - Withdraw previously given consent for processing
  • Right to Data Portability - Receive your Personal Data in a structured, commonly used format
  • Right to Lodge a Complaint - File a complaint with your supervisory authority

EU Residents: Find your supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en

UK Residents: Contact the Information Commissioner's Office at https://ico.org.uk

Legal Basis for Processing

Under GDPR, we process your Personal Data based on:

  • Contract Performance: To fulfill orders and provide Services
  • Legitimate Interests: To improve Services, prevent fraud, ensure security
  • Consent: For marketing communications and certain data collection
  • Legal Obligations: To comply with tax, accounting, and legal requirements

Exercising Your Rights

To exercise your GDPR rights, contact us at info@cratecharms.com.

We may ask for additional information to verify your identity. We will respond within one month (extendable by two additional months if needed).

We reserve the right to retain an archive of Personal Data for a commercially reasonable time to ensure data integrity and to retain an anonymous version of such information.

20. Rights of Canadian Residents

Canadian residents have the following rights under applicable Canadian privacy laws:

  • Right to Be Informed - Know whether we hold Personal Data about you
  • Right to Access - Obtain information about existence, use, and disclosure of your Personal Data and access your Personal Data (subject to legal exceptions)
  • Right to Know About Third Parties - Receive an account of third parties to whom we've disclosed your Personal Data
  • Right to Accuracy - Challenge accuracy and completeness of your Personal Data and have it amended as appropriate
  • Right to Know About Policies and Practices - Information about our policies and practices regarding Personal Data management
  • Right to Withdraw Consent - Withdraw consent for collection, use, or disclosure of Personal Data (subject to legal or contractual restrictions)

Exercising Your Rights

Canadian residents can exercise these rights by contacting us at info@cratecharms.com.

21. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated "Last Updated" date.

How We Notify You of Changes:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • For material changes: Email notification to registered users and/or prominent notice on our Website

Effectiveness of Changes: Changes are effective immediately upon posting. Your continued use of the Services after changes constitutes acceptance. If you do not accept changes, discontinue use of the Services or opt out by contacting us.

We advise you to review this Policy periodically for any changes. For questions about changes, contact us at info@cratecharms.com with subject "Privacy Policy Update Inquiry."

22. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your Personal Data, contact us:

Crate Charms
Email: info@cratecharms.com

Response Time: We will respond to privacy inquiries within 30 days (or as required by applicable law).

Acknowledgment: By using Crate Charms, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.