This Privacy Policy describes how we collect, use, disclose, and protect Personal Information (“PI”) from users (“you”, “your”) of our website (the “Site”) and in connection with our products and services. We are organized under the laws of the State of Alabama, United States, and comply with applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and Alabama’s data breach notification laws (Ala. Code 1975 § 8-38-1 et seq.).
1. Data Controller & Contact
Data Controller: Elasmo LLC
Mailing Address: 82 WATERFORD DR, CULLMAN, AL 35057, United States
For privacy-related requests or legal notices, please use the contact details above.
2. Personal Information We Collect
We collect PI in three ways: directly from you, automatically via the Site, and from third parties (e.g., service providers).
2.1 Information You Provide
Account & Order Data: Name, shipping/billing address, email, phone number, payment card details (processed by our payment processor; we do not store full card numbers), order history, and communication preferences.
Customer Support: Information you provide to resolve issues (e.g., order details, inquiry context).
Consent: Records of your consent to our data practices (e.g., marketing opt-ins).
2.2 Automatically Collected Information
Usage Data: IP address, browser type, device information, pages visited, time on site, referral source, and interaction with the Site (e.g., product views, cart activity).
Cookies & Tracking Technologies: We use cookies (session and persistent) and similar technologies to enhance your experience, analyze usage, and personalize content. You may disable cookies in your browser, but some Site features may not function properly.
2.3 Third-Party Information
We may receive PI from payment processors (e.g., transaction status), shipping carriers (e.g., delivery confirmations), and fraud prevention services (e.g., risk assessments) to fulfill orders and protect our business.
3. How We Use Your Personal Information
We use PI only for the purposes disclosed at collection or with your consent, in compliance with applicable law:
Order Fulfillment: Process payments, ship products, provide delivery updates, and handle returns/refunds.
Customer Support: Respond to inquiries, resolve issues, and provide post-purchase assistance.
Site & Service Improvement: Analyze usage data to optimize the Site, enhance product offerings, and improve user experience.
Marketing (with consent): Send personalized promotions, product updates, and newsletters if you opt in. You may unsubscribe at any time (see Section 7).
Fraud Prevention & Security: Detect and prevent fraudulent activity, protect against unauthorized access, and comply with legal obligations.
Legal Compliance: Respond to subpoenas, court orders, or regulatory requests; defend legal claims; and enforce our Terms of Service.
4. Disclosure of Personal Information
We do not sell your PI as defined by the CCPA/CPRA. We may disclose PI to the following third parties only for the purposes stated below and under written agreements requiring them to protect your data:
Service Providers: Payment processors (e.g., Stripe), shipping carriers (e.g., USPS), fraud prevention services, and IT providers (e.g., website hosting).
Legal Authorities: When required by law, to protect our rights or property, or to prevent harm to others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, PI may be transferred to the acquiring entity (we will notify you of such changes).
We will not disclose your PI to third parties for their own marketing purposes without your express written consent.
5. Data Retention
We retain PI only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law:
Order Data: Retained for 7 years for tax, accounting, and legal compliance purposes.
Customer Support Data: Retained for 2 years to resolve issues and provide historical support.
Marketing Data: Retained until you opt out or we no longer offer the relevant service.
Automated Data: Retained for 12 months for analytics and security purposes, then de-identified.
When retention periods expire, we securely delete, anonymize, or destroy PI to prevent unauthorized access.
6. Data Security
We implement industry-standard technical and organizational measures to protect your PI from unauthorized access, disclosure, alteration, or destruction:
Encryption of PI in transit (SSL/TLS) and at rest (where applicable).
Access controls (e.g., role-based permissions) for employees and service providers.
Regular security audits and updates to our systems and processes.
Despite these measures, no data transmission or storage is 100% secure. We cannot guarantee the absolute security of your PI.
Alabama Data Breach Notification
In the event of a breach of security (unauthorized acquisition of electronic PI that is reasonably likely to cause substantial harm), we will:
Conduct a prompt investigation in good faith.
Notify affected individuals without unreasonable delay and within 45 days of determining the breach, as required by Alabama law.
Notify nationwide consumer reporting agencies if the breach affects more than 1,000 individuals.
Notify the Alabama Attorney General as required by law.
7. Your Privacy Rights
7.1 California Residents (CCPA/CPRA Rights)
If you are a California resident, you have the following rights under the CCPA/CPRA:
Right to Know: Request disclosure of the categories and specific pieces of PI we have collected, used, or disclosed about you in the past 12 months.
Right to Delete: Request deletion of your PI, subject to exceptions (e.g., legal retention requirements).
Right to Correct: Request correction of inaccurate PI (CPRA).
Right to Opt-Out of Sharing: Request that we stop “sharing” your PI for cross-context behavioral advertising (we do not engage in this practice).
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights (e.g., denying services or charging higher prices).
How to Exercise Your Rights
To exercise these rights, submit a request to support@elasmollc.com with the subject line “California Privacy Request”. You may also designate an authorized agent to act on your behalf (we will require proof of authorization).
We will verify your identity (e.g., name, email, order number) and respond to your request within 45 days (we may extend this period by 45 days if necessary, with notice). You may submit a request twice per 12-month period.
7.2 Marketing Opt-Out
If you opted in to marketing communications, you may unsubscribe at any time by:
We will process opt-out requests within 10 business days.
8. Children’s Privacy
Our Site and products are not intended for children under the age of 13. We do not knowingly collect PI from children under 13. If we become aware of such collection, we will promptly delete the PI and notify the relevant parent/guardian.
9. Third-Party Links
The Site may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to review the privacy policies of any third-party sites you visit.
10. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. We will notify you of material changes by:
Posting the updated policy on the Site with a new effective date.
Sending an email notification to users who have opted in to communications.
Your continued use of the Site after the effective date constitutes your acceptance of the updated policy.
11. Governing Law
This Privacy Policy is governed by the laws of the State of Alabama, United States, without regard to its conflict of law principles.
