Privacy Policy — OSS Shirt Club

1. Information we collect

Information you provide directly

When you sign up for OSS Shirt Club, we collect:

• Name: First and last name for order fulfillment and personalization
• Email address: For order confirmations, shipping notifications, account management, and marketing communications
• Shirt size: To fulfill your monthly shirt orders
• Shipping address: To deliver your monthly shirts
• Payment information: Credit card details, billing address (processed securely by Stripe — we never store full card numbers)

Information collected automatically

When you visit our website, we automatically collect:

• Device information: IP address, browser type, operating system, device identifiers
• Usage data: Pages viewed, time spent on site, click patterns, referring URLs
• Cookies and tracking technologies: See our Cookie Policy section below

Information from third parties

• Stripe:Payment processing status, transaction IDs, payment method type (we don't receive full card numbers)
• Facebook/Meta: Ad performance data, conversion tracking (if you clicked on our ads)
• Printify: Order fulfillment status, shipping tracking numbers

2. How we use your information

We use your personal information for:

Service delivery

• Processing and fulfilling your monthly shirt orders
• Sending order confirmations and shipping notifications
• Managing your subscription and billing cycles
• Providing customer support and responding to inquiries
• Updating you about size changes or order issues

Marketing and communications

• Sending promotional emails about new designs, special offers, or company updates
• You can opt out of marketing emails at any time (but will still receive transactional emails)
• Running targeted advertising campaigns on Facebook, Instagram, and Google

Business operations

• Analyzing website usage to improve user experience
• Preventing fraud and maintaining security
• Complying with legal obligations and enforcing our Terms of Service
• Conducting internal research on customer preferences and trends

We will never

• Sell your personal information to third parties
• Share your email address with other companies for their marketing
• Use your information in ways not disclosed in this policy without your consent

3. How we share your information

We share your information only with trusted partners necessary to operate our service:

Service providers

• Stripe: Payment processing (PCI-DSS compliant)
• Printify: Print-on-demand fulfillment and shipping
• Email service provider (for example, Mailchimp, SendGrid): For transactional and marketing emails
• Analytics tools (Google Analytics, Facebook Pixel): To measure website performance and ad effectiveness

Legal requirements

We may disclose your information if required by law, court order, or government request, or to:

• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Respond to claims of intellectual property infringement

Business transfers

If OSS Shirt Club is acquired, merged, or sold, your information may be transferred to the new owner as part of the transaction. You will be notified via email of any such change.

4. Cookies and tracking technologies

What cookies we use

• Essential cookies: Required for website functionality (for example, checkout flow and security)
• Analytics cookies: Google Analytics tracks how you use our site to improve user experience
• Advertising cookies: Facebook Pixel, Google Ads tracking for retargeting and conversion measurement

Third-party tracking

• Facebook Pixel: Tracks page views, add-to-cart, and purchase events to measure ad performance and serve you relevant ads
• Google Ads: Similar tracking for Google advertising campaigns

Your choices

• Most browsers allow you to block cookies in settings
• You can opt out of targeted advertising: Facebook ad preferences, Google ad settings
• Note: Blocking cookies may affect website functionality

5. Data retention

• Active subscribers: We retain your information as long as your subscription is active
• Cancelled subscriptions: We keep your information for 3 years after cancellation for accounting, legal, and fraud prevention purposes
• Marketing data: If you opt out of marketing, we retain your email in a suppression list to honor your opt-out
• Account deletion requests:See the "Your rights" section below

6. Your rights and choices

Access and correction

• You can view and update your email, shipping address, and payment method through your Stripe billing portal.
• Request a copy of your personal data by emailing support@ossgrappling.com.

Marketing opt-out

• Unsubscribe from marketing emails via the link in any email
• You will still receive transactional emails (order confirmations, shipping updates, billing notices)

Account deletion

• To delete your account and data, email support@ossgrappling.com with "Delete My Account" in the subject line
• We will delete your data within 30 days, except where required by law to retain it
• Note: You must cancel your subscription before requesting account deletion

California residents (CCPA)

If you are a California resident, you have additional rights:

• Right to know what personal information we collect and how we use it
• Right to request deletion of your personal information
• Right to opt out of the "sale" of personal information (we don't sell data, but you can opt out of targeted ads)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, email support@ossgrappling.com with "California Privacy Request" in the subject line.

European residents (GDPR)

If you are in the EU/EEA, you have rights under GDPR:

• Right to access, rectify, erase, restrict processing, data portability
• Right to object to processing and withdraw consent
• Right to lodge a complaint with your data protection authority

Contact support@ossgrappling.com to exercise these rights.

7. Data security

We implement industry-standard security measures:

• Encryption: All payment data is encrypted via SSL/TLS
• Secure storage: Data is stored on secure servers with restricted access
• Stripe PCI compliance: Payment processing meets PCI-DSS standards
• Access controls: Only authorized personnel can access customer data

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but take reasonable precautions to protect your information.

8. Children's privacy

Our service is not intended for individuals under 18 years old. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact support@ossgrappling.com and we will delete it promptly.

9. International data transfers

If you are located outside the United States:

• Your information may be transferred to and processed in the United States
• By using our service, you consent to this transfer
• We take steps to ensure your data receives adequate protection

10. Changes to this privacy policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email. Continued use of our service after changes constitutes acceptance of the updated policy.

11. Contact us

For questions about this Privacy Policy or to exercise your privacy rights:

• Email: support@ossgrappling.com
• Address: 328-B Kawainui St., Kailua, HI 96734 USA
• Response time: We aim to respond within 48 hours