Effective September 15, 2018
TomboyX places a high value on transparency for how we handle your data.
We believe privacy begins with data security. That does not mean we simply check boxes on a form to comply with the law, it means we care about the spirit of compliance. Our business processes are designed to protect your personal data, we monitor those processes, and we continuously train our people on data security and privacy – because if data is not secure, it cannot be private.
We also follow industry best practices for information security and privacy (such as all PCI DSS requirements, and the GDPR when applicable) to protect your data from being inappropriately handled, including taking preventative actions with how we collect and store your data to prevent its loss, misuse, inappropriate access, disclosure, or alteration, and to address its timely expiration so we’re not keeping your data unnecessarily. In fact, we will purge peoples’ personal data every so often, as we believe no such data should be kept indefinitely. That means, even if you’ve asked us to keep your data, if you haven’t shopped or communicated with us in awhile, we may have purged it – so stay in touch.
We deliver your entire shopping experience on our site in an encrypted fashion using current security technology. You might have noticed when using our website that your connection to our site is encrypted with the following particulars as of September 2018.
Key exchange: Elliptic curve Diffie-Hellman
Bulk cipher: AES GCM 256 bits
Perfect Forward Secrecy: Yes
SSL/TLS Version: TLS v1.2
Connection status: Secure
Extended validation: Yes
Key: 2048 bits RSA
Common name: tomboyx.com
Issued to: Tomboy Exchange, Inc
Issued by: GlobalSign nv-sa
Validity: 9/27/2017 -- 10/13/2019
(Assessment by the awesome tool, SSleuth.)
Third Parties and payment
Our store is third-party hosted, currently with Shopify, Inc. Our store host provides us with the e-commerce platform that allows us to sell our products and services to you. Their general point-of-sale software application handles your purchase transaction and your purchase data is stored in their database. If you provide your credit card information for a purchase payment, that data is transmitted and stored in an encrypted state by the store host. Although no method of data transmission or electronic storage can be guaranteed 100% secure, we follow generally accepted industry standards and take additional precautionary measures. Third-party payment processors keep your payment data for only as long as is required to complete your transaction and maintain your account with them per their own policies.
Third Parties in general
We shop for third-party service providers who collect, use and disclose your information only to the extent necessary to allow them to perform the services they provide to us. We do run third-party scripts in the background on our website for various functions, like Google Analytics to help us learn about peak times of day people visit our site and what pages are being viewed. In that particular instance, the analytics measures that Google’s tool takes expire at the end of the browsing session.
Some providers may be located in or have facilities that are located in a different jurisdiction than either you or we are. This means that if you elect to proceed with a transaction involving the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For example, if you are located outside the United States and your transaction is processed by a payment gateway located inside the U.S., then your personal information used in completing that transaction may be subject to disclosure under U.S. law, including the Patriot Act.
What data we collect & why
We use your information to deliver our goods and services to you. If you opt in, we use your information to market our products to you.
We work hard to keep our website accessible to as many types of browsers and devices as we can. To do that, knowing what types of browsers and devices visit our site, as well as from what area and region they originate, helps us optimize the shopping experience for our users. For instance, when you browse our site, we automatically receive some basic information about your language, internet browser, operating system, and the type of device you’re using, and your computer’s internet protocol (IP) address.
When you buy something from our store, we (and our store host) collect personal information you give as part of the shopping process, such as your name, address, email, and payment data, so that we can complete your purchase, keep you informed as to the status of your order, and deliver your goods.
We use varied technical methods when we collect and store data, such as scripting, cookies, browser storage, pixel tags, and server logs.
Choices you have
When you provide us with personal information, such as to login, complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, you consent to our collecting that data and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your express consent or provide you with an opportunity to say no.
If you change your mind after you opt-in, you may withdraw your consent for us to contact you for the continued collection, use, or disclosure of your information, at any time, by contacting us at firstname.lastname@example.org; or send postal mail to us at:
1910 1st Avenue South, 2nd Floor, Seattle, WA 98134
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service, but only to the extent required to address the applicable legal requirement or remedy.
If you opt in to our ads, we may send you emails about new products, promotions, our store, and other updates. In sending such emails, we may share your contact information with our service providers, including those who perform marketing services on our behalf.
When you click on links on our website, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
Our site is designed for use by adults, not children. By using our site, you represent that you are at least the age of majority in your jurisdiction. If you allow a child to use our site, you represent that you have given us your consent to allow that minor to use this site.
Questions & contact information
If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact us at email@example.com; or send postal mail to:
1910 1st Avenue South, 2nd Floor, Seattle, WA 98134