UPDATED DATE: 2022-03-09
Tomboy Exchange, Inc. (“TomboyX,” “The Company,” “we,” or “us”) values your privacy. We offer underwear and apparel that anybody could feel comfortable in, regardless of where they fall on the size or gender spectrum.
Collection of Information
Text Marketing and Notifications
Use of Information
Disclosure of Information
Cookies and Other Tracking Mechanisms
Third-Party Sites and Services
Your Rights Under the CCPA
Changes to this Policy
COLLECTION OF INFORMATION
We collect information directly from you, from third parties, and by automated means as set out below. The type of information that we collect from you depends on your particular interaction with our Services, but generally includes the below information.
Account Registration. You may create an optional account profile on our Site but doing so is not required. We collect the following information from you when you create an account: first name, last name, email address, and password. We also may collect additional optional information from you, including wishlist items.
As you make purchases under your account, we also may collect your order history, loyalty rewards program information, reward points, mailing address, billing information, and credit card payment information.
Social Networking Sites. You also may register and log into our Site through your social networking accounts, including Facebook, Google, Twitter, LinkedIn, and Yahoo (collectively, “Social Networking Sites”). If you do so, we obtain certain information from these third-party sites with the permission you grant to us. For example, we may import your name, email address, profile picture, or access your friends list if you grant us permission during the log on process. We may store the information that we receive from Social Networking Sites with other information that we collect from you or receive about you.
Any third-party Social Networking Site controls the information it collects from you. For information about how they may use and disclose your information, including any information you make public, please consult their respective privacy policies. We have no control over how any third-party site uses or discloses the personal information it collects about you.
When you “like,” “follow,” or otherwise interact with us on Facebook, Instagram, Twitter, or other social media sites, we may collect some information from you including your name, e-mail address, and any comments or content you post relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media sites.
Additional Information. You can sign up to receive promotions, product information, and other information we think may interest you by providing your email address.
If you refer friends, we collect your email address, as well as your friend’s name and email address. If you are referred by a friend, you may opt out of such communications by following the opt-out instructions contained in the email or emailing us at email@example.com. Please see the Your Choices section for more information about how to change your communications preferences.
Communications and Customer Service. When you email us, call us or otherwise contact us, we maintain records about our interactions and communications with you, including the nature of the request, name and contact information.
Usage Data. We automatically collect information such as the following about your use of our Services through cookies, web beacons, log files and other methods: log files, IP address, device ID, advertising ID, location information, browser type, device type, domain name, the website that led you to our Services, the website to which you go after leaving our Services, the dates and times you access our Services and perform certain activities; device name and model; operating system type, name, and version; the length of time that you are logged into or using our Services, and the links you click and your other activities within the Services (“Usage Data”). We may combine Usage Data with other information that we have collected about you, including your personal information. Please see the section Cookies and Other Tracking Mechanisms below for more information.
TEXT MARKETING AND NOTIFICATIONS:
By entering your phone number in the checkout and initializing a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed 30 a month. You acknowledge that consent is not a condition for any purchase. If you wish to unsubscribe from receiving text marketing messages and notifications, reply with STOP to any mobile message sent from us or use the unsubscribe link we provided you within any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted for as a reasonable means of opting out. Message and data rates may apply.
For any questions please text HELP to the number you received the messages from. You can also contact us for more information. If you wish to opt-out please follow the procedures above.
USE OF INFORMATION
We use your information, including personal information, as set forth below:
Providing and Improving Our Services. To provide and maintain our Services; to fulfill your orders; to improve our Services; to develop new features, products, or services; to process your payments or transactions; to administer our loyalty rewards program; to perform technical operations, such as updating software; and for other customer service and support purposes.
Marketing and Communications. To communicate with you about your account and use of our Services via email, including to send you updates and promotions; to respond to your inquiries; to provide you with news and newsletters, special offers, promotions, and other information we think may interest you, including information about third-party products and services; and for other informational, marketing, or promotional purposes. Please see the Your Choices section for more information about how to change your communications preferences.
Personalizing Content and Ads. We may use the information we collect about you to personalize the information and content we display to you, including marketing, promotional and sponsored content, as well as providing you with more relevant ads.
Research and Analytics. To better understand how users access and use our Services, and for other research and analytical purposes, such as to evaluate and improve our services and business operations and to develop additional products, services and features.
Protecting Rights and Interests. To protect the safety, rights, property, or security of TomboyX, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity that we consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Policy or our Terms of Service.
Legal Compliance. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
General Business Operations. Where necessary for the administration of our general business, accounting, recordkeeping and legal functions. As part of our routine business administration, such as employee training, compliance auditing and similar internal activities.
Disclosure of Information
In general, we may share your information, including personal information, as follows:
Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personal information will be subject to this Policy.
Service Providers. We may disclose the information we collect from you to third-party vendors, service providers, contractors or agents who perform functions on our behalf.
Third-Party Marketing. We may send you information about companies that we think you may be interested in. We may partner with other companies to send you joint marketing materials.
Business Transfers. We may disclose your information to another entity in connection with an investment, acquisition or merger, sale or transfer of a business unit or assets, bankruptcy proceeding, or as part of any other similar business transfer, including during negotiations related to such transactions.
Protecting Rights and Interests. We may disclose your information to protect the safety, rights, property, or security of TomboyX, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop activity which we, in our sole discretion, may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity; to use as evidence in litigation; and to enforce this Policy or Terms of Service.
Legal Compliance. We may disclose your information to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; in response to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a government official.
Aggregate and De-Identified Information. We may disclose aggregate, anonymous, or de-identified information about users for marketing, advertising, research, compliance, or other purposes.
On occasion we work with third-party companies for advertising, including serving digital advertisements as well as tracking and categorizing your interests over time on TomboyX.com. Some of this information may be shared with these companies to help serve these ads. These third-party companies also may possess or obtain information about you from your interactions: directly with those third-party companies or with other websites, mobile applications, or companies that the third-party companies work with; or from your interactions with advertisements the third-party companies help to display to you. The information that these companies collect or that we share may be used to customize or personalize the advertisements that are displayed to you. We may also share other information at our discretion, including automatically collected information, which may be used by third parties for third-party marketing, advertising, and other purposes. We strive to work with 3rd parties that have the utmost respect and strict confidentiality for your data. If you want to opt out of having this information shared with third parties please reach out through our contact us link: https://tomboyx.com/pages/contact.
Cookies and Other Tracking Mechanisms
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site, while others are used to enable a faster log-in process or to allow us to track your activities at our Site. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Site to, among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies).
In order to display more relevant advertising on our Services, to manage our advertising on third-party sites and online services and to measure and improve our ads and marketing efforts, we may work with third-party ad companies, ad exchanges, channel partners, measurement services and ad networks—for example, Facebook and Google.
Custom Audiences and Matching. We may disclose certain information (such as your email address) with third parties—such as Facebook (more information on Facebook Custom Audience here or see above) so that we can better target ads and content to our Users, and others with similar interests on these third parties’ platforms or networks (“Custom Audiences”). We may also work with third-party ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others As noted above, you may also control how Facebook and other third parties display certain ads to you, as explained further in their respective privacy policies.
More Info and Choices. You can also obtain more information about targeted advertising and how to opt-out of interest-based ads by many third-party ad networks at: www.aboutads.info/choices (Digital Advertising Alliance). Opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs. Please note, that many opt-out mechanisms are cookie based; so, if you delete cookies, block cookies or use another device, your opt-out will no longer be effective.
THIRD-PARTY SITES AND SERVICES
Our Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-parties websites.
We do our best to safeguard user information, including personal information. However, no one can guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information.
Your account information (including personal information) is protected by a password set by you for your privacy and security. You are responsible for preventing unauthorized access to your account and personal information by selecting and protecting your password appropriately, and restricting access to your device and computer. You should take steps to protect the security of your information, including, for instance, logging off when accessing the Site on a shared computer.
Your information may be transferred to and maintained on computer networks which may be located outside of the state, province, country or other governmental jurisdiction in which you reside, and the country or jurisdiction in which these computer networks are located may not have privacy laws as protective as the laws in your country or jurisdiction. Your access to and use of the Service or your submission of any personal information to us will constitute your consent to the transfer of your personal information outside of your home country or jurisdiction.
Even after you remove information from your account or profile, copies of that information may remain viewable elsewhere, to the extent it has been shared with others, or it was copied or stored by other users. Removed and deleted information may remain on backup media for a period of time prior to being deleted from our servers.
You may modify much of the personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Site for a period of time. In addition, we may retain certain information about you as required by law or as permitted by law for legitimate business purposes.
To make an access request for your personal information held by us, or to make a correction request, please contact firstname.lastname@example.org.
While we currently do not sell personal information, Nevada residents who have purchased goods or services from us may opt out of the “sale” of “covered information” (as such terms are defined under Nevada law). “Covered information” includes, among other things, first and last name, address, email address, and phone number. If you are a Nevada resident who has purchased goods or services from us, you may submit a request to opt out of any future “sales” under Nevada law by contacting us via email at email@example.com. Please note we may take reasonable steps to verify your identity and the authenticity of the request.
YOUR CHOICES AND RIGHTS
We may send periodic promotional emails to you. You may opt out of such communications by following the opt-out instructions contained in the email or emailing us at firstname.lastname@example.org. Please note that it may take up to ten (10) business days for us to process opt out requests. If you opt out of receiving promotional emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.
To exercise your rights to the removal of your personal information from our databases and third-party relationships, please contact email@example.com.
YOUR RIGHTS UNDER THE CCPA
Consumers residing in California are afforded certain rights with respect to their personal information under the California Consumer Privacy Act (“CCPA”). Please visit our for information about your rights and our privacy practices for individuals residing in California.
Information for EU Residents
This section applies to the extent the EU General Data Protection Regulation (GDPR) applies to you and your data.
You have certain rights under the General Data Protection Regulation (GDPR) to access, rectify, erase, to suspend processing of your personal data, as well as to complain to the data protection supervisory authority in the country where you are based. These rights are more fully described below. If you want to exercise any of these rights or have questions about how we collect and use your personal data, you can contact us at firstname.lastname@example.org or by texting (203)-902-4821.
- Right to Withdraw Consent. You may withdraw your consent to our processing of your personal information. Doing so will prevent us from providing any services.
- Right to be Forgotten. You have the right to request your personal information be erased.
- Right of Access. You have the right to know if we are processing your personal information and what information about you we possess.
- Right to Modify. You have the right to request your personal information be changed if it is not correct.
- Right to Restrict Processing. You have the right to request the processing of your personal information be restricted. This may restrict or prevent the provision of any services.
- Right to Portability. You have the right to request a copy of your personal information.
- Right to Object. You have the right to object to the processing of your personal information.
- Right to Lodge a Complaint. You have the right to lodge a complaint at any time with the applicable supervisory authority.
- Right to Opt Out. You have the right to opt out of the sale of your personal information.
Accessing and Correcting Your Information.
You can review and change your personal information by logging into the Site and visiting your account profile page.
You may also send us an email at email@example.com to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Our Services are not designed for children under 13, and we do not intentionally collect information on our Apps from those we actually know are under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information from our systems.
Your information is stored in the United States where TomboyX is based. If you are using the Services from outside the United States, you understand and agree that your information, including your personal information, may be accessed from or transferred to the United States where TomboyX is located and therefore may be accessed by law enforcement and regulatory authorities according to the applicable laws of the United States.
CHANGES TO THIS POLICY
This Policy is current as of the Updated Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change, such as via email or prominent notice on the Site.
If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at firstname.lastname@example.org or 2200 Western Avenue, Suite 302, Seattle, WA 98121.