Privacy Policy

We collect only what we need to take an order, ship it, talk to you, fight fraud, and keep the lights on. Specifically:

• Order info: name, email address, phone number, shipping address, billing address, items purchased, and order total.
• Payment info: we do not see or store your full card number, CVV, or bank details. Payment is processed by Stripe, Inc., who handles and stores that data under their own privacy practices.
• Reviews: if you leave a review, we store your name, the email used at checkout (for verification), star rating, and review text.
• Communications: emails or messages you send us, including support requests.
• Technical info: IP address, browser type, referring URL, pages viewed, time spent, and similar usage data, collected through standard server logs and cookies.
• Cookies and local storage: we use a small number of first-party cookies and browser local-storage entries to remember your cart, your email after checkout, and an admin authentication token (for staff only). We do not use third-party advertising trackers at this time.

• To process orders, ship products, and provide customer service.
• To verify reviews are from real customers.
• To detect and prevent fraud, abuse, or illegal activity.
• To comply with legal obligations (tax, accounting, regulatory requests).
• To improve the Services and operate the Site.
• To respond to your inquiries.

We do not sell your personal information. We share it only with the service providers we need to run boxd, and only to the extent each provider needs to do their job:

• Stripe, Inc. — payment processing.
• EasyPost, Inc. — shipping rate calculation, label purchase, and tracking.
• Common carriers (USPS, UPS, FedEx, DHL, etc.) — delivery.
• Fly.io / Fly Hosting Inc. — application hosting and database storage.
• Email provider — to send order confirmations and respond to inquiries.
• Government, law enforcement, or other parties when we believe disclosure is required by law, court order, subpoena, or to protect the rights, property, or safety of boxd, our customers, or others.
• Successors — if we are acquired, merged, sold, or reorganized, your information may transfer to the surviving entity, subject to a privacy policy at least as protective as this one.

We retain personal information only as long as necessary for the purposes described above, to comply with our legal, accounting, and tax obligations, and to resolve disputes. Order records are typically kept for at least seven (7) years to satisfy accounting and tax recordkeeping. Reviews remain published until removed by us or by you upon request.

We use commercially reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS), encrypted secret storage on Fly.io, access controls, hashed administrative authentication, and isolated production environments. No method of transmission over the internet or electronic storage is 100% secure. We cannot and do not guarantee absolute security, and you use the Services at your own risk.

You may:

• Request access to or a copy of personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your information, subject to our legal obligations to retain certain records.
• Opt out of any non-essential communications by replying “unsubscribe” or contacting us.
• Disable cookies through your browser, with the understanding that the Site may not function correctly.

To exercise any of these rights, email boxdsupport@gmail.com. We will respond within forty-five (45) days. We may verify your identity before fulfilling a request.

If you are a California resident, you have the right under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, to (a) know what personal information we collect, use, disclose, and sell about you, (b) request deletion of your personal information, (c) request correction of inaccurate personal information, (d) opt out of any “sale” or “sharing” of your personal information, and (e) be free from discrimination for exercising those rights. We do not sell or share personal information for cross-context behavioral advertising. To submit a request, email boxdsupport@gmail.com.

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal information are: (i) contract, to process and ship your order; (ii) legitimate interest, to operate, secure, and improve the Services; (iii) legal obligation, to comply with tax and recordkeeping laws; and (iv) consent, where required for non-essential cookies or marketing. You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to lodge a complaint with your local data protection authority. Note that boxd is a small US-based seller and ships primarily within the United States; orders to the EU/UK are not actively offered, and any incidental transfer of data to the United States is made under standard contractual safeguards or with your explicit consent.

The Services are not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen. If we learn we have collected such information, we will delete it. If you believe a child has provided us information, contact us at boxdsupport@gmail.com.

Some browsers transmit “Do Not Track” signals. Because there is no industry-wide standard for interpreting these signals, we do not currently respond to them. We do not engage in cross-site tracking for advertising.

The Site may contain links to third-party sites we do not operate. We are not responsible for the privacy practices or content of those sites. Review their policies before providing any information.

We may update this Privacy Policy at any time. The “Last updated” date at the top will reflect the most recent change. Material changes will be reasonably noticed on the Site. Your continued use of the Services after a change constitutes acceptance of the updated Policy.

Questions about this Policy or our data practices? Email boxdsupport@gmail.com. For postal correspondence, request a mailing address by email.