Privacy policy
This page explains what personal information Brandon Rupert collects from you, what we do with it, who else sees it, and the rights you have over it.
Who we are
Brandon Rupert operates this site and store. We are the data controller for the personal information we collect from you under applicable US state privacy laws.
How to reach us about your data: support@brandonrupert.com
Registered address: 83 Crosby Street, Suite 3F, New York, NY 10012, USA.
What we collect
When you visit, browse, or buy from brandonrupert.com, we collect the following:
| Category | When it's collected | Why |
|---|---|---|
| Name, email, shipping address, phone | When you place an order | To take payment, ship your order, and stay in touch about it |
| Payment details (card or wallet token) | At checkout | Processed by Shopify Payments. We never see or store your full card number. |
| Browser, device, IP address, pages viewed | Automatically on visit | To run the site, prevent fraud, and understand what people look at |
| Email address (separately) | If you sign up for updates | To send you occasional release notes — usually one or two emails per season |
| Communication history | If you email us | To answer your questions and look up past orders |
Cookies
We use a small number of cookies. On your first visit you can accept or reject non-essential cookies via the banner; you can change your mind any time using the Cookie settings link in the footer.
| Type | What it does | Optional? |
|---|---|---|
| Strictly necessary | Cart, checkout, fraud prevention | No — these can't be turned off |
| Analytics | Anonymous traffic and conversion measurement | Yes — only set if you consent |
| Marketing | Ad measurement (Meta, Google, Pinterest) | Yes — only set if you consent |
Who we share your information with
We use the following third parties to run the business. Each is contractually required to handle your data in line with applicable privacy law.
- Shopify Inc. — our e-commerce platform; hosts the site and processes orders
- Shopify Payments / Stripe — payment processing
- USPS, UPS, FedEx — shipping (only the data needed to deliver your order)
- Our US fulfilment partner — picks, packs, and ships orders
- Klaviyo (if email marketing is enabled) — sends our occasional emails
- Google Analytics, Meta Pixel, Pinterest Tag (only if you consent to marketing cookies) — performance measurement
We do not sell your personal information. Under the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and other applicable US state privacy laws, you have the right to opt out of any sale or sharing of your personal information for cross-context behavioural advertising. You can exercise this right by emailing support@brandonrupert.com or by adjusting your cookie preferences.
How long we keep your information
- Order records: 7 years (tax and accounting requirements)
- Marketing email list: until you unsubscribe
- Site analytics: 14 months (Google Analytics default)
- Customer service emails: 2 years from your last contact
Your rights
Depending on which US state you live in, you have some or all of the following rights:
- Access — request a copy of the personal information we hold about you
- Correction — ask us to fix anything inaccurate
- Deletion — ask us to delete your information (subject to the retention rules above)
- Portability — request your data in a portable format
- Opt-out of sale / sharing — ask us not to share your data with advertising partners
- Withdraw consent — for anything we process on the basis of your consent
- Non-discrimination — we won't deny you service or charge you differently for exercising any of these rights
To exercise any of these, email support@brandonrupert.com. We'll respond within 45 days, which is the standard window under most US state privacy laws.
If you believe we've mishandled your data, you can raise a complaint with your state's Attorney General office.
Children
Brandon Rupert is not directed at children. We don't knowingly collect personal information from anyone under 13 in line with the US Children's Online Privacy Protection Act (COPPA). If you believe we've inadvertently collected data from a child, email us and we'll delete it.
Security
We take reasonable steps to protect your information — encryption in transit (HTTPS), payment processing through PCI-compliant providers, restricted access to order data. No method of transmission or storage is perfectly secure, but if a breach affects your data we'll notify you in line with applicable law.
Changes to this policy
We may update this policy from time to time. The version in force is always the one on this page.