Privacy Policy
Effective date: October 1, 2025
Controller / Contact: Dirty Bastards Collective — sales@dirtybastardscollective.com
1. Overview
Your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights.
2. Information we collect
Order & account information: name, billing & shipping address, email, phone number, order history.
Payment information: We do not store full credit card numbers or CVV on our servers. Payment card processing is handled by third-party processors (e.g., Stripe, PayPal). We may retain transaction identifiers and masked card data necessary to identify a past payment. Sensitive authentication data (e.g., CVV) is not stored after authorization in accordance with payment industry rules. PCI Security Standards Council+1
Technical data & cookies: IP address, device information, browser type, pages visited, referral URLs, analytics cookies and similar technologies.
Communications: Emails, chat transcripts, and other messages you send us.
3. How we use your information
To fulfill orders, process payments, ship products, and provide customer service.
To communicate about orders, updates, promotions (with your consent where required).
To improve the website, analyze usage, and prevent fraud.
To comply with legal obligations and respond to lawful requests.
4. Sharing & third parties
We share personal data only as needed to provide the service: with payment processors, shipping carriers, fraud-prevention providers, analytics providers, and email service providers. Payment processors and other service providers have their own privacy and security practices. Note that payment processors and payment service agreements may restrict sale or processing of certain items; payment providers maintain lists of prohibited/restricted businesses. Example processor agreements describe such prohibited/restricted business lists. Stripe+1
5. Security
We use industry-standard security measures (SSL/TLS for transmission, secure servers, access controls). Because payment processing is handled by third-party processors, sensitive card data is not retained on our systems and is governed by the processor’s PCI compliance. The PCI Security Standards Council (PCI SSC) requires that sensitive authentication data not be stored post-authorization; we follow this practice. PCI Security Standards Council+1
6. Cookies & tracking
We use cookies and similar technologies for session management, analytics, and marketing. You may opt out or change cookie settings through your browser or via any cookie controls on our site. Third-party analytics providers may also set cookies.
7. Your rights
US/California residents: If you are a California resident, you may have rights to request access to or deletion of certain personal information (see our contact info).
EU/EEA/UK residents: You may have rights under GDPR including access, correction, portability, restriction, and objection. To exercise your rights, contact sales@dirtybastardscollective.com. We will verify requests in accordance with applicable laws.
8. International transfers
We may transfer data to service providers in other countries to process orders. Where required by law, we implement safeguards for cross-border transfers.
9. Changes
We may update this policy; we will post an updated effective date at the top. For material changes we will provide prominent notice.
Reasoning / notes: Key underwriting requirements: clearly state who processes payments (third parties) and that you do not store CVV or full card data — citations to PCI docs support that approach. Also include COPPA and reference that processors have prohibited categories (so the underwriting team sees you’re aware).
Citations (supporting claims about card data storage and processor restrictions): PayPal+4PCI Security Standards Council+4PCI Security Standards Council+4