Privacy Policy

Last updated: August 10, 2025

Rust Boutique (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy describes
how we collect, use, disclose, and protect personal information when you visit https://rustboutique.com,
purchase products, or otherwise interact with us (collectively, the “Services”).

Summary (At a Glance)

This page explains: what information we collect; why we collect it; how we use and share it; your rights under applicable law
(including CCPA/CPRA for California residents and GDPR for EEA/UK residents); and how to contact us. For more details read the full
policy below.

Notice at Collection for California Residents (CCPA/CPRA)

The table below describes the categories of personal information we may collect, the purposes for which we use it, and retention.

Category of Personal Information	Examples	Purpose of Collection	Retention Period	Sold or Shared?
Identifiers	Name; email; phone; shipping & billing address; IP address	Order fulfillment; account management; customer service; fraud prevention	For the period required to fulfill the purpose; typically until no longer needed or as required by law	No
Customer Records	Payment information (processed by third parties); transaction history	Payment processing; recordkeeping; tax & accounting	As required by financial record retention rules (typically 4–7 years)	No
Commercial Information	Purchase history; products viewed; cart contents	Order management; personalized offers; analytics	Up to 5 years (subject to business needs)	No
Internet/Network Activity	Browsing history; device & browser info; referring URL; cookies	Site analytics; performance; security; marketing	Up to 2 years (or as set by cookie lifetime)	Shared for advertising (opt-out available)
Geolocation	Approximate location inferred from IP	Fraud prevention; regional promotions	Up to 2 years	No
Inferences	Customer preferences; predicted interests	Personalization and recommendations	Up to 2 years	No

Your rights under California law include the right to know, delete, correct, and opt out of the sale or sharing of your personal information. See California Privacy Rights (Section 5) for details.

1. Information We Collect

We collect information you provide directly and information collected automatically when you use the Services.

a) Information you provide

Contact details: name, email address, phone number
Shipping & billing addresses
Payment information (processor-handled; we do not store full card numbers)
Account credentials and profile information
Communications you send to us (support requests, reviews)

b) Information collected automatically

IP address, device type, browser type, operating system
Browsing behavior on our site, referring pages, pages visited
Cookies, pixels, and similar tracking technologies (see Cookie Policy)

c) Sensitive data

We do not intentionally collect sensitive personal information (e.g., racial or ethnic origin, health data, religious beliefs). If you provide such information, we will process it only with your consent or as otherwise permitted by law.

2. How We Use Personal Information

We use personal information for the following purposes:

To process and fulfill orders, handle returns, and provide customer support
To process payments and prevent fraud
To send transactional communications (order confirmations, shipping notices)
To send marketing communications where you have consented or where permitted
To personalize and improve our Services and product offerings
To comply with legal obligations and to protect our rights

3. Legal Bases for Processing (EEA / UK / Switzerland)

If you are located in the EEA, UK, or Switzerland, we rely on one or more of the following legal bases for processing:

Your consent (where requested)
Performance of a contract with you
Compliance with a legal obligation
Our legitimate interests (balanced against your rights)

4. How We Share Information

We may share personal information with:

Service providers who perform services on our behalf (payment processors, shipping carriers, email providers, analytics, hosting)
Advertising and marketing partners (for analytics and personalized advertising)
Law enforcement or government agencies when required by law
Parties involved in business transfers (e.g., merger, sale of assets)

We do not sell personal information for monetary consideration. Where we engage in activities California law calls “sharing,” you can opt out — see How to Opt Out.

5. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under California law (subject to verification and certain exceptions):

Right to Know: Request categories and specific pieces of personal information collected about you in the past 12 months.
Right to Delete: Request deletion of personal information (subject to exceptions).
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out: Opt out of sale or sharing of personal information (including cross-context behavioral advertising).
Right to Non-Discrimination: You will not be discriminated against for exercising your rights.

How to submit a request

You may submit requests:

Online: Do Not Sell or Share My Personal Information
Email: privacy@rustboutique.com (subject: “California Privacy Request”)

We may require verification to process your request. Authorized agents may submit requests on your behalf if properly authorized.

6. Rights for EEA / UK / Swiss Residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you may have the following rights (subject to verification and exceptions):

Access to your personal data
Rectification of inaccurate data
Erasure (“right to be forgotten”)
Restriction of processing
Data portability
Object to processing (including direct marketing)
Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@rustboutique.com. We will respond in accordance with applicable law.

7. Data Retention

We retain personal data only as long as necessary to provide Services, fulfill legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and legal requirements.

8. Cookies & Tracking

We and our partners use cookies and similar technologies for site functionality, analytics, and advertising. For details and how to opt out, see our Cookie Policy.

9. International Transfers

Data may be transferred to and processed in countries outside your jurisdiction (including the U.S.). Where required by law, we use appropriate safeguards (such as Standard Contractual Clauses) to protect your personal data.

10. Security

We implement reasonable technical and organizational measures designed to protect personal information. However, no security system is impenetrable; we cannot guarantee absolute security.

11. Children’s Privacy

Our Services are not directed to children under 13 (U.S.) or under 16 (E.U./UK). We do not knowingly collect personal information from minors. If we learn we collected personal information from a child in violation of law, we will take steps to delete it.

12. Verification and Authorized Agents

For certain requests (e.g., deletion), we may need to verify your identity. Authorized agents can submit requests on your behalf if they provide proof of authorization as required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice (e.g., prominent notice on our website) and update the “Last updated” date.

14. Contact Us / Data Protection Officer (DPO)

If you have questions, requests, or complaints about this Privacy Policy or our practices, contact:

Privacy Officer / DPO
Rust Boutique
6780 McKinley Ste 120
Sebastopol, CA 95472
Email: privacy@rustboutique.com
Phone: +1 707-827-6181

If you are an EEA/UK resident, you may also lodge a complaint with your local data protection authority.

This policy is intended to comply with California (CCPA/CPRA), European (GDPR), and applicable U.S. privacy laws. It does not create contractual rights beyond those provided by law.