Privacy Policy

1. Introduction

TSBSupplyBox (“Company,” “we,” “us,” “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website located at www.tsbsupplybox.com (the “Website”) and use our ecommerce services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Website. Your use of our Website indicates that you have read and agree to be bound by this Privacy Policy.

We reserve the right to modify this policy at any time. Changes will be effective immediately upon posting to the Website. We will provide notice of material changes by updating the “Last Updated” date above and, where required by law, by requesting your consent to the updated policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information
When you create an account, we collect:

  • Full name
  • Email address
  • Phone number
  • Username and password
  • Account preferences

Example: When you register to save your preferences and view previous orders, we store this information securely in our systems.

Purchase and Transaction Information
During checkout, we collect:

  • Billing address
  • Shipping address
  • Credit/debit card details (processed through PCI-compliant payment processors)
  • Purchase history
  • Order details and transaction records

Example: Your payment information is never stored directly on our servers. Instead, we use encrypted payment gateways that comply with PCI DSS standards.

Communication Information
When you contact us, we collect:

  • Messages and inquiries submitted through contact forms
  • Customer service communications
  • Support tickets and responses
  • Email correspondence

Profile and Preference Information
We collect:

  • Product preferences and wishlists
  • Communication preferences
  • Marketing opt-in/opt-out choices
  • Browsing history on our Website

2.2 Information Collected Automatically

Device and Usage Information
When you visit our Website, we automatically collect:

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring/exit pages
  • Click patterns and interaction data
  • Search queries within the Website

Cookies and Similar Technologies
We use cookies, web beacons, pixels, and similar tracking technologies to:

  • Remember your preferences
  • Improve user experience
  • Analyze Website usage
  • Provide targeted advertising (where permitted)
  • Prevent fraud

Types of cookies we use:

  • Essential cookies: Required for Website functionality
  • Analytics cookies: Track how you use the Website (Google Analytics)
  • Marketing cookies: Enable personalized advertising and remarketing
  • Third-party cookies: From partners like advertising networks

Location Information
Based on your IP address, we may infer your general geographic location (city/state level) to:

  • Comply with applicable state privacy laws
  • Provide region-specific content and offers
  • Process orders accurately

2.3 Information from Third Parties

We may receive personal information from:

  • Payment processors and financial institutions
  • Shipping and logistics partners
  • Marketing and analytics platforms (Google Analytics, Facebook Pixel)
  • Social media platforms (if you link your account)
  • Data brokers and service providers
  • Law enforcement (when legally required)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Primary Business Purposes

  • Order Processing: Fulfill your purchases, process payments, and ship products
  • Account Management: Maintain your account, authenticate your identity, and provide account support
  • Customer Service: Respond to inquiries, resolve disputes, and provide technical support
  • Fraud Prevention: Detect, investigate, and prevent fraudulent transactions and unauthorized access
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes

3.2 Marketing and Communication

  • Marketing Communications: Send promotional emails, product updates, and special offers (where you’ve opted in)
  • Personalization: Customize your shopping experience based on your preferences and behavior
  • Market Research: Conduct surveys and gather feedback to improve our products and services
  • Analytics: Analyze usage patterns to enhance Website functionality and user experience

3.3 Business Operations

  • Inventory Management: Manage product availability and supply chain
  • Business Development: Develop new features, products, and services
  • Performance Monitoring: Evaluate Website performance and optimize operations
  • Security: Protect against unauthorized access and maintain data integrity

4. How We Share Your Information

We may share your information with the following categories of recipients:

4.1 Service Providers

We share necessary information with vendors who perform services on our behalf, including:

  • Payment Processors: Stripe, PayPal (for payment processing)
  • Shipping Partners: FedEx, UPS, USPS (for order fulfillment)
  • Email Service Providers: Mailchimp, SendGrid (for marketing communications)
  • Analytics Providers: Google Analytics, Hotjar (for Website analysis)
  • Cloud Infrastructure: AWS, Google Cloud (for data hosting and security)
  • Customer Support Platforms: Zendesk, Intercom (for support management)

These service providers are contractually obligated to use your information only as necessary to provide services to us and must maintain appropriate security measures.

4.2 Advertising and Marketing Partners

We may share information with:

  • Advertising Networks: Facebook, Google Ads, Instagram (for targeted advertising)
  • Email Marketing Platforms: For promotional campaigns and newsletters
  • Analytics Services: For traffic analysis and conversion tracking

4.3 Legal Requirements and Protection

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service and other agreements
  • Protect the safety, rights, and property of TSBSupplyBox, our users, and the public

Prevent fraud and unauthorized access

4.4 Business Transfers

If TSBSupplyBox is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.5 Aggregated and De-Identified Information

We may share aggregated, anonymized, and de-identified information that cannot reasonably be used to identify you with third parties for marketing, analytics, research, and other purposes without restriction.

5. Your Privacy Rights Under US State Laws

5.1 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the right to:

Right to Know
You may request what personal information we collect, use, and share. We will provide you with:

  • The categories and specific pieces of personal information we collected
  • The source of the information
  • Our business purpose for collecting it
  • Categories of third parties with whom we shared it

Right to Delete
You may request deletion of personal information we collected from you, subject to certain exceptions (such as information necessary to complete transactions or comply with legal obligations).

Right to Correct
You may request correction of inaccurate personal information.

Right to Opt Out
You may opt out of:

  • The “sale” or “sharing” of your personal information for targeted advertising
  • Automated decision-making that produces legal or similarly significant effects

Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA/CPRA rights. This means we will not deny services, charge different prices, provide different quality of service, or suggest you are less valued.

How to Submit Requests
To exercise these rights, submit a verifiable consumer request by:

  • Email: info@tsbsupplybox.com
  • Mail: TSBSupplyBox, Attn: Privacy Officer, [Address]

We will verify your identity and respond within 45 days (extendable by 45 additional days for complex requests).

Global Privacy Control
We recognize the Global Privacy Control (GPC) signal. If you enable GPC on your browser, we will treat it as an opt-out request for sales/sharing and targeted advertising.

5.2 Other State Privacy Laws

The following states have enacted comprehensive privacy laws effective January 1, 2026:

Indiana Consumer Data Protection Act (ICDPA)
Applies if you are an Indiana resident or if we process personal data of 100,000+ Indiana residents. You have rights to:

  • Access your personal information
  • Delete your personal information
  • Correct inaccuracies
  • Opt out of targeted advertising and data sales

Kentucky Consumer Data Protection Act (KCDPA)
Applies if you are a Kentucky resident. You have rights to:

  • Access and delete personal information
  • Correct personal information
  • Opt out of targeted advertising, data sales, and profiling
  • Contest automated decision-making

Rhode Island Data Transparency and Privacy Act (DTPA)
Applies if you are a Rhode Island resident. You have rights to:

  • Access and delete personal information
  • Opt out of targeted advertising and data sales
  • Request information about our data practices

We comply with all applicable state privacy laws. To exercise rights under these laws, use the submission methods listed in Section 5.1.

5.3 Additional Privacy Controls

Email Marketing
You may opt out of promotional emails by clicking the “Unsubscribe” link at the bottom of any marketing email or by updating your communication preferences in your account settings.

Cookie and Tracking Preferences
You can control certain cookies through your browser settings. Most browsers allow you to:

  • Block all cookies
  • Allow only first-party cookies
  • Delete cookies upon exit
  • Receive notification when cookies are set

Note: Disabling essential cookies may impair Website functionality.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Fulfill the purposes described in this Privacy Policy
  • Comply with legal and regulatory obligations
  • Resolve disputes and enforce agreements

Typical Retention Periods:

  • Account Information: For the duration of your account, plus 3 years
  • Purchase Records: 7 years (for accounting and tax purposes)
  • Payment Information: Not retained by us (handled by payment processors)
  • Analytics Data: 26 months
  • Marketing Data: Until you unsubscribe
  • Support Communications: 3 years

We will securely delete or anonymize information when no longer needed, except where required by law to retain records.

7. Security of Your Information

7.1 Security Measures

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

  • Encryption: All data transmissions use SSL/TLS encryption (HTTPS)
  • Access Controls: Restricted access based on “need-to-know” principle; multi-factor authentication for employee accounts
  • Data Minimization: We collect and retain only necessary information
  • Secure Infrastructure: PCI DSS-compliant payment processing; regular security audits and vulnerability assessments
  • Employee Training: All staff receive privacy and security training
  • Incident Response: We maintain procedures to detect, investigate, and respond to security incidents

7.2 Limitations

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security of your information. If you believe your information has been compromised, please contact us immediately.

8. Children's Privacy

Our Website and services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will promptly delete such information and terminate the child’s account. For Children 13-16: We recognize that some users may be minors. If you are between 13-16:
  • We will not sell your personal information without affirmative authorization
  • We will not use your personal information for targeted advertising, automated decision-making, or profiling
  • You have the right to delete your account and associated information
If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at info@tsbsupplybox.com

9. Third-Party Links and Services

Our Website may contain links to third-party websites and services (including payment processors, shipping providers, and social media platforms). This Privacy Policy applies only to TSBSupplyBox and our Website. We are not responsible for the privacy practices of third-party services.

We encourage you to review the privacy policies of any third-party services before providing your information. Your use of third-party services is governed by their respective privacy policies and terms of service.

10. International Users

Our Website is hosted in the United States and is governed by US law. If you are accessing our Website from outside the United States, you acknowledge that:

  • Your information will be transferred to, processed, and stored in the United States
  • US data protection laws may differ from the laws of your home country
  • Your use of our Website constitutes your consent to such transfers and processing

For users in jurisdictions with specific data transfer requirements (such as the European Union), we rely on appropriate legal mechanisms for cross-border data transfers, including Standard Contractual Clauses or your explicit consent.

11. Data Breach Notification

  1. Data Breach Notification

In the event of a confirmed data breach involving unauthorized access to, or disclosure of, personal information, we will:

  • Notify affected individuals without unreasonable delay (and within 30 days where required by law)
  • Provide notice of the nature of the breach, information affected, and steps to minimize harm
  • Contact applicable regulatory authorities as required by law
  • Cooperate with law enforcement investigations

Notification will be provided via email, mail, or other reasonable means.

12. Your California Privacy Rights - Detailed Notice

Categories of Personal Information Collected[source:1][source:4]

We collect the following categories of personal information:

  • Identifiers (name, email, phone, account username, IP address)
  • Commercial information (purchase history, browsing history, product preferences)
  • Internet activity (pages visited, clicks, search queries, referral source)
  • Geolocation data (city/state level from IP address)
  • Sensory information (none typically, unless you submit images/videos)
  • Professional information (if relevant to customer support)
  • Inferences (preferences, interests, purchasing patterns)

Purpose of Collection and Use

We collect and use this information for:

  • Fulfilling your requests and transactions
  • Providing customer service and support
  • Marketing and personalization
  • Fraud prevention and security
  • Legal compliance and regulatory obligations
  • Improving products and services
  • Analytics and aggregated reporting

Categories of Parties Receiving Information

We share information with:

  • Service providers (payment, shipping, analytics, customer support)
  • Advertising networks and marketing partners
  • Law enforcement and government agencies (when legally required)
  • Business partners in case of merger or acquisition

Sources of Information

We collect information from:

  • You directly (account registration, checkout, communications)
  • Automated collection (cookies, pixels, server logs)
  • Third-party service providers
  • Data brokers
  • Publicly available sources

13. Contact Information

For questions, concerns, or to exercise your privacy rights, please contact:

TSBSupplyBox Privacy Team
Email: info@tsbsupplybox.com
Mailing Address: TSBSupplyBox
Attn: Privacy Officer
[Insert Physical Address]
[City, State ZIP]

Response Times
We aim to respond to all inquiries within 5 business days. For formal rights requests (access, deletion, opt-out), we will respond within 45 days as required by law.

Privacy Officer
We have appointed a Privacy Officer responsible for overseeing our privacy practices and compliance. You may contact them at the email and mailing address above.

14. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, and other factors. The “Last Updated” date at the top of this policy indicates when it was most recently modified.

Material changes will be:

  • Prominently displayed on our Website
  • Communicated via email to registered users
  • Require your consent where required by applicable law

Your continued use of our Website following the posting of revised Privacy Policy means you accept and agree to the changes.

15. Your Acceptance

By using TSBSupplyBox.com, you signify your acceptance of this Privacy Policy. If you do not agree to this policy, please do not use our Website. Continued use of the Website following the posting of changes to this policy means you accept those changes.