Privacy Policy

PRIVACY POLICY

Last Updated: October 7, 2025

This Privacy Policy describes how NOTAG ("we," "us," "our," or "the Company") collects, uses, discloses, and protects your personal information when you visit, use, or make a purchase from our online store and related services (the "Services").

BY USING OUR SERVICES, YOU EXPRESSLY CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. IF YOU DO NOT AGREE, DO NOT USE OUR SERVICES.

1. INFORMATION WE COLLECT

We collect extensive information to provide, improve, and protect our Services:

A. Personal Information You Provide:

  • Identity Information: Name, username, title, date of birth, gender
  • Contact Information: Email address, telephone number, billing address, shipping address
  • Payment Information: Credit card numbers, debit card numbers, bank account information (processed securely through third-party payment processors)
  • Account Information: Username, password, security questions and answers, preferences, settings, purchase history
  • Transaction Information: Complete details about purchases, orders, returns, exchanges, wishlists, shopping cart contents, browsing history on our site
  • Communication Information: All communications with us including emails, chat messages, customer support inquiries, reviews, feedback, survey responses, social media interactions
  • Marketing Information: Your interests, preferences, and responses to marketing campaigns

B. Information Collected Automatically: We automatically collect information when you use our Services, including:

  • Device Information: IP address, browser type and version, operating system, device identifiers, mobile network information, hardware models
  • Usage Information: Full browsing history on our site, pages visited, time and date of visits, time spent on pages, clickstream data, referring/exit pages, search queries, interaction with emails and advertisements
  • Location Information: Geographic location derived from IP address and device settings
  • Cookies and Tracking Technologies: Comprehensive data collected through cookies, web beacons, pixels, tags, local storage, and similar technologies

C. Information From Third Parties: We may receive information about you from:

  • Social media platforms
  • Payment processors and fraud prevention services
  • Marketing and analytics partners
  • Data brokers, aggregators, and public databases
  • Other third parties that provide us with customer information

We may combine information from different sources to create comprehensive profiles.

2. HOW WE USE YOUR INFORMATION

We use your personal information for broad business purposes, including:

A. Service Delivery and Operations:

  • Process and fulfill orders, payments, and transactions
  • Create and manage your account
  • Provide customer support
  • Send transactional communications
  • Verify identity and prevent fraud
  • Maintain and improve our Services

B. Business Intelligence and Development:

  • Conduct extensive research, analytics, and data analysis
  • Monitor and analyze trends, usage patterns, and customer behavior
  • Develop comprehensive customer profiles and segments
  • Test and improve features, products, and services
  • Create predictive models and algorithms
  • Benchmark performance and competitive analysis

C. Marketing and Advertising:

  • Send promotional emails, newsletters, and marketing materials
  • Display personalized advertisements across multiple platforms
  • Conduct targeted advertising campaigns
  • Create lookalike audiences for advertising
  • Track effectiveness of marketing initiatives
  • Conduct surveys, contests, and promotional activities
  • Provide personalized product recommendations
  • Retargeting and remarketing activities

D. Legal, Security, and Compliance:

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and government demands
  • Enforce our Terms of Service and policies
  • Protect our rights, property, and interests
  • Detect, investigate, and prevent fraud and security incidents
  • Resolve disputes and enforce agreements
  • Defend against legal claims

E. Other Business Purposes:

  • Any other purpose disclosed at the time of collection
  • Any purpose with your consent
  • Any purpose reasonably related to the above

3. LEGAL BASIS FOR PROCESSING

We process your personal information based on multiple legal grounds:

A. Consent: By using our Services, you consent to our processing activities described herein. You may withdraw consent, but this may limit your ability to use our Services.

B. Contractual Necessity: Processing is necessary to perform our agreement with you and provide Services you request.

C. Legitimate Interests: We have legitimate business interests in:

  • Operating and improving our business
  • Marketing our products and services
  • Protecting our business and users
  • Analyzing and understanding our customers
  • Developing new products and services

Our legitimate interests override your interests, rights, and freedoms unless you object and demonstrate compelling grounds.

D. Legal Obligation: Processing is necessary to comply with laws and regulations.

4. HOW WE SHARE YOUR INFORMATION

We share your personal information extensively to operate our business:

A. Service Providers and Partners: We share information with numerous third-party service providers, including:

  • E-commerce Platform: Shopify Inc. and its affiliates
  • Payment Processors: Stripe, PayPal, and other payment gateways
  • Shipping and Fulfillment: Multiple carriers, logistics providers, warehouses, and fulfillment centers worldwide
  • Marketing Services: Email platforms, advertising networks, social media platforms, affiliate networks, influencer platforms
  • Analytics Providers: Google Analytics, Facebook Pixel, TikTok Pixel, and numerous other analytics services
  • Customer Service: Help desk software, chat platforms, CRM systems
  • Cloud Services: Data hosting, storage, and computing providers
  • Security Services: Fraud detection, prevention, and cybersecurity providers
  • Data Brokers: Third parties that help us enhance customer data
  • Business Intelligence: Market research and competitive analysis firms

B. Advertising and Marketing Partners: We share information with advertising partners to:

  • Display targeted advertisements
  • Measure advertising effectiveness
  • Create custom and lookalike audiences
  • Conduct retargeting campaigns
  • Track conversions and attribution

C. Legal and Regulatory Disclosures: We may disclose information to:

  • Law enforcement and government authorities
  • Courts and legal counsel
  • Parties involved in legal proceedings
  • Regulatory bodies and auditors

D. Business Transfers: In the event of merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to successors or acquirers. You will be bound by any successor's privacy policy.

E. With Your Consent or Direction: When you authorize disclosure or direct us to share information.

F. Aggregate and De-identified Information: We may freely share anonymized, aggregated, or de-identified information that cannot reasonably identify you.

G. Other Disclosures: We may share information for any other purpose disclosed at the time of collection or with your consent.

5. INTERNATIONAL DATA TRANSFERS

A. Global Operations: Your personal information will be transferred to, stored, and processed in multiple countries worldwide, including countries that may not provide the same level of data protection as your country of residence.

B. Transfer Mechanisms: We use appropriate safeguards for international transfers, including Standard Contractual Clauses, adequacy decisions, and other mechanisms. However, we cannot guarantee the same level of protection in all jurisdictions.

C. Your Consent: By using our Services, you explicitly consent to the transfer of your information to any country where we or our service providers operate.

D. Different Laws Apply: When your information is in another country, it is subject to the laws of that country, including government access to data.

6. DATA RETENTION

A. Retention Periods: We retain your personal information for as long as necessary for our business purposes, which may extend well beyond the period of your active use of our Services.

Specific Retention:

  • Account Information: Until deletion request, plus indefinite retention for business records
  • Transaction Records: Minimum 7-10 years, potentially longer for legal purposes
  • Marketing Data: Indefinitely unless you opt-out
  • Analytics Data: Typically 26-50 months, but may be retained longer
  • Communications: Indefinitely for business records
  • Backups: Information in backups may persist beyond standard deletion periods

B. Discretionary Retention: We may retain information longer than stated periods if we determine it necessary for:

  • Legal compliance or potential litigation
  • Fraud prevention and security
  • Business operations and analytics
  • Exercising or defending legal rights

C. Aggregate Data: De-identified and aggregate data may be retained indefinitely.

7. YOUR PRIVACY RIGHTS

Your rights vary by jurisdiction. We will comply with applicable law, but we may interpret rights narrowly to protect our business interests.

A. General Rights (Subject to Limitations):

  • Right to Access: Request information about data we hold (subject to verification and exceptions)
  • Right to Correction: Request correction of inaccurate data (we may require supporting documentation)
  • Right to Deletion: Request deletion (subject to numerous exceptions including legal obligations, fraud prevention, business records, and exercising legal rights)
  • Right to Opt-Out: Opt-out of certain marketing (does not apply to all communications)

B. Limitations on Rights: Your rights are subject to significant limitations. We may deny requests if:

  • We cannot verify your identity
  • The request is excessive, repetitive, or manifestly unfounded
  • It would require disproportionate effort
  • It conflicts with legal obligations or our legal rights
  • It would compromise trade secrets or intellectual property
  • It interferes with fraud prevention or security
  • It relates to information in backup systems
  • Required by law or to defend legal claims
  • Necessary for our legitimate business interests

C. Response Time and Fees: We will respond within the time required by law (typically 30-45 days), which may be extended. We may charge reasonable fees for excessive or repetitive requests.

D. Verification Required: We require extensive verification before processing requests, which may include government-issued ID and other documentation.

E. No Guarantee of Deletion: Even if we approve a deletion request, information may persist in:

  • Backup systems (not required to be deleted)
  • Archived records
  • Aggregate or de-identified data
  • Records retained for legal purposes
  • Third-party systems beyond our control

8. COOKIES AND TRACKING TECHNOLOGIES

A. Extensive Use of Cookies: We use numerous cookies and tracking technologies to collect comprehensive information about your activities on and off our Services.

Types Include:

  • Essential cookies (required for functionality)
  • Analytics cookies (track all activities)
  • Marketing cookies (track across sites and devices)
  • Third-party cookies (from numerous partners)
  • Persistent cookies (remain for extended periods)

B. Third-Party Tracking: We allow numerous third parties to collect information about you through our Services, including:

  • Advertising networks
  • Analytics providers
  • Social media platforms
  • Data brokers
  • Marketing partners

These third parties may track you across sites and over time.

C. Limited Opt-Out: While you can adjust browser settings, this may significantly impair your ability to use our Services. Some tracking may continue even if you disable cookies through alternative identifiers.

D. Cross-Device Tracking: We and our partners may link your activities across multiple devices to create comprehensive profiles.

9. DO NOT TRACK AND ONLINE TRACKING

A. DNT Signals: We do not respond to Do Not Track (DNT) signals or similar mechanisms. Tracking will continue regardless of browser settings.

B. Third-Party Tracking: We cannot control third-party tracking. Third parties may continue tracking even if you opt-out of our tracking.

C. Interest-Based Advertising: We participate extensively in interest-based advertising. Opt-out mechanisms are limited and may not prevent all tracking.

10. CHILDREN'S PRIVACY

A. Age Restrictions: Our Services are not directed to individuals under 18. However, we do not actively verify user ages.

B. No Liability: We are not responsible for false age information provided by users. If a minor provides information, it will be treated as adult information unless we receive verified parental requests for deletion.

11. SECURITY MEASURES

A. Reasonable Security: We implement security measures we deem reasonable, but we make no guarantees about security.

B. No Liability: We are not liable for security breaches, unauthorized access, or data loss, even if due to our negligence or failure to implement adequate security.

C. Your Responsibility: You are primarily responsible for protecting your information. We recommend strong security practices but assume no liability for your security failures.

12. DATA BREACH NOTIFICATION

A. Discretionary Notification: We will notify you of data breaches as required by law, but we retain discretion in determining what constitutes a reportable breach and who is affected.

B. Limited Information: Breach notifications will include only information required by law. We may withhold details to protect our business interests and ongoing investigations.

C. Timing: We will notify within legal timeframes but may delay notification if it would impede investigations or create security risks.

13. RELATIONSHIP WITH SHOPIFY

A. Shopify as Platform Provider: NOTAG operates on Shopify's platform. Shopify collects and processes extensive information about your use of our Services.

B. Dual Processing: Both NOTAG and Shopify process your information. Shopify may use your information for its own business purposes, including:

  • Providing and improving Shopify platform
  • Analytics and research across merchants
  • Marketing and business development
  • Creating merchant and customer insights
  • Fraud detection across the Shopify ecosystem

C. Shared Responsibility: For some processing activities, responsibility is shared between NOTAG and Shopify. You may need to contact both parties regarding your data.

D. Shopify's Rights: Shopify has independent rights to use and process your information. Review Shopify's Privacy Policy at https://www.shopify.com/legal/privacy

E. Third-Party Controller: Shopify is a separate data controller for certain processing activities. We are not responsible for Shopify's data practices.

14. THIRD-PARTY SERVICES

A. Extensive Third-Party Integration: Our Services integrate with numerous third-party services that collect information about you independently.

B. No Responsibility: We are not responsible for third-party privacy practices, data collection, or security. Third parties have their own privacy policies.

C. Independent Relationships: Your interactions with third parties create independent relationships. We are not liable for third-party actions.

15. MARKETING COMMUNICATIONS

A. Broad Marketing: By providing your contact information, you consent to receiving marketing communications from us and our partners.

B. Multiple Channels: Marketing may occur via email, SMS, phone calls, direct mail, social media, and targeted advertising.

C. Limited Opt-Out: You may opt-out of some marketing, but:

  • Opt-out does not apply to transactional communications
  • Opt-out does not prevent all marketing (e.g., targeted ads may continue)
  • Processing opt-outs may take up to 30 days
  • We may continue marketing through alternative channels

D. Partner Marketing: Third-party partners may contact you independently based on information we share. You must opt-out with them separately.

16. CALIFORNIA-SPECIFIC DISCLOSURES

A. Information We Collect: In the past 12 months, we collected all categories of personal information listed in the CCPA.

B. Information We Disclose: We disclose all categories of personal information to service providers, business partners, and other third parties for business purposes.

C. Sale and Sharing: While we don't "sell" information in the traditional sense, we "share" information with advertising partners for cross-context behavioral advertising. This may constitute a "sale" under CCPA's broad definition.

D. Opt-Out: California residents may opt-out of "sale/sharing" at support@notag.co. However, opting out may significantly limit functionality and your ability to use our Services.

E. No Financial Incentives: We do not currently offer financial incentives for personal information, but we reserve the right to do so.

F. Authorized Agents: We require extensive verification for authorized agent requests and may contact you directly to confirm.

17. EUROPEAN UNION DISCLOSURES

A. Data Controller: NOTAG is the data controller. We determine purposes and means of processing.

B. Legal Basis: We rely primarily on legitimate interests and contractual necessity. Consent is obtained where required, but we may continue processing on other grounds even if you withdraw consent.

C. Automated Decision-Making: We may use automated decision-making, including profiling, for fraud prevention, personalization, and marketing. You may object, but this may limit Services.

D. International Transfers: Your data will be transferred outside the EU/EEA. While we use appropriate safeguards, protection levels may differ.

E. Supervisory Authority: You may complain to your local data protection authority, but we encourage you to contact us first to resolve issues.

18. YOUR CONSENT TO THIS POLICY

A. Binding Agreement: This Privacy Policy is a binding agreement. By using our Services, you agree to all terms.

B. Continued Use Equals Consent: Continued use after policy changes constitutes acceptance of new terms.

C. Required for Service: You cannot use our Services without agreeing to this Privacy Policy. If you do not agree, do not use our Services.

19. DISPUTE RESOLUTION

A. Informal Resolution: You must first attempt to resolve privacy disputes informally by contacting us.

B. Arbitration: Privacy disputes are subject to the arbitration clause in our Terms of Service, where applicable.

C. Class Action Waiver: You waive the right to bring class actions regarding privacy disputes, where legally permitted.

D. Limitation Period: Claims must be brought within one year of discovery or be forever barred.

20. LIMITATION OF LIABILITY

A. Maximum Liability: Our maximum liability for privacy-related claims is limited to the amount you paid us in the 12 months preceding the claim, or $100, whichever is less.

B. No Consequential Damages: We are not liable for indirect, consequential, special, or punitive damages arising from privacy issues, data breaches, or unauthorized access.

C. No Warranties: We provide no warranties regarding privacy, security, or data protection beyond those required by law.

21. CHANGES TO PRIVACY POLICY

A. Unilateral Changes: We may change this Privacy Policy at any time for any reason without prior notice.

B. Immediate Effect: Changes are effective immediately upon posting unless otherwise stated.

C. Retroactive Application: Policy changes may apply to information previously collected unless prohibited by law.

D. Continued Use: Continued use after changes constitutes acceptance.

22. INTERPRETATION

A. Broad Interpretation: This Privacy Policy should be interpreted broadly in our favor to protect our business interests.

B. English Version Controls: If there are conflicts between language versions, the English version controls.

C. Severability: If any provision is invalid, the rest remains in effect, and the invalid provision will be modified to achieve our intent to the maximum extent permitted.

23. CONTACT INFORMATION

For privacy inquiries:

NOTAG
Email: support@notag.co
Subject Line: "Privacy Inquiry"

Response Time: We will respond within legal timeframes (typically 30-45 days).

ACKNOWLEDGMENT

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY. YOUR USE OF OUR SERVICES CONSTITUTES YOUR EXPLICIT CONSENT TO ALL DATA COLLECTION, USE, AND DISCLOSURE PRACTICES DESCRIBED HEREIN.