1) What we collect
We collect information in three ways: you provide it, it’s collected automatically, or we receive it from partners.
- Information you provide: name, email, shipping/billing address, phone, order details, returns info, support messages.
- Payment details: handled by our payment processor; we receive limited payment confirmations and last-4 digits only. We do not store full card numbers or CVV/CVC. PCI guidance discourages storing sensitive authentication data at all.
- Automatic data: device/usage data like IP address, browser type, pages viewed, clicks, timestamps, and approximate location derived from IP; cookies and similar technologies.
- Marketing preferences: newsletter opt-ins/opt-outs, campaign interactions.
- Inferences: preferences or interests derived from other data (for example, product categories you browse).
2) Cookies and tracking
We use cookies and similar tech for core functionality (cart, checkout), analytics, and optionally advertising/retargeting.
- Control: You can adjust browser settings to reject or delete cookies.
- Opt-out signals: If we “sell or share” personal information for cross-context behavioral advertising, we will provide a “Do Not Sell or Share My Personal Information” link and honor Global Privacy Control (GPC) signals where required.
3) How we use information
- To process and fulfill orders, returns, and customer support
- To operate, secure, and improve the site and our services
- To personalize experiences and measure performance
- To send transactional emails and, with your consent, marketing
- To comply with legal obligations and prevent fraud or abuse
4) How we share information
We share personal information with:
- Service providers performing services for us (payment processing, fraud prevention, fulfillment, email, analytics).
- Advertising and analytics partners if enabled on our site (you can opt out as described below).
- Corporate transactions (merger, acquisition, or asset sale).
- Legal and safety (to comply with law, enforce terms, or protect rights).
- With your direction or consent.
We do not sell your personal information for money. If we engage in “sale” or “sharing” under California law (for cross-context behavioral advertising), you will see a clear opt-out mechanism and we will honor GPC.
5) Your privacy rights (U.S. state disclosures)
Depending on your state (for example, California), you may have rights to:
- Know/Access the categories and specific pieces of personal information we have collected
- Delete personal information (subject to legal exceptions)
- Correct inaccurate information
- Opt out of sale or sharing of personal information and of targeted advertising
- Limit the use of sensitive personal information (where applicable)
- Non-discrimination for exercising your privacy rights
California’s CCPA/CPRA describes these rights and requires honoring GPC as an opt-out signal for sale/sharing.
How to exercise your rights
Submit a request via our webform or email us at privacy@mothslayer.com. We will verify requests using information we already hold and respond within applicable timelines. If your state provides an appeals process for denied requests, you may appeal by replying “Appeal” to our decision email and we’ll review again.
6) Children’s privacy
Our site and products are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected such information without verifiable parental consent, we will delete it. For more about U.S. children’s privacy rules, see the FTC’s COPPA guidance.
7) Data retention
We keep personal information only as long as necessary for the purposes described above, for security and fraud prevention, to comply with law, and to resolve disputes. Then we delete or de-identify it.
Our default schedule (customize to your operations):
- Order and tax records: up to 7 years (typical accounting/tax retention) 【EDIT ME if your accountant says otherwise】
- Customer support tickets: 24 months after last interaction
- Marketing subscriptions and consent logs: until you unsubscribe, plus 24 months to maintain suppression records
- Web server logs: 12 months
When deleting or disposing of data and media, we follow recognized guidance on secure disposal/sanitization appropriate to the medium (for example, cryptographic erase or physical destruction).
8) Security
We use administrative, technical, and physical safeguards appropriate to our size and the sensitivity of the information we handle, including:
- Transport-layer encryption (HTTPS/TLS) for data in transit
- Encryption at rest where appropriate for stored data
- Role-based access, least privilege, and MFA for administrative access
- Secure software practices, vulnerability management, logging, and monitoring
- Vendor due diligence and contractual security requirements
- Incident response and breach notification processes
The FTC advises businesses to implement reasonable security tailored to their risks and data types; no method is 100% secure.
Payments: We use a PCI-compliant processor and do not store full card numbers or CVV/CVC codes on our systems.
9) Do Not Track and Global Privacy Control
Some browsers offer Do Not Track (DNT) signals; there is no standard requiring action on DNT. If we engage in activities considered sale/sharing, we honor opt-out preference signals such as Global Privacy Control (GPC) as required by California law.
10) U.S. only
Our site is intended for U.S. residents and is hosted in the United States. If you access the site from outside the U.S., you understand your information will be processed in the U.S., where laws may differ from your jurisdiction.
11) Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new Effective date and indicate material changes on the site.
12) Contact us
Questions or requests regarding this Policy can be sent to privacy@mothslayer.com or mailed to 1201 Orange Street, One Commerce Centre, Wilmington, Delaware 19801.
