Privacy Policy

Your Privacy Is Our Priority

Welcome to the Privacy Policy of Moss Theory LLC. We are located at 117 S Lexington St Ste 100, Harrisonville, MO 64701, USA. You can reach us via email at seller06.etw@gmail.com or by phone at +84943423971. This policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website mosstheory.online (the “Site”) and purchase products such as Men’s ShirtsWomen’s Sweatshirts & SweatpantsWomen’s Jackets & Coats, and Women’s Shorts.

We respect your privacy and are committed to protecting your personal data. This policy will inform you about the types of data we process, the lawful bases for processing, how long we retain data, who we share it with, and what rights you have under applicable laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) for our European customers.

Please read this policy carefully. By using the Site or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use the Site or provide us with your information.

We may update this Privacy Policy from time to time. The “Last Updated” date at the bottom of this page indicates when the policy was last revised. Your continued use of the Site after changes are posted constitutes your acceptance of the revised policy.

Section 1: Information We Collect

We collect several types of information from and about you, both directly (when you provide it) and automatically (through your use of the Site). Understanding what we collect is the first step in understanding how we protect it.

1.1 Personal Information You Provide Directly

When you interact with Moss Theory LLC, we may ask you to provide the following categories of personal information:

  • Identity Data: Full name, date of birth (if required for age verification), and username (if you create an account).

  • Contact Data: Billing address, shipping address, email address, and telephone number (the phone number you provided, which may be used for delivery coordination).

  • Financial Data: Credit card numbers, debit card numbers, or other payment method details. Important: We do not store full payment card numbers. All payment information is collected and tokenized by Stripe, our third-party payment processor. We only store the last four digits of your card and the card brand (e.g., Visa, Mastercard) for reference and refund processing.

  • Transaction Data: Details about products you have purchased from us, order history, returns, refunds, and exchanges.

  • Account Data: If you create an account, we store your email address, hashed password (we never see your plain-text password), saved shipping addresses, and wishlist items.

  • Communication Data: Any correspondence you send to us via email (seller06.etw@gmail.com), phone, or through the contact form on the Site. This includes customer service inquiries, return requests, and product reviews.

  • Marketing and Survey Data: Your preferences for receiving marketing communications from us, responses to surveys, and feedback you provide.

1.2 Information Collected Automatically (Through Cookies and Similar Technologies)

When you browse the Site, we automatically collect certain technical data using cookies, web beacons, and log files. This information is typically anonymized or pseudonymized and does not directly identify you. Categories include:

  • Device Data: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), and screen resolution.

  • Usage Data: Pages you visit, time and date of your visit, time spent on each page, clickstream data (the links you click), search queries, and referral URL (the website you came from).

  • Location Data: General geographic location derived from your IP address (e.g., country, city, state). We do not collect precise GPS location unless you grant permission (which we do not request).

1.3 Information from Third Parties

We may receive personal information about you from third-party service providers, such as:

  • Stripe: Provides us with transaction confirmation and, in the case of disputes or fraud investigations, limited cardholder data (only with your consent or as required by law).

  • Carriers (USPS, UPS, DHL): Provide us with delivery confirmation and, in some cases, address correction suggestions.

  • Social Media Platforms: If you interact with our social media pages (e.g., Instagram, Facebook), those platforms may share aggregated analytics with us, but we do not directly collect your social media profile information unless you explicitly provide it.

1.4 Special Categories of Sensitive Data

We do not intentionally collect any “sensitive” personal data (e.g., racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or sexual orientation). Please do not provide such information to us. If you inadvertently share health information (e.g., in a customer service email about a skin reaction to a fabric), we will treat it as confidential and delete it after resolving your issue.

Section 2: How We Use Your Information

We use your personal information for specific, lawful purposes. Under data protection laws, we must have a legal basis for each use. Our legal bases include: (a) performance of a contract (e.g., fulfilling your order), (b) compliance with a legal obligation, (c) legitimate interests (e.g., improving our services), and (d) your consent (e.g., marketing emails).

2.1 To Process and Fulfill Your Orders (Contract Performance)

  • Process payments through Stripe.

  • Verify your identity to prevent fraud.

  • Ship products to your provided address.

  • Communicate order confirmation, shipping updates, and delivery status.

  • Handle returns, refunds, and exchanges.

  • Provide customer support related to your purchase.

2.2 To Manage Your Account (Contract Performance)

  • Create and maintain your customer account.

  • Store your saved addresses and wishlist for faster checkout.

  • Allow you to view your order history.

2.3 To Improve Our Website and Products (Legitimate Interest)

  • Analyze usage data to understand how customers navigate the Site, which products are most viewed, and where users drop off during checkout.

  • Conduct A/B testing to optimize page design and conversion rates.

  • Gather feedback through surveys to improve product quality and fit.

2.4 To Communicate With You (Legitimate Interest and/or Consent)

  • Transactional Communications (no opt-out): Send order confirmations, shipping updates, return status, and other non-marketing messages necessary for your purchase. You cannot unsubscribe from these because they are essential to fulfilling your contract.

  • Marketing Communications (opt-in required): Send promotional emails about new collections, sales, discounts, and company news. We only send these if you have explicitly opted in (e.g., by checking a box at checkout or signing up for our newsletter). You can unsubscribe at any time by clicking the “Unsubscribe” link at the bottom of any marketing email.

2.5 To Comply With Legal Obligations (Legal Requirement)

  • Respond to lawful requests from law enforcement, courts, or regulatory agencies.

  • Maintain records required by tax laws (e.g., transaction history for 7 years).

  • Detect and prevent fraud, money laundering, or other illegal activities.

2.6 For Security and Fraud Prevention (Legitimate Interest and Legal Obligation)

  • Monitor transactions for suspicious activity using Stripe Radar.

  • Investigate chargebacks and unauthorized account access.

  • Implement and maintain security measures (e.g., encryption, firewalls).

Section 3: Sharing Your Information (Disclosures to Third Parties)

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. However, we share your data with certain categories of service providers who help us operate our business. All third parties are contractually obligated to protect your data and use it only for the purposes we specify.

3.1 Payment Processing (Stripe)

Stripe, Inc. processes all payments on our behalf. When you enter your credit card information, it is sent directly to Stripe’s PCI-compliant servers. We receive only a token (a unique identifier that cannot be reversed) and the last four digits of your card. Stripe’s privacy policy is available at stripe.com/privacy. Stripe may retain your payment information according to its own retention policies (typically 1-3 years for fraud prevention).

3.2 Shipping Carriers (USPS, UPS, DHL)

We share your name, shipping address, phone number, and email address with our carriers to generate shipping labels and provide tracking updates. Carriers may use your phone number to send delivery notifications or to contact you if delivery is problematic. Each carrier has its own privacy policy.

3.3 Email Service Provider (for Marketing)

If you opt into marketing emails, we share your email address with our email marketing platform (currently Mailchimp or similar, subject to change). This platform helps us design and send promotional campaigns. You can unsubscribe directly through any email.

3.4 IT and Analytics Providers

We use services such as Google Analytics to analyze website traffic. Google Analytics collects anonymized IP addresses and usage data. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

We may also use Cloudflare for website security and performance; Cloudflare may process your IP address as part of its service.

3.5 Legal and Regulatory Authorities

We may disclose your personal information if required to do so by law or in response to a valid request from a government agency (e.g., subpoena, court order, search warrant). We will notify you of such disclosure unless prohibited by law.

3.6 Business Transfers (Merger or Acquisition)

If Moss Theory LLC is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred to the new owner as part of that transaction. We will notify you via email and/or a prominent notice on the Site of any change in ownership or use of your personal information.

3.7 With Your Consent

We may share your information for other purposes with your explicit consent (e.g., if you ask us to share your review on our social media).

Section 4: Cookies and Tracking Technologies

Cookies are small text files placed on your device when you visit a website. We use cookies to enhance your experience, remember your preferences, and analyze traffic.

4.1 Types of Cookies We Use

Cookie Type Purpose Duration
Strictly Necessary Cookies Required for the Site to function (e.g., shopping cart, checkout, security). Cannot be disabled. Session (deleted when you close browser) or persistent (up to 1 year)
Functional Cookies Remember your preferences (e.g., language, currency, saved cart for logged-out users). Up to 1 year
Analytics/Performance Cookies Collect anonymized data about how you use the Site (pages visited, links clicked). We use Google Analytics. Up to 2 years
Targeting/Advertising Cookies Used to show you relevant ads on other websites (retargeting). We do not currently run retargeting ads, but may in the future. If we do, we will update this policy. N/A for now

4.2 Your Cookie Choices

Most web browsers allow you to control cookies through browser settings. You can:

  • Delete all cookies (instructions vary by browser: Chrome, Firefox, Safari, Edge).

  • Block third-party cookies (which may break some non-essential Site features).

  • Set your browser to notify you before a cookie is set.

If you disable strictly necessary cookies, the checkout and cart functions may not work. We recommend leaving them enabled for a smooth shopping experience.

4.3 Do Not Track (DNT)

Some browsers support a “Do Not Track” (DNT) signal. Our Site does not currently respond to DNT signals because there is no universally accepted standard. However, you can use browser extensions to block tracking scripts.

Section 5: Data Retention (How Long We Keep Your Information)

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, plus any additional period required by law (e.g., tax records).

Data Category Retention Period Reason
Order transaction data (name, address, purchase details, last 4 digits of card) 7 years from the date of transaction Required by US tax law (IRS) for audit purposes.
Customer account information (email, hashed password, saved addresses) Until you delete your account, plus 30 days To allow you to access your order history and expedite future purchases.
Customer service emails and chat transcripts 3 years from last contact To resolve disputes and track recurring issues.
Marketing opt-in records Until you unsubscribe, plus 2 years after last engagement (e.g., email open) To comply with anti-spam laws and respect your preferences.
Website analytics (anonymized) 26 months (Google Analytics default) To analyze long-term traffic trends.
Payment token from Stripe Managed by Stripe (typically 1-3 years) Stripe’s retention policy. We do not control this.

After the retention period expires, we will securely delete or anonymize your data. Anonymized data (which cannot be linked back to you) may be retained indefinitely for statistical purposes.

Section 6: Data Security (How We Protect You)

We take data security seriously. We have implemented appropriate technical and organizational measures to protect your personal information from accidental loss, unauthorized access, alteration, or disclosure.

6.1 Technical Safeguards

  • Encryption: All data transmitted between your browser and our Site is encrypted using TLS 1.2 or higher (look for the padlock icon in your browser’s address bar). Stored data (backups) is encrypted at rest.

  • PCI Compliance: Our payment processing is fully outsourced to Stripe, which is PCI DSS Level 1 certified (the highest level). We never store full card numbers on our servers.

  • Access Controls: Only authorized employees (operations and customer service) have access to your personal information, and only to the extent necessary to perform their jobs (e.g., a shipping clerk sees your address but not your payment details).

  • Regular Security Audits: We perform quarterly vulnerability scans and annual penetration tests (using third-party security firms).

6.2 Organizational Measures

  • Employee Training: All staff are trained on data privacy and security best practices. They sign confidentiality agreements.

  • Incident Response Plan: In the unlikely event of a data breach, we will notify affected customers within 72 hours (as required by law) and report to relevant authorities.

6.3 Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your interaction with us is no longer secure (e.g., you suspect your password has been compromised), please change your password immediately (if you have an account) and email us at seller06.etw@gmail.com.

Section 7: Your Privacy Rights (CCPA, GDPR, and Other Laws)

Depending on where you reside, you may have certain rights regarding your personal information. We respect these rights and will honor valid requests.

7.1 Rights for California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.

  • Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions (e.g., we may need to retain data to complete a transaction, detect fraud, or comply with legal obligations).

  • Right to Opt-Out of Sale: We do not sell your personal information, so there is nothing to opt out of.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights (e.g., we will not charge you different prices or deny you service).

To exercise your CCPA rights, please email seller06.etw@gmail.com with the subject line “CCPA REQUEST.” We will verify your identity by asking for your order number, email address, and possibly the last 4 digits of a card used in a recent transaction. We will respond within 45 days (extendable by 45 more days with notice).

7.2 Rights for European Union Residents (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) grants you the following rights:

  • Right to Access: Obtain confirmation of whether we process your data, and request a copy (data portability).

  • Right to Rectification: Correct inaccurate or incomplete data.

  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal retention obligations.

  • Right to Restrict Processing: Limit how we use your data while a dispute is resolved.

  • Right to Object: Object to processing based on legitimate interests (e.g., direct marketing). You can always unsubscribe from marketing emails.

  • Right to Data Portability: Receive your data in a structured, machine-readable format (e.g., CSV) and transmit it to another controller.

  • Right to Withdraw Consent: If we rely on your consent (e.g., for marketing emails), you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise GDPR rights, email seller06.etw@gmail.com with “GDPR REQUEST” in the subject line. We will respond within one month. We may request identification to prevent fraudulent requests.

7.3 Rights for Other US States (Virginia, Colorado, Connecticut, Utah)

If you reside in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you have similar rights to access, delete, correct, and opt out of processing for targeted advertising or profiling. We do not engage in profiling for legal decisions. Please email us as above.

7.4 How to File a Complaint

If you are unsatisfied with our response to your privacy request, you may file a complaint with your local data protection authority:

  • US (California): California Attorney General – https://oag.ca.gov/privacy

  • EU: Your local supervisory authority (e.g., ICO in the UK, CNIL in France).

  • Other: Contact us and we will provide the appropriate contact.

Section 8: Children’s Privacy (COPPA Compliance)

Our website and products are intended for adults aged 18 and older. We do not knowingly collect personal information from children under the age of 13 (or under 16 for certain jurisdictions). If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at seller06.etw@gmail.com. Upon verification, we will delete that information from our records.

We do not market to children, and our products (apparel) are not designed specifically for children under 13.

Section 9: International Data Transfers

Moss Theory LLC is based in the United States (Missouri). If you are accessing the Site from outside the US, please be aware that your personal information will be transferred to, stored, and processed in the US, where data protection laws may differ from those in your country.

For customers in the European Economic Area (EEA), we rely on the following legal mechanisms for data transfers:

  • Standard Contractual Clauses (SCCs): We have executed SCCs with our third-party service providers (Stripe, Google Analytics) as approved by the European Commission.

  • Adequacy Decisions: The US does not have an adequacy decision from the EU, but we ensure appropriate safeguards are in place.

By using our Site or providing your information, you consent to the transfer of your data to the US.

Section 10: Third-Party Links

Our Site may contain links to third-party websites (e.g., social media platforms, Stripe’s documentation). This Privacy Policy does not apply to those websites. We are not responsible for the privacy practices or content of third parties. We encourage you to read the privacy policies of any website you visit.

Section 11: Do Not Sell My Personal Information (CCPA)

As stated above, Moss Theory LLC does not sell your personal information. We do not exchange your data for monetary or other valuable consideration with any third party for their own marketing purposes. Therefore, there is no “Do Not Sell My Info” link to implement. If our practices change in the future, we will update this policy and provide an opt-out mechanism.

Section 12: Changes to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in technology, law, or our business practices. When we make material changes, we will:

  • Post the updated policy on this page with a new “Last Updated” date.

  • Notify you by email (if you have provided your email and opted in to transactional messages) or via a prominent notice on the Site at least 30 days before the changes take effect.

Your continued use of the Site after the effective date constitutes your acceptance of the revised policy. If you do not agree, please stop using the Site and contact us to delete your data (subject to legal retention).

Section 13: Contact Information & Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the following details:

Moss Theory LLC
Attn: Privacy Officer
117 S Lexington St Ste 100
Harrisonville, MO 64701
United States

Email (preferred for privacy requests): seller06.etw@gmail.com
Phone: +84943423971 (weekdays 10 AM – 4 PM Central Time)
Website: mosstheory.online

For privacy-specific requests, please include in your email subject line one of the following:

  • “PRIVACY REQUEST – ACCESS”

  • “PRIVACY REQUEST – DELETION”

  • “PRIVACY REQUEST – CORRECTION”

  • “PRIVACY REQUEST – COMPLAINT”

We will respond within the timeframes required by applicable law (30 days for GDPR, 45 days for CCPA). We may ask for verification of identity to protect your data from unauthorized access.

Section 14: Additional Disclosures for Specific Jurisdictions

14.1 Nevada Residents (SB 220)

Nevada law allows residents to opt out of the sale of their personal information. Since we do not sell personal information, no action is required. If you have any questions, contact us.

14.2 Canadian Residents (PIPEDA)

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access and correct your information. For complaints, you may contact the Office of the Privacy Commissioner of Canada.

14.3 Australian Residents (Privacy Act 1988)

We comply with the Australian Privacy Principles (APPs). You may request access to your data or make a complaint. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC).

Section 15: Summary of Key Points

To make it easy to remember, here is a plain-language summary of our Privacy Policy:

  • What we collect: Your name, address, email, phone number, payment info (via Stripe), and browsing behavior.

  • Why we collect: To process orders, ship products, prevent fraud, and (with your permission) send marketing emails.

  • Who we share with: Stripe (payments), shipping carriers (USPS, UPS, DHL), analytics providers (Google), and law enforcement if required.

  • We do NOT sell your data. Period.

  • Your rights: You can access, correct, or delete your data. California and EU residents have additional rights.

  • Data security: We use encryption, access controls, and regular audits.

  • Cookies: We use necessary and analytics cookies. You can disable them, but the Site may not work properly.

  • Children: We do not knowingly collect data from anyone under 13.

Section 16: Acknowledgment and Consent

By using the Site, you acknowledge that you have read and understood this Privacy Policy. You consent to the collection, use, and disclosure of your personal information as described herein. If you do not consent, please do not use the Site.

If you have provided us with personal information about another individual (e.g., a gift recipient), you represent that you have obtained their consent to share that information with us for the purposes described.

Moss Theory LLC – Where your privacy is as important as your style.

Continue shopping with confidence at mosstheory.online