Privacy Policy

GRILLZ.COM, INC. PRIVACY POLICY

 

Effective Date: August 8, 2025
Last Updated: January 1, 2025


IMPORTANT NOTICE

This Privacy Policy governs the collection, use, processing, and disclosure of personal information by Grillz.com, Inc. ("Grillz," "Company," "we," "us," or "our"). By accessing or using our website at www.grillz.com (the "Site"), mobile applications, services, or any affiliated platforms (collectively, the "Services"), you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service.

IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, DO NOT USE OUR SERVICES.

1. SCOPE AND DEFINITIONS

1.1 Covered Services

This Privacy Policy applies to all interactions with Grillz through:

  • Our website (www.grillz.com)
  • Mobile applications
  • E-commerce platforms
  • Social media interactions
  • Email communications
  • Customer service interactions
  • Third-party integrations

1.2 Key Definitions

  • "Personal Information" means information that identifies, relates to, describes, or is reasonably capable of being associated with a particular individual
  • "Processing" includes collection, use, storage, disclosure, deletion, or any other handling of information
  • "Third Parties" include service providers, business partners, and other entities we work with

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

  • Account Information: Name, username, password, email address, phone number
  • Billing and Shipping Information: Credit/debit card details, billing address, shipping address, PayPal information
  • Profile Information: Age, gender, preferences, profile photos
  • Transaction Data: Purchase history, order details, payment information, returns/exchanges
  • Communications: Messages, reviews, comments, customer service interactions, survey responses
  • User-Generated Content: Photos, videos, reviews, testimonials, social media posts

2.2 Information Collected Automatically

  • Device Information: IP address, device ID, browser type and version, operating system, screen resolution
  • Usage Data: Pages visited, time spent, click patterns, search queries, referral sources, exit pages
  • Location Data: General geographic location based on IP address or precise location (with consent)
  • Technical Data: Cookies, pixels, beacons, session recordings, heatmaps

2.3 Information from Third Parties

  • Social Media Platforms: When you connect social accounts or interact with our social content
  • Data Brokers: Demographic and interest data from marketing partners
  • Public Sources: Publicly available information that supplements your profile
  • Business Partners: Information from authorized retailers, affiliates, or co-marketing partners

3. HOW WE COLLECT INFORMATION

3.1 Direct Collection Methods

  • Account registration and profile creation
  • Purchase transactions and checkout processes
  • Customer service interactions
  • Newsletter subscriptions and marketing opt-ins
  • Contest, sweepstakes, and survey participation

3.2 Automatic Collection Technologies

  • Cookies: Essential, functional, analytics, and advertising cookies
  • Web Beacons: Tracking pixels in emails and web pages
  • Analytics Tools: Google Analytics 4, Adobe Analytics, proprietary tracking
  • Social Media Pixels: Facebook/Meta Pixel, TikTok Pixel, Snapchat Pixel
  • Session Recording: Hotjar, FullStory for user experience optimization

3.3 Third-Party Integrations

  • Payment Processors: Stripe, PayPal, Apple Pay, Google Pay
  • Shipping Partners: FedEx, UPS, USPS, DHL
  • Marketing Platforms: Klaviyo, Mailchimp, Constant Contact
  • Accessibility Services: EqualWeb, AudioEye
  • Consent Management: CookieYes, OneTrust, TrustArc

4. HOW WE USE YOUR INFORMATION

4.1 Primary Business Purposes

  • Order Fulfillment: Processing transactions, managing inventory, shipping products, handling returns
  • Customer Service: Responding to inquiries, resolving issues, providing technical support
  • Account Management: Creating and maintaining user accounts, authentication, security
  • Product Improvement: Developing new products, improving existing offerings, customization

4.2 Marketing and Communications

  • Promotional Marketing: Email campaigns, SMS marketing, push notifications (with consent)
  • Targeted Advertising: Personalized ads across platforms, retargeting campaigns
  • Content Personalization: Customized website experience, product recommendations
  • Cross-Platform Marketing: Coordinated campaigns across email, social media, and web

4.3 Analytics and Research

  • Website Analytics: User behavior analysis, conversion tracking, A/B testing
  • Market Research: Trend analysis, customer insights, demographic studies
  • Performance Optimization: Site speed, user experience, conversion rate optimization

4.4 Legal and Compliance

  • Legal Obligations: Tax reporting, regulatory compliance, law enforcement cooperation
  • Security: Fraud prevention, risk assessment, account protection
  • Business Operations: Mergers, acquisitions, asset transfers, bankruptcy proceedings

5. HOW WE SHARE YOUR INFORMATION

5.1 Service Providers and Vendors

We share information with trusted third parties who provide services on our behalf:

  • Payment Processing: Stripe, PayPal, financial institutions
  • Shipping and Logistics: Delivery services, fulfillment centers
  • Technology Services: Cloud hosting (AWS, Google Cloud), CDN providers
  • Marketing Services: Email platforms, SMS providers, advertising networks
  • Analytics Providers: Google, Adobe, specialized analytics firms

5.2 Advertising and Marketing Partners

  • Social Media Platforms: Facebook/Meta, Google, TikTok, Snapchat, Pinterest
  • Advertising Networks: Google Ads, Amazon DSP, programmatic platforms
  • Affiliate Programs: Commission tracking, performance marketing partners
  • Influencer Platforms: Creator marketplaces, influencer management tools

5.3 Legal and Business Disclosures

We may disclose information when required by law or to protect our business:

  • Legal Process: Court orders, subpoenas, government investigations
  • Law Enforcement: Criminal investigations, regulatory inquiries
  • Business Transfers: Mergers, acquisitions, asset sales, bankruptcy
  • Fraud Prevention: Security investigations, risk assessment

5.4 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you for:

  • Industry benchmarking and research
  • Marketing insights and trends
  • Product development and innovation
  • Academic research and publications

IMPORTANT: We do not sell personal information for monetary consideration. However, some data sharing activities may constitute "selling" or "sharing" under certain state privacy laws.

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 Types of Cookies We Use

Essential Cookies (Always Active)

  • Authentication and session management
  • Shopping cart functionality
  • Security and fraud prevention
  • Core website operations

Functional Cookies (Opt-In Required)

  • Language and region preferences
  • Accessibility settings
  • User interface customization
  • Remember me functionality

Analytics Cookies (Opt-In Required)

  • Google Analytics 4
  • Adobe Analytics
  • Custom analytics tools
  • Performance monitoring

Advertising Cookies (Opt-In Required)

  • Facebook/Meta Pixel
  • Google Ads conversion tracking
  • TikTok Pixel
  • Retargeting and remarketing

6.2 Managing Cookie Preferences

You can control cookies through:

  • Browser Settings: Most browsers allow cookie management
  • Consent Management Platform: Our cookie banner and preference center
  • Opt-Out Tools: Industry opt-out mechanisms (NAI, DAA)
  • Do Not Track: We honor Do Not Track signals where technically feasible

6.3 Cross-Device Tracking

We may link information across devices you use to provide a consistent experience and improve our services. You can limit this through device settings and our preference center.

7. YOUR PRIVACY RIGHTS AND CHOICES

7.1 Universal Rights (All Users)

  • Access: Request information about personal data we collect and use
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of personal information (subject to exceptions)
  • Opt-Out: Unsubscribe from marketing communications
  • Portability: Receive personal data in a machine-readable format

7.2 Enhanced Rights (Certain Jurisdictions)

California Residents (CCPA/CPRA)

  • Right to know categories and sources of personal information
  • Right to know business purposes for collection
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of sale/sharing of personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising privacy rights

European Union Residents (GDPR)

  • Lawful basis for processing
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

Other State Rights

We comply with privacy laws in Virginia, Connecticut, Colorado, Utah, and other states with comprehensive privacy legislation.

7.3 Exercising Your Rights

To exercise your privacy rights:

  • Email: greg@grillz.com with "Privacy Request" in subject line
  • Online Form: [Privacy request portal on website]
  • Phone: +1 (310) 903-7282
  • Mail: Privacy Officer, 1110 N Virgil Ave PMB 97430, Los Angeles, CA 90029

Response Time: We will respond to verified requests within 45 days (or as required by applicable law).

8. DATA RETENTION AND DELETION

8.1 Retention Periods

We retain personal information for different periods based on:

  • Active Accounts: Duration of account plus 3 years after closure
  • Transaction Records: 7 years for tax and accounting purposes
  • Marketing Data: Until opt-out or 5 years of inactivity
  • Analytics Data: Aggregated data retained indefinitely; personal data 26 months
  • Legal Holds: Extended retention when required by law or litigation

8.2 Automated Deletion

We implement automated systems to delete data when retention periods expire, except where:

  • Legal obligations require longer retention
  • Ongoing disputes or investigations exist
  • Technical limitations prevent immediate deletion

8.3 Data Minimization

We regularly review data collection practices to ensure we collect only necessary information and delete data that is no longer needed.

9. DATA SECURITY AND PROTECTION

9.1 Technical Safeguards

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Multi-factor authentication, role-based permissions
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Monitoring: 24/7 security monitoring, automated threat detection

9.2 Organizational Safeguards

  • Employee Training: Regular privacy and security training programs
  • Background Checks: Screening for employees with data access
  • Incident Response: Documented breach response procedures
  • Vendor Management: Security assessments for all third-party providers

9.3 Compliance Certifications

We maintain relevant security certifications and comply with industry standards including:

  • SOC 2 Type II
  • PCI DSS (for payment processing)
  • ISO 27001 (information security management)

9.4 Data Breach Notification

In the event of a data breach, we will:

  • Notify affected individuals within 72 hours (or as required by law)
  • Notify relevant regulatory authorities
  • Provide information about the breach and steps being taken
  • Offer appropriate remediation measures

10. INTERNATIONAL DATA TRANSFERS

10.1 Global Operations

Grillz operates globally and may transfer personal information to countries outside your residence, including the United States.

10.2 Transfer Safeguards

For international transfers, we implement appropriate safeguards:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Binding Corporate Rules: Internal data protection standards
  • Certification Programs: Privacy Shield successors and similar frameworks

10.3 Specific Jurisdictions

  • EU to US Transfers: We comply with applicable frameworks and use Standard Contractual Clauses
  • UK Transfers: We follow UK GDPR requirements and use appropriate transfer mechanisms
  • Other Jurisdictions: We assess and implement required safeguards for each transfer

11. CHILDREN'S PRIVACY

11.1 Age Restrictions

Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

11.2 Parental Notice and Consent

If we learn we have collected information from a child under 16:

  • We will delete the information promptly
  • We will not use the information for any purpose
  • We will not disclose the information to third parties

11.3 Parental Rights

Parents may:

  • Request access to their child's information
  • Request deletion of their child's information
  • Refuse further collection or use of their child's information

12. CALIFORNIA-SPECIFIC DISCLOSURES

12.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories:

  • Identifiers (names, emails, addresses)
  • Commercial information (purchase history, preferences)
  • Internet activity (browsing behavior, interactions)
  • Geolocation data (general location based on IP)
  • Audio/visual information (photos, videos you provide)
  • Inferences (preferences, behavior predictions)

12.2 Sources of Personal Information

  • Directly from consumers
  • Consumer devices and browsers
  • Social media platforms
  • Data analytics providers
  • Marketing partners

12.3 Business Purposes for Collection

  • Fulfilling transactions
  • Providing customer service
  • Marketing and advertising
  • Analytics and research
  • Security and fraud prevention

12.4 Disclosure for Business Purposes

We disclose personal information to service providers, marketing partners, and other business partners for the purposes outlined in this policy.

12.5 Sensitive Personal Information

We may collect sensitive personal information including:

  • Precise geolocation (with consent)
  • Account login credentials
  • Payment information

We do not use sensitive personal information for purposes other than those specified in CCPA regulations.

13. ACCESSIBILITY AND ASSISTIVE TECHNOLOGIES

13.1 Accessibility Commitment

We are committed to making our Services accessible to all users, including those with disabilities.

13.2 Accessibility Tools

We use third-party accessibility services (EqualWeb, AudioEye) that may:

  • Collect information about your accessibility preferences
  • Store settings to improve your experience
  • Analyze usage to improve accessibility features

13.3 Accessibility Data Use

Information collected through accessibility tools is used solely to:

  • Provide requested accessibility features
  • Remember your preferences
  • Improve accessibility functionality
  • Comply with accessibility regulations

14. ARTIFICIAL INTELLIGENCE AND AUTOMATED DECISION-MAKING

14.1 AI Usage

We may use artificial intelligence and machine learning for:

  • Product recommendations
  • Fraud detection
  • Customer service chatbots
  • Content personalization
  • Marketing optimization

14.2 Automated Decisions

Some decisions may be made automatically, including:

  • Fraud prevention measures
  • Personalized content and ads
  • Product recommendations
  • Account security actions

14.3 Your Rights Regarding Automated Decisions

You have the right to:

  • Request human review of automated decisions
  • Provide additional information for reconsideration
  • Opt-out of certain automated processing (where feasible)

15. BIOMETRIC INFORMATION

15.1 Biometric Data Collection

We do not currently collect biometric identifiers or biometric information as defined by applicable privacy laws.

15.2 Future Collection

If we begin collecting biometric information:

  • We will obtain explicit consent
  • We will provide specific notice about collection and use
  • We will implement enhanced security measures
  • We will comply with all applicable biometric privacy laws

16. CHANGES TO THIS PRIVACY POLICY

16.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New legal requirements
  • Technology updates
  • Business changes

16.2 Notice of Changes

For material changes, we will:

  • Post the updated policy on our website
  • Send email notification to registered users
  • Provide 30 days' notice before changes take effect
  • Obtain additional consent where required by law

16.3 Continued Use

Your continued use of our Services after policy changes indicates acceptance of the updated terms.

17. CONTACT INFORMATION

17.1 Privacy Officer

Grillz.com, Inc.
Attn: Privacy Officer
1110 N Virgil Ave PMB 97430
Los Angeles, CA 90029
United States

17.2 Contact Methods

  • Email: greg@grillz.com
  • Phone: +1 (310) 903-727(x=1+1)

17.3 Response Times

  • General inquiries: 5 business days
  • Privacy rights requests: 45 days
  • Urgent security matters: 24 hours

17.4 Data Protection Representative (EU)

  • Email: greg@grillz.com
  • Phone: +1 (310) 903-727(x=1+1)

18. LEGAL BASIS FOR PROCESSING (GDPR)

For EU residents, we process personal information based on:

  • Consent: When you provide explicit consent
  • Contract: To fulfill our agreement with you
  • Legitimate Interests: For business operations, security, and marketing
  • Legal Obligation: To comply with applicable laws
  • Vital Interests: To protect health and safety
  • Public Task: When acting in the public interest

19. DISPUTE RESOLUTION

19.1 Internal Resolution

We encourage you to contact us first to resolve any privacy concerns.

19.2 External Resources

You may also contact:

  • California Attorney General: oag.ca.gov
  • FTC: consumer.ftc.gov
  • EU Data Protection Authorities: edpb.europa.eu
  • UK Information Commissioner: ico.org.uk

19.3 Arbitration

Privacy disputes may be subject to binding arbitration as outlined in our Terms of Service, except where prohibited by law.

Last Updated: August 8, 2025
Effective Date: January 1, 2025

This Privacy Policy is effective as of the date listed above and supersedes all previous versions.