Privacy Practical Logo

Privacy Policy

Last Updated  |  10 April 2022

Welcome to our privacy policy. Since we’re in the business of privacy, we aimed to make it as understandable as possible while being as clear and transparent as we can regarding what data we collect, how we collect it, and how we process it.

We Don't Sell Your Data

We don’t sell your data. Period.
It wouldn’t be much of a privacy site if we did.

Privacy By Design

We try to minimize the amount of data we collect and are strict about how we use it. We also anonymize and pseudonymize what data we can.

Data Transparency

We want to be very transparent about the kinds of data we collect and why. We’ve included helpful tables that helps break down what we use each piece of data we collect for.

Who Are We

We are PRIVACY PRACTICAL LLC, otherwise known as Privacy Practical, and we provide products and services related to digital privacy. In this document PRIVACY PRACTICAL LLC will be referred to as “us”, “we”, “our”, and “Privacy Practical”. The services we provide, which will be referred to as the “Services” in this document, include the selling and shipping of privacy phones and the operation of the website privacypractical.com and its subdomains. The privacypractical.com and related subdomains such as btcpay.privacypractical.com will also be independently referred to as the “Wesbites”. The end-user of the Services will be referred to as “you”, “your”, “user”, and “customer” henceforth. This Privacy Policy applies when you utilize any of the Services, contact us, or receive our communications.

You can contact us regarding questions about this Privacy Policy by reaching out to the appointed Privacy Officer in charge of this policy, Maxwell Warren, by emailing max@privacypractical.com or by sending mail to our business address at 312 W Northwest Hwy, Grapevine, TX 76051-3234 USA.

Please note that email is not a secure form of communication. Please do not submit any sensitive personal information using email such as government identification, medical records, payment information like bank account details or complete card numbers, or any other sort of information you wouldn’t want anyone to have.

In the eyes of the European Union we are classified as “data controller” when we collect information about users of our Services. This designation means we are responsible for how we store and process personal information about you.

How Your Data Is Collected

Automatically While Using Our Site

We use a self-hosted and open source analytics solution called Matomo to collect anonymous data about your access and use of our site. Information collected with Matomo never passes through third party servers or leaves our control. We only use cookies to maintain login sessions and associate your store cart contents with your browsing session.

You can opt-out from Matomo tracking in the user rights section below.

When You Provide Us Data

When you contact us via our contact page, purchase a product, or register for a service you provide us with information. We will provide notice of this Privacy Policy and ask for and require your consent to it before collecting any personal information from you.

You provide us with your email address and any other personal information in your message when you email us at any of our @privacypractical.com emails.

Information From Third Parties

We run ads on various platforms which provide us with aggregate statistics related to our ad performance and consists of non-user-specific data detailing the frequency with which various demographics showed interest in our ads.

What Data Do We Collect

When browsing the Websites we collect non-personal data.  We collect personal data when you purchase a product, register for a service, or contact us via our email or our contact page.

Non-personal Data

This data is not associated with an identity and doesn’t enable us to determine your identity. It may include anonymized or aggregated personal information that previously could have been used to identify you. Non-personal data is collected when you browse the Websites and includes information about your browser, how you accessed and used our site, device make and model, operating system, and anonymized partial IP address.

Personal Data

This is data that is associated with your identity or could be used to determine your identity. We only collect this whenever you contact us or purchase a product or service. This information can include name, email address, email body and subject, phone number, shipping address, billing address, login credentials, last 4 digits of your payment card, cryptocurrency address if using Bitcoin, IP address, and any personal information included in your order notes. When making a purchase unique identifiers will be generated including an order number used to track the status of your order, an internal payment identifier used to track the status of your payment within our store, and a payment provider identifier to track your Stripe payment if you use Stripe to pay at checkout.

How We Use Data

This is a general overview of how we use the data we collect. Later we will go into the specifics of how we use different types of data in easy to understand tables.

Non-personal Data

We use non-personal data to enhance the Services by using web analytics to improve current products and services, develop new products and services, improve and develop marketing strategies, and troubleshoot broken parts of our site. We may use anonymous, aggregated usage statistics to promote our services (ex. “Over 10,000 happily degoogled customers).

Personal Data

When you contact us via our contact page or email, purchase a product, or register for a service we will use the information we collect from you to provide the Services to you as well as for the other purposes described in this Privacy Policy.
We use your personal data to:

  1. to provide the Services
  2. to respond to any communications initiated through our contact page or through email
  3. to anaylze and improve our Services
  4. to communicate with you about the Services (including but not limited to: policy updates, new product announcements, newsletters)
  5. for billing purposes if you purchased a product or subscription
  6. to enable third parties to provide services we need provide our Services to you (ex. shipping your package with USPS)
  7. to investigate fraudulent activity
  8. to dispute chargebacks
  9. to investigate violations of our Terms of Service
  10. to comply with the laws and mandates of jurisdictions we are subject to

Legal Basis For Collecting Data

In plain speech we collect your personal data in order to provide you with the products and services you request from us or in cases where you reach out to us in order to respond to you.

In legal speak, we collect your personal data in order to perform a contract we have signed with you or a contract you have initiated with us such as using the form on our contact us page, registering for an account, or purchasing a product. In the event personal data is not collected for this purpose the legal basis will be based on your consent. We collect non-personal information on the basis of legitimate business interests as described in the previous section and in more details late on in this document. 

Data Retention

We retain your personal data only as long as is necessary to provide you the Services or as otherwise for the other purposes laid out in this Privacy Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Privacy Practical’s legal rights.

Later on in this document we describe in detail the duration of retention for types of data we collect. You can request we delete your information in our data rights section. We will backup data related to legal obligations and interests.

We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our Site, improve our Services and marketing strategies, or comply with legal obligations.

Data Collected When Browsing Our Site

When you browse our site we collect anonymous information through Matomo which utilizes JavaScript in order to improve our Services and marketing strategies. While this doesn’t collect any personal information we still allow users to opt-out of this tracking. You can do that by jumping to this section.

We aggregate the anonymous raw data above into anonymous statistical reports for the purposes of analyzing site usage trends over time for refining our marketing campaigns and identifying causes for web traffic gains and decreases. We retain this reports for an indefinite period of time.

Data collected
Example Data
Purpose
Legal Basis
Retention Policy
Anonymized IP Address
192.168.xxx.xxx
Identifying approximate location of web traffic to tailor experiences and improve marketing strategies
Legitimate Interest
3 Years
Operating System
Android 12
Improving content and marketing strategies, providing relevant content
Legitimate Interest
3 Years
Device Information
Samsung
Galaxy A52 412×915
Optimize content for common devices, improving marketing strategies
Legitimate Interest
3 Years
Browser Information
Firefox Mobile 98.0
Gecko
Optimizing browsing experience and content, improve marketing strategies
Legitimate Interest
3 Years
Usage and Session Information
Time page accessed
Session duration
Actions on pages
To improve website experience and content, identify user interests, improve marketing strategies
Legitimate Interest
3 Years

Data Collected When You Email Us

When you send us an email to any @privacypractical.com address we collect your email subject, message, and address. We keep this information indefinitely to maintain our communications with you and reference back to any previously discussed subjects.

Data collected
Example Data
Purpose
Legal Basis
Retention Policy
Email Address
example@example.com
Responding to communications
Necessary to Fulfill Contract
Until User Requests Deletion
Message Subject & Body
Your Email Subject
Responding to communications
Necessary to Fulfill Contract
Until User Requests Deletion

Data Collected When You Use Our Contact Form

When you send us an email using a contact form on our site we collect the subject and body of the message, your email address, and the IP you’re accessing the form from. We keep this information indefinitely to maintain our communications with you and reference back to any previously discussed subjects. We keep the IP to prevent spam and ensure site security. If you are a resident of the EU you are not permitted to use this contact form because current laws governing the transfer of data from the EU to the USA. See a full explanation in our GDPR compliance section.

Data collected
Example Data
Purpose
Legal Basis
Retention Policy
Public IP Address
192.168.205.205
Spam prevention, ensuring the Websites’ security
Legitimate Interest
Until User Requests Deletion
Email Address
user@example.com
Responding to communications
Necessary to Fulfill Contract
Until User Requests Deletion
Message Subject & Body
Your Email Subject
Responding to communications
Necessary to Fulfill Contract
Until User Requests Deletion

Data Collected When Purchasing A Product

Below is the data we collect when a user of our Services purchases a product from our store. We retain information for as long as is necessary to address refunds, tax audits, charge disputes, and legal matters. When you pay with a card we do not retain your full credit or debit card information and instead our checkout page securely forwards your card details to Stripe in order to process your payment. 

Data collected
Example Data
Purpose
Legal Basis
Retention Policy
Public IP Address
192.168.205.205
Ensuring site security, fraud prevention
Your Consent
3 Years
Order Number
Order #5555
Keeping track of the status of an order and its associated information
Your Consent
3 Years
Billing Address
500 Examparu St, Phonyville WA 55555
Invoicing, processing disputes and refunds, required by card payment processor
Your Consent
3 Years
Shipping Address
500 Examparu St, Phonyville WA 55555
To address and ship packages to customers via USPS, processing refunds and shipping disputes
Your Consent
3 Years
Last 4 Digits of Payment Card
1234
Invoicing, processing refunds and payment disputes
Your Consent
3 Years
Email
user@example.com
Invoicing, contact you about your order, required by card payment processor
Your Consent
3 Years
Phone Number
(555) 555-5555
Contact you about your order, required by card payment processor
Your Consent
3 Years
Unique Payment Identifier
A long string of random characters
Tracking the status of payments within our store
Your Consent
3 Years
Payment Provider Identifier
(if using Stripe)
A long string of random characters
Keeping proper payment records, processing refunds and disputes
Your Consent
3 Years
Shipping Tracking Number
EH000000000US
Tracking delivery of USPS shipments, resolving shipping disputes, customer support
Your Consent
3 Years

Sharing Your Personal Data

Privacy Practical does not sell your information to any third parties. We use your personal information to provide our Services and for the purposes set out in this Privacy Policy and our Terms of Service. In general, we endeavor to reduce our sharing your data with third parties to the minimum of what’s necessary for them to provide their services to us. We make an effort to choose service providers that have a good reputation for privacy and security.

This privacy policy does not apply to data independently provided by you to third parties. 

Mailgun Logo

Mailgun

When sending out an email generated by our site we use Mailgun to ensure the email reaches the recipients. When using our contact page your message will be sent using Mailgun. We also use Mailgun to send notifcations about your order. Information entered at checkout used to create your invoice which will pass through their servers and is subject to their privacy policy here.

You can send us encrypted email directly at support@privacypractical.com to bypass Mailgun.

Stripe

When processing a credit or debit card payment for a product or subscription we use Stripe. All information entered at checkout such as name, billing address, city, state, country, phone number, and card information will be transmitted to Stripe for payment verification and is subject to their privacy policy.

We offer anonymous forms of payments like Monero at checkout.

USPS Logo

USPS

When shipping a product within the USA or any other country we use USPS. We share the shipping information provided at checkout including customer name and address.

When shipping to a country other than the USA we might include the phone number and email  provided at checkout on the customs form to increase chances of successful delivery. Read how USPS  handles this data in their privacy policy here.

Linode

We use Linode to host this website privacypractical.com and subdomains. Your data is stored on a server in their Dallas, Texas data center.

You can view Linode’s privacy policy here.

 

Professional Services

In the course of business we may need to hire lawyers, accountants, and consultants in order to provide and improve our Services. In order to help us in the course of business such parties rendering professional services may have some user information disclosed to them. For example, if we were audited and needed to hire an accountant to help us through the process.

Information shared with these parties will only include what is necessary for them to provide their services to us. We will ask such parties to agree to only use any data obtained from us to aide us in conducting our business. We will never sell your data or allow a third party to sell your data.

Governing Authorities

In order to render our Services to you we must comply with the governing entities of the jurisdictions our business operates in. This means paying taxes, being ready for an audit, and keeping what records are legally required of us. This does not mean we will give free access to user data for any government requests. When lawfully ordered to surrender user data we will only do so only to most minimal extent that is required by law.

Your Data Rights & Options

We want users to have control over their data. The following data rights are granted by Privacy Practical to all users of our Services regardless of the data protection laws of the country they are currently in. Some options will require that we verify that it’s really you making the request. If you abuse these rights we will charge a processing fee for abusive requests. You will not be penalized or charged for exercising your data control options reasonably.

Right To Be Informed

When using our services we will inform you of this Privacy Policy whenever there is a chance you might provide us with personal information.

Right Of Access

You have the right to access all data we have tied to your identity and to be informed of other information like how we process it and who we share it with. You can receive access to the entirety of your data after confirming your identity by emailing us at support@privacypractical.com where we will then provide you with a download to all of your data.

Right To Portability

You can request that we transfer your data to you or another data controller other than ourselves in a commonly used, machine-readable format by reaching out to us with the email we have associated with your information at support@privacypractical.com

Right To Erasure

You have the option to request erasure of your data from our servers and records. We will need to keep what’s necessary for legitimate interests and compliance with legal matters such as taxes and audits. We will remove anything that doesn’t include that.

You can send a request to support@privacypractical.com and after confirming your identity we’ll get right on it.

Right To Rectification

You have the right to request that any errors in your data be corrected and that any incomplete data be completed. While all personal information we collect is provided by you some of it may not be editable by you in which case reach out to us at support@privacypractical.com using the email we have associated with your information. We’ll update the information once the request is received.

Right To Object

Privacy Practical allows users to opt-out of non-essential data processing. You can opt-out of analytics tracking and non-essential communications. If you object to further data processing beyond the options provided below rendering our Services to you will be impossible and you will be advised to cease your use of the Services and request a full erasure of data as described in the section above.

Do Not Track

Some browsers allow you to transmit a “Do Not Track” signal to websites and online services when you visit them. 

If you have your browser set to send a “Do Not Track” signal there will be zero tracking through either Javascript or cookies. If you do not have “Do Not Track” enabled you can disable Matomo Analytics tracking in the adjacent section.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Opt-out Of Communications

If you want to opt-out from any marketing emails or non-essential communications reach out to us at support@privacypractical.com and we’ll honor your request within 14 days.

If you are a customer you will still receive emails essential for service notifications and providing you the Services you are a user of.

Cookie Policy

The only cookies we use are essential for the core functionality of the Services. We do not implement cookies that store personal information.

We use cookies to keep track of what’s in your cart and to set the status of dismissed notification banners. While the cart contents are tracked with a unique identifier, it cannot be associated with any personal data unless you make a purchase which requires consenting to this Privacy Policy by checking the acceptance box on the checkout page.

If you login to a subscription service we will set a cookie to maintain your login session using a user ID. This cookie can only be set after you have registered an account which involves consenting to this Privacy Policy by checking the acceptance box on the registration.

Who Has Access To Your Information

Your personal data is only accessible through one admin account and only the site administrator has access to that account. This account is protected by a strong password and 2FA.

Digital Security Practices

At Privacy Practical we’re big on both privacy and security and try to work with service providers that have a good reputation with privacy and security. We never store sensitive information like full card payment details and instead use Stripe for card payments.

We implement up-to-date best practices in cyber security such as implementing very long and complicated passwords with 2FA on all accounts, eliminating any unnecessary permissions in user accounts, anonymizing and pseudonymizing data, keeping unused ports closed, keeping servers up to date, using SSH keys, and practicing digital minimalism to reduce attack surface. We use a well reputed hosting provider Linode for our servers. Our workstation computers are kept up to date, have timed screen locks, and are encrypted with password protection. Physical files containing any user information (ex. shipping receipts) are in a room behind two layers of locks that only two people have access to. We shred physical documents to dispose of them.

Security breaches are still possible even with the best of security, so if we ever become aware of a breach we’ll send a notification regarding the event within 72 hours to the email we have associated with your information.

Our @privacypractical.com email address supports receiving encrypted mail. (This is not an endorsement to send personal information over email, encrypted or not. Email is not a private form of communication, do not send any email with any sensitive information in it.)

GDPR Compliance

Due to the European Union’s Schrems II judgement, it is seemingly impossible for lawful data transfers from the EU to the USA to take place. Our servers and the servers of third party service providers that process our users’ personal information are located in the USA. The Schrems II ruling appears to consider data storage on US servers not compliant with GDPR requirements, but the legal guidance is not clear from the EU authorities. For more information see this TechCrunch article which explains the legal minefield created by the Schrems II decision.

For this reason we currently do not collect any personal information of EU residents. Any personal information collected by accident, through ignorance of this Privacy Policy, or for any other reason will be promptly deleted upon our discovery of such personal information.

While we cannot do so at this time, in the future we would like to provide our Services to European Union and United Kingdom citizens and will be looking into ways to do so. The US and EU are currently working on a trans-Atlantic data transfer agreement and we hope to be able to update this policy soon.

PIPEDA Compliance

Under PIPEDA we are fully responsible for the processing and storing the personal information we collect of Canadian citizens. If you would like to follow a complaint regarding our compliance to PIPEDA please reach out to our Privacy Officer at max@privacypractical.com where you will receive a response within 30 days. By right you may also opt to complain directly to the Office of the Privacy Commissioner of Canada regarding any alleged breaches in our compliance.

Please note your data is subject to US jurisdiction and all applicable law. Under the US Patriot ACT the US government can request whatever information or metadata we have related to you, but only by reasonable suspicion based in facts. You understand by accepting this Privacy Policy your data could be requested by the US government. That being said, we don’t collect or store any sensitive information they would likely not otherwise have access to.

CCPA Compliance

Our Privacy Policy is CCPA compliant although we are not subject to the CCPA as we do not sell our customer’s information, process the data of less than 50,000 California residents, and have a gross annual revenue of less than $25 million USD.

Minors

The Services were designed for individuals over the age of 18. We do not intentionally collect data on minors under the age of 18. If we are informed or otherwise discover that the information of a minor has been collected for any reason we will promptly delete the data.

Changes

Privacy Practical reserves the right to update this Privacy Policy at any time without prior notice to address changes in the Services, to ensure compliance with laws and regulations, and to rectify any errors within the current policy.

Changes to this Privacy Policy may be announced through the Websites and to registered users of any ongoing subscription services we offer via the email we have on file for their account. Changes will be enforced after 14 days from the update date noted at the beginning of this document. Any objections should be addressed to support@privacypractical.com before the new policy goes into effect so that we may delete your records.