Get early access to drops and exclusive alerts.
Privacy policy
Hey! Let's Talk Privacy đ
We know privacy policies aren't exactly festival-headliner material, but your trust matters to us. Since 2014, Freedom Rave Wear has been handcrafting rave gear in our solar-powered San Diego microfactoryâand protecting your data with the same care we put into every stitch.
This policy explains exactly how we collect, use, and safeguard your personal information. We've kept all the legal details intact (because they matter), but we've tried to make the journey through them a little more human. Think of this as your backstage pass to how we handle your data.
Ready? Let's dive in.
1 What This Policy Covers
This Privacy Policy explains how Freedom Rave Wear, Inc. ("FRW," "we," "us," or "our") collects, uses, discloses, and safeguards your personal information when you:
Visit or make a purchase from www.freedomravewear.com (the "Site");
Access or interact with our mobile Short Message Service (SMS) or email campaigns;
Engage with our socialâmedia pages, advertisements, or other online properties we operate;
Communicate with us via phone, email, chat, or inâperson at events.
Unless otherwise stated, this Policy applies to all personal information we process about consumers, website visitors, customers, and prospective customers (collectively, "you"). Additional noticesâsuch as our California Notice at Collectionâmay supplement this Policy and should be read together with it.
2 Definitions
"Personal Information" (PI) means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular consumer or household. "Sensitive Personal Information" (SPI) is defined by Cal. Civ. Code § 1798.140 (e).
"Processing" means any operation performed on Personal Information, including collection, storage, use, disclosure, and deletion.
3 How We Collect Personal Information
Here's where your data comes fromâno mystery, no surprises:
We collect Personal Information from the following sources:
Directly from you â e.g., when you place an order, create an account, join our SMS club, or contact customer support.
Automatically from your device â via cookies, log files, pixels, SDKs, and similar technologies.
From service providers and partners â e.g., payment processors, fulfillment centers, marketing platforms.
From publicly available sources â limited to socialâmedia handles or demographic data used for marketing segmentation.
A detailed list of data categories appears in Appendix A.
4 Purposes for Processing Personal Information
Your data helps us deliver the experience you deserveâfrom getting your order to you on time to making sure you hear about new drops that match your vibe.
We use Personal Information to:
Provide the Services â process transactions, facilitate shipping, and handle returns or warranty claims.
Communicate with you â confirmations, updates, marketing messages (per your preferences), and customerâservice interactions.
Personalize your experience â remember preferences, show relevant products and content.
Conduct analytics & product development â understand Site performance, develop new features, and improve our offerings.
Prevent fraud & ensure security â verify identity, detect malicious activity, and enforce our Terms of Service.
Comply with legal obligations â tax, accounting, reporting, and responding to lawful requests.
We will not process Personal Information for purposes that are materially different, unrelated, or incompatible without providing prior notice.
5 Legal Bases for Processing (GDPR/UK GDPR)
If you're in the EU, UK, or Switzerland, these are the legal reasons we're allowed to process your data:
Where the GDPR applies, we rely on one or more of the following lawful bases:
Contract â processing necessary to perform a contract with you (e.g., fulfilling an order).
Legitimate Interests â fraud prevention, analytics, direct marketing (balanced against your rights).
Consent â for optional cookies, SMS marketing, or where required.
Legal Obligation â tax, accounting, and regulatory requirements.
Vital Interests / Public Task â rarely, e.g., product safety notices.
You may withdraw consent at any time as described in Section 10.
6 Cookies & Similar Technologies
Cookies help us remember you, understand what's working on the site, and show you stuff you'll actually want to see. You're always in control.
We use firstâ and thirdâparty cookies, pixels, tags, and SDKs to:
Enable Site functionality (strictly necessary);
Analyze traffic and usage (performance/analytics);
Provide personalization (functional);
Deliver advertising (targeting/advertising).
You can manage cookies via our Cookie Preferences Center (link in footer) or through your browser settings. See Appendix D for a representative list of cookies.
7 Sharing & Disclosure of Personal Information
We partner with trusted companies to make everything run smoothlyâshipping, payments, emails, the works. Here's who we share your data with and why:
We disclose Personal Information to:
Service Providers & Contractors â entities that process information on our behalf under written contracts (see Appendix B â SubâProcessors).
Advertising & Analytics Partners â to facilitate crossâcontext behavioral advertising or statistical analysis; we share only pseudonymized or hashed identifiers where possible.
Business Transfers â in connection with a merger, acquisition, or sale of assets.
Legal & Compliance â to comply with subpoenas, court orders, and lawful government requests, or to protect our rights, property, or safety, and those of our users or others.
We do not sell Personal Information for money. We may "share" Personal Information (as defined by the CPRA) with thirdâparty advertising partners; you can opt out in Section 10.
8 Data Retention
We don't keep your data foreverâjust long enough to do what we need to do (and what the law requires). Here's the breakdown:
We retain Personal Information only for as long as needed to fulfill the purposes described above, unless a longer retention period is required or permitted by law. Our retention schedule is:
| Data Type | Retention Period |
|---|---|
| Transaction & Order Records | 7 years |
| Marketing Contact Details | 24 months from last interaction |
| Device & Analytics Logs | 14 months |
| SMS Consent Logs | 5 years |
| Warranty Claims & ProductâReturn Records | Life of warranty + 3 years |
After expiry, data is securely deleted or anonymized.
9 Security
Your data security is serious business. We use industry-leading tools and practices to keep your information safe:
Our storefront is hosted on Shopify, which is certified PCI DSS Level 1, SOC 2 Type II, and ISO 27001. Data transmitted between your browser and Shopify is encrypted in transit using TLS 1.2 or higher, and customer payment data is handled in accordance with PCI requirements and tokenized by Shopify's certified payment environment. Shopify encrypts customer data at rest using AESâ256.
In addition to Shopify's platform controls, we implement the following safeguards:
Roleâbased access control (RBAC) and mandatory multiâfactor authentication for all employee accounts that access production data.
Leastâprivilege permissions and strict audit logging for administrative actions.
Quarterly vulnerability scans and annual thirdâparty penetration tests.
Vendor risk assessments for every subâprocessor listed in Appendix B.
A written incidentâresponse plan aligned with NIST Cybersecurity Framework and GDPR 72âhour notification requirements.
While these measures reduce risk, no method of transmission over the Internet or method of electronic storage is 100% secure; therefore, we cannot guarantee absolute security.
10 Your Privacy Rights & Choices
Your data, your rules. Here's how to exercise your privacy rights, depending on where you live:
10.1 California Residents (CCPA/CPRA)
You have the right to know, access, correct, delete, and port your Personal Information, and to opt out of the "selling" or "sharing" of Personal Information and limit use of Sensitive Personal Information. You may exercise these rights via:
Phone: +1 (914) 563â9766
Email: support@freedomravewear.com
We will verify your request via email and last order number (or other reasonable method). You may designate an authorized agent.
10.2 Virginia, Colorado, Connecticut & Utah Residents
Residents of these states have rights to access, correct, delete, and obtain a copy of Personal Information, as well as the right to opt out of targeted advertising, sale, and profiling. Appeals of denied requests may be submitted to support@freedomravewear.com within 45 days.
10.3 Nevada Residents
You may opt out of future sales of certain covered information by emailing support@freedomravewear.com with subject line "Nevada OptâOut."
10.4 European Economic Area (EEA), United Kingdom, Switzerland
You have the rights of access, rectification, erasure, restriction, data portability, and objection. Lodge complaints with your local supervisory authority or our lead authority, the Irish Data Protection Commission.
10.5 Marketing Communications
Don't want to hear from us? No hard feelingsâyou can opt out anytime:
Email: Click "unsubscribe" in any email or adjust preferences in your account.
SMS: Text STOP to +1 (760) xxxâxxxx or follow instructions in the message.
11 UserâGenerated Content & ThirdâParty Links
Love leaving reviews? Just rememberâanything you post publicly is, well, public. And if you click a link that takes you off our site, their privacy rules apply, not ours.
Our Services may allow you to post product reviews or other userâgenerated content ("UGC"). UGC you submit to any public areas of the Site becomes public information and can be read, collected, or used by others. We are not responsible for the privacy or security of any information you make publicly available, nor for its accuracy, use, or misuse by third parties.
The Site may also contain links to websites or services operated by third parties. We do not control, endorse, or monitor the privacy practices of these thirdâparty sites, and their privacy policies will govern how they collect and use your data. We encourage you to review the privacy notices of every external site you visit.
12 Do Not Track & Global Privacy Control
Our Site recognizes and honors Global Privacy Control (GPC) signals as a valid optâout of "selling" or "sharing" of Personal Information for advertising.
13 International Data Transfers
We're based in sunny San Diego, but the internet is global. Here's how we handle data that crosses borders:
Personal Information may be processed in the United States and other countries with different dataâprotection laws. Where required, we rely on Standard Contractual Clauses or adequacy decisions under GDPR Art. 45.
14 Children's Privacy
Our Services are not directed to children under 18, and we do not knowingly collect Personal Information from anyone under 13. Parents who believe their child has provided information may contact us to delete it.
15 Changes to This Policy
Sometimes we update