Privacy Policy

2.1 Information You Provide Directly

• Account & Order Information: Name, billing address, shipping address, email address, phone number, and products purchased.
• Payment Information: Payment card details are collected and processed directly by Stripe, our payment processor. We do not store your full payment card number on our servers.
• Communications: Any information you provide when contacting our customer support, submitting reviews, or signing up for our email list.
• Marketing Preferences: Your preferences for receiving promotional communications from us.

2.2 Information Collected Automatically

• Device & Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on pages, links clicked, products viewed, referral sources, and navigation patterns.
• Location Data: General geographic location derived from your IP address (country, region, city) to display appropriate currency and shipping options.
• Cookies & Similar Technologies: See Section 6 below for detailed information.

• To Process Orders: Fulfilling purchases, processing payments, arranging shipping, and providing order confirmations.
• Customer Support: Responding to inquiries, resolving disputes, and providing technical assistance.
• Site Functionality: Displaying content in your local currency, remembering your preferences, and optimizing Site performance.
• Marketing & Advertising: With your consent, sending promotional emails and displaying targeted advertisements on Meta (Facebook/Instagram), Google, and other platforms.
• Analytics & Improvement: Analyzing Site usage to improve our products, services, and user experience.
• Fraud Prevention: Detecting and preventing fraudulent transactions, unauthorized access, and abuse.
• Legal Compliance: Complying with applicable laws, regulations, legal processes, and enforceable governmental requests.

• Service Providers: We share information with trusted third-party vendors who perform services on our behalf, including:
  • Stripe — payment processing
  • Shipping carriers (DHL, FedEx, UPS, local postal services) — order delivery
  • Meta Platforms, Inc. — advertising and analytics (see Section 5)
  • Google LLC — analytics and advertising
  • Email service providers — transactional and marketing communications
  • Hosting & cloud infrastructure providers — Site operation and data storage
• Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

5.1 Meta Pixel & Conversions API

We use the Meta Pixel (formerly Facebook Pixel) and Conversions API on our Site. These tools allow us to measure the effectiveness of our advertising by understanding the actions you take on our Site. When you visit our Site and take an action (such as viewing a product, adding to cart, or completing a purchase), the Meta Pixel and Conversions API may trigger and report this action to Meta.

Meta uses this information to: (a) provide us with analytics about how our ads are performing; (b) show you targeted advertisements on Facebook, Instagram, and Meta's Audience Network; (c) create custom audiences and lookalike audiences for our advertising campaigns; and (d) measure conversions and optimize ad delivery.

5.2 Data Shared with Meta

The following data may be shared with Meta through the Pixel and Conversions API:

• Page views, product views, and add-to-cart events
• Purchase value, currency, and product IDs
• Hashed email address and phone number (for advanced matching)
• IP address, browser user agent, and fbp/fbc cookies
• Click ID parameters (fbclid) from Meta referral links

5.3 Your Choices Regarding Meta Advertising

• Visit Meta's Ad Preferences to control how Meta uses your data for advertising.
• Use the Meta Ad Settings to opt out of ads based on data from partners.
• Install the Meta Pixel Opt-Out browser extension.
• Visit the Digital Advertising Alliance or Your Online Choices (EU) to opt out of interest-based advertising across participating companies.

6.1 Types of Cookies We Use

• Essential Cookies: Required for the Site to function, including cart functionality, currency selection, and checkout processing. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our Site (Google Analytics, Meta Analytics).
• Advertising Cookies: Used to deliver relevant advertisements and measure their effectiveness (Meta Pixel, Google Ads).
• Preference Cookies: Remember your settings and preferences (currency, language).

6.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse all cookies or to indicate when a cookie is being sent. However, if you disable cookies, some features of our Site may not function properly. You can also use our cookie consent banner to manage your preferences.

7.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell personal information. We do share data with Meta and Google for cross-context behavioral advertising. You have the right to opt out of this sharing.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes other than those necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email us at support@beastcreator.com with the subject line "CCPA Request." We will verify your identity before processing your request.

7.2 European Union & UK Residents (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data.
• Right to Restrict Processing: Request limitation on how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis.
• Right to Lodge a Complaint: File a complaint with your local supervisory authority.

Our legal bases for processing are: (a) Contractual necessity — to fulfill your order; (b) Legitimate interests — fraud prevention, Site security, and analytics; (c) Consent — marketing communications and non-essential cookies; (d) Legal obligation — tax and accounting compliance.

7.3 Other Jurisdictions

Residents of other jurisdictions may have additional privacy rights under local laws. Please contact us at support@beastcreator.com to inquire about rights specific to your location.

• Order data: Retained for 7 years to comply with tax and accounting obligations.
• Marketing data: Retained until you unsubscribe or request deletion.
• Analytics data: Retained for 26 months (Google Analytics default) or until deletion is requested.
• Customer support records: Retained for 3 years for quality assurance and dispute resolution.

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention schedule.

• 256-bit SSL/TLS encryption for all data transmissions
• PCI-DSS compliant payment processing via Stripe
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements for staff
• Secure cloud infrastructure with redundancy and backup

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying you promptly of any data breach affecting your personal information as required by applicable law.