Privacy Policy

Last updated: 2026-05-12

DRAFT — counsel review recommended. Written for a US-based DTC e-commerce business processing payments via Stripe, marketing email via Brevo, analytics via PostHog, and product/user data via Supabase. [BUSINESS_ADDRESS] is still a placeholder — replace with the LLC's mailing address before launch.

This Privacy Policy describes how GumGear LLC ("GumGear", "we", "us", or "our") collects, uses, and discloses information when you visit gumgear.com or purchase our products.

1. Information we collect

We collect the following categories of information:

  • Account information you provide when you create an account or place an order: name, email address, shipping and billing address, phone number, and password (stored as a hash by our authentication provider, never in plain text).
  • Order and customization information: products selected, design choices (colors, artwork, custom text), and any dental impression material you ship to us to manufacture your custom mouthguard.
  • Payment information is collected directly by our payment processor, Stripe. We do not see or store full payment card numbers. Stripe returns to us a charge identifier, the last four digits of the card, and the card brand.
  • Communications: emails you send to us, support requests, and your responses to our quiz or surveys.
  • Automatically collected information: IP address, device type, browser, pages viewed, links clicked, and approximate location (country/region). This is collected by our analytics provider (PostHog) and standard server logs.

2. How we use information

We use your information to:

  • Manufacture, fulfill, and ship the custom products you order.
  • Process payments and prevent fraud.
  • Provide customer support and respond to your inquiries.
  • Send you transactional emails (order confirmations, shipping updates, fit-guarantee instructions).
  • Send marketing emails about products and offers — only if you have opted in. You can unsubscribe from marketing email at any time using the link at the bottom of every marketing email.
  • Improve the site, our products, and our marketing through aggregate analytics.
  • Comply with legal obligations and enforce our Terms of Service.

3. Sharing with service providers

We share information only with service providers that need it to operate our business, under contractual obligations to use the data only for our instructions:

  • Stripe (payment processing)
  • Supabase (database, authentication, file storage)
  • Brevo (transactional and marketing email)
  • PostHog (product analytics, optionally including error reports)
  • Vercel (web hosting, performance monitoring)
  • Shipping carriers (we share the recipient's name, address, and contact details so they can deliver your order)

We do not sell your personal information.

4. Cookies and tracking

We use cookies and similar technologies to keep you signed in, remember items in your cart, and measure how the site is used. You can control cookies through your browser settings; disabling them may break certain features (sign-in, cart, checkout).

If our cookie banner offers analytics consent options in your region, your choice is stored locally and applied across the site.

5. Your rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your information (subject to our obligations to keep order records for tax, accounting, and warranty purposes).
  • Opt out of marketing email at any time.
  • Object to or restrict certain processing.
  • Receive a portable copy of your information.

To exercise these rights, email us at privacy@gumgear.com.

California residents: under the CCPA/CPRA, you have additional rights including the right to know, the right to delete, the right to correct, and the right to opt out of "selling" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

EU/UK residents: under GDPR/UK-GDPR, our lawful basis for processing is (a) performance of a contract (to fulfill your order), (b) legitimate interests (to operate, secure, and improve the site), and (c) consent (for marketing email and optional analytics).

6. Data retention

We retain order records for at least 7 years for tax and accounting purposes. Account information is retained for as long as your account is active; if you close your account, we delete the account profile within 30 days but may retain order records as described above.

7. Children

Our products are often used by athletes under 18, but purchases are made by adults. We do not knowingly create accounts for or market directly to children under 13. If you believe a child has provided personal information without parental consent, contact us at contact@gumgear.com.

8. International transfers

We are based in Minnesota, USA. If you access the site from outside the United States, your information may be transferred to and processed in the United States and in any country where our service providers operate.

9. Security

We use industry-standard safeguards, including encryption in transit (TLS) and at rest, role-based access controls, and regular review of our systems. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated via email or a prominent site notice.

11. Contact

Questions or requests under this policy: privacy@gumgear.com. General inquiries: contact@gumgear.com. Mailing address: [BUSINESS_ADDRESS] (to be added).