Privacy Policy
Last updated: May 24, 2026
Eaten By Clowns (“we,” “us,” or “our”), a sole proprietorship based in Las Vegas, Nevada, respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit eatenbyclowns.com (the “Site”), purchase Products, subscribe to our newsletter, or otherwise interact with our services.
This Privacy Policy applies only to the Site. It does not apply to information collected by third parties through which you may have accessed the Site (such as Facebook, Instagram, Spotify, etc.), each of which is governed by its own privacy policy.
By accessing or using the Site, you consent to the collection, use, and disclosure of information as described in this Privacy Policy.
This Privacy Policy contains specific rights for California, Nevada, EU/UK, and other residents. See Sections 8-10 for jurisdiction-specific information.
1. Categories of Personal Information We Collect
In the past twelve (12) months, we have collected or may collect the following categories of personal information:
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, email address, postal address, phone number, IP address, account username | Directly from you; automatically from your browser |
| Commercial Information | Order history, products purchased, returns, payment history | Directly from you when ordering |
| Financial Information | Payment card information (processed by third-party processors; not stored by us), billing address | Directly from you; via payment processor |
| Internet Activity | Browser type, device type, OS, pages visited, time spent, referring URLs, search terms used on Site, clickstream data | Automatically via cookies and analytics |
| Geolocation Data | Approximate location derived from IP address (city/state level only — we do not collect precise GPS data) | Automatically via IP |
| Inferences | Preferences (e.g., music styles you’ve shown interest in), purchase patterns | Derived from above categories |
| Communications | Customer service inquiries, support tickets, contact form submissions, social media interactions | Directly from you |
Sensitive Personal Information
We do not collect “sensitive personal information” as defined under the California Privacy Rights Act (CPRA), including precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, biometric data, health information, sexual orientation, or financial account login credentials. Payment card information is processed exclusively by our PCI-compliant payment processors and is never stored on our servers.
2. Why We Collect Information (Business Purposes)
We collect and process your personal information for the following business purposes:
- Order Fulfillment: To process your orders, charge payment, communicate order status, fulfill shipping, handle returns, and provide customer service.
- Account Management: To create, secure, and maintain your user account if you register one.
- Marketing Communications: To send the Stay Weird Letter newsletter, release announcements, and promotional offers (only if you have opted in).
- Transactional Communications: To send order confirmations, shipping notifications, account alerts, and legally required notices.
- Site Operation and Improvement: To operate, maintain, secure, and improve the Site and develop new features.
- Analytics: To understand how visitors use the Site through aggregated, anonymized data.
- Fraud Prevention and Security: To detect and prevent fraud, unauthorized access, abuse, and other unlawful activity.
- Legal Compliance: To comply with applicable laws, court orders, government requests, and to enforce our Terms.
Legal Basis for Processing (EU/UK Residents)
For residents of the European Economic Area, United Kingdom, or Switzerland, we process personal information under the following lawful bases set forth in Article 6 of the General Data Protection Regulation (GDPR):
- Contract (Art. 6(1)(b)): Order processing, account management, and customer service.
- Legitimate Interests (Art. 6(1)(f)): Site operation, security, fraud prevention, and aggregated analytics. We balance these interests against your privacy rights.
- Consent (Art. 6(1)(a)): Marketing communications, non-essential cookies, and optional features. You may withdraw consent at any time.
- Legal Obligation (Art. 6(1)(c)): Tax recordkeeping, accounting, and regulatory compliance.
3. Information We Collect Automatically
When you visit the Site, certain information is collected automatically through cookies, web beacons, log files, and similar tracking technologies. This includes IP address, browser type and version, device type, operating system, referring URLs, pages visited, time and duration of visits, clickstream data, and approximate geographic location (city/state level only).
We use Google Analytics to understand Site usage. Google Analytics is configured to anonymize IP addresses where applicable. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-On.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate the Site, remember your preferences, analyze traffic, and (where you have consented) deliver marketing communications. Cookies are small data files stored on your device. You can control cookies through your browser settings; disabling certain cookies may affect Site functionality.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Strictly Necessary | Site functionality, shopping cart, checkout, security, session management. Cannot be disabled. | Session or up to 1 year |
| Performance / Analytics | Google Analytics; measures Site usage, page views, traffic sources | Up to 2 years |
| Functional | Remembers preferences (language, region, recently viewed items) | Up to 1 year |
| Marketing | Used only with consent; measures effectiveness of promotional campaigns | Up to 1 year |
Social Media Plugins and Embeds
The Site embeds content from social media platforms (including Instagram via Spotlight Social Feeds, YouTube videos, and Spotify players). These embeds may set their own cookies and collect information about your interactions, even if you do not actively engage with them. Each platform’s privacy policy governs that data collection.
Do Not Track
Some browsers offer a “Do Not Track” signal. We do not currently respond to Do Not Track signals because no industry standard has been established. However, you may still exercise opt-out rights described in Sections 8-10.
5. Third-Party Service Providers
We share personal information with the following categories of third-party service providers, each bound by its own privacy policy and contractual obligations to protect your information:
| Service Provider | Purpose | Category Shared |
|---|---|---|
| Kinsta | Web hosting infrastructure | All Site data |
| WooCommerce | E-commerce order processing | Order details, contact info |
| Stripe / PayPal / WooCommerce Payments | Payment processing | Financial info, billing address |
| Gravity Forms | Form submissions, contact data | Form responses |
| Mailchimp | Email marketing, newsletter delivery | Name, email, subscription preferences |
| Amazon Merch on Demand | Print-on-demand merchandise fulfillment | Shipping address, order details |
| AliExpress / dropship partners | Dropship merchandise fulfillment | Shipping address, order details |
| Elastic Stage | Vinyl record fulfillment | Shipping address, order details |
| Google Analytics | Website usage analytics | Internet activity, anonymized IP |
| Spotlight Social Feeds | Instagram content embedding | Browser data when viewing feed |
| Linkfire | Music streaming link aggregation | Click data when using links |
These service providers are contractually limited to using your information only to provide services to us and may not use your information for their own marketing or other purposes.
6. Disclosure of Information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We do not engage in “sharing” of personal information for cross-context behavioral advertising as defined under California law.
We may disclose your personal information in the following circumstances:
- To service providers who assist us in operating the Site and fulfilling orders (see Section 5);
- To comply with applicable laws, regulations, legal processes, subpoenas, or governmental requests;
- To enforce our Terms of Use, protect our rights, property, or safety, or that of our users or others;
- To investigate, prevent, or take action regarding suspected fraud, security issues, or violations;
- In connection with any merger, sale, acquisition, or transfer of business assets (in which case we will notify you and provide an opportunity to opt out of the transfer of your information);
- With your consent or at your specific direction.
7. Behavioral Advertising and “Sale” of Information
We do not “sell” personal information as that term is traditionally understood. We do not “share” personal information for cross-context behavioral advertising. We do not currently use targeted advertising platforms (such as Facebook Pixel, Google Ads remarketing) on the Site.
If we ever begin to do so, we will update this Privacy Policy, provide notice, and offer opt-out mechanisms as required by applicable law.
8. California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to Know: Request information about the personal information we collect, use, disclose, and sell or share.
- Right to Access: Receive a copy of the personal information we hold about you.
- Right to Delete: Request deletion of your personal information, subject to legal retention requirements.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. If this changes, you will have the right to opt out.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information beyond what is strictly necessary to provide services.
- Right to Non-Discrimination: You may not be discriminated against for exercising your privacy rights. We will not deny goods or services, charge different prices, or provide a different level of quality.
- Right to Data Portability: Receive your personal information in a portable, machine-readable format.
How to Exercise California Privacy Rights
To exercise any of these rights, submit a request by emailing eatenbyclowns11@gmail.com with the subject line “California Privacy Request.” Include:
- Your name and email address used on the Site;
- The specific right you are exercising;
- Sufficient detail to allow us to identify and verify your identity (we may request additional information such as recent order details to confirm you are the data subject).
Verification
To protect your information, we will verify your identity before processing your request by matching the information you provide with information we already have on file. For higher-risk requests (such as deletion), we may require additional verification.
Authorized Agents
You may designate an authorized agent to make a request on your behalf. The agent must provide signed written authorization from you, and we may require you to verify your identity directly with us before fulfilling the request.
Response Timeframe
We will acknowledge your request within ten (10) business days and respond substantively within forty-five (45) days. If we need additional time (up to 90 days total), we will notify you of the extension and the reason.
9. European Economic Area, United Kingdom, and Swiss Residents (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and equivalent laws:
- Right of Access (Art. 15): Obtain a copy of your personal data.
- Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
- Right to Erasure (Art. 17): Request deletion of your data, subject to legal exceptions.
- Right to Restrict Processing (Art. 18): Limit how we process your data.
- Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, withdraw consent at any time without affecting prior lawful processing.
- Right to Lodge a Complaint: File a complaint with a supervisory authority in your country of residence.
Data Protection Officer
Eaten By Clowns is a small business and is not required to appoint a Data Protection Officer under GDPR Article 37. For privacy inquiries, please contact us directly at eatenbyclowns11@gmail.com.
Automated Decision-Making
We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you, as described in GDPR Article 22.
10. Other State Privacy Rights
Nevada Residents: Under Nevada Revised Statutes Chapter 603A, Nevada residents have the right to opt out of the sale of their personal information. As stated above, we do not sell personal information.
Other U.S. State Residents (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others with applicable laws): You may have rights similar to those described above. To exercise any rights, contact eatenbyclowns11@gmail.com.
11. International Data Transfers
Your personal information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers operate. These countries may have data protection laws different from those of your country. Where required by applicable law, we use Standard Contractual Clauses or other lawful mechanisms to protect your data during international transfers. By using the Site, you consent to such transfers.
12. Children’s Privacy
The Site is not directed to children under thirteen (13) years of age, and we do not knowingly collect personal information from children under 13 in compliance with the Children’s Online Privacy Protection Act (COPPA). If we obtain actual knowledge that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information.
If you are a parent or guardian and believe your child has provided us with personal information, please contact eatenbyclowns11@gmail.com. We will work with you to:
- Review the information we have collected;
- Delete the information from our records;
- Refuse further collection from your child.
For users between 13 and 17: If you are a minor, you should use the Site only with the supervision of a parent or legal guardian. Parents have the right to request information about, or deletion of, their minor child’s personal information.
13. Newsletter and Marketing Communications
If you subscribe to the Stay Weird Letter, we will send you marketing emails that may include release announcements, promotional offers, behind-the-scenes content, and related communications. Frequency is typically no more than two to four (2-4) emails per month, though this may vary around new releases.
Every marketing email includes:
- The sender’s identity (Eaten By Clowns);
- Our physical mailing address (available upon request);
- A one-click unsubscribe link in compliance with the CAN-SPAM Act and CASL (Canada’s Anti-Spam Legislation).
To update your email preferences or unsubscribe at any time, click the unsubscribe link in any email or contact eatenbyclowns11@gmail.com. Unsubscribing will not affect transactional emails related to active orders, account security, or legal notices.
14. Data Retention
We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods include:
- Order and transaction records: Seven (7) years (for tax and accounting compliance);
- Customer service communications: Three (3) years after last interaction;
- Account data (active accounts): For the lifetime of the account, plus up to two (2) years of inactivity before deletion;
- Marketing subscription data: Until you unsubscribe, plus up to two (2) years for suppression list maintenance (to prevent re-subscribing you accidentally);
- Analytics data: Up to twenty-six (26) months in Google Analytics;
- Legal compliance records: As required by applicable law.
15. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These include:
- SSL/TLS encryption for all data transmitted between your browser and our servers;
- Secure, PCI-DSS compliant third-party payment processors that handle all card data;
- Access controls limiting personal information to authorized personnel and service providers;
- Regular security updates to our hosting infrastructure (Kinsta) and platform (WordPress, WooCommerce).
However, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
16. Data Breach Notification
In the event of a security incident involving your personal information that triggers legal notification requirements, we will notify affected users by email or prominent Site notice within the timeframe required by applicable law (typically within seventy-two (72) hours of discovery for GDPR, and consistent with state-specific breach notification statutes). Notifications will describe the nature of the breach, the categories of information involved, steps we are taking, and recommended actions you can take.
17. Anonymized and Aggregated Data
We may anonymize or aggregate personal information so that it can no longer reasonably be linked to you. Such anonymized or aggregated data is not subject to this Privacy Policy and may be used for any lawful purpose, including business research, analytics, and improving our services.
18. Third-Party Links
The Site contains links to third-party websites and services (including Spotify, Apple Music, Bandcamp, YouTube, Instagram, Facebook, TikTok, Mailchimp, Amazon, AliExpress, Elastic Stage, Linkfire, and others). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. The updated Privacy Policy will be posted on this page with a new “Last Updated” date. Material changes will be communicated through prominent notice on the Site or via email where appropriate. Your continued use of the Site after changes are posted constitutes your acceptance of the updated Privacy Policy.
20. Contact Us
For questions about this Privacy Policy, to exercise your privacy rights, or to submit any privacy-related inquiry, please contact us at:
Eaten By Clowns
Privacy Inquiries
Las Vegas, Nevada
Email: eatenbyclowns11@gmail.com
For California, EU/UK, and other jurisdiction-specific requests, please include the relevant jurisdiction in your subject line (e.g., “California Privacy Request” or “GDPR Request”) to expedite processing.