Log in Sign up
Cart (0)

Privacy policy

Privacy Policy — DoodCrew Studio

Effective date: November 24, 2025
Last reviewed: November 24, 2025 (We review at least annually.)

DoodCrew Studio (“DoodCrew,” “we,” “us,” “our”) respects your privacy and is committed to transparency about how we collect, use, disclose, and protect personal information. This Policy explains your rights and our obligations under California law (CCPA/CPRA) and U.S. federal law (including COPPA).

If you have questions, contact studio@doodcrew.com.

1) Scope & Applicability

This Policy applies to visitors and customers of our website (studio.doodcrew.com) and any online services we provide (collectively, the “Services”). If you access third‑party sites (e.g., payment processors, shipping carriers), their privacy policies govern their practices. 

We follow the CCPA (as amended by the CPRA), including rights to know, delete, correct, opt‑out of sale/sharing, and limit use of sensitive personal information (SPI), and we honor the Global Privacy Control (GPC) signal. Even if we are not legally required based on statutory thresholds, we voluntarily extend these rights to all U.S. customers for consistency and trust. 

2) What We Collect

We collect the following categories of Personal Information:

  • Identifiers (e.g., name, email, phone, billing & shipping address, IP address, device identifiers). 
  • Commercial information (e.g., products purchased, order history, preferences). 
  • Internet/Network activity (e.g., pages viewed, cookie IDs, analytics, ad interactions).
  • Geolocation data (approximate location from IP; precise location only if you enable it). 
  • Sensitive Personal Information (SPI) we generally do not seek: government IDs; account logins with passwords; precise geolocation; financial account numbers with security codes; health, biometric, or children’s data. If any SPI is collected (e.g., payment card tokens handled by Shopify and processors), we do not use SPI for cross‑context behavioral advertising and provide methods to limit its use

Sources of data: directly from you (checkout, forms, emails), automatically via cookies/GPC, and from service providers (Shopify, payment processors, shipping carriers, fraud/analytics vendors, advertising partners).

3) How We Use Personal Information

We use personal information to:

  • Process orders, payments, returns, customer support, and fulfill contractual obligations. 
  • Operate, secure, and improve our Services (fraud prevention, diagnostics, analytics). 
  • Personalize content and communications; measure marketing performance. 
  • Comply with law, tax, accounting, and enforce our terms; protect against illegal activity. 

We adhere to purpose limitation and data minimization—we collect only what is reasonably necessary and use it only for disclosed purposes. 

4) Sale/Sharing/Targeted Advertising & Your Opt‑Out Rights

We may share certain identifiers, device data, and internet activity with advertising partners for cross‑context behavioral advertising (“sharing” under CPRA) or activities that may be considered a “sale” of personal information under California law. You can opt‑out at any time using our “Do Not Sell or Share My Personal Information” page and we honor GPC signals sent by your browser.
Opt‑out page: https://studio.doodcrew.com/pages/ccpa-opt-out
California requires honoring the GPC signal as a valid opt‑out; we treat it accordingly. [studio.doodcrew.com]

We do not sell personal information for money. Any sharing for advertising is handled under CPRA’s “share” definition, and you may opt‑out. 

5) Sensitive Personal Information & “Limit Use” Rights

If we collect SPI (see §2), we limit its use to essential business purposes (e.g., payment authorization, security, compliance). We do not use SPI for advertising. You may request to limit our use/disclosure of SPI to those essential purposes by emailing studio@doodcrew.com with the subject “Limit SPI.” 

6) Retention

We retain personal information only for as long as reasonably necessary for the purposes listed above, consistent with CPRA’s retention disclosure obligations. Our typical retention schedule:

  • Order & transaction records: up to 7 years for tax/accounting/compliance. 
  • Customer service communications: 24 months (auditing & quality assurance). 
  • Marketing & consent preferences: until you opt‑out or request deletion; then kept minimally for suppression records.
  • Cookies & tracking IDs: per cookie TTL (generally 90 days–2 years, depending on tool).

We delete or de‑identify data when retention is no longer necessary or required. 

7) Your California Privacy Rights (CCPA/CPRA)

You have the right to:

  • Know/Access the categories and specific pieces of personal information we collect, use, share, and disclose. 
  • Delete personal information we collected from you (subject to legal exceptions). 
  • Correct inaccurate personal information. 
  • Opt‑out of sale or sharing for cross‑context behavioral advertising, including honoring GPC
  • Limit the use/disclosure of SPI to essential purposes. 
  • Data portability (receive your data in a usable format). 
  • Non‑discrimination (we won’t deny goods/services, charge different prices, or provide different quality because you exercised your rights). 

How to exercise your rights

  • Web: Use our Opt‑out page (above) and on‑site request tools as available. 
  • Email: studio@doodcrew.com with subject “Privacy Request” and specify Access/Delete/Correct/Limit SPI.
    We will verify and respond within 45 days (extendable by 45 days with notice), consistent with CPRA regulations. 

If we offer financial incentives (e.g., discounts or coupons in exchange for your email), we will provide a Financial Incentive Notice describing material terms; participation is opt‑in and you may opt‑out at any time. 

8) Children’s Privacy (COPPA & CA Minors)

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we will delete it and, where necessary, obtain verifiable parental consent for any permitted collection moving forward, consistent with COPPA (including the 2025 amendments to the Rule). 

For California minors under 16, we do not sell or share personal information without prior opt‑in consent; minors aged 13–15 may opt‑in themselves. Opt‑in can be withdrawn at any time. 

9) Disclosure of Personal Information

We disclose personal information to:

  • Service providers & contractors (e.g., Shopify, payment processors, fraud/analytics, fulfillment/shipping, email providers) strictly for business purposes under written contracts. 
  • Advertising partners (for cross‑context behavioral advertising unless you opt‑out). 
  • Legal/Compliance (to comply with law, enforce terms, or protect rights/safety). 

We require recipients to protect the data and prohibit use beyond our instructions

10) Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information and align with FTC guidance on avoiding unfair or deceptive practices. No method of transmission is perfectly secure; we strive to mitigate risks and promptly address incidents.

11) Non‑Discrimination

We do not discriminate against you for exercising any CCPA/CPRA rights. This includes not denying goods/services, charging different prices, or providing different levels of quality for exercising privacy rights.

12) “Do Not Track” & Global Privacy Control

While some browsers offer Do Not Track (DNT), California recognizes the Global Privacy Control (GPC). We honor GPC signals as opt‑out of sale/sharing for the browser/device session and recommend you also submit a site request for broader coverage. 

13) Shine the Light (California Civil Code §1798.83)

California residents may request a list of third parties to whom we disclosed personal information for direct marketing in the preceding calendar year. We do not disclose personal information to third parties for their own direct marketing purposes; if that changes, we will provide this notice and an opt‑out.

14) International Transfers

If data is transferred outside your state or country (e.g., to service providers in other jurisdictions), we take appropriate steps to ensure protections consistent with this Policy and applicable law.

 

15) Financial Incentive Notice

We may offer financial incentives, such as discounts or coupons, in exchange for your personal information (e.g., email address) when you sign up for our marketing emails.

Description of Incentive:
When you join our email list, you receive a 10% discount on your next purchase.

Categories of Personal Information Collected:
Email address, name (optional), and marketing preferences.

Purpose:
To send you promotional emails, updates, and personalized offers.

Estimated Value Calculation:
The value of your personal information is reasonably related to the cost of providing the incentive. For example, if your average order is $50, the incentive is worth approximately $5.

Opt-In:
Participation is voluntary. By entering your email and clicking “Sign Up,” you consent to this financial incentive.

Right to Withdraw:
You may opt out of marketing emails at any time by clicking “Unsubscribe” in any email or contacting us at studio@doodcrew.com. Opting out will not affect your ability to use any discount already provided.

Non-Discrimination:
We will not discriminate against you for exercising your privacy rights under California law.

16) Changes to This Policy

We will update this Policy at least annually and when our practices change. We will post updates with a new “Last reviewed” date and, where material, provide additional notice. 

17) Contact Us

Questions or requests: studio@doodcrew.com
Postal: DoodCrew Studio, San Marcos, CA (USA)

18) Key Definitions (Summary)

  • Sell / Share: As defined by California law; “share” includes cross‑context behavioral advertising. 
  • Sensitive Personal Information (SPI): Includes precise geolocation; account credentials; government IDs; financial account numbers with security codes; health, genetic/biometric data, etc. 
  • Global Privacy Control (GPC): A browser signal that communicates your opt‑out preference; businesses must honor it where applicable. 
  • Child (COPPA): Under the age of 13; special parental consent rules apply to collection, use, and disclosure. Recent FTC amendments strengthen protections and retention limits.