BÆRSKIN OFFERS — UP TO 60% OFF + FREE DELIVERY OVER $119
Privacy Policy
§1. Who We Are
BÆRSkin Tactical Supply Co. is a brand operated by Delaware limited liability companies.
For your region, the controller of personal information is Digital Advice LLC, registered at 1111B S Governors Ave STE 39353, Dover, DE 19904, USA.
In this Privacy Policy, "we", "us", and "our" mean the controller applicable to you.
Contact for privacy matters: privacy@baerskintactical.com.
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it. It applies to baerskintactical.com and its regional sub-paths (the "Site") and to any orders placed through the Site.
It is supplemented by our Cookie Policy and our Subprocessor List.
§2. What Personal Information We Collect
We collect personal information in three ways: (a) information you give us, (b) information we collect automatically when you use the Site, and (c) information we receive from third parties.
2.1 Information you give us
- Order and account data: name, billing address, shipping address, email, phone number, order history.
- Payment data: payment method type and last four digits of card (full card details are processed by our payment processors and not stored by us).
- Customer support data: the content of any communication you send us and any information you choose to share when contacting support.
- Marketing preferences: consent state for email and SMS, including timestamp and method of consent.
- User-generated content: reviews, ratings, photos, comments, and any other content you submit to the Site.
2.2 Information collected automatically
- Device and browser data: IP address, browser type and version, operating system, device identifiers, referrer URL, language preference.
- Usage data: pages visited, products viewed, time on page, click events, search terms, scroll behavior, pseudonymous user IDs.
- Session replay and error monitoring. We record interaction events on the Site (mouse movement, clicks, scroll, page transitions, form interactions excluding the values of password and payment fields) using PostHog (product analytics) and Sentry (error monitoring). These recordings help us diagnose bugs and understand how the Site is used. Recording only occurs after you give consent through our cookie banner where consent is required.
- Cookies and similar technologies: see our Cookie Policy.
- Approximate location: derived from IP address, used for geo-routing and tax/shipping calculation.
2.3 Information from third parties
- Advertising and attribution platforms: conversion events, hashed identifiers, audience signals (Meta, Google Ads, Bing, TikTok, Tatari, Axon).
- Payment processors: payment confirmation, fraud-screening signals.
- Identity and address verification services: where required for fraud prevention.
- Reviews: Trustpilot and similar platforms, where you leave a public review.
§3. Reserved
This section is intentionally left blank.
§4. Why We Use Your Personal Information (Purposes and Legal Bases)
The legal basis column below identifies the lawful basis on which we rely for each processing purpose.
Purposes and Legal Bases
| Purpose | What we do | Legal basis |
|---|---|---|
| Order fulfillment | Process and ship your orders, handle returns and refunds, communicate about your order | Contract performance — GDPR/UK-GDPR Art. 6(1)(b) |
| Customer support | Respond to your inquiries, resolve issues, manage support tickets through Gorgias and Yuma.ai | Contract performance — Art. 6(1)(b); legitimate interest in providing support — Art. 6(1)(f) |
| Account management | Maintain accounts where you create one | Contract performance — Art. 6(1)(b) |
| Fraud prevention and security | Screen orders for fraud, prevent abuse, secure the Site | Legitimate interest — Art. 6(1)(f); legal obligation — Art. 6(1)(c) |
| Marketing emails | Send you promotional emails where you have opted in or, where lawful, on the basis of an existing customer relationship | Consent — Art. 6(1)(a); legitimate interest under "soft opt-in" where applicable |
| Marketing SMS | Send you promotional SMS where you have opted in (operated via Bloomreach using Twilio) | Consent — Art. 6(1)(a) |
| Personalization | Show relevant products and recommendations | Consent (where it relies on non-essential cookies) — Art. 6(1)(a); otherwise legitimate interest — Art. 6(1)(f) |
| Advertising and attribution | Measure ad performance, retarget visitors, optimize ad spend | Consent via Cookie Script — Art. 6(1)(a) |
| Analytics, experimentation, and bug diagnostics | Understand how the Site is used, run experiments and feature tests (PostHog), measure performance (GA4), diagnose errors and crashes (Sentry), record session interactions for diagnostic purposes (PostHog and Sentry) | Consent for non-essential cookies and session replay — Art. 6(1)(a); legitimate interest for aggregated analytics and error monitoring — Art. 6(1)(f) |
| Legal compliance | Tax, accounting, regulatory reporting, responding to lawful requests | Legal obligation — Art. 6(1)(c) |
| Defending legal claims | Investigating, asserting, or defending legal claims | Legitimate interest — Art. 6(1)(f) |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where we rely on legitimate interest, you have the right to object as described in §Your Rights.
§5. Who We Share Your Personal Information With
We share personal information with service providers and partners who process it on our behalf (subprocessors) and, in limited cases, with third parties that act as independent controllers (e.g. advertising platforms acting on their own data-processing terms).
5.1 Categories of recipient
- Hosting, CDN, and infrastructure providers
- Payment processors
- Customer support platforms
- Email, SMS, and CRM platforms
- Analytics, experimentation, error monitoring, and session replay providers
- Advertising and attribution partners
- Tag and consent management platforms
- Reviews platforms
- Tax calculation and remittance providers
- ERP and order management systems
- Professional advisors: lawyers, accountants, auditors, where engaged
- Authorities: law enforcement, regulators, courts where legally required
A complete, current list of named subprocessors with purposes, data categories, and processing locations is maintained at our Subprocessor List.
§6. Reserved
This section is intentionally left blank.
§7. International Data Transfers
We are based in the United States. When you use the Site, your personal information will be transferred to and processed in the US and other countries where our service providers operate.
For transfers from the European Economic Area, the United Kingdom, or Switzerland to countries outside those areas, we rely on:
- Adequacy decisions of the European Commission, the UK government, or the Swiss Federal Council where they apply
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by the UK Addendum and (where relevant) the Swiss FDPIC's adapted clauses
- The EU-US Data Privacy Framework (and its UK and Swiss extensions) where the recipient is certified
We complete and maintain a Transfer Impact Assessment for material transfers and apply appropriate supplementary technical and organizational measures where required.
For information about a specific transfer or to request a copy of the relevant safeguards, contact us at privacy@baerskintactical.com.
§8. Cookies and Tracking Technologies
We use cookies and similar technologies (pixels, tags, SDKs, local storage) for analytics, advertising, personalization, and to operate the Site. Most non-essential tracking only fires after you give consent through our consent banner, which is operated by Cookie Script.
You can change your preferences at any time using the Cookie Preferences link in the Site footer.
For full detail on the cookies and similar technologies in use, the categories they fall into, retention periods, and how to manage them, see our Cookie Policy.
§9. Reserved
This section is intentionally left blank.
§10. How Long We Keep Your Personal Information
We keep personal information only for as long as we need it for the purposes set out in this Policy or as required by law.
Retention Periods by Data Category
| Data category | Retention period or criterion |
|---|---|
| Order data (order info, billing/shipping address, financial records) | 10 years from order date |
| Customer account | For the lifetime of the account; we delete inactive accounts after 36 months unless you ask us to retain them |
| Customer support tickets (Gorgias / Yuma.ai) | For as long as we maintain an active account on the support platform; on platform migration, we typically export the prior 24 months |
| Marketing email consent | Until withdrawal of consent, plus a record of the withdrawal for 3 years |
| SMS consent (Bloomreach / Twilio) | Until opt-out, plus a record of the opt-out for the period required by US TCPA recordkeeping rules |
| Cookie consent records (Cookie Script) | 12 months, or until you update or withdraw consent |
| Bloomreach customer profile | Until you request deletion or 36 months of inactivity, whichever comes first |
| Google Analytics 4 | 14 months |
| PostHog event data | 12 months |
| PostHog session recordings | 30 days |
| Sentry error event data | 30 days |
| Sentry session recordings | 30 days |
| Returns and refunds records | 10 years from the return |
| Web server / access logs | 90 days |
| Email engagement data (Bloomreach) | 2 years |
Where you exercise a right of erasure, we delete or anonymise the data unless we have a legal obligation, lawful interest, or contractual basis to retain specific items (for example, transactional records for tax purposes). Where we retain data after an erasure request, we restrict its processing to the purpose that requires retention.
§11. Your Rights
You have the right to:
- Access the personal information we hold about you and receive a copy of it
- Rectify inaccurate or incomplete information
- Delete your personal information, subject to legal exceptions (we may need to retain certain records for tax, accounting, fraud prevention, or to defend legal claims)
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest, including profiling for direct marketing
- Withdraw consent at any time where processing is based on consent
- Receive a copy of personal information you provided to us in a structured, commonly used, machine-readable format and (where technically feasible) have it transmitted to another controller (data portability)
- Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects on you. We do not currently use automated decision-making in this sense.
- Lodge a complaint with a data protection supervisory authority in your jurisdiction (see the supervisory authority sections below)
To exercise any of these rights, contact us at privacy@baerskintactical.com or use our contact form. We will respond within the period required by your local law.
We may need to verify your identity before responding to a request. We will not discriminate against you for exercising any of your rights.
§12. Marketing and Communications
You can opt in to marketing communications at signup or in your account preferences. You can opt out at any time by:
- Clicking the unsubscribe link in any marketing email
- Replying STOP to any SMS message
- Updating your preferences in your account
- Contacting us at privacy@baerskintactical.com
Transactional and service communications (order confirmations, shipping updates, customer support replies) are not marketing and continue regardless of your marketing preferences.
§13. Security
We use technical and organizational measures appropriate to the risks involved in processing personal information, including encryption in transit, access controls, principle-of-least-privilege for our staff, vendor security review, and incident response procedures. No system is perfectly secure; you should keep your account credentials confidential and contact us immediately if you suspect unauthorized access.
§14. Region-Specific Rules
This section sets out region-specific rights, supervisory authorities, and complaint mechanisms. Each subsection applies to consumers in the relevant region; subsections that do not apply to your region are marked as intentionally left blank.
§14.1. Reserved
This section is intentionally left blank.
§14.2. Reserved
This section is intentionally left blank.
§14.3. European Union / EEA — Supervisory Authority
You have the right to lodge a complaint with the supervisory authority in the EEA member state where you live, work, or where the alleged infringement took place. Contact details for each authority are at edpb.europa.eu/about-edpb/board/members.
Data Protection Officer: we have not appointed a formal DPO under GDPR Article 37 because our processing activities do not meet the mandatory triggers. For privacy matters, contact privacy@baerskintactical.com.
§14.4. Reserved
This section is intentionally left blank.
§14.5. Reserved
This section is intentionally left blank.
§14.6. Reserved
This section is intentionally left blank.
§14.7. Reserved
This section is intentionally left blank.
§14.8. Reserved
This section is intentionally left blank.
§15. Children
The Site is not intended for children under 16 (or the equivalent age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@baerskintactical.com and we will delete it.
§16. Changes to This Policy
We may update this Policy. The "Last updated" date at the top reflects the most recent change. Material changes take effect 30 days after we post the updated Policy (or, where required by law, after we provide notice).
The current version of this Policy is the only version that applies. We do not maintain a public version archive.
§17. Contact
For privacy matters: privacy@baerskintactical.com
Postal address:
Digital Advice LLC
1111B S Governors Ave STE 39353
Dover, DE 19904, USA
Last updated:
