Privacy policy

Account information

If you create an account: your name, email, and a hashed password. We do not store your password in plaintext — only a cryptographically hashed version that we cannot recover.

Order information

When you check out: your billing and shipping address, phone number (optional, used only for delivery questions), and the items in your order. We retain this for tax recordkeeping and to support warranty claims later.

Payment information

Payment card numbers are handled entirely by Stripe, our PCI-DSS Level 1 payment processor. We receive only a token, the last 4 digits, the card brand (Visa, etc.), and the result of the charge. We never see or store full card numbers, CVVs, or expiration dates.

Usage & analytics information

Server logs include IP address, user agent, requested URL, and response code. These are kept for 30 days for operational debugging and abuse prevention, then deleted.

We also run our own first-party analytics to understand which pages are useful and to fix problems. We record pageviews on our own servers — the page visited, the referring page, your IP address, browser user-agent, and an anonymous analytics ID (see Cookies below). This data stays on our infrastructure, is never sent to an outside advertising network, and is used only to improve the catalog and the shopping experience.

• To fulfill your orders — we forward shipping details to Ingram Micro for fulfillment.
• To send transactional email (confirmation, tracking, return acknowledgments).
• To respond when you contact support, returns, warranty, or sales.
• To prevent fraud and protect against abuse.
• To meet legal obligations (tax recordkeeping, lawful requests).

We do notuse your data for advertising profiling, we don’t sell it, we don’t share it with data brokers, and we don’t send marketing emails by default.

We use a small number of first-party cookies, and no third-party advertising trackers:

• Session cookie — keeps you signed in (expires when you sign out or after 30 days idle).
• Cart cookie — remembers items in your cart between visits.
• Analytics cookie (airtaz_aid) — an anonymous, randomly-generated ID that lets us count visits and see which pages are useful. It is not linked to your identity unless you are signed in, expires after 90 days, and is never shared with third parties.
• Recent-searches cookie (airtaz_searches) — stores your last few search terms so we can show them back to you. Stays on your device for 90 days; clear it anytime by clearing your browser cookies.

We do not use Google Analytics, Facebook Pixel, or any cross-site advertising trackers, and we do not embed third-party marketing scripts. Our analytics are first-party and anonymous — we run them on our own servers and never send your browsing data to an outside ad network.

We only share data with the third parties required to operate the business:

• Stripe — payment processing
• Ingram Micro — order fulfillment (your shipping address and order contents are sent to them)
• Carriers (UPS, FedEx) — delivery
• Resend — transactional email delivery
• Tax authorities and law enforcement — only when legally required

You have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate information
• Delete your account and associated data
• Portability — receive your data in a machine-readable format
• Opt out of any non-essential data uses (we have none currently, but the right stands)

To exercise any of these, email privacy@airtaz.com. We respond within 30 days and require email verification to prevent fraudulent requests against accounts that aren’t yours.

California residents have additional rights under the CCPA, including the right to know what personal information is sold or shared (we don’t do either) and the right to non-discrimination for exercising those rights.

• Order records — kept for 7 years for tax purposes, then deleted.
• Account information — kept until you delete your account.
• Support emails — kept for 2 years, then deleted.
• Server logs — 30 days.
• Anonymous analytics (pageviews) — retained for trend analysis; not linked to your identity unless you were signed in, and never sold or shared.

All traffic to the site is encrypted with HTTPS (TLS 1.2+). Account passwords are hashed with industry-standard algorithms. Payment data never touches our servers. We restrict internal access to customer data to the minimum number of employees needed to operate the business.

If we ever experience a data breach affecting your information, we’ll notify you within 72 hours per applicable law.

Airtaz is not directed at children under 13. We don’t knowingly collect data from anyone under 13. If you believe we have, contact privacy@airtaz.comand we’ll delete it.

We may update this policy as our practices evolve. Material changes will be announced by email to active customers and posted here with a new “last updated” date.

Privacy questions, data requests, or concerns: privacy@airtaz.com. General questions live on the contact page.