1. Overview. We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information collected through our website and related services, including payments processed via Square.

2. Information we collect. We may collect the following categories of personal information:
a. Contact information: name, email address, phone number, mailing address.
b. Billing and payment information: billing address and payment method details processed by Square. We do not store full payment card numbers.
c. Technical and usage data: IP address, browser and device identifiers, operating system, pages visited, referring URL, and other usage metrics.
d. Cookies and similar tracking technologies: for analytics, security, and site functionality.
e. Other information you provide when you contact us or sign up for services.

3. How we use your information. We use personal information to:
a. Provide, maintain, and improve our services and fulfill orders and payments.
b. Process payments securely through Square.
c. Communicate with you about orders, accounts, updates, and customer support.
d. Send marketing communications where you have consented and allow you to opt out.
e. Detect, prevent, and respond to fraud, security incidents, or abusive behavior.
f. Comply with legal and tax obligations.

4. Payment processing (Square). We use Square, Inc. to process payments. Square collects and processes payment information under its privacy and security practices. We do not receive or store full card numbers or other sensitive payment credentials; Square securely processes and stores such data. Please see Square’s Privacy Policy for details.

5. Legal bases for processing (where applicable). Where applicable, we process personal information based on:
a. Contractual necessity: to perform our contract with you or to complete transactions.
b. Consent: when you have provided consent (for example, for marketing).
c. Legitimate interests: for fraud prevention, security, and service improvements, balanced against your rights.
d. Legal obligations: to comply with laws and regulatory requirements.

6. Data retention. We retain personal information only as long as necessary for the purposes described or to satisfy legal, tax, or accounting requirements. Payment and billing records may be retained for up to seven (7) years for accounting and compliance purposes unless a different retention period is required by law.

7. Sharing and disclosure. We may share personal information with:
a. Square, to process payments.
b. Service providers that host our website, provide analytics, email delivery, and other business services.
c. Legal, regulatory, or law enforcement authorities when required by law or to protect our rights. We do not sell or rent personal data to third parties.

8. International transfers. If personal data is transferred outside your jurisdiction, we will use appropriate safeguards to protect it (for example, contractual protection and industry-standard security measures).

9. Iowa consumer privacy provisions (Iowa residents). If you are an Iowa resident, the provisions below apply in addition to the general terms above.
a. Iowa consumer rights. Subject to verification and applicable exceptions, Iowa residents may have the right to:
i. Access: Confirm whether we process personal data and obtain a copy of the personal data we maintain about you.
ii. Correction: Request correction of inaccurate personal data.
iii. Deletion: Request deletion of personal data we maintain, subject to certain exceptions (for example, where data is necessary to complete transactions, comply with a legal obligation, or for security/fraud prevention).
iv. Data portability: Request a copy of personal data in a portable, machine-readable format to transmit to another entity, when technically feasible.
v. Opt-out of targeted advertising, sale of personal data, and certain profiling where applicable.
vi. Non-discrimination: Exercise of these rights will not result in discriminatory treatment (such as denial of goods or services) except where allowed by law.
b. Scope and exemptions. Certain categories of data and processing activities are excluded from these rights where applicable (for example, data covered by federal laws like HIPAA or GLBA, employment-related data, and certain B2B contexts). Small business or statutory exemptions may apply; contact us for clarification if you believe an exemption is relevant.
c. How to submit an Iowa request. To exercise any Iowa consumer right, contact us at:
Email: se*********@***il.com
Mailing address: 2149 Franklin Road, Donnellson, IA, 52625.
Provide sufficient information to identify yourself and the request. We may request additional information to verify your identity prior to fulfilling the request.
d. Verification and response timeframe. We will verify your identity and respond in accordance with applicable law. We generally aim to acknowledge and resolve verified requests promptly and will notify you if we require additional time or information.
e. Authorized agents. You may designate an authorized agent to submit requests on your behalf. We may require written authorization and verification of both the consumer’s and agent’s identities before processing such requests.
f. Appeals and enforcement. If you are unsatisfied with our response to an Iowa privacy request, contact us at se*********@***il.com. You may also have the right to lodge a complaint with the applicable enforcement authority under applicable law.

10. Your rights (general). Subject to applicable law, you may have the right to:
a. Access the personal information we hold about you.
b. Request correction or deletion.
c. Withdraw consent where processing is based on consent.
d. Object to or restrict processing under certain circumstances.
e. Lodge a complaint with a supervisory authority.
To exercise any rights, contact se*********@***il.com. We may require proof of identity to verify requests.

11. Security. We employ reasonable administrative, technical, and physical safeguards to protect personal information against accidental or unlawful loss, access, disclosure, alteration, or destruction. No internet transmission or storage can be guaranteed 100% secure.

12. Cookies and tracking. We use cookies and similar technologies for functionality, analytics, security, and advertising. You can control cookies through your browser settings; disabling cookies may limit features. Our website does not honor Do Not Track (DNT) browser signals.

13. Children. Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us to request removal.

14. Notifications of changes. We may update this Privacy Policy. Material changes will be posted to this page with an updated effective date. Non-material changes may be made without prior notice.

15. Contact. For questions or requests related to this Privacy Policy:

Mailing address: 2149 Franklin Road, Donnellson, IA 52625
Email: se*********@***il.com