Free shipping on orders over $99

PRIVACY POLICY

Last Updated: April 2, 2026

Scope: This Privacy Policy describes how Phat Panda ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit phatpanda.com ("the Site"), make a purchase, subscribe to our communications, or otherwise interact with us. By using the Site, you consent to the practices described in this Policy.

Information You Provide: We collect personal information that you voluntarily provide, including: your full name, email address, shipping and billing address, phone number, payment information (credit/debit card details processed securely through our payment processor), date of birth or age confirmation for legal compliance, account login credentials, and any communications you send us (e.g., customer service inquiries, product reviews, or survey responses).

Information Collected Automatically: When you visit the Site, we automatically collect certain technical and usage data, including: your IP address, browser type and version, operating system, device type and identifiers, pages visited and time spent on each page, referral source (how you found us), click patterns and navigation paths, and date and time of each visit. This data is collected through cookies, pixels, and similar tracking technologies.

Cookies & Tracking Technologies: We use the following categories of cookies and tracking technologies: (a) Essential Cookies — required for the Site to function properly, including shopping cart, checkout, and age verification; (b) Analytics Cookies — PostHog analytics to understand how visitors interact with our Site, helping us improve user experience and site performance; (c) Marketing Cookies — Klaviyo for email marketing personalization and campaign performance tracking. You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect Site functionality. Most browsers allow you to block or delete cookies, though doing so may impact your experience on our Site.

How We Use Your Information: We use your personal information for the following purposes: to process and fulfill your orders, including shipping and delivery; to verify your age and eligibility to purchase hemp products; to communicate with you about your orders, account, and customer service inquiries; to send promotional emails and marketing communications (only with your explicit consent); to improve our Site, products, and customer experience; to detect, prevent, and address fraud, security issues, and technical problems; to comply with legal obligations, including tax reporting and regulatory compliance; and to enforce our Terms of Service and other policies.

Third-Party Service Providers: We share your personal information only with trusted third-party service providers who assist us in operating our business. These include: Shopify (e-commerce platform and order management), payment processors (secure credit card processing — we never store your full card number), shipping carriers (name, address, and phone number for delivery and age verification), PostHog (anonymized website analytics and user behavior insights), and Klaviyo (email marketing and communication management). Each provider is contractually obligated to protect your data and use it only for the specific services they provide to us. We do not sell, rent, or trade your personal information to any third party for their own marketing purposes. We may also disclose your information when required by law, court order, or governmental regulation, or when necessary to protect our rights, property, or safety.

Data Retention: We retain your personal information for as long as necessary to fulfill the purposes for which it was collected. Specifically: order and transaction records are retained for a minimum of seven years for tax and legal compliance; account information is retained for as long as your account remains active; marketing preferences are retained until you opt out or request deletion; age verification data is stored as a session cookie and is not permanently retained; and analytics data is retained in aggregated, anonymized form.

Data Security: We implement commercially reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption for all data transmitted between your browser and our servers, PCI-DSS compliant payment processing (we never store full credit card numbers), access controls limiting employee access to personal data on a need-to-know basis, and regular security assessments of our systems and processes. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Your Rights: You have the following rights regarding your personal information: the right to access the personal data we hold about you; the right to request correction of inaccurate or incomplete data; the right to request deletion of your personal data (subject to legal retention requirements); the right to opt out of marketing communications at any time by clicking "unsubscribe" in any email or contacting us directly; and the right to request a portable copy of your data in a commonly used format. To exercise any of these rights, contact us at privacy@phatpanda.com. We will respond to your request within 30 days.

California Privacy Rights (CCPA/CPRA): If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect, use, and disclose; the right to request deletion of your personal information; the right to opt out of the "sale" or "sharing" of personal information (note: Phat Panda does not sell your personal information); the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising your privacy rights. To submit a CCPA request, email privacy@phatpanda.com with the subject line "CCPA Request." We will verify your identity before processing your request.

Do Not Track Signals: Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Because there is no uniform standard for interpreting DNT signals, our Site does not currently respond to DNT signals. However, you can manage your tracking preferences through your browser's cookie settings and through the opt-out mechanisms described above.

Children's Privacy & Minors: Our Site and products are intended exclusively for adults aged 21 and older. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 21. We do not direct any marketing or advertising toward minors. If we learn that we have collected personal information from an individual under 21, we will take immediate steps to delete that information. If you believe a minor has provided us with personal information, please contact us immediately at privacy@phatpanda.com.

Age Verification Data: We collect age verification data solely to comply with federal and state laws governing the sale of hemp-derived products. Your age confirmation is stored as a browser cookie and is not linked to your personal profile, account, or order history. This data is used exclusively for legal compliance and is not shared with third parties for any other purpose.

Data Breach Notification: In the unlikely event of a data breach that compromises your personal information, we will notify affected individuals and relevant authorities in accordance with applicable federal and state data breach notification laws. Notification will include the nature of the breach, the types of information involved, and the steps we are taking to address the situation.

Changes to This Policy: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our Site. We encourage you to review this Policy periodically.

Contact Us: If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@phatpanda.com or write to: Phat Panda, Attn: Privacy, Washington State, United States.