Privacy Policy

Privacy Policy

Effective date: November 17, 2025

This Privacy Policy describes how Box Turtle LLC (“we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you visit or transact on boardturtle.com (the “Site”). This is general information and not legal advice.

Who We Are

  • Business: Box Turtle LLC
  • Website: https://boardturtle.com
  • Public address: Twin City, GA, USA
  • Contact: [email protected]
  • Data controller: Box Turtle LLC

Scope

This Policy applies to:

  • Visitors and users of the Site
  • Customers who purchase products via our WooCommerce store
  • Individuals who contact us or interact with our content (including comments and embedded content)

Information We Collect

A) Information you provide

  • Account and profile: name, email, password, display name, preferences
  • Orders and checkout: name, billing and shipping address, email, phone, order notes, items purchased, and other details submitted during checkout
  • Payments: We use Stripe to process payments. We do not receive or store full payment card numbers. Stripe collects and processes payment information per its privacy policy (https://stripe.com/privacy)
  • Communications: messages you send us (support requests, surveys, forms)
  • Comments: information submitted in comment forms, plus the data noted in “Comments” below

B) Information collected automatically

  • Device and usage data: IP address, browser type and version, device identifiers, operating system, referring/exit pages, timestamps, pages viewed, and clicks
  • Cookies and similar technologies: see “Cookies and Similar Technologies” below
  • Log-in and security events: attempts, resets, errors, and related metadata

C) Information from third parties

  • Payment processing: Stripe (transaction confirmations, fraud indicators)
  • Anti-spam and security tools: automated spam detection services
  • Gravatar: an anonymized hash of your email may be sent to Gravatar to check for an associated avatar (https://automattic.com/privacy/)

How We Use Your Information

We use personal information to:

  • Operate and provide the Site and store (including order fulfillment and support)
  • Process payments and prevent fraud
  • Manage accounts and authenticate users
  • Communicate about orders, updates, and service notices
  • Improve the Site, products, and user experience
  • Comply with legal, tax, and accounting obligations
  • Enforce our terms and protect security and integrity

Legal bases for processing (EU/UK visitors): consent (where required), performance of a contract, legitimate interests (e.g., site security and improvement consistent with privacy expectations), and compliance with legal obligations.

Ecommerce and Payments

  • WooCommerce: Our store runs on WooCommerce, which stores necessary order data in our site database to process and fulfill orders, handle refunds, taxes, shipping, and maintain transaction records.
  • Stripe: Payments are processed by Stripe. Stripe may act as an independent controller for certain data. Your payment data is handled per Stripe’s privacy policy: https://stripe.com/privacy.
  • We do not store full credit card numbers on our servers.

Comments

  • When visitors leave comments, we collect the data shown in the comments form, the commenter’s IP address, and browser user agent string to help with spam detection and site security.
  • An anonymized string (hash) of your email address may be provided to the Gravatar service to determine if you are using it. After approval of your comment, your profile picture may be visible to the public in the context of your comment. Gravatar privacy: https://automattic.com/privacy/.

Media

  • If you upload images, avoid uploading images with embedded location data (EXIF GPS). Visitors to the Site can download and extract location data from images on the Site.

Cookies and Similar Technologies

A) What we set

  • Convenience cookies: If you leave a comment, you may opt in to saving your name, email, and website in cookies so you do not have to re-enter details. These last up to 1 year.
  • Session and login cookies: We set a temporary cookie to check if your browser accepts cookies; it is discarded when you close your browser. When you log in, we set cookies to save login information and screen/display choices. Login cookies last up to 2 days; screen option cookies last up to 1 year. If you select “Remember Me,” login persists for 2 weeks. Logging out removes login cookies.
  • Editor cookie: If you edit or publish an article, an additional cookie indicating the post ID of the article you edited may be set and expires after 1 day.
  • WooCommerce cookies: Used to keep track of cart contents, sessions, and checkout flow to fulfill orders.

B) Managing cookies

  • You can control cookies via your browser settings and, where available, our cookie controls. Disabling certain cookies may affect site functionality.

Embedded Content From Other Websites

  • Articles on this Site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves as if you visited the other website directly.
  • These websites may collect data, use cookies, embed additional third‑party tracking, and monitor your interaction with embedded content (including tracking if you have an account and are logged in to that service).
  • Review the privacy policies of any third-party services you interact with.

Sharing and Disclosure

We share personal information as needed with:

  • Service providers and subprocessors who help operate the Site and store (e.g., hosting, security, spam detection, email delivery, payment processing via Stripe). These parties are bound by contractual obligations to protect your data.
  • Payment processor: Stripe (https://stripe.com/privacy)
  • Anti-spam/security services: Automated spam detection services for comments and forms
  • Compliance and safety: If required by law, legal process, or to protect rights, safety, and security
  • Business transfers: In the event of a merger, acquisition, or asset sale, information may be transferred consistent with this Policy

We do not sell personal information. We also do not “share” personal information for cross-context behavioral advertising as defined by California law. If our practices change, we will update this Policy and provide required mechanisms.

Data Retention

  • Comments: We retain comments and associated metadata indefinitely to recognize and auto-approve follow-ups.
  • Accounts: For registered users, we store the personal information in the user profile. Users can see, edit, or delete their personal information at any time (except username). Site administrators can also view and edit that information.
  • Orders: We retain order, transaction, and related records for as long as needed to fulfill the order and for legal, tax, and accounting requirements (often 3–7 years, subject to applicable law).
  • Security logs: Retained for a commercially reasonable period for security and auditing.
  • Where retention is based on consent, we delete upon withdrawal unless another legal basis applies.

Your Rights

A) General
Subject to applicable law, you may have the right to request:

  • Access to the personal information we hold about you
  • Correction of inaccurate or incomplete information
  • Deletion of your personal information
  • Restriction or objection to certain processing
  • Portability of your personal information in a commonly used format
  • Withdrawal of consent where processing is based on consent

To exercise rights, contact [email protected]. We may need to verify your identity.

B) EU/UK residents

  • You have the rights listed above under the GDPR/UK GDPR and the right to lodge a complaint with your local supervisory authority.

C) US state privacy rights (e.g., CA, CO, CT, VA)

  • Depending on your state, you may have rights to know/access, correct, delete, and opt out of certain processing (e.g., targeted advertising, sale, or profiling).
  • We do not sell personal information and do not share it for cross‑context behavioral advertising. If our practices change, we will update this Policy and provide required mechanisms.
  • Authorized agents may submit requests where permitted by law.

Do Not Track and Global Privacy Control

  • Some browsers offer “Do Not Track” or Global Privacy Control (GPC) signals. There is no uniform industry standard for DNT, but where applicable law requires recognition of GPC as an opt-out signal for “sale” or “sharing,” we will honor it. Because we do not sell or share personal information for cross‑context advertising, such requests generally have no effect on our current practices.

International Transfers

  • We are based in the United States. If you access the Site from outside the U.S., your information may be transferred to, stored in, or processed in the U.S. and other countries that may have different data protection laws.
  • Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses.

Security

  • We use administrative, technical, and physical safeguards designed to protect personal information (e.g., HTTPS, access controls, and least‑privilege practices). No method of transmission or storage is fully secure; we cannot guarantee absolute security.

Children’s Privacy

  • Our Site is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us to request deletion.

Third-Party Links

  • The Site may link to third‑party websites or services. We are not responsible for their privacy practices. Review their policies before providing personal information.

Changes to This Policy

  • We may update this Policy from time to time. Changes will be posted on this page with an updated effective date. Material changes may be communicated by additional notice.

Contact Us

  • Email: [email protected]
  • Address: Box Turtle LLC, 2485 GA Highway 192 S, Twin City, GA, 30471, USA

WordPress and WooCommerce Specifics

  • If you visit our login page, we set a temporary cookie to determine if your browser accepts cookies. It contains no personal data and is discarded when you close your browser.
  • When you log in, we set cookies to save your login information and screen display choices. Login cookies last up to two days; screen options cookies last up to one year. If you select “Remember Me,” your login persists for two weeks. Logging out removes login cookies.
  • If you edit or publish an article, an additional cookie will be saved in your browser indicating the post ID of the article you just edited. It expires after 1 day.
  • Visitor comments may be checked through an automated spam detection service.