Privacy Policy

Goats Heritage™ ("we," "us," or "our") operates the website goatsheritage.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Site or make a purchase. By using the Site, you consent to the practices described in this policy.

1. Information We Collect

Personal Information

When you create an account, place an order, or contact us, we may collect the following:

• Full name
• Email address
• Phone number
• Billing and shipping address
• Date of birth (required for age verification on tobacco products)
• Account login credentials

Payment Information

Payment transactions are processed through Authorize.Net. We do not store your full credit card number, CVV, or other sensitive payment data on our servers. Authorize.Net handles and encrypts all payment information in accordance with PCI-DSS standards.

Usage Data

We automatically collect certain information when you access the Site, including:

• IP address
• Browser type and version
• Device type and operating system
• Pages visited, time spent on pages, and navigation paths
• Referring website or source
• Date and time of each visit

Cookies and Local Storage

We use cookies and browser storage technologies to enhance your experience. See Section 5 for full details on our cookie practices.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Process and fulfill your orders, including payment processing, shipping, and delivery confirmation
• Verify your age for the purchase of tobacco products in compliance with federal and state law
• Create and manage your account
• Communicate with you about orders, account updates, and customer service inquiries
• Send promotional emails, newsletters, and marketing materials (with your consent)
• Manage membership and subscription services, including recurring billing
• Improve our Site, products, and services through analytics and user feedback
• Detect and prevent fraud, unauthorized access, and other illegal activities
• Comply with legal obligations and enforce our Terms of Service

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with the following third parties solely to operate our business and provide our services:

Service Providers

• Authorize.Net — Payment processing and transaction management
• Resend — Transactional and marketing email delivery
• Google Analytics — Website usage analytics and traffic reporting
• Vercel — Website hosting and content delivery
• Supabase — Database and authentication services
• Shipping carriers — Order fulfillment and delivery

Legal Requirements

We may disclose your information if required to do so by law, in response to a subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

4. Age Verification

Federal and state laws prohibit the sale of tobacco products to individuals under the age of 21. To comply with these regulations:

• All visitors must confirm they are 21 years of age or older before accessing the Site through our age verification gate
• We collect date of birth information during account registration to verify eligibility for tobacco purchases
• Age verification is performed at the time of purchase and may be required again upon delivery
• We reserve the right to cancel any order if age verification cannot be completed
• Age gate confirmation is stored in your browser's sessionStorage and resets when you close your browser

5. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

Essential Cookies

Required for the Site to function properly. These include authentication cookies that keep you logged in and session cookies that maintain your shopping cart.

Age Gate (sessionStorage)

When you confirm your age upon entering the Site, this confirmation is stored in your browser's sessionStorage. This data is automatically cleared when you close your browser tab or window.

Google Analytics

We use Google Analytics to understand how visitors interact with the Site. Google Analytics collects information such as pages visited, time on site, and traffic sources. This data is aggregated and does not personally identify you. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Managing Cookies

Most web browsers allow you to manage cookie preferences through their settings. Disabling certain cookies may limit your ability to use some features of the Site.

6. Data Security

We take reasonable administrative, technical, and physical measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• PCI-DSS compliant payment processing through Authorize.Net
• Secure password hashing and authentication through Supabase
• Regular security reviews and access controls for administrative systems
• Limited employee access to personal information on a need-to-know basis

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you
• Update: You may update your account information at any time by logging into your account settings
• Delete: You may request deletion of your account and associated personal data by contacting us at contact@goatsheritage.com
• Opt-Out of Marketing: You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any promotional email or by contacting us directly
• Cookies: You may manage or disable cookies through your browser settings

To exercise any of these rights, please contact us at contact@goatsheritage.com. We will respond to your request within 30 days.

8. California and State Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale or sharing of your personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights
• The right to correct inaccurate personal information

To submit a request under the CCPA/CPRA, please email us at contact@goatsheritage.com with the subject line "California Privacy Request."

Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with consumer privacy legislation may have similar rights. Please contact us to exercise your rights under applicable state law.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including:

• Account information is retained for the duration of your active account
• Order and transaction records are retained for a minimum of seven (7) years for tax and legal compliance
• Age verification records are retained as required by tobacco regulatory compliance
• Marketing preferences are retained until you opt out or request deletion
• Usage and analytics data is retained in aggregated, anonymized form

Upon account deletion, we will remove your personal information within 30 days, except where retention is required by law.

10. Children's Privacy

Our Site is not intended for individuals under 21 years of age. We do not knowingly collect personal information from anyone under 21. If we become aware that we have collected personal information from a person under 21, we will take steps to delete that information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on the Site. Your continued use of the Site after any changes constitutes your acceptance of the revised policy.

12. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: