Privacy Policy

How we protect your data. Because your privacy matters.

Last Updated: November 2025

Introduction

At Rotten Hand, we believe in transparency—not just about our products, but about how we handle your information. This Privacy Policy explains what data we collect, why we collect it, and how we protect it.

We don't sell your data. We don't spam you. We use your information only to fulfill orders, improve your experience, and occasionally send you updates (if you opt in).

Information We Collect

Information You Provide

When you shop with us, create an account, or contact us, we collect:

  • Contact information: Name, email address, phone number, shipping and billing addresses
  • Payment information: Credit card details (processed securely through Stripe—we never store full card numbers)
  • Order history: Products purchased, order dates, shipping preferences
  • Communications: Messages you send us through email, contact forms, or customer support

Information Collected Automatically

When you visit our website, we automatically collect:

  • Device information: IP address, browser type, operating system
  • Usage data: Pages visited, time spent on site, links clicked
  • Cookies: Small data files that help us remember your preferences and cart contents

How We Use Your Information

We use your information to:

  • Process and fulfill your orders
  • Send order confirmations and shipping updates
  • Provide customer support
  • Improve our website and products
  • Prevent fraud and ensure security
  • Send marketing emails (only if you opt in—you can unsubscribe anytime)
  • Comply with legal requirements

How We Share Your Information

We don't sell your personal information. Period.

We share your information only with:

  • Service providers: Shipping carriers (USPS, UPS, etc.), payment processors (Stripe), and email services to fulfill orders and communicate with you
  • Legal authorities: When required by law or to protect our rights and safety
  • Business transfers: In the event of a merger, acquisition, or sale of assets (we'll notify you if this happens)

Your Rights & Choices

You have control over your data. You can:

  • Access your information: Request a copy of the data we have about you
  • Correct your information: Update your account details anytime
  • Delete your information: Request deletion of your account and data (we'll retain order records as required by law)
  • Opt out of marketing: Unsubscribe from emails using the link at the bottom of any marketing message
  • Disable cookies: Adjust your browser settings (though some site features may not work properly)

To exercise any of these rights, email us at info@rottenhand.com.

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy:

  • Account information: Until you request deletion or after 3 years of inactivity
  • Order history: 7 years for tax and legal compliance
  • Payment information: Never stored in full (Stripe handles this); transaction records kept for 7 years
  • Marketing data: Until you unsubscribe or request deletion
  • Website analytics: Aggregated data retained indefinitely; individual session data for 26 months

After the retention period, we securely delete or anonymize your information. Some data may be retained longer if required by law or to resolve disputes.

Data Security

We take security seriously. Your data is protected using:

  • SSL/TLS encryption (HTTPS) for all data transmission
  • Secure payment processing through Stripe (PCI-DSS Level 1 compliant)
  • Encrypted data storage at rest
  • Restricted access to personal information (only authorized personnel with legitimate business needs)
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication for internal systems
  • Secure cloud infrastructure with redundant backups

While no system is 100% secure, we use industry-standard practices to protect your information.

Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify affected users via email within 72 hours of discovering the breach
  • Provide details about what information was compromised
  • Explain the steps we're taking to address the breach
  • Offer guidance on how to protect yourself
  • Report the breach to relevant authorities as required by law

Third-Party Services

We work with trusted third-party service providers to operate our business. These partners may access your information only to perform services on our behalf and are obligated to protect it:

  • Stripe: Payment processing
  • Shipping carriers: USPS, UPS, FedEx for order fulfillment
  • Email service providers: Transactional and marketing emails
  • Analytics: Website performance and user behavior analysis
  • Cloud hosting: Secure data storage and website infrastructure

These providers are contractually required to maintain data security and use your information only for the specific services they provide.

Account Deletion

You can request deletion of your account and personal data at any time by emailing info@rottenhand.com. We will:

  • Delete your account within 30 days of your request
  • Remove personal information from our active systems
  • Retain order records as required by law (tax, fraud prevention)
  • Anonymize data used in aggregated analytics

Note that some information may remain in backup systems for up to 90 days before permanent deletion.

Cookies & Tracking

We use cookies to improve your experience. Cookies help us:

  • Remember items in your shopping cart
  • Keep you logged in between visits
  • Understand how you use our site so we can improve it

You can disable cookies in your browser settings, but some features (like adding items to your cart) may not work.

Third-Party Links

Our website may contain links to third-party sites (like social media). We're not responsible for their privacy practices—please review their policies separately.

Children's Privacy

Our website is not intended for children under 13. We don't knowingly collect data from children. If you believe we've collected information from a child, contact us immediately and we'll delete it.

International Users

Our servers are located in the United States. If you're accessing our site from outside the U.S., your information will be transferred to and processed in the U.S. By using our site, you consent to this transfer.

California Residents (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

  • Know what personal information we collect and how we use it
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we don't sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, email info@rottenhand.com.

European Users (GDPR)

If you're in the European Economic Area, you have rights under GDPR, including:

  • Right to access, correct, or delete your data
  • Right to data portability
  • Right to restrict or object to processing
  • Right to withdraw consent

Contact us at info@rottenhand.com to exercise these rights.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We'll notify you of significant changes via email or a prominent notice on our site.

Contact Us

Questions about privacy? We're here to help.

Rotten Hand

169 Madison Ave STE 15182

New York, NY 10016

Email: info@rottenhand.com