Privacy policy

PRIVACY POLICY

Effective and last updated: July 12, 2026

Clawfoot Productions LLC, doing business as Cuffstore ("Cuffstore," "we," "us," or "our"), operates https://www.cuffstore.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit the Site, create an account, communicate with us, or make a purchase.

Because Cuffstore sells adult products, information about products you browse or buy can be particularly private. We describe our practices below and use that information only for the purposes stated here, subject to applicable law.

1. PERSONAL INFORMATION WE COLLECT

Depending on how you interact with us, we may collect:

• Contact and account information, such as your name, email address, telephone number, billing and shipping addresses, login credentials, and account preferences.
• Order and transaction information, such as products viewed, placed in a cart, purchased, returned, or reviewed; order history; amounts paid; delivery information; and communications about an order.
• Payment-related information. Our payment processors receive payment card or account details needed to process a transaction. Cuffstore generally receives transaction identifiers, payment status, payment method type, billing details, and limited card details such as brand and last digits, rather than a complete card number or security code.
• Communications and content, such as customer-service messages, return requests, survey answers, reviews, photographs, and feedback you choose to submit.
• Device, network, and usage information, such as IP address, browser and device type, operating system, cookie or similar identifiers, referring pages, pages and products viewed, interactions, and approximate location derived from IP address. Configured tracking also records ecommerce events including view_item, add_to_cart, begin_checkout, add_payment_info, and purchase. Depending on the event, the data can include product identifiers or names, adult-product context, cart or order value, transaction identifiers, and device or cookie identifiers.
• Fraud-prevention and compliance information, such as transaction risk signals, age-gate or eligibility confirmations, and records needed to investigate suspected fraud or comply with law. Our age-verification tool may process the information you submit to confirm eligibility; unless a particular verification screen clearly requests more, do not submit an identification document.
• Marketing and privacy preferences, such as email subscription status and subscription date, any separately maintained SMS subscription status, checkout, sign-in, or signup-form choices, cookie-banner choices, data-sharing opt-outs, and records of consent, withdrawal, or opt-out. We do not currently offer Omnisend SMS marketing.

We collect information directly from you, automatically through the Site, and from service providers involved in a transaction or Site operation, such as Shopify, payment processors, fraud-prevention providers, and delivery carriers.

Please do not send us medical information or other sensitive information that we do not request.

2. HOW WE USE PERSONAL INFORMATION

We use personal information to:

• provide the Site and maintain your account;
• process payment, accept and fulfill orders, arrange delivery, and handle returns, refunds, and support;
• authenticate users and protect the Site, customers, and our business against fraud, abuse, security incidents, and illegal activity;
• communicate about accounts, orders, product safety, policy changes, and customer-service requests;
• send email marketing where you sign up or otherwise validly consent under applicable law, and honor unsubscribe, withdrawal, and privacy choices;
• understand Site performance and improve products, services, accessibility, and user experience;
• comply with tax, accounting, consumer-protection, legal-process, and other legal obligations; and
• establish, exercise, or defend legal claims.

We may create aggregated or de-identified information and use it for lawful purposes. We will not attempt to reidentify information treated as de-identified where the law prohibits reidentification.

2A. LEGAL BASES FOR EEA AND UK PROCESSING

Where the EU GDPR or UK GDPR applies, our legal basis depends on the purpose and context:

• Contract or steps requested before contract: providing the Site features you request; maintaining your account; processing payment; accepting, fulfilling, delivering, returning, refunding, and supporting an order; and sending service communications needed for those activities.
• Legitimate interests: securing and administering the Site; preventing fraud and abuse; improving products, accessibility, and user experience; measuring non-consent-dependent service performance; responding to ordinary inquiries; and establishing, exercising, or defending legal claims. We rely on this basis only after considering necessity, proportionality, and your interests, rights, and reasonable expectations.
• Consent: sending marketing or using nonessential cookies, pixels, personalized advertising, or similar technologies where applicable law requires consent. You may withdraw consent at any time without affecting processing that was lawful before withdrawal.
• Legal obligation: meeting tax, accounting, consumer-protection, product-safety, sanctions, lawful-process, and other legal requirements that apply to us.
• Legal claims or another applicable legal condition: retaining or disclosing information where necessary to establish, exercise, or defend legal claims or where another condition permitted by applicable law applies.

Adult-product activity may reveal or permit an inference about sexuality and could be special-category data in some contexts. Where Article 9 of the EU GDPR or UK GDPR applies, we will process such data only when an applicable Article 9 condition is satisfied, such as explicit consent where appropriate, or another condition permitted by law. A contract basis under Article 6 alone does not establish an Article 9 condition.

3. WHEN WE DISCLOSE PERSONAL INFORMATION

We disclose personal information only as reasonably necessary for the purposes described above:

• Shopify hosts and supports our ecommerce store, checkout, customer accounts, consent controls, and Shopify pixel infrastructure used for analytics and marketing. If we enable a custom pixel in the future, we will update this Policy as appropriate and apply the required consent and opt-out controls. Shopify processes Site, device, event, customer, and transaction information on our behalf or as otherwise described in Shopify's privacy materials. Shopify Network Intelligence is enabled and may use customer interaction data to help personalize services, measure performance, and support advertising as described in Shopify's privacy materials. Depending on applicable law, you may have a right to opt out of covered sale, sharing, or targeted advertising as described in Section 5.
• Authorize.net and PayPal are configured payment providers and may process payments when their methods are available at checkout and you select one. Their independent privacy notices also apply to information they process for their own purposes.
• NA Age Verification supports our adult-only age gate and may process an eligibility response and related device or access information needed to operate the gate.
• Omnisend supports our email campaigns, email signup forms, welcome messages, cart, checkout, product-view, and browse recovery messages, post-purchase and cross-sell messages, back-in-stock notifications, VIP and repeat-customer messages, customer reactivation, dynamic product recommendations, consent-gated storefront behavioral tracking, and Shopify synchronization. It operates a configured Shopify pixel and integration and, depending on your interaction with us, may process email address, name, telephone number, billing and shipping contact information, customer and account identifiers, Shopify tags, email subscription status and date, order and purchase history, product, inventory, page-view, product-view, cart, checkout, payment, fulfillment, cancellation, refund, and back-in-stock events, message-delivery and engagement activity, browser or session identifiers, and consent-permitted storefront activity. Event records can include product, variant, SKU, quantity, price, discount, currency, shipping, order, recovery, status, and tracking details. Shopify is the primary source for checkout email-marketing status; that status synchronizes to Omnisend, and an email address supplied without marketing consent remains non-subscribed. We do not currently use Omnisend SMS, review requests, or Omnisend Price Drop. Email consent, any future SMS consent, cookie-based tracking consent, and sale or data-sharing choices are separate permissions; receiving an operational event does not subscribe a customer or authorize marketing. Shopify classifies the configured Omnisend pixel for analytics, marketing, and sale-of-data purposes.

Omnisend's consent setting uses Shopify's Customer Privacy API permissions for analytics, marketing, preferences, and sale of data, including consent-change notifications. Before the required consent is given, and after a visitor declines, the Omnisend pixel should not create its consent-controlled tracking cookies or collect consent-controlled identifiable page-view, product-view, category-view, or add-to-cart activity. When consent is withdrawn, those tracking cookies should be removed and future consent-controlled behavioral collection should stop; information lawfully collected before withdrawal may remain until it is deleted under the applicable retention or privacy-request process. Shopify may deliver a previously registered browser event after consent is later granted, so the time Omnisend receives an event may differ from the time of the underlying interaction.

This cookie control does not govern every Shopify integration disclosure. Started-checkout, order, purchase, customer, and server-side synchronization may be sent to Omnisend even when a visitor declines nonessential browser tracking. We use those operational records only as needed to take steps you request, fulfill and support orders, send necessary service communications, meet legal or recordkeeping obligations, and prevent fraud or secure the service, as applicable. They are not used to enroll a person in marketing without the separate marketing status required by law. Where EU or UK law applies, the corresponding Article 6 basis is contract or requested pre-contract steps, legal obligation, or a documented legitimate interest in fraud prevention and security, depending on the specific purpose. If an operational record constitutes special-category data, an Article 6 basis alone is not sufficient and a separate Article 9 condition is required.
• Google receives data through Google Analytics and advertising services for measurement and analytics. The configured events include search, page_view, view_item_list, view_item, view_cart, add_to_cart, remove_from_cart, begin_checkout, add_shipping_info, add_payment_info, and purchase, with "share all events" enabled. Event data may include online identifiers and product, adult-product, cart, checkout, or order context. Google may process this information under its own terms and privacy materials.
• Pify AI Contact Form Builder supports inquiries and may process the contact details, form responses, message content, and files you choose to submit. A form may also send a submission to a destination that the form identifies or that we configure for support, such as our email account or a connected spreadsheet or service. Do not include medical information or other sensitive information that the form does not request.
• Messaging by Shopify is installed as a Shopify-operated email and SMS marketing tool. If we activate or use it, Shopify may process contact details, subscription status, customer segments, order or product context, message content, and delivery or engagement information under Shopify's privacy materials. Installation does not mean that its email, SMS, automation, or analytics features are active, and we will not treat an operational record as marketing consent.
• We use ShipStation for shipping and fulfillment operations. Its Shopify connection processes order, product, and related operational data. When needed to fulfill or support a shipment, ShipStation, fulfillment providers, carriers, and delivery providers may receive a recipient name, email address, telephone number, shipping address, order items, package details, shipping instructions, tracking information, and related order or return information. Product and shipment records can reveal that a package concerns an adult-products store, so we limit disclosures to information reasonably needed for fulfillment.
• We use Auto Purchase Orders for product, order, inventory, supplier, location, and purchase-order operations. If a configured purchase order or direct-fulfillment workflow requires customer information, the tool or supplier may receive only the customer information reasonably needed for that workflow.
• Hextom Announce Bar supports storefront announcements and may use page, device, market, location, traffic-source, product, or logged-in customer-tag context when a configured targeting feature requires it. AltText.ai is installed for image-description work and, when used, may process store images and associated product, collection, page, blog, brand, description, file, locale, or translation content to generate and write image descriptions for accessibility and search optimization. These tools may therefore encounter adult-product names, descriptions, imagery, or page context, but are not used by us to decide whether a person may purchase a product.
• Shopify GraphiQL is installed as a store-administration and development interface. When an authorized operator uses it, it can query or change Shopify data only within the scopes granted to it and the query or mutation the operator runs. Because selectable scopes can be broad, we restrict its intended use to authorized administration, troubleshooting, and development and not customer profiling or advertising.
• Vendors supporting hosting, security, fraud prevention, customer support, email, analytics, advertising, reviews, or other business operations may receive information needed to perform their services. A category applies only if we use that type of vendor.
• Professional advisers, auditors, insurers, banks, regulators, courts, law enforcement, or other parties may receive information when reasonably necessary to comply with law, protect rights and safety, or establish or defend claims.
• A buyer, investor, lender, or successor and its advisers may receive information as part of a proposed or completed merger, financing, reorganization, bankruptcy, or sale of all or part of our business, subject to appropriate confidentiality and applicable law.
• We disclose information to another party when you direct us or give valid consent.

We do not disclose personal information merely because a third party requests it. Our configured analytics and marketing pixels disclose online identifiers and ecommerce events to Google, Omnisend, and Shopify. Although we do not describe these disclosures as a sale for money, some privacy laws may treat them as a "sale," "sharing," or use for targeted advertising. Product and event context can reveal visits to or transactions with an adult-products store and may be treated as sensitive data depending on the person, context, and applicable law.

4. COOKIES AND SIMILAR TECHNOLOGIES

The Site and its service providers use cookies, pixels, local storage, and similar technologies to operate checkout, retain cart contents, maintain security, remember preferences, measure Site use, and support marketing. The configured technologies include Shopify pixels, the Omnisend Shopify pixel, and Google Analytics and advertising services. They collect and disclose device, network, usage, product, cart, checkout, payment-step, purchase, and transaction-event information as described above. If we enable a custom pixel in the future, we will update this Policy as appropriate.

Shopify's automated cookie banner is configured for 31 regions and is configured to display on the storefront and in checkout for visitors Shopify identifies as being in a configured region. Where the banner is presented, it provides available cookie choices. Region detection and a saved choice can affect whether and how the banner appears. The default banner language is general and does not itself specifically identify adult-product activity or request explicit consent to process special-category data. This describes the configured control; we have not completed clean-browser, region-by-region testing proving that every analytics or advertising technology and downstream recipient honors the choice before and after consent.

Browser or device settings may block or remove some cookies, although they may not prevent every pixel or server-side disclosure. Blocking necessary technologies may prevent checkout or other features from working. Removing cookies can also remove stored preferences.

Browser "Do Not Track" signals do not have a uniform industry meaning. We have not verified that the current Site configuration detects or propagates Global Privacy Control (GPC) or other opt-out preference signals to every configured pixel or recipient. Where applicable law requires recognition of such a signal, we must honor it. Until the Site's technical behavior is verified, you may also submit an opt-out request using the contact methods in Section 5.

5. YOUR PRIVACY CHOICES

You may:

• choose whether to enroll in email marketing through an option offered at checkout, sign-in, or an email signup form. Shopify's automated recommended-regions setting determines, based on location and Shopify's then-current recommendation, where the checkout or sign-in option is displayed or preselected; we do not maintain a fixed list in this Policy. If an option is preselected, you can clear it before submitting. An email supplied without marketing consent is treated as non-subscribed. You may later unsubscribe using the link in an email or by contacting us. We do not currently offer SMS marketing; if we introduce it, it will require a separate choice and email consent will not be treated as SMS consent;
• change available account information through your account or ask us to correct it;
• use the automated Data Sharing Opt-Out page linked in the Site's "More Pages" menu where Shopify makes it available. It is currently configured for California, Colorado, and 13 other U.S. states selected by Shopify's automated setting; you may also use browser controls or contact us to submit an opt-out request concerning covered sale, sharing, or targeted advertising; and
• request access, confirmation, correction, deletion, or a portable copy of personal information, or opt out of covered sale, targeted advertising, or qualifying profiling, where applicable law grants that right.

If the EU GDPR or UK GDPR applies, you may also have the right to restrict processing; object to processing based on legitimate interests, including profiling based on that ground; object at any time to direct marketing; withdraw consent at any time; and lodge a complaint with the data-protection supervisory authority responsible for your place of habitual residence, place of work, or the alleged infringement. UK residents may complain to the UK Information Commissioner's Office. These rights are subject to applicable conditions and exceptions.

To submit a privacy request, use the Data Sharing Opt-Out page when applicable, email sales@cuffstore.com, or call (855) 797-5077. Describe the right you wish to exercise and provide the email address associated with your account or order. We will verify requests in a manner proportionate to the request and the information involved. We may ask for information needed to verify identity, avoid disclosing another person's information, or locate records. Enabling the automated page does not establish that an opt-out has propagated to every configured pixel, server-side disclosure, downstream recipient, or any custom integration enabled in the future; that end-to-end behavior remains under verification, and you may contact us if you need assistance.

An authorized agent may submit a request where applicable law permits. We may require proof of authorization and may verify identity directly with you. We will not discriminate against you for exercising a privacy right. We may deny or limit a request when an exception applies, and will explain our decision as required by law.

Texas residents whose requests are denied may appeal by replying to the decision email with "Privacy Appeal" in the subject line or by sending that request to sales@cuffstore.com. We will respond within the time required by applicable law and provide information about how to contact the Texas Attorney General if an appeal is denied.

These rights vary by jurisdiction and are subject to exceptions. Even after a deletion request, we may retain information needed to complete a transaction, honor an opt-out, detect fraud, comply with tax or recordkeeping law, resolve disputes, enforce agreements, or exercise or defend legal claims.

For Omnisend-supported records, ordinary profile changes are intended to synchronize through the Shopify integration. Because changing an email address or telephone number can create a separate vendor profile, identifier corrections may require a coordinated update in both Shopify and Omnisend. Supported Shopify customer-data-request and customer-redaction processes are intended to request export or deletion of corresponding Omnisend data. Email unsubscribe status is intended to synchronize between the systems for supported contacts. A privacy opt-out or GPC signal does not itself unsubscribe an email subscriber, correct a profile, or delete order records. We verify the applicable systems and recipients when responding to a request rather than assuming that one control completed every action.

6. SENSITIVE AND ADULT-PRODUCT INFORMATION

An identifiable adult-product purchase, browsing history, wishlist, communication, or review could reveal or permit an inference about sexuality or another private characteristic. Depending on context and applicable law, that information may be sensitive personal data.

We process order details to provide products you request, prevent fraud, provide support, and meet legal obligations. We do not ask you to disclose sexual orientation or medical diagnoses. As described above, configured analytics and marketing technologies can disclose adult-product browsing, cart, checkout, and purchase context to Shopify, Google, and Omnisend. Where applicable law requires consent, an opt-out, or another control for sensitive data or these disclosures, Cuffstore must provide and honor that control. The specific disclosure in this Policy does not turn Shopify's general cookie-banner choice into explicit consent to special-category processing, and this Policy does not itself establish that the Site's current technical controls satisfy those requirements.

7. STATE-SPECIFIC DISCLOSURES

For residents of states whose comprehensive privacy laws apply to Cuffstore, the categories of personal information we process are listed in Section 1; purposes are listed in Section 2; and categories of recipients are listed in Section 3. Depending on applicable law, residents may have the rights listed in Section 5 and a right to appeal.

If California law applies, the categories above may correspond to identifiers; customer records; commercial information; internet or electronic network activity; approximate geolocation; audio, electronic, or visual information you submit; and inferences. Adult-product activity may constitute sensitive personal information depending on context. We collect, use, and disclose these categories for the business and commercial purposes stated in this Policy. California residents may request the rights applicable to these practices, including any right to opt out of sale or sharing or to limit covered use or disclosure of sensitive personal information, through the contact methods in Section 5.

The Site is not intended for anyone under 18. If we learn that a minor's information was collected through these technologies, contact us as described below so we can investigate and take action required by law.

8. RETENTION

We retain personal information only for as long as reasonably necessary for the purpose collected and to meet legal, accounting, tax, fraud-prevention, dispute-resolution, and security needs. Retention depends on the type of information and context. For example, we generally retain order and transaction records for the period needed to fulfill the order and meet tax, accounting, chargeback, warranty, and legal obligations; account information while an account is active and for a reasonable period afterward; customer-service and dispute records while needed to resolve the matter and establish or defend claims; and marketing preferences until you change them, plus the minimum suppression record reasonably needed to honor an unsubscribe. We instruct service providers to process information only for authorized purposes and address retention, return, or deletion through available account controls, contractual rights, and privacy-request procedures. A provider may retain information where it independently has a lawful obligation or permitted purpose. Cookies and provider-controlled records may have shorter or different periods described in the relevant tool or provider notice.

When information is no longer reasonably needed, we delete it, de-identify it, or securely isolate it until deletion is feasible, subject to backup and legal-retention requirements.

9. SECURITY

We use administrative, technical, and physical safeguards designed to protect personal information, including access controls and encrypted transmission where appropriate. Shopify and payment processors operate important portions of the technical environment. No security measure or Internet transmission is completely secure, and we cannot guarantee absolute security. Use a unique password and notify us promptly if you suspect unauthorized account activity.

10. CHILDREN

The Site is for adults at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, contact sales@cuffstore.com. We will investigate and delete the information where appropriate, subject to legal obligations.

11. THIRD-PARTY SITES AND SERVICES

The Site may link to services we do not control. This Policy does not govern an unaffiliated third party's independent practices. Review that party's privacy notice before providing information. Our use of a service provider does not eliminate obligations that applicable law places on us.

12. INTERNATIONAL PROCESSING

Cuffstore is based in the United States. The Site and service providers may process information in the United States and other countries where privacy laws may differ from those where you live. Availability of the Site does not mean we offer products in every country.

Where the EU GDPR or UK GDPR restricts an international transfer, we will assess and use a lawful transfer basis appropriate to the transfer as required. Depending on the recipient and current law, that basis may include an applicable adequacy decision, the European Commission's Standard Contractual Clauses with any required supplementary measures, the UK International Data Transfer Addendum, a UK International Data Transfer Agreement, or another legally permitted safeguard or derogation. Omnisend's Data Processing Agreement states that it incorporates the EU controller-to-processor Standard Contractual Clauses and the UK International Data Transfer Addendum. Other providers may process information internationally subject to the transfer requirements that apply to the particular provider, destination, and processing. We do not imply that the same mechanism applies to every provider. You may contact us to ask for information about safeguards applicable to your personal information, subject to lawful confidentiality limits.

13. CHANGES TO THIS POLICY

We may update this Policy by posting a revised version and changing the updated date. Changes apply prospectively from the stated effective date. We will provide additional notice or obtain consent when required by law, including before a materially different use of information where consent is required.

14. CONTACT US

For privacy questions, requests, or complaints, contact:

Clawfoot Productions LLC dba Cuffstore
100 E Davilla St
Granger, TX 76530
United States

Email: sales@cuffstore.com
Phone: (855) 797-5077

Our Terms of Service are available at https://www.cuffstore.com/policies/terms-of-service.