Privacy Policy.
Effective July 14, 2026. This page describes what personal information Get Aplomb (“Aplomb,” “we,” or “us”) collects when you visit getaplomb.com or buy from us, why we collect it, who else sees it, and how to ask us to change or delete it.
What we collect
From you, when you order: name, shipping and billing address, email, phone, and the items in your cart. Payment-card details are submitted to Stripe directly from your browser; we never see, store, or transmit them. Stripe is a PCI-DSS Level 1 certified processor and the card data lives only on their systems.
From you, when you write or sign up: the contents of any contact-form message, account-related preferences, and the email address or optional cell phone number you give for marketing or offer follow-up if you opt in.
Automatically, when you browse: IP address, browser and device type, pages viewed, time on page, referring URL, and similar technical data, collected via standard server logs and (where you allow it) cookies and analytics scripts. If a landing URL contains a valid campaign source and campaign name, we keep that pair in first-party sessionStorage for the current tab and copy it to the order record if you check out. We use these details to keep the site working, understand which pages help our customers, and compare campaign spend with paid orders.
Why we collect it
Limited to: filling and shipping your order; servicing returns, refunds, and customer questions; preventing fraud; complying with tax and accounting law; running and improving the site; and, only with your consent, sending product news and offers.
Who else sees it
We share the minimum necessary information with the vendors who help us run the business. As of the effective date these are: Stripe (payments and subscriptions), Supabase (order database), Cloudflare (hosting and security), Resend (transactional email), Google Analytics (consent-gated purchase measurement), and the carrier you choose (USPS, UPS, or FedEx). Each one is contractually bound to use your data only to do the job we hired them for. We do not sell your personal information for money. With your consent (you clicked “Accept all” on the cookie banner and have no Global Privacy Control or Do Not Track signal), we share a one-way hashed email and the products in a completed order with Meta for advertising measurement, from your browser and from our server, which California law treats as a “share” for cross-context behavioral advertising. You can opt out at any time; see Do Not Sell or Share My Personal Information in our Cookie Policy.
Google Analytics purchase measurement: only when you chose “Accept all” under the current notice and Stripe later confirms that checkout as paid, our server sends Google an order-scoped synthetic client identifier, an order-scoped transaction identifier, the amount charged, USD currency, the event time, and one generic “APLOMB order” marker required by Google’s purchase-event format. We do not send automatic subscription-renewal charges. We do not send Google your name, email, phone, address, payment-card data, product or SKU, symptom or quiz response, page or landing-page history, browser or device identifier, Google click ID, advertising session, or user ID. We explicitly deny use for ad-user-data and ads-personalization purposes. Get Aplomb does not install a Google Analytics tag or Google cookie in your browser. Our Google Analytics property uses the shortest user- and event-level retention setting, two months. Google describes how it protects Analytics data in its data-safeguarding notice.
First-party campaign attribution: the campaign source and campaign name described above remain in the current browser tab until it closes and, when you order, in our Supabase order database. We do not add them to Stripe metadata or the server-side Google Analytics purchase payload; Google receives no campaign UTM through this attribution path. We use paid order rows, rather than Google Analytics purchase counts, to calculate campaign performance.
How long we keep it
Order records: at least seven years (US tax and consumer-protection law typically require this). Account information: until you ask us to delete it, or three years after your last interaction, whichever is sooner. Marketing list membership, including email or optional phone opt-ins, until you unsubscribe or ask us to remove it. Google Analytics user- and event-level purchase-measurement data: two months.
Your rights
You may ask us, at any time, to confirm what we hold about you, to correct it, to export it, to delete it, or to stop processing it for marketing. Email [email protected] with the request and we will respond within thirty days. Residents of California, Colorado, Connecticut, Virginia, and Utah have additional statutory rights under their respective consumer-privacy laws; we honor those rights nationwide and you do not need to be a resident of one of those states to invoke them with us.
Children
The site and the products are intended for adults. We do not knowingly collect information from anyone under thirteen. If we learn that we have, we will delete it.
Cookies and analytics
We use cookies and similar technologies for the cart, session security, and (where applicable) analytics that help us see which pages help and which do not. You can refuse cookies in your browser settings; the cart and checkout will continue to work, but some preferences will not be remembered. For the full list of cookies and tracking technologies (including the Meta Pixel, the Meta Conversions API, Microsoft Clarity, and the consent-gated server-side Google Analytics purchase event) and available choice and opt-out controls, see our Cookie Policy. We honor Global Privacy Control (GPC) signals site-wide.
Security
We use TLS for every page on the site, salted-and-hashed credentials for any account passwords, role-restricted access for our team, and a limited-blast-radius architecture (no internal system has the keys to every other system). No method is perfectly secure; we promise to investigate and disclose any breach as the law requires.
Changes
If we change this policy, we will post the updated version here and bump the effective date. If a material change expands optional processing, we require a fresh choice before using it for you. We may also communicate significant changes by email.
Contact
Questions, requests, or concerns: [email protected].