FabZilla assumes the following responsibilities:
- Protecting all data generated by and provided to us by our users from being stolen, compromised, or used in violation with this policy.
- Never selling user-provided and user-generated data for financial gain or competitive advantage.
- Providing transparency for our users into what data we collect and what we do with it including what access third parties have to user data and for what purpose.
- Informing users if their data is compromised, either by failure to protect data or by order to surrender data to a legal authority, to the fullest extent we are lawfully able.
What We Know About You
If you register an account with FabZilla, we’ll have access to your e-mail address and any additional contact information you choose to provide us. If you place an order, we retain a record of the contents of the order, delivery and billing address information, and any communication you might have with our Customer Service or Tech Support teams about the order. If you use features such as commenting, in-stock notifications, and comment reply notifications, we retain record of this fact.
If you browse Fabzilla.com, with or without a login, we know for a limited time that a user at your IP address has visited pages on the site. (See the “Logging and Log Retention” section below.)
We collect data on what products and content you browse in order to offer better value to you through personalized email, and to see which products/content are the most useful to you.
When and How We Send Email
We send mail to users when orders are placed, shipped, or ready for local pickup. We may also be in contact when an order requires payment before shipping, or if other issues prevent us from fulfilling an order.
We will notify users if we believe their privacy has been compromised, if it is within our power to do so. For example, if we discover a customer’s account user login information has been exposed elsewhere on the web, or if we are compelled to disclose information to law enforcement.
We may occasionally send you an email that you did not request or trigger with an action of any kind in order to promote a certain aspect of our site, products, or services.
Logging and Log Retention
In order to understand traffic to our sites and diagnose technical problems, we log individual web requests. These logs include time of request, individual IP address, referrer, and user agent strings. We may retain these logs for up to 60 days, although individually-identifying information will be obscured after one week.
In order to prevent fraud and detect malicious behavior, we log IP addresses for specific actions, such as creating a customer account and placing an order. This information is automatically deleted after no more than 60 days.
Except in the case of malicious traffic, we will not share log data with any third party, unless compelled by legal process to do so.
Cookies and HTTPS
Our analytics software, Piwik, is hosted on our technology partner’s servers, but is anonymized and no personally identifying information is sent.
We do our best to serve all content securely over HTTPS.
Third Party Services
Do Not Track
Do Not Track is a standard for telling sites that you don’t want to be tracked. It’s aimed at sites you don’t visit directly, like advertisers and social media platforms.
Fabzilla supports the Do Not Track standard. While third party plugins with access to visitor browsing data are extremely limited on Fabzilla.com all are disabled for visitors passing a Do Not Track HTTP header. This includes third party tools for analytics, live chat, and web optimization (described below).
We use GMail, and mail sent to or from Fabzilla.com addresses generally passes through Google’s servers.
Shipping Providers and Export Control
We offer shipping through third parties: FedEx, UPS, and the United States Postal Service. We pass delivery addresses, phone numbers, and invoices to these companies to the extent required for quoting shipping prices and successful delivery of orders.
We comply with United States export regulations and authorities.
Credit Card payments are processed through Braintree. All credit card data including the cardholder name, credit card number, expiration date, CVV, and full billing address are sent to Braintree via an API for processing. Details regarding what products a customer is purchasing and other demographic information are not sent to Braintree.
Each transaction is logged by retaining the transaction amount, the cardholder name, the last four digits of the credit card, and the card expiration date. No other credit card data is stored at any point on FabZilla servers. This is in full compliance with the PCI-DSS,.
We maintain accounts on various social media platforms, including Facebook,
and Instagram. While some of these platforms are themselves invasive of user privacy, we will do our best to apply the principles outlined in the rest of this policy to our use of social media.
We do not make use of third-party social media badges or widgets which function as trackers.