Privacy policy

2 BONE APPAREL

Effective Date: February 4, 2026

Last Updated: February 4, 2026

1. OUR COMMITMENT TO YOUR INNER TRUTH

At 2 Bone Apparel, we believe that true style flows from the deepest parts of who you are—the passion that resonates down to your bones, the unspoken feeling that defines your journey. Just as we honor the authenticity you wear on your sleeve, we honor the trust you place in us with your personal information. This Privacy Policy explains how we collect, use, protect, and respect your data when you visit our website at [INSERT WEBSITE URL] (the "Site"), purchase our streetwear, engage with our social channels, or join our community.

Your privacy isn't just a legal obligation—it's a reflection of our core philosophy: empowerment through authentic self-expression. We handle your information with the same care we pour into every stitch of our apparel. By using our Site or services, you consent to the practices described below. If you disagree with any part of this Policy, please discontinue use immediately.

Note: We do not sell your personal information. Ever.

2. INFORMATION WE COLLECT

We collect information to serve you better, personalize your experience, and honor the connection you seek with our brand.

A. Personal Information You Provide

  • Account Registration: Name, email address, password, phone number, birthday.
  • Purchases: Billing/shipping address, payment details (processed securely via third parties—we never store full credit card numbers), order history.
  • Community Engagement: User-generated content (photos, reviews, social tags), contest entries, survey responses, customer service inquiries.
  • Newsletter/Marketing: Email address and preferences when you opt in to receive updates about drops, events, or brand stories.

B. Automatically Collected Data

When you visit our Site, our trusted partners and we may collect:

  • Device Information: IP address, browser type, operating system, mobile device ID.
  • Usage Data: Pages visited, time spent, click patterns, referral sources, search terms.
  • Location Data: Approximate location derived from IP address (not precise GPS unless explicitly permitted for store locator features).
  • Cookies & Tracking Technologies:
    • Essential Cookies: Enable cart functionality, login sessions, and security.
    • Analytics Cookies: Help us understand traffic patterns (via Google Analytics) to improve Site performance.
    • Marketing Cookies: Allow personalized ads on platforms like Instagram or Facebook (with your consent).
    • Social Media Cookies: Enable sharing and embedding of content from our social channels.
      You may manage cookie preferences via your browser settings or our Cookie Consent Banner. Disabling essential cookies may impair Site functionality.

C. Information from Third Parties

  • Social media platforms (e.g., when you log in via Instagram or share content tagging @2BoneApparel).
  • Payment processors (Stripe, PayPal) for transaction verification.
  • Analytics providers to measure campaign effectiveness.

3. HOW WE USE YOUR INFORMATION

Every data point serves a purpose aligned with our mission: to help you feel seen without saying a word. We use your information to:

  • Fulfill Orders: Process payments, arrange shipping, send order confirmations, and tracking updates.
  • Enhance Experience: Personalize product recommendations based on browsing history (e.g., suggesting hoodies if you frequently view streetwear collections).
  • Build Community: Feature user-generated content (with explicit permission) to showcase how our apparel empowers real people—celebrating the "feeling of oneself" in action.
  • Communicate: Send transactional emails (order status, returns) and, only with consent, marketing emails about new drops, events in Fullerton, or stories from founder Hector Torres about design inspiration.
  • Improve Our Brand: Analyze trends to refine sizing, fabrics, and designs that resonate with our community—especially our core audience of Latino creators and dreamers across generations.
  • Ensure Security: Detect fraud, prevent unauthorized access, and comply with legal obligations.
  • Legal Compliance: Respond to subpoenas, court orders, or government requests where required by law.

We will never sell your personal information to data brokers or third parties for monetary gain.

4. HOW WE SHARE YOUR INFORMATION

Transparency is non-negotiable. We share data only when necessary to deliver our promise to you:

  • Service Providers: Trusted partners who help us operate:
    • Payment Processors (Stripe, PayPal): Receive payment details solely to complete transactions.
    • Shipping Carriers (USPS, FedEx): Receive name/address to deliver orders.
    • Email Platforms (Mailchimp, Klaviyo): Send newsletters only to subscribers who opted in.
    • Analytics Tools (Google Analytics): Aggregate, anonymized data about Site traffic.
      All partners are contractually obligated to protect your data and use it only as directed.
  • Legal Requirements: If required by law, regulation, or valid legal process (e.g., subpoena), we may disclose information to protect our rights, users, or public safety.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, user information may be transferred as a business asset. You will be notified via email or Site notice before your data becomes subject to a different privacy policy.
  • With Your Consent: When you explicitly permit—e.g., sharing your photo on our Instagram after tagging #2BoneApparel.

We do not share personal information for third-party marketing without opt-in consent.

5. YOUR CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

As a California resident—and especially as a brand rooted in Fullerton—you have enhanced rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request the categories and specific pieces of personal information we've collected about you in the past 12 months.
  • Right to Delete: Ask us to erase personal information we hold (subject to legal exceptions like fraud prevention or order fulfillment).
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of "Sales": While we do not sell data in the traditional sense, CCPA defines "sale" broadly to include sharing data for targeted advertising. You may opt out via the "Do Not Sell or Share My Personal Information" link in our Site footer.
  • Right to Limit Use of Sensitive Data: Restrict our use of precise geolocation, racial/ethnic origin (inferred from community engagement), or other sensitive categories.
  • Right to Non-Discrimination: Exercising these rights will never result in denied service, price differences, or degraded experience.

How to Exercise Your Rights:
Email [INSERT PRIVACY EMAIL] with:

  • Your name and email address are associated with your account
  • Description of your request (e.g., "I request deletion of my data")
  • Proof of California residency (e.g., utility bill snippet with address redacted except city/state)
    We will respond within 45 days (may extend 45 more days with notice). For verification, we may request additional details to protect your account security. Authorized agents must provide written permission and proof of identity.

6. CHILDREN'S PRIVACY (COPPA COMPLIANCE)

Our streetwear speaks to passion at any age—but our Site is not intended for children under 13. We do not knowingly collect personal information from children. If we become aware of such a collection, we will promptly delete the data. Parents/guardians may contact us at [INSERT PRIVACY EMAIL] to review or delete a child's information.

For users aged 13–17: We encourage parental guidance when sharing content or making purchases. All accounts for minors require parental consent during registration.

7. DATA SECURITY & RETENTION

We implement industry-standard safeguards to protect your data:

  • Encryption: SSL/TLS for all data transmitted between your browser and our Site.
  • Access Controls: Limited employee access based on role; strict authentication protocols.
  • Payment Security: PCI-DSS compliant processors; we never store full credit card numbers or CVV codes.
  • Regular Audits: Vulnerability testing and security updates.

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your password and device security.

Data Retention:
We retain personal information only as long as necessary:

  • Active Accounts: Until you request deletion or after 24 months of inactivity.
  • Order Records: 7 years for tax, warranty, and legal compliance.
  • Marketing Preferences: Until you unsubscribe or request deletion.
    Upon deletion requests, we anonymize or permanently erase data per CCPA guidelines, barring legal holds.

8. INTERNATIONAL DATA TRANSFERS

Our Site is hosted in the United States. If you access us from outside the U.S., your information will be transferred to and processed in the U.S. under this Policy. By using our Site, you consent to this transfer. We implement safeguards (e.g., Standard Contractual Clauses) for EU/UK users where required by GDPR.