Privacy Policy

Introduction

Rush Legacy X ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website RushLegacyX.com and make purchases from our store.

By using our website, you consent to the data practices described in this policy. If you do not agree with this policy, please do not access or use our website.

Information We Collect

Personal Information

We collect personal information that you voluntarily provide when:

• Creating an account (name, email address, password)
• Making a purchase (billing address, shipping address, phone number)
• Subscribing to our newsletter (email address)
• Contacting customer support (name, email, message content)
• Leaving product reviews (name, email, review content)

Payment Information

We do not store your credit card information. All payment processing is handled securely by Stripe, our PCI-compliant payment processor. We only store:

• Payment transaction IDs
• Payment status (paid, refunded, failed)
• Last 4 digits of card (for order reference only)

Automatically Collected Information

When you visit our website, we automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on pages
• Referring website and exit pages
• Date and time of visits

How We Use Your Information

We use the information we collect to:

• Process Orders: Fulfill your purchases, send order confirmations, and deliver digital products
• Customer Support: Respond to inquiries, resolve issues, and provide assistance
• Account Management: Create and manage your customer account
• Marketing Communications: Send promotional emails (only if you opt-in)
• Fraud Prevention: Detect and prevent fraudulent transactions and unauthorized access
• Website Improvement: Analyze usage patterns to improve our products and services
• Legal Compliance: Comply with legal obligations and enforce our terms

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

Service Providers

• Stripe: Payment processing (PCI-compliant)
• Supabase: Database and file storage hosting
• Email Service: Transactional and marketing emails
• Shipping Carriers: Physical product delivery (UPS, USPS, FedEx)

Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted via HTTPS/TLS encryption
• Secure Storage: Data encrypted at rest using AES-256
• Access Controls: Restricted access to personal data (admin-only)
• Password Protection: Passwords hashed using bcrypt
• Regular Backups: Daily automated backups with 7-day retention
• Fraud Detection: Stripe Radar for payment fraud prevention

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Privacy Rights (GDPR Compliance)

If you are a resident of the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Opt-out of marketing communications
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@rushlegacyx.com

Cookies and Tracking

We use cookies and similar tracking technologies to:

• Remember your login session
• Keep items in your shopping cart
• Analyze website traffic and usage patterns
• Personalize your experience

You can control cookies through your browser settings. Disabling cookies may limit website functionality.

Data Retention

We retain your personal information for as long as necessary to:

• Order Records: 7 years (tax compliance)
• Customer Accounts: Until account deletion requested
• Marketing Emails: Until you unsubscribe
• Activity Logs: 90 days (security monitoring)

Children's Privacy

Our website is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us: