PRIVACY POLICY
Last updated: March 9, 2026
Introduction
EthiCAL Apparel is a student-run organization at UC Berkeley dedicated to sustainable and ethical fashion. This Privacy Policy explains how we collect, use, and protect your personal information when you use our website and services.
Information We Collect
Account Information
When you create an account, we collect your email address and display name through Supabase Auth. We support email/password and passwordless (magic link) authentication.
Purchase Information
When you place an order, we collect your shipping address, billing address, and order details. Payment card details are handled entirely by Stripe and are never stored on our servers.
Custom Orders
When you submit a custom order request, we collect your name, email, phone number, organization name, shipping address, and any files you upload describing your design requirements.
Newsletter
If you subscribe to our newsletter, we collect your email address. You can unsubscribe at any time.
Anonymous Session ID
We generate an anonymous session identifier stored in your browser's localStorage for cart tracking purposes. This ID expires after 30 days and is not linked to your identity unless you log in.
Analytics & Session Recording
PostHog
We use PostHog for analytics and session recording. This includes:
- Page views and navigation events
- E-commerce events (product views, cart actions, checkout steps)
- Session replay — all form inputs are masked in recordings
- Person profiles are only created for logged-in users
You can learn more about PostHog's privacy practices at posthog.com/privacy.
Sentry
We use Sentry for error monitoring in production. When an error occurs, Sentry may collect your IP address, browser user agent, and error context to help us diagnose and fix issues. Learn more at sentry.io/privacy.
Third-Party Services
We use the following third-party services that may process your data:
- Stripe — Payment processing. Privacy Policy
- Supabase — Authentication and database. Privacy Policy
- PostHog — Analytics and session recording. Privacy Policy
- Sentry — Error monitoring. Privacy Policy
- Google Fonts — Font delivery. Privacy Policy
- Upstash Redis — Rate limiting. IP addresses are stored temporarily for a short period. Privacy Policy
How We Use Your Information
- Order fulfillment — Processing and delivering your orders
- Account management — Maintaining your account and order history
- Fraud prevention — Rate limiting and input validation to protect against abuse
- Analytics — Understanding how visitors use our site to improve the experience
- Email communications — Newsletter updates (opt-in only)
Data Retention
- Account data — Retained until you request deletion
- Order data — Retained for record-keeping and potential returns/exchanges
- Session IDs — 30 days (localStorage)
- Rate limiting IPs — A short period, then automatically deleted
- Analytics data — Subject to PostHog's retention policies
Your Rights (CCPA)
As a California-based organization, we respect the rights granted under the California Consumer Privacy Act (CCPA). You have the right to:
- Right to Know — Request what personal information we have collected about you
- Right to Delete — Request deletion of your personal information
- Right to Opt-Out of Sale — We do not sell your personal information to third parties
- Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights
Security
We implement industry-standard technical and organizational measures to protect your personal information, including encryption of data in transit, secure authentication, access controls, input validation, and abuse prevention mechanisms.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at ethicalapparel@gmail.com.