Privacy Policy


Last Updated: 05/15/2023

This Privacy Policy describes the privacy practices of Thuma Inc. (“we” or “us”) and applies to our website visitors, customers, and other individuals who interact with us via our website at https://www.thuma.co, or any other website that we own or control and which posts to this Privacy Policy. In this Privacy Policy, “personal information” means any information that can identify you directly or indirectly. This Privacy Policy describes how we may collect, use and disclose your personal information, as well as the rights you have regarding your personal information.

Personal Information We Collect

Information you provide to us:

  • Contact information, such as your first and last name, email and mailing addresses, and phone number. 

  • Payment and transaction information needed to complete your transactions with us, including name, payment card information, billing information.

  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.

  • Commercial Information, such as information about the history of the products you browse and/or purchase from our website.

  • Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.

Information we obtain from third parties:

  • Social media information. We may maintain pages on social media platforms, such as Facebook, LinkedIn, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy. 

  • Other Sources. We may obtain your personal information from other third parties, such as marketing partners, data providers, and publicly-available sources, as permitted by applicable laws.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our services, our communications and other online services, such as:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.

  • Online activity data, such as the pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

  • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising. For example, our website may use first-party and third-party cookies which are implemented using third party tools, such as TikTok Pixel, Meta Pixel, Google and others. Our website may also use cookies to keep track of items that visitors add to shopping carts and this information may be used to send reminder messages via SMS. For more information, please review our Cookie Notice.

  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.

  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How We Use Your Personal Information

To operate our services:

  • Provide, operate, maintain, secure and improve our services.

  • Fulfill payments and transactions.

  • Provide information about our services.

  • Communicate with you about our services, including by sending you announcements, updates, security alerts, and support and administrative messages.

  • Understand your needs and interests, and personalize your experience with our services and our communications.

  • Respond to your requests, questions and feedback.

For marketing and advertising. We may collect and use your personal information for marketing and advertising purposes, including:

  • Direct marketing. We may from time-to-time send you direct marketing emails and mail as permitted by law, including, but not limited to, notifying you of special promotions, offers and events. You may always opt out of these communications as described in the “Your Choices” section.

To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

For research and development. We may create and use de-identified information for our business purposes, including to analyze the effectiveness of our services, to improve and add features to our services, and to analyze the general behavior and characteristics of users of our services. We may use this anonymous, aggregated, or de-identified data and share it with third parties for our lawful business purposes.


How We Share Your Personal Information

Service providers. We may share your personal information among our affiliates or with third-party companies that provide services on our behalf or help us operate our services (such as customer support, hosting, analytics, email delivery, marketing, billing). We contractually require that our service providers only use your personal information for the purposes of providing their services to us and that they protect your personal information to a comparable degree as it is when in our possession.


Shopify. Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).


Professional advisors. 
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.


For compliance, fraud prevention and safety. 
We may share your personal information for the compliance, fraud prevention and safety purposes described above. 


Business transfers.
 We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will require the recipient to use and share your personal information for the purposes described in this Privacy Policy.

Your Choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions within the marketing communication we send you.  

Cookies. Most browser settings let you delete and reject cookies placed by websites. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, you may not be able to use all functionality of the website and it may not work properly. To manage your cookies with Thuma, you can do so by clicking here. For more information about the cookies we are using on our website, please review our Cookie Notice. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org

Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our website, which we have summarized below:

  • Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

Use the following links to learn more about how to control cookies and online tracking through your browser:

  • FirefoxChromeMicrosoft EdgeSafari

  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

  • Google Analytics. We use Google Analytics to help us better understand how people engage with our services by collecting information and creating reports about how users use our services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout. 

  • Using privacy plug-ins or browsers. You can block our services from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy BadgerDuckDuckGoGhostery or uBlock Origin, and configuring them to block third party cookies/trackers.

  • Platform opt-outs. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:

  • Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.


Privacy rights
. You have the right to submit requests about your personal information, depending on your location and the nature of your interactions with our services:

  • Information about how we have collected and used your personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.

  • Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.

  • Correction of personal information that is inaccurate or out of date.

  • Deletion of personal information that we no longer need to provide our services or for other lawful purposes.

  • Withdrawing your consent to the collection, use and disclosure of your personal information, subject to legal or contractual restrictions (if you are located in Canada).

  • Additional rights, where applicable, such as to object to and request that we restrict our use of your personal information, and opt out from sale or certain sharing of your personal information.

To make a request, please email us as provided in the “Contact Us” section below or visit our opt out form. We may ask for specific information from you to help us confirm your identity. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

‘Shine the Light’ requests. Under California’s ‘Shine the Light’ law, Thuma’s customers who are California residents can request and obtain from us once a year and free of charge a list of all third parties to which Thuma has disclosed certain personal information covered by the law during the preceding calendar year for the third parties’ direct marketing purposes. If you are a California resident and want such a list, please contact us at hello@thuma.co. For all such requests, you must put the statement “Your California Privacy Rights” in the message field of your request, as well as your name, street address, city, state, and zip code. Please note that we will not accept these requests by telephone, mail or fax, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information. We reserve the right to confirm your California residency before processing these requests.

Job Applicants

When you apply for one of our open positions, we collect the information that you provide in connection with your job application. This includes name, contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or provided during interviews (which may be recorded). This may also include demographic or diversity information that you voluntarily provide. We may also conduct background checks and receive related information.

We use applicants’ information to facilitate our recruitment activities and process employment applications, including evaluating candidates and monitoring recruitment statistics. We also use successful applicants’ information to administer the employment relationship. We may also use and disclose applicants’ information to improve our website and for the compliance and protection purposes described above.

Other sites, mobile applications and services

Our services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third-party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.


Retention

We retain your personal information for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes, after which we destroy or de-identify your information. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Security and Privacy Practices

We use organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. We also have adopted privacy policies and practices regarding the protection of personal information, which provide a framework for the retention and destruction of personal information, define the roles and responsibilities of Thuma personnel throughout the life cycle of the information, and provide a process for dealing with complaints regarding the protection of the information.

Where We Store Your Personal Information

Thuma is based in the United States and personal information we collect will be processed and stored in the United States and in other jurisdictions where our service providers may store personal information. As such, your personal information may be accessible to law enforcement and national security authorities of these jurisdictions pursuant to applicable laws.

Children

Our services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

Accessibility

Thuma is committed to making our website accessible for all customers, including those with disabilities.


Consistent with this goal, we have taken a number of steps to enhance our website and increase its usability by those who access the web using assistive technology. We will continue to monitor our website and enhance our capabilities as technology develops to ensure that our site remains fully accessible to individuals with disabilities moving forward.



If you experience difficulty accessing our website content, reach out to our Customer Service associates to provide feedback. You can reach us by email at help@thuma.co. If you email us regarding accessibility concerns, please put “Accessibility Concerns” in the subject line of the email to ensure a rapid response. We will reply to your email as soon as possible to discuss your concern and what Thuma can do to accommodate your needs. If you wish to speak directly to a customer service representative regarding your accessibility concern, please include in your email a telephone number at which you can be reached, and a representative will call you as soon as possible.

Changes

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy or, as required by law, by notifying you by email specified in your account.

Contact us

Please direct any questions or comments about this Privacy Policy or privacy practices to hello@thuma.co.