Privacy policy

Last Updated: January 31, 2026

The Penguin Method operates this store and website, including all related information, content, features, tools, products, and services, to provide you with a curated shopping experience (the "Services"). The Penguin Method is powered by Shopify, which enables us to provide the Services. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described herein.

Personal Information We Collect or Process

When we use the term "personal information," we refer to information that identifies or can reasonably be linked to you or another person. Personal information does not include anonymized or de-identified data that cannot be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this information, depending on your interactions with the Services, your location, and as permitted by applicable law:

Contact details: such as your name, address, billing address, shipping address, phone number, and email address.
Financial information: such as credit card, debit card, or financial account numbers, payment card details, transaction history, form of payment, and payment confirmations.
Account information: such as your username, password, security questions, preferences, and settings.
Transaction information includes items viewed, added to your cart or wishlist, purchased, returned, exchanged, or canceled, as well as past transactions.
Communications with us: such as details in customer support inquiries or other messages.
Device information: such as your device type, browser, network connection, IP address, and unique identifiers.
Usage information: such as interactions with the Services, including navigation and timing.

We do not intentionally collect sensitive personal information (e.g., health data, racial or ethnic origin, or precise geolocation) as defined under laws like the CCPA or GDPR. If such data is inferred (e.g., from wellness product purchases), it will be treated with heightened protections and not used for marketing without explicit consent.

Personal Information Sources

We may collect personal information from:

Directly from you: when you create an account, use the Services, communicate with us, or provide information.
Automatically through the Services: from your device via cookies and similar technologies (see "Cookies and Tracking Technologies" below).
From service providers, who enable technology or process data on our behalf.
From partners or third parties, such as analytics or advertising providers.

Cookies and Tracking Technologies

We use cookies, pixels, web beacons, and similar technologies to collect device and usage information. These may include:

Essential cookies: for site functionality, such as remembering your cart.
Analytics cookies: to understand usage patterns (e.g., via Google Analytics).
Marketing cookies: for personalized ads based on your activity.

You can manage your preferences via our cookie consent banner (displayed on your first visit) or in your browser settings. For opt-outs, visit our "Do Not Sell or Share My Personal Information" link below. Under GDPR, we rely on consent for non-essential cookies.

How We Use Your Personal Information

We process personal information for the following purposes, based on lawful bases where required (e.g., under GDPR: contract performance for orders, legitimate interests for security, consent for marketing):

Provide, Tailor, and Improve the Services: to fulfill contracts (e.g., process payments, ship orders, manage accounts), customize experiences, and recommend products.
Marketing and Advertising: to send promotional communications or show targeted ads, based on consent or legitimate interests (with opt-out options).
Security and Fraud Prevention: to detect fraud or secure accounts, based on legitimate interests.
Communicating with You: to provide support and maintain relationships, based on contract or legitimate interests.
Legal Reasons: to comply with laws, respond to legal processes, or enforce terms, based on legal obligations.

How We Disclose Personal Information

We may disclose personal information to third parties for legitimate purposes, subject to this Policy:

With Shopify and vendors for services such as payment processing, analytics, fulfillment, and shipping.
With business and marketing partners: for advertising, in line with their privacy policies; this may constitute "sharing" under CCPA—opt out via the link below.
When you consent: e.g., for shipping or social media integrations.
With affiliates: within our corporate group.
In business transactions or legal compliance: e.g., mergers, subpoenas, or rights enforcement.

Relationship with Shopify

The Services are hosted by Shopify, which processes data to provide and improve them. Data may be shared with Shopify and its third parties, potentially in other countries. Shopify handles certain processing independently; see Shopify's Consumer Privacy Policy at https://privacy.shopify.com/en and exercise rights at Shopify Privacy Portal.

Third-Party Websites and Links

Links to third-party sites are provided for convenience; we are not responsible for their privacy practices. Review their policies separately.

Children's Data

The Services are not for children under 13 years old, and we do not knowingly collect their personal information. If a parent or guardian believes we have such data, contact us for deletion. We do not "sell" or "share" (as defined by law) data of individuals under 16.

Security and Retention of Your Information

We use reasonable security measures, including SSL encryption, access controls, regular audits, and firewalls, to protect data. However, no system is impenetrable. Do not send sensitive information via unsecured channels.

We retain data only as needed: e.g., account info while active; financial data for 7 years (per IRS requirements); usage data for 2 years for analytics. Data is deleted or anonymized thereafter, unless required for legal reasons.

In case of a breach, we will notify affected users as required by law (e.g., within 72 hours under GDPR).

Your Rights and Choices

Depending on your location, you may have rights such as:

Access/Know: Request details on your data.
Delete: request erasure.
Correct: request inaccuracy fixes.
Portability: receive or transfer data.

Under CCPA, opt out of sales/sharing or targeted advertising via our "Do Not Sell or Share My Personal Information" link [insert-link]. We support Global Privacy Control signals automatically.

To exercise rights, contact us below. We verify requests (e.g., via email confirmation or ID) and respond within 45 days (extendable under CCPA) or 1 month (under GDPR)—no discrimination for exercising rights. Authorized agents must provide proof of authorization.

Opt out of promotional emails via unsubscribe links; non-promotional messages continue.

Complaints

International Transfers

We may transfer data outside your country. For EEA/UK transfers, we use Standard Contractual Clauses or adequacy decisions.

Changes to This Privacy Policy

We may update for operational, legal, or regulatory reasons. Material changes (e.g., new data uses) will be notified via email (if provided) and posted here with the updated date.

Contact

For questions or rights exercises, email happy@Penguin-method.com or mail 163 N. 4th St, Laramie, WY, 82072, United States.

Country/Region

Language

Country/Region

Language

Privacy policy