Privacy policy
Welcome to Brwn In A Box LLC (“Brwn In A Box,” “Website,” “Platform,” “we,” “us,” or “our”), a subscription-based e-commerce Website dedicated to curating and delivering monthly haircare boxes featuring handcrafted, organic products for textured hair. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you (“User,” “you,” “your,” “Subscriber,” or “Customer”) use or access our Website at https://www.brwninabox.com/.
At Brwn In A Box, we are committed to ensuring the privacy and protection of your personal information. This Privacy Policy, which may be updated from time to time, governs your use of our Website and reflects our dedication to complying with applicable privacy laws, safeguarding your personal information, and providing transparency in how we handle your data.
By accessing or using our Website, you confirm your acceptance of this Privacy Policy and consent to the data practices described herein.
1. EFFECTIVE DATE
1.1. This Privacy Policy is enacted and takes effect from August 1st, 2025. From this date onward, the principles and practices outlined within this policy will dictate the manner in which we manage, protect, and utilize your personal information.
2. AGE RESTRICTION POLICY
2.1. We are committed to protecting the privacy of children and complying with applicable data protection laws, including the Children’s Online Privacy Protection Act (COPPA) in the United States and similar international regulations.
2.2. The Website is intended for use only by individuals who are eighteen (18) years of age or older, or by minors who are represented by and under the supervision of a parent or legal guardian. We do not knowingly collect, use, or disclose personal information from individuals under the age of 18 without verified parental or guardian consent.
2.3. In our registration process and at various points of interaction with our Website, we take proactive steps to verify the age of our Users, ensuring compliance with our age policy. This may include requiring date of birth verification during account creation or requesting parental consent documentation.
2.4. If we become aware that personal information has been collected from a minor without the requisite consent, we will take steps to delete that information and terminate the associated account. Parents or legal guardians who believe that their child may have provided personal data to us without their consent should contact us immediately at support@brwninabox.com so that we can take appropriate action.
3. DATA COLLECTION
3.1. We only collect the information necessary to provide and improve our services while ensuring compliance with privacy regulations:
3.1.1. Information You Provide Directly: We collect information that you voluntarily provide to us when you:
3.1.1.1. Create or update your User account;
3.1.1.2. Subscribe to our monthly haircare boxes or make single-purchase orders;
3.1.1.3. Communicate with our support team via email, phone, or Website features;
3.1.1.4. Submit forms, respond to surveys, or request customer support;
3.1.1.5. Provide feedback, reviews, or participate in public forums.
3.1.2. This may include the following Personal Identifiable Information (PII):
3.1.2.1. Full name and contact details (e.g., email address, phone number, mailing address);
3.1.2.2. Account credentials (username, password);
3.1.2.3. Date of birth and age verification documentation (where required for compliance);
3.1.2.4. Demographic data (such as country of residence, preferred language);
3.1.2.5. Product preferences, subscription details, and order history;
3.1.2.6. Payment information, including billing details and payment card data, for processing transactions;
3.1.2.7. Any content voluntarily submitted in communications, reviews, or feedback.
3.1.3. Information from Third Parties:We may obtain information about you from third-party sources, such as payment processors, shipping partners, or analytics providers, to facilitate transactions, deliver products, or improve our Website.
3.1.4. Automatically Collected Information:When you use our Website, we may automatically collect certain information to enhance your experience and improve our services. This includes but is not limited to:
3.1.4.1. IP address and approximate location;
3.1.4.2. Device type, browser, and operating system;
3.1.4.3. Access times and referring URLs;
3.1.4.4. Usage data such as pages viewed, features used, session duration, and navigation patterns.
4. COOKIES AND TRACKING TECHNOLOGIES
4.1. We may use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising. Our use of cookies and tracking technologies includes:
4.1.1. Essential Cookies: These cookies are necessary for the operation of our Website. They enable you to move around our Website and use its features, such as account login and checkout processes.
4.1.2. Performance and Analytics Cookies: These cookies collect information about how you use our Website, allowing us to improve its functionality and User experience. For example, these cookies help us understand which pages are visited most frequently and how Users navigate the site.
4.1.3. Functionality Cookies: These cookies allow our Website to remember your choices (such as your username, language, or product preferences) and provide enhanced, more personalized features.
4.1.4. Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They also help limit the number of times you see an ad and measure the effectiveness of advertising campaigns. The Website does not currently use advertising cookies. If advertising cookies are implemented in the future, their use will be governed by this section, and this Privacy Policy will be updated to reflect such changes where applicable.
4.2. You have choices regarding the use of cookies and tracking technologies, including adjusting browser settings to refuse cookies, using opt-out mechanisms from industry-wide initiatives, and setting privacy preferences for specific tracking technologies.
4.3. We are committed to implementing a robust cookie and consent mechanism to ensure transparency and User control.
5. INFORMATION WE DO NOT COLLECT
5.1. We do not collect or store certain types of information, including:
5.1.1. Sensitive Personal Data: We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, or genetic data.
5.1.2. Government-Issued Identification Numbers: We do not collect government-issued identification numbers (e.g., Social Security Numbers, driver’s license, or passport details), unless strictly necessary for legal compliance. Such information, if requested, is handled securely and not used for any unrelated purpose.
5.1.3. Biometric Data: Brwn In A Box does not collect or process biometric data, including facial scans, fingerprints, or voiceprints. We do not use facial recognition or any biometric profiling technologies on the Website.
5.1.4. Health or Medical Information: We do not collect, store, or process any health-related information or medical records related to your use of our products.
6. HOW WE USE YOUR DATA
6.1. The information we collect is utilized for various purposes that are essential to the operation and enhancement of our Website. The purposes for which we collect and process personal data are outlined as follows:
6.1.1. Improving Our Services
6.1.1.1. Website Enhancements: We may use the personal information you provide to improve and enhance our Website. This may involve analyzing how you interact with our Website, identifying areas for improvement, and optimizing your experience. For example, we may analyze your behavior on our Website to make the interface more user-friendly or improve the overall experience.
6.1.1.2. Feature Development: By understanding how you use our Website, we can enhance its functionality to cater to your preferences and needs. This could include introducing new features, improving the efficiency of existing ones, and offering you a more personalized experience, such as customizable subscription box options.
6.1.1.3. Order Management: To process and fulfill subscription and single-purchase orders, manage delivery schedules, and provide tracking information.
6.1.1.4. Feedback and Continuous Improvement: We value your feedback and use it to continuously improve our Website. By analyzing your feedback and the way you use our Website, we can better tailor it to meet your expectations.
6.1.2. Transaction Processing
6.1.2.1. Transaction Status: We may use your personal information to confirm and update you on transaction statuses, send order confirmations, and provide shipping updates via email or other messaging services.
6.1.2.2. Account Authentication and Security: Your personal information is used to validate and authenticate your account, preventing any misuse or abuse of our Website.
6.1.3. User Engagement and Personalization
6.1.3.1. Customized Content: We may use your personal information to personalize the content of our Website, tailoring your experience based on your preferences, such as product recommendations or mix-and-match subscription options.
6.1.3.2. Reviews and Feedback: We may use your personal information to request reviews of our Website or products or gather feedback to help us improve.
6.1.4. To Ensure Website Security and Prevent Fraud
6.1.4.1. We collect information to protect your data, maintain the security of our Website, and prevent fraudulent activities. By collecting and using information for security and fraud prevention, we aim to create a safe and secure environment for our Users.
6.1.4.2. The data is also collected for internal business or technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to maintain the security of our Website, network, and information systems.
6.1.5. Market Research and Communications
6.1.5.1. Marketing Promotions and Research: We may conduct marketing promotions, research, and programs to help identify your preferences and enhance the User experience. We use the information you provide to improve our Website.
6.1.5.2. Direct Marketing: If you have opted-in, we may send you marketing communications, newsletters, and other relevant items about our products or vendor partners.
6.1.5.3. Periodic Updates: We may also send you updates and information about our Website based on your preferences.
6.1.6. Third-Party Sharing
6.1.6.1. Third-Party Sharing: We may share your personal information, anonymized and/or aggregated data, with third-party service providers, such as payment processors, shipping partners, or analytics providers, to help process transactions, deliver products, or improve our Website. These third parties will handle your information in accordance with applicable privacy laws.
6.1.6.2. Service Providers: To enhance your experience on our Website, we may share your personal information with third-party service providers, including but not limited to cloud service providers such as Amazon Web Services (AWS), which offers industry-standard encryption and security protocols.
6.1.6.3. Vendor Partnerships: We may share limited order or referral data with vendor partners to fulfill subscription boxes or track commissions, as outlined in our Vendor Agreements.
6.1.7. Customer Support
6.1.7.1. To provide you with customer support and respond to your inquiries, requests, or complaints, we collect information to ensure that we can provide you with comprehensive and effective customer support.
6.1.8. To Comply with Legal Obligations
6.1.8.1. We collect information to ensure compliance with various legal and regulatory requirements, which is crucial for maintaining the integrity and legality of our operations. This includes adhering to applicable data protection laws, financial regulations, and industry standards.
6.1.8.2. We are required to maintain accurate records, process transactions lawfully, and safeguard User data as mandated by law. Compliance involves cooperating with law enforcement and regulatory authorities, responding to legal requests and court orders, and ensuring our business practices meet all applicable legal standards.
6.1.8.3. By collecting and managing information in accordance with these legal obligations, we protect both our Users and our Website from potential legal risks and ensure that our operations remain transparent, accountable, and legally compliant.
7. LEGAL BASIS FOR PROCESSING PERSONAL DATA
7.1. We process your personal data under the following legal bases:
7.1.1. Consent: When you have given clear consent for us to process your data for a specific purpose, such as marketing communications or cookie usage.
7.1.2. Contractual Necessity: To fulfill contractual obligations or provide the services you requested, such as processing orders or managing subscriptions.
7.1.3. Legal Obligation: When we are legally required to collect or process your information, such as for tax reporting or fraud prevention.
7.1.4. Legitimate Interests: For our legitimate business interests, provided that these are not overridden by your data protection rights, such as improving our Website or conducting analytics.
7.2. We also use the information to communicate with you. This includes sending you updates and other relevant information related to the Website.
8. SHARING YOUR INFORMATION
8.1. We deeply value the trust you place in us when you share your personal information. Our commitment to safeguarding that trust is unwavering, and as such, we adhere to strict principles when it comes to sharing your information. Here is how we ensure your data is handled with the utmost respect and care:
8.1.1. With Your Consent: We may only share your personal information with third parties after obtaining your clear and explicit consent, ensuring you remain in control.
8.1.2. Service Providers: We collaborate with trusted third-party service providers to support operations such as:
8.1.2.1. Data hosting (e.g., AWS);
8.1.2.2. Payment processing (e.g., Wave Accounting, CloverGO);
8.1.2.3. Shipping and delivery;
8.1.2.4. Digital advertising and analytics (e.g., Google Analytics);
8.1.2.5. Marketing and customer support. All providers are bound by confidentiality agreements and use your data exclusively for agreed purposes.
8.1.3. Legal Requirements: We may disclose your information to comply with legal obligations, such as court orders or governmental requests, or to protect our rights, Users, or the public from fraud or security threats.
8.1.4. Data Security: All shared data is managed under strict agreements to ensure confidentiality and security.
8.2. All third-party providers are contractually bound to maintain data security and confidentiality standards, ensuring your information is protected and used solely for its intended purpose.
9. DATA STORAGE
9.1. Brwn In A Box LLC stores User data in secure, cloud-based servers maintained by third-party providers that employ industry-standard encryption, access controls, and physical safeguards. All data is stored in compliance with applicable privacy laws.
9.2. We ensure that personal information is stored only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for the provision of services, account management, compliance with legal obligations, dispute resolution, and enforcement of our Terms and Conditions.
9.3. Our data hosting providers may store and process data in servers located in the United States or other jurisdictions, depending on infrastructure availability. By using the Website, you consent to the transfer and storage of your information in such locations, subject to applicable safeguards.
9.4. Decentralized Data Storage:
9.4.1. Personal identifiable information (PII) such as names and emails is stored on centralized servers managed by trusted third-party providers like Amazon Web Services (AWS), which offers industry-standard encryption and security protocols.
9.4.2. We do not store sensitive content, such as detailed product usage notes, beyond what is necessary for order fulfillment.
10. DATA PROTECTION & SECURITY
10.1. We implement robust data security measures along with industry-standard security protocols to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security protocols include the following:
10.1.1. Encryption: We use encryption technology to protect sensitive data transmitted over the internet and stored in our systems. This ensures that your personal information remains confidential and secure.
10.1.2. Access Controls: We restrict access to personal information to authorized personnel only. Our systems have role-based access controls to limit who can view or modify your data.
10.1.3. Regular Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities. This helps us maintain a high level of security and adapt to emerging threats.
10.1.4. Integration with Third-Party Services: We ensure that these third parties comply with our data protection standards and have their own security measures in place. We regularly review their practices to ensure alignment with our commitment to data security.
10.1.5. Incident Response: In the event of a data breach, we will notify affected Users promptly, following applicable legal requirements. We will provide information on the nature of the breach, the data affected, and the steps we are taking to mitigate the impact.
10.2. We make every effort, using available resources, to ensure User information’s confidentiality and prevent unauthorized access. However, it is not possible for us to completely and definitively block and/or prevent unauthorized access to the databases, and the User will waive any claim and/or demand against us in this regard, provided that we have taken reasonable measures to prevent such unauthorized access.
10.3. By using the Website, you acknowledge and accept the inherent risks associated with online data transmission and agree to take reasonable steps to protect your own account credentials and device security.
11. DATA RETENTION
11.1. We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to provide services, maintain User accounts, comply with legal, accounting, or regulatory obligations, resolve disputes, enforce our Terms and Conditions, establish or defend legal claims, and prevent fraud. The specific retention period will vary depending on the nature of the data, its intended use, and applicable legal requirements. Once the relevant purposes have been fulfilled and no further legal obligation exists, we will securely delete, anonymize, or otherwise render the data inaccessible in accordance with our internal data retention policies.
11.2. To determine the appropriate retention period for personal information, we consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
11.3. When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.
12. YOUR LEGAL RIGHTS
12.1. We are committed to ensuring that your rights concerning data privacy are clearly articulated and easily accessible. As a User, you have the following rights:
12.1.1. Right to Access: You can request access to the personal information we hold about you.
12.1.2. Right to Rectification: If your personal information is inaccurate or incomplete, you have the right to request to correct or update it.
12.1.3. Right to Erasure: You can request us to delete your personal information when it is no longer necessary for the purposes for which it was collected, or if you want, you can withdraw your consent.
12.1.4. Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information under certain circumstances.
12.1.5. Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format and transfer it to another service provider.
12.1.6. Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing purposes.
12.1.7. Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
12.1.8. Right to Withdraw Consent: If we rely on your consent for processing your personal information, you can withdraw your consent at any time.
12.2. To exercise any of these rights, please contact us using the contact details provided below.
12.3. We aim to delete all closed account information from our systems within 30 days, except as otherwise stated in this Privacy Policy.
12.4. We may retain your personal data following account closure if it is reasonably necessary to:
12.4.1. Comply with legal obligations, including law enforcement requests and regulatory requirements;
12.4.2. Resolve disputes or enforce our agreements;
12.4.3. Prevent fraud, abuse, or security breaches;
12.4.4. Maintain the integrity and security of our services;
12.4.5. Fulfill your request to “unsubscribe” from further communications.
12.5. Additionally, anonymized data may be retained for analytical and other lawful purposes.
12.6. Please note that any information you share publicly, such as reviews, may remain visible on our Website after account closure and will be attributed to an “unknown user.” Furthermore, your profile information may continue to appear in cached results on third-party platforms until those platforms update their systems.
13. COMPLIANCE
13.1. We are committed to complying with all applicable data protection and privacy laws in the jurisdictions in which we operate. This includes, but is not limited to:
13.1.1. The California Consumer Privacy Act (CCPA), for Users located in California;
13.1.2. The General Data Protection Regulation (GDPR), where applicable, for Users located in the European Economic Area (EEA), the United Kingdom, or other GDPR-compliant jurisdictions;
13.1.3. The Children’s Online Privacy Protection Act (COPPA), for protecting the privacy of children under 13.
13.2. Cross-Border Data Transfer:
13.2.1. Your personal data may be processed, stored, or transferred to locations outside your country of residence, including the United States, where data protection laws may differ from those in your jurisdiction.
13.2.2. By using our services and providing your personal data, you consent to such cross-border data transfers for the purposes outlined in this Privacy Policy.
13.2.3. When transferring personal data across borders, we ensure that appropriate safeguards are in place to protect your information, such as using Standard Contractual Clauses (SCCs) or relying on adequacy decisions by relevant data protection authorities.
13.2.4. Our unwavering commitment to compliance ensures your data is handled lawfully, securely, and transparently, irrespective of your geographic location.
14. GOVERNING LAW AND DISPUTE RESOLUTION
14.1. This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of the State of Ohio, United States, without regard to its conflict of law principles.
14.2. If you have any concerns or disputes regarding this Privacy Policy, we encourage you to reach out to us directly at support@brwninabox.com in an attempt to resolve the issue amicably.
14.3. Any disputes that cannot be resolved as outlined in the Dispute Resolution section of our Terms and Conditions shall be subject to the exclusive jurisdiction of the competent courts located in Cuyahoga County, Ohio, United States. By using our Website, you consent to the personal jurisdiction of such courts for the purpose of litigating any disputes.
15. POLICY UPDATES
15.1. We are committed to regularly reviewing and updating this Privacy Policy to stay aligned with emerging legal standards, technological advancements, and shifts in our service offerings.
15.2. Any significant changes to this Privacy Policy will be communicated to you through a notice on our Website, and in some cases, we may also send you an email notification. The notice will indicate the date of the last revision and highlight the key changes made.
15.3. Please ensure that you are always well-informed about how we handle your personal data, thereby empowering you to make choices that are best suited to your privacy preferences. Your continued use of our services following any updates to this Privacy Policy signifies your acceptance of those changes.
16. ACKNOWLEDGMENT
16.1. By accessing and utilizing our Website, you affirm that you have thoroughly read, understood, and embraced the terms laid out in this Privacy Policy. This acknowledgment is crucial, as it forms the basis of our mutual understanding and agreement regarding your data and privacy.
CONTACT US
If you have any questions, concerns, or feedback regarding this Privacy Policy or any aspect of our services, please feel free to reach out to us at:
Brwn In A Box LLC
8584 Washington St #2034
Chagrin Falls, Ohio 44023
Email: support@brwninabox.com