PrimaGround
0
Legal

Privacy policy

Last updated: May 1, 2026

This policy explains what personal information PrimaGround (“PrimaGround,” “we,” “us,” or “our”) collects when you visit primaground.com, place an order, contact support, or subscribe to our newsletter or magazine — and what we do with it. We have written it in plain language. The legal terms that govern your use of the site are in our Terms of Service.

1. Who we are

PrimaGround, Inc. is a Delaware corporation operating from 1840 Telluride Way, Boulder, Colorado 80301, USA. For the purposes of GDPR, we are the data controller for the personal information we collect through this site.

2. What we collect

2.1 Information you give us

  • Order information: name, shipping and billing address, phone, email, the products and quantities you ordered.
  • Account information: email and password if you create an account; refill preferences if you subscribe.
  • Support correspondence: the contents of any email, web-form, or phone communication you initiate with us.
  • Marketing preferences: whether you have opted in to our newsletter or magazine email list.

2.2 Information we collect automatically

  • Device & browser data: IP address, user-agent string, referrer URL, the pages you view and the time you spend on them.
  • Cookies and similar technologies: see Section 4.

2.3 Payment data

We do not store credit-card numbers on our servers. Payment data is collected directly by our PCI-DSS-compliant payment processor (Stripe, Inc.). We receive a token plus the last four digits of your card for reference.

3. How we use your information

  • To process and fulfill your orders, including arranging shipping and providing tracking.
  • To send transactional emails (order confirmations, shipping notifications, refill reminders, certificate-of-analysis links).
  • To respond to your support inquiries.
  • To send marketing communications, but only if you have opted in. You can unsubscribe from any email with one click.
  • To analyze how our site is used so we can improve it.
  • To detect, prevent, and respond to fraud or violations of our Terms of Service.
  • To comply with our legal obligations (tax, accounting, response to lawful requests).

Under GDPR, our legal bases are: contract (fulfilling your order), consent (marketing emails, non-essential cookies), legal obligation (tax and accounting), and legitimate interests (site security and analytics, balanced against your privacy).

4. Cookies and tracking technologies

We use a small number of cookies and similar technologies:

  • Strictly necessary: session cookies that keep you logged in and remember the contents of your cart. These cannot be disabled.
  • Analytics: we use a privacy-respecting analytics provider (Plausible Analytics) that does not set tracking cookies or collect personal data.
  • Marketing pixels: if you have consented, we use Meta Pixel and the Google Ads conversion tag to measure the performance of our advertising.

You can manage non-essential cookies from our cookie banner or your browser’s settings.

5. Who we share information with

We do not sell your personal information. We share it only with the service providers we need to operate the business:

  • Stripe, Inc. — payment processing.
  • Shopify, Inc. — e-commerce platform.
  • ShipBob, Inc. — order fulfillment and shipping.
  • Klaviyo, Inc. — transactional and marketing emails.
  • Gorgias, Inc. — customer support inbox.
  • Plausible Analytics — site analytics (no personal data).

Each of these providers is contractually bound to use your information only to provide services to us. We may also disclose information when required by law (court orders, valid subpoenas) or to protect our rights, your safety, or the safety of others.

6. Your privacy rights

6.1 California residents (CCPA / CPRA)

You have the right to: know what personal information we collect, the right to delete it, the right to correct inaccuracies, the right to opt out of any “sale” or “sharing” of your personal information (we do not sell), and the right not to be discriminated against for exercising any of these rights.

6.2 EU/EEA and UK residents (GDPR / UK GDPR)

You have the right of access, rectification, erasure, restriction of processing, data portability, and objection to processing. Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, email maxine@primaground.com with the subject line “Privacy Request.” We respond within 30 days.

7. How we keep your information secure

We use TLS encryption for all data in transit and AES-256 encryption for sensitive data at rest. Access to our systems is limited to employees and contractors who need it, and all access is logged. We do not store credit-card numbers on our systems.

8. Children’s privacy

PrimaGround products are not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a child, contact us and we will delete it.

9. How long we keep your information

Order records: 7 years (required for US tax and accounting purposes). Marketing list membership: until you unsubscribe. Support correspondence: 3 years. Analytics: 26 months in aggregate, non-personal form.

10. International data transfers

We are based in the United States, and your information will be transferred to and processed in the United States. When we transfer personal data of EEA, UK, or Swiss residents, we rely on the Standard Contractual Clauses adopted by the European Commission.

11. DMCA notice

For copyright concerns or to file a DMCA takedown notice, please see Section 13 of our Terms of Service.

12. How to contact us about this policy

By email: maxine@primaground.com
By mail: PrimaGround, Inc., 1840 Telluride Way, Boulder, Colorado 80301, USA
By phone: (833) 555-0142 (Mon–Fri, 9am–5pm Mountain Time)

We may update this policy from time to time. If we make a material change, we will notify you by email (if you have an account) or by posting a notice on this page for at least 30 days before the change takes effect.