Privacy Policy
Last Updated: March 17, 2026
Effective Date: March 17, 2026
TrashBaron™ ("TrashBaron," "we," "us," or "our"), operated by EvilTECH, respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit https://trashbaron.org (the "Site") and purchase our products.
1. Information We Collect
1.1 Information You Provide
When you make a purchase or contact us, we may collect:
- Name — to personalize your certificate and process your order
- Email address — to deliver digital products and order confirmations
- Shipping address — to deliver physical products (Trash Baron and Ocean Tycoon tiers)
- Payment information — processed securely by Stripe; we do not store credit card numbers on our servers
1.2 Information Collected Automatically
When you visit the Site, we may automatically collect:
- Device and browser information — browser type, operating system, device type
- Usage data — pages visited, time spent, click patterns, referring URL
- IP address — for fraud prevention and approximate geolocation
- Cookies and similar technologies — see Section 5 below
1.3 Information We Do NOT Collect
- We do not collect Social Security numbers, government IDs, or financial account numbers.
- We do not knowingly collect information from children under 13 (see Section 9).
- We do not collect biometric data.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Process and fulfill orders | Name, email, shipping address, payment | Contract performance |
| Deliver digital certificates | Name, email | Contract performance |
| Send order confirmations and shipping updates | Contract performance | |
| Respond to customer inquiries | Name, email, message content | Legitimate interest |
| Prevent fraud and abuse | IP address, device info, payment data | Legitimate interest |
| Analyze Site usage and improve the Site | Usage data, device info | Legitimate interest |
| Comply with legal obligations | Transaction records | Legal obligation |
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.
3. Third-Party Service Providers
We share information with the following categories of service providers, solely to fulfill the purposes described above:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment card details, billing address |
| Vercel | Website hosting | IP address, usage data (server logs) |
| Fulfillment partner(s) | Printing and shipping physical products | Name, shipping address, order details |
| Email service provider | Transactional emails (order confirmations) | Name, email |
Each third-party provider is contractually obligated to use your data only for the purpose of providing their service to us and to maintain appropriate security measures. We encourage you to review Stripe's Privacy Policy and Vercel's Privacy Policy.
4. Data Retention
- Transaction records: Retained for 7 years to comply with tax and accounting obligations.
- Customer emails and names: Retained as long as necessary to fulfill orders and provide customer support, then deleted or anonymized.
- Server logs and usage data: Retained for up to 12 months, then deleted or aggregated.
- Payment card data: We do not retain payment card data. Stripe processes and stores this data under PCI DSS compliance.
5. Cookies and Tracking
The Site may use the following cookies and tracking technologies:
- Essential cookies: Required for the Site to function (e.g., shopping cart state, checkout session). Cannot be disabled.
- Analytics cookies: Used to understand how visitors interact with the Site (e.g., Google Analytics, if implemented). These collect anonymized, aggregate data.
- Third-party cookies: Stripe may set cookies for payment security and fraud prevention.
We do not use advertising cookies or retargeting pixels. We do not serve ads on the Site.
You can control cookies through your browser settings. Disabling essential cookies may affect Site functionality.
6. Data Security
We implement commercially reasonable security measures to protect your information, including:
- SSL/TLS encryption for all data in transit (the Site is served exclusively over HTTPS)
- PCI DSS-compliant payment processing through Stripe
- Access controls limiting employee access to customer data on a need-to-know basis
- Regular security monitoring of our hosting infrastructure
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Site at your own risk.
7. Your Rights
7.1 All Users
Regardless of your location, you may:
- Request access to the personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of your personal information (subject to legal retention requirements)
- Opt out of marketing communications (if any)
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (as amended by the CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell your personal information. No opt-out is necessary.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CCPA/CPRA.
To exercise these rights, contact us at the email below. We will verify your identity before processing any request. We will respond within 45 days as required by law.
7.3 European Economic Area, UK, and Switzerland (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the following additional rights under the General Data Protection Regulation:
- Right of Access (Article 15)
- Right to Rectification (Article 16)
- Right to Erasure (Article 17)
- Right to Restriction of Processing (Article 18)
- Right to Data Portability (Article 20)
- Right to Object (Article 21)
Our legal bases for processing are described in Section 2 above. To exercise your rights, contact us at the email below. You also have the right to lodge a complaint with your local supervisory authority.
7.4 Other Jurisdictions
We strive to comply with applicable data protection laws in all jurisdictions where we operate. If your jurisdiction grants additional privacy rights, we will honor reasonable requests consistent with applicable law.
8. International Data Transfers
The Site is operated from the United States. If you access the Site from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. By using the Site, you consent to the transfer of your information to countries that may have different data protection rules than your country of residence.
9. Children's Privacy
The Site is not directed to children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us immediately.
10. Do Not Track
Some browsers transmit "Do Not Track" (DNT) signals. We currently do not respond to DNT signals, as there is no industry-wide standard for compliance. We do not track users across third-party websites.
11. Third-Party Links
The Site may contain links to third-party websites (e.g., The Ocean Cleanup). We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies independently.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page will reflect the date of the most recent revision. Your continued use of the Site after any changes constitutes acceptance of the revised policy.
13. Contact Us
For privacy-related inquiries, data access requests, or complaints, contact us at:
Email: privacy@trashbaron.org
Entity: EvilTECH
Website: https://trashbaron.org
We will respond to all legitimate requests within 30 days (or 45 days for CCPA requests, as required by law).