Privacy Policy
Effective date: June 29, 2026 · Last updated: June 29, 2026
SilverOak Commerce LLC ("SilverOak", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect on silveroakbeauty.com (the "Site"), how we use it, who we share it with, and the rights you have under applicable U.S. state law, the California Consumer Privacy Act ("CCPA") as amended by the CPRA, and — for visitors from the European Economic Area, the United Kingdom, and Switzerland — the General Data Protection Regulation ("GDPR").
1. Who we are (Data Controller)
SilverOak Commerce LLC, 1023 Forbes Ave, Pittsburgh, PA 15219, United States. Email: support@silveroakbeauty.com. Phone: (717) 592-0896. For privacy-specific requests, write to the same email with the subject line "Privacy Request".
2. Information we collect
We collect only what we need to fulfill your order, support you, and operate the Site responsibly.
- Identity and contact data — name, email address, phone number, billing address, shipping address.
- Transaction data — products ordered, order value, currency, order date, shipping method, tracking number, refunds, and the last four digits of the payment card or PayPal payer ID. We do not receive or store your full card number.
- Account data (if you create an admin account) — email, hashed password, role, and login timestamps.
- Review and user-generated content — star rating, written review, optional photos, and the display name you choose.
- Customer-service data — emails, WhatsApp messages, and call notes you share with our support team.
- Device and usage data — IP address, browser type and version, operating system, referring URL, pages viewed, session duration, and approximate geolocation derived from IP. Collected via cookies and similar technologies (see Section 7).
- Marketing data — your preferences for receiving marketing from us and any responses to surveys.
We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact us and we will delete it.
3. How we use your information (purposes and legal bases)
We process personal information for the purposes below. For GDPR users, the corresponding lawful basis is noted in brackets.
- Process and fulfill orders, including payment, shipping, returns, and warranty service. [Contract performance]
- Provide customer support across email, phone, and WhatsApp. [Contract performance / Legitimate interest]
- Send transactional emails: order confirmation, shipping notification, delivery, returns, and warranty updates. [Contract performance]
- Prevent fraud, abuse, and security incidents; enforce our Terms of Service. [Legitimate interest / Legal obligation]
- Comply with tax, accounting, consumer-protection, and product-safety obligations. [Legal obligation]
- Display, moderate, and reply to reviews you submit. [Consent — withdrawn by deleting the review]
- Measure Site performance and improve the storefront via aggregated analytics. [Legitimate interest / Consent where required]
- Send optional marketing emails about new products and offers — only with your explicit opt-in, and you can unsubscribe at any time. [Consent]
4. Who we share data with
We share personal information only with the following categories of recipients, each bound by contract to use it only on our instructions:
- Payment processors — Stripe, Inc., Block, Inc. (Square), and PayPal Holdings, Inc. process card and wallet payments. They receive billing details and transaction amounts directly.
- Shipping carriers — USPS, UPS, and FedEx receive your shipping name, address, and phone number to deliver your order.
- Cloud infrastructure — our hosting and database providers store the Site's content and operational data in U.S. data centers with encryption at rest and in transit.
- Email and SMS — transactional email and (with consent) WhatsApp messaging providers deliver order updates.
- Analytics and advertising — Google Analytics, Google Ads, and Meta (Facebook) Pixel collect aggregated usage and conversion data when enabled.
- Professional advisors — auditors, lawyers, and tax accountants under confidentiality obligations.
- Authorities — courts, regulators, or law enforcement when legally required, after we have verified the request.
- Successors — in the event of a merger, acquisition, or sale of substantially all our assets, customer data may transfer to the successor under the same protections of this Policy.
We do not sell your personal information for money, and we do not share it with third parties for their own independent marketing purposes.
5. International transfers
We are based in the United States and process data there. If you access the Site from outside the U.S., your data will be transferred to, stored, and processed in the United States. For EEA / UK / Swiss visitors, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) with our sub-processors as the safeguard for such transfers.
6. How long we keep data
- Order records — 7 years (U.S. tax and consumer-protection statute of limitations).
- Customer-support correspondence — 3 years from last contact.
- Reviews — until you or an admin deletes them.
- Marketing consent and unsubscribe records — until you opt out, plus a permanent suppression list to honor your unsubscribe.
- Analytics data — aggregated and retained 26 months in Google Analytics by default.
7. Cookies and tracking technologies
We use three categories of cookies:
- Strictly necessary — required to operate the cart, checkout, login, and security. Cannot be disabled.
- Analytics — Google Analytics measures aggregated traffic and page performance.
- Advertising — Google Ads and Meta Pixel measure ad performance and let us show relevant ads to past visitors.
Where required by law (EEA, UK), analytics and advertising cookies load only after you grant consent through our cookie banner. You can withdraw consent at any time by clearing cookies and revisiting the Site.
8. Your privacy rights
Subject to your jurisdiction, you have the right to:
- Access the personal information we hold about you and receive a portable copy.
- Correct inaccurate or incomplete data.
- Delete your data ("right to be forgotten"), subject to legal retention obligations (e.g. tax records).
- Restrict or object to processing based on legitimate interest.
- Withdraw consent for marketing or analytics at any time, without affecting the lawfulness of past processing.
- Opt out of "sharing" or "targeted advertising" under U.S. state laws (CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA).
- Lodge a complaint with a supervisory authority (e.g. your state attorney general, or for EU users your national data-protection authority).
To exercise any right, email support@silveroakbeauty.com from the address on file or include enough information for us to verify your identity. We respond within 30 days (CCPA: 45 days, extendable once).
9. "Do Not Sell or Share" — California, Virginia, Colorado, Connecticut, Texas, Utah
SilverOak does not sell personal information for monetary consideration. We do use third-party advertising cookies that may constitute "sharing" for cross-context behavioral advertising under CCPA/CPRA. To opt out, email support@silveroakbeauty.com with the subject "Do Not Share", or send a Global Privacy Control (GPC) signal from your browser — we honor GPC automatically.
10. Security
We use TLS 1.3 encryption in transit, AES-256 encryption at rest, principle-of-least-privilege access controls, scoped database row-level security, server-side payment-token storage only, and 24/7 infrastructure monitoring. No system is 100% secure; if a breach affects you we will notify you and the relevant regulator without undue delay, and in any event within 72 hours of becoming aware where required by law.
11. Third-party links
The Site may link to third-party sites (e.g. payment processor pages, social media). We are not responsible for their privacy practices. Review their policies before sharing data.
12. Changes to this policy
We may update this Policy from time to time. Material changes will be announced on the Site at least 14 days before they take effect. The "Last updated" date at the top reflects the current version.
13. Contact us
SilverOak Commerce LLC
1023 Forbes Ave, Pittsburgh, PA 15219, United States
Email: support@silveroakbeauty.com · Phone: (717) 592-0896 · WhatsApp: (717) 592-0896
