Privacy Policy

PRIVACY POLICY

BLACK PANTERA LLC
Effective Date: November 2025

1. INTRODUCTION

This Privacy Policy explains how Black Pantera LLC, a Florida-based U.S. company (“Black Pantera,” “we,” “us,” “our”), collects, processes, stores, secures, shares, transfers, and deletes your Personal Data when you:

visit our website or store,
purchase our sensual wellness products,
interact with our customer support,
engage with our marketing communications,
view or click advertising served by us or our partners.

By accessing or using the Site, you affirm that:

You are 18 years of age or older,
You understand this Privacy Policy,
You consent to the processing described herein to the extent required by law.

If you do not agree, you must discontinue use of our Site immediately.

2. CORPORATE IDENTITY & LEGAL RESPONSIBILITY

Black Pantera LLC
State of Incorporation: Florida
Primary Sales Geography: United States
Infrastructure: Shopify-based ecommerce platform

Black Pantera acts as a Controller for data collected directly by us.
Some partners—such as Meta, Google, TikTok, Shopify—act as independent controllers for data they receive.

3. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to:

our main website and Shopify store,
all landing pages, microsites, funnels, and email signup pages,
Shopify checkout,
apps, plugins, analytics, and CMP systems,
email marketing,
advertising pixels (Meta, TikTok, Google),
fraud detection tools,
affiliate & influencer platforms.

It does not apply to:

websites we link to but do not operate,
third-party ecommerce re-sellers,
platforms where we do not control data flows.

4. AGE RESTRICTION — 18+ ONLY

Our Site and products are strictly intended for individuals who are 18 years or older.

We do not knowingly collect, store, process, or share Personal Data of minors.

If we discover a minor has submitted data:

We delete all related data immediately,
Terminate any associated accounts,
Block future access,
Document the incident for regulatory compliance.

5. DEFINITIONS

Personal Data – any information identifying or relating to an identifiable individual.
Sensitive Personal Information (SPI) – as defined by CPRA (e.g., sexual orientation, health data).
Controller – determines purposes and means of processing.
Processor – processes data on behalf of a controller.
Sell/Share – CPRA definitions for data disclosure.
Consent – informed, specific, freely given, unambiguous authorization.

6. CATEGORIES OF DATA WE COLLECT

We collect:

A. Identifiers

Name
Address
Phone
Email
IP address
Device identifiers

B. Order & Commercial Data

Order history
Product selections
Purchase metadata
Fulfillment information

C. Internet Activity Data

Browsing behavior
Clickstream
Analytics signals
Heatmaps/session replay (if enabled)

D. Device & Technical Data

Browser
System configuration
Screen resolution
Referrer URL

E. Inferences (Non-sensitive)

Product preference categories
Engagement segments
Purchase likelihood

F. Marketing & Communication Data

Email interactions
Subscription preferences

7. SENSITIVE DATA & NON-INFERENCE STATEMENT

Black Pantera explicitly declares:

We do NOT collect, infer, derive, analyze, or process:

sexual orientation,
sexual behavior,
sexual preferences,
intimate health conditions,
reproductive health data,
psychological or emotional conditions.

BUYING AN INTIMATE PRODUCT DOES NOT ENABLE US TO INFER SEXUAL LIFE.

This statement applies under:

CPRA / California law
GDPR / EEA
UK GDPR
U.S. state privacy laws
Canadian PIPEDA

You may request “Limit the Use of My Sensitive Personal Information” at any time, although we do not process sensitive data.

8. NO EXPECTATION OF PRIVACY IN RETURNED INTIMATE PRODUCTS

Due to hygiene regulations, public health rules, and shipping laws:

Returned intimate items may be discarded immediately upon receipt.
No user should expect privacy in physical contents of returned items.
Returned items are not inspected in detail due to biohazard risk.

This protects both customers and Black Pantera from contamination risks.

9. SOURCES OF DATA

We collect data from:

Shopify checkout
Direct user submissions
Customer support interactions
Cookies & trackers
Email tools (Klaviyo)
Ad networks (Meta/TikTok/Google)
Fraud engines
Affiliate systems

10. PURPOSES OF PROCESSING

We process your data for:

order fulfillment,
payments,
fraud prevention,
compliance obligations,
analytics,
personalization (where legally allowed),
advertising (with consent),
security monitoring,
customer service,
auditing and recordkeeping.

11. LEGAL BASES (GDPR/EEA/UK)

Contract: purchases, account management
Consent: marketing, analytics, retargeting
Legitimate Interest: fraud detection, site security
Legal Obligation: tax, bookkeeping, regulatory reporting

12. CPRA NOTICE AT COLLECTION (CALIFORNIA)

We disclose categories collected:

Identifiers
Commercial information
Internet activity
Device data
Inferences

We retain each category as outlined in Section 14 (Retention).

13. SELLING OR SHARING PERSONAL DATA (CPRA)

We do NOT sell personal data.

We MAY share limited data with advertising partners for cross-context behavioral advertising only when legally permitted.

You may opt-out anytime via:

“Do Not Sell or Share My Personal Information”

14. DATA RETENTION POLICY

Category → Retention

Orders → 7 years (required by law)
Support logs → 36 months
Analytics → 12-24 months
Marketing profiles → 24 months of inactivity
Fraud logs → 36 months
Consent logs → 24 months

Data is securely deleted or anonymized after expiration.

15. AUTOMATED DECISION-MAKING

We do NOT use:

automated decisions that have legal or major effects,
sexual behavior profiling,
biometric analysis.

We ONLY use automated systems for:

fraud control,
website analytics,
ad optimization (where permitted).

16. COOKIES & TRACKING TECHNOLOGIES

We use:

Shopify cookies (essential)
Analytics cookies (Google)
Pixels (Meta, TikTok, Google Ads)
Fraud detection cookies
Session replay (optional)

European users MUST consent before any non-essential cookie loads.

Your rights are detailed in our Cookie Policy.

17. ADVERTISING & TARGETING

We disclose to:

Meta
TikTok
Google
Pinterest (if enabled)

Those platforms act as independent controllers for advertising data.

We do NOT share:

intimate behavior,
sexual preferences,
sensitive data.

18. EMAIL MARKETING

We track:

opens,
clicks,
device type,
engagement.

You may unsubscribe anytime.

19. FRAUD PREVENTION

We use:

velocity checks,
behavioral analytics,
payment verification,
device fingerprinting,
IP risk scoring.

If fraud risk is high, your order may be delayed, denied, or canceled.

20. DISCLOSURE TO THIRD PARTIES

We disclose data to:

Shopify
Payment processors
Carriers
Email tools
Analytics providers
Advertising networks
Fraud systems

No third party is permitted to sell your data.

21. INTERNATIONAL TRANSFERS

We rely on:

Standard Contractual Clauses (SCCs)
Transfer Impact Assessments (TIA)
Encryption in transit & at rest
Regional data controls

22. SHOPIFY AS A PROCESSOR

Shopify processes:

orders
payments
analytics
fraud checks

Shopify may use approved subprocessors which meet contractual safeguards.

23. SECURITY MEASURES

We use:

HTTPS/TLS encryption
Access controls
MFA for internal accounts
Secure deletion practices
Network segmentation
Vendor risk assessments
Data minimization
Logging & monitoring

24. USER RIGHTS (GLOBAL)

You may request:

Access
Deletion
Correction
Restriction
Portability (GDPR)
Opt-out (CPRA)
Withdrawal of consent

25. GDPR RIGHTS (DETAILED)

(omitted here for brevity but included in full document)
Includes:

Right to access
Right to object
Right to erasure
Right to portability
Right to lodge complaint with authority

26. CPRA RIGHTS (CALIFORNIA)

Includes:

Right to Know
Right to Delete
Right to Correct
Right to Opt-Out of Sale/Share
Right to Limit Sensitive Data
Right to Non-discrimination

27. EXERCISING RIGHTS

Requests must be sent to:

privacy@blackpantera.com

We will verify identity using:

Email verification
Order metadata
Additional identifiers (if needed)

28. VERIFICATION REQUIREMENTS

We may deny a request if:

identity cannot be verified,
evidence contradicts our records,
the request is excessive or abusive.

29. APPEALS

If your request is denied, you may request reconsideration in writing.

30. DO NOT SELL OR SHARE

California users may opt out via:

dedicated link in footer,
cookie preferences,
email request.

31. LIMIT USE OF SENSITIVE DATA

We provide a dedicated form.
We do NOT process SPI but honor requests.

32. NON-DISCRIMINATION

We do not penalize users who exercise privacy rights.

33. FINANCIAL DATA

Payment data is processed exclusively by PCI-compliant partners.

We do NOT access or store card numbers.

34. CHILDREN’S DATA

We do not collect or process data from minors.
If discovered, we delete immediately.

35. BUSINESS TRANSFERS

Data may be transferred in mergers, acquisitions, or bankruptcy, subject to this Policy.

36. DPIA

We conduct DPIAs when:

deploying new tracking technologies,
changing data flows,
adding markets or regions,
processing product-related intimate information.

37. DATA PROCESSING AGREEMENTS

All vendors must:

comply with confidentiality,
use data only for permitted purposes,
delete data upon termination.

38. RECORD OF PROCESSING ACTIVITIES

We maintain:

categories,
purposes,
retention,
recipients,
transfers,
safeguards.

39. ACCESS CONTROLS

Only authorized staff under NDA may access Personal Data.

40. BREACH NOTIFICATION

We notify:

affected users (as required),
relevant authorities (72 hours for GDPR users).

We are NOT responsible for:

breaches caused by user negligence,
breaches at independent controllers (e.g., Meta).

41. CHANGES TO THIS PRIVACY POLICY

We may update this Policy at any time.
Continued use constitutes acceptance.

42. CONTACT INFORMATION