Privacy Policy


Effective date: MARCH 2022


1. INTRODUCTION. B WELL NATURAL HEALTH STORE LLC, (“Company”, “We”, or “Us”) respects your privacy and is committed to protecting it through our compliance
with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the URL(s)  (collectively, the “Site”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.


This policy applies to information we collect:
a. On this Site.


b. In email, text, and other electronic messages between you and this Site.


c. Through mobile and desktop applications you may download from this Site, which
provide dedicated non-browser-based interaction between you and this Site.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Site. By accessing or using this Site, you agree to this privacy policy.


This policy may change from time to time. Your continued use of this Site after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
2. CHILDREN UNDER THE AGE OF 18. No one under age 18 may provide any personal
information to or on the Site. We do not knowingly collect personal information from children
under 18. If you are under 18, do not use or provide any information on this Site or on or
through any of its features/register on the Site, make any purchases through the Site, use any of
the interactive or public comment features of this Site or provide any information about yourself
to us, including your name, address, telephone number, email address, or any screen name or
user name you may use. If we learn we have collected or received personal information from a
child under 18 without verification of parental consent, we will delete that information. If you
believe we might have any information from or about a child under 18, please contact us at

no obligation to provide us with your personal information when visiting our website. Whether
you provide any personal information is entirely voluntarily and is solely within your discretion.
We may be unable to provide you with any services or information you request, however, if you
decide not to provide us with some or all of the personal information via our website. We may
collect several types of information from and about users of our Site, including information:


a. By which you may be personally identified, such as name, postal address, e-mail
address, telephone number, or any other information the website collects that is defined as personal or personally identifiable information under an applicable law (“personal information”);


b. That is about you but individually does not identify you; and/or


c. About your internet connection, the equipment you use to access our Site and usage details.


We collect this information:


a. Directly from you when you provide it to us;


b. Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and


c. From third parties, for example, our business partners.


4. INFORMATION YOU PROVIDE TO US. The information we collect on or through our Site may include:


a. Information that you provide by filling in forms on our Site. This includes, but is not limited to, information provided at the time of registering to use our Site or used to request further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Site.


b. Records and copies of your correspondence (including email addresses), if you contact us.


c. Your responses to surveys that we might ask you to complete for research purposes.


d. Your search queries on the Site.


TECHNOLOGIES. As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
a. Details of your visits to our Site, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Site;


b. Information about your computer and internet connection, including your IP address, operating system, and browser type.


The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Site and to deliver a better and more personalized service, including by enabling us to:


a. Estimate our audience size and usage patterns.


b. Store information about your preferences, allowing us to customize our Site according to your individual interests.


c. Speed up your searches.


d. Recognize you when you return to our Site.


The technologies we use for this automatic data collection may include:


a. Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site.


b. Flash Cookies. Certain features of our Site may use local stored objects (or Flash
cookies) to collect and store information about your preferences and navigation to, from, and on our Site. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see CHOICES ABOUT HOW WE USE AND DISCLOSE




c. Web Beacons. Pages of our the Site and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs)that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

6. HOW WE USE YOUR INFORMATION. We do not sell the personal information you provide us. We will not share your personal information with third parties for marketing purposes. We use information that we collect about you or that you provide to us, including any personal information:


a. To present our Site and its contents (including, but not limited to, content generated by algorithms We use on the site) to you;


b. To provide you with information, products, or services that you request from us;


c. To fulfill any other purpose for which you provide it;


d. To provide you with notices about your account;


e. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us;

f. To notify you about changes to our Site or any products or services we offer or provide
though it;

g. To allow you to participate in interactive features on our Site;

h. In any other way we may describe when you provide the information; or


i. For any other purpose with your consent.

Retention of Information Collected

We will retain any information we collect from you only for as long as is necessary for the
purposes set out in this Privacy Policy. We will retain and use this information only to the extent
necessary to comply with our legal obligations (for example, if we are required to retain your
data to comply with applicable laws), resolve disputes, and enforce our legal agreements and

We will also retain your usage details for internal analysis purposes. Usage details are generally
retained for a shorter period of time, except when this data is used to strengthen the security or
to improve the functionality of our Site, or we are legally obligated to retain this data for longer
time periods.

7. DISCLOSURE OF YOUR INFORMATION. We may disclose aggregated information about
our users, and information that does not identify any individual, without restriction.
We may disclose personal information that we collect, or you provide, as described in this
privacy policy:

a. To our subsidiaries and affiliates;

b. To contractors, service providers, and other third parties we use to support our business,
including but not limited to Square, Inc;

c. To a buyer or other successor in the event of a sale or transfer of some or all of our
assets, whether as a going concern or as part of bankruptcy, liquidation, or similar
proceeding, in which personal information held by us about our Site users is among the
assets transferred;

d. To fulfill the purpose for which you provide it;

e. For any other purpose disclosed by us when you provide the information; and

f. With your consent.

We may also disclose your personal information:

g. To comply with any court order, law, or legal process, including to respond to any
government or regulatory request;

h. To enforce or apply our terms of use and other agreements; or

i. If we believe disclosure is necessary or appropriate to protect the rights, property, or
safety of us, our customers, or others.

8. LINKS TO THIRD-PARTY WEBSITES. The Site may include links to blogs, social media and
third-party websites. These third-party sites have their own privacy policies and terms of use
and are not controlled by this Privacy Policy or the terms of use of our Site. You should carefully
review any terms, conditions and policies of such third-party sites before visiting them or
supplying them with any personal information. If you follow a link to any third-party site, any

information you provide that site will be governed by its own terms of use and privacy policy and
not this Privacy Policy; we are not responsible for the privacy or security of any information you
provide to a third-party website or the information practices used by any third-party site,
including links to any third-party site from our Site.

California Civil Code Section § 1798.83 permits users of our Site that are California residents to
request certain information regarding our disclosure of personal information to third parties for
their direct marketing purposes. To make such a request, please send an email to

provide you with choices regarding the personal information you provide to us. We have created
mechanisms to provide you with the following control over your information:
Promotional Offers from the Company. If you do not wish to have your contact information used
by the Company to promote our own or third parties’ products or services, you can opt-out by
checking the relevant box located on the form on which we collect your data or sending us an
email stating your request to

10. ACCESSING AND CORRECTING YOUR INFORMATION. If you do not wish to have your
personal information in the possession of or processed by us, you may send us an email at to request access to, correct, or delete any personal information
that you have provided to us. Please note, however, that we may not be able to delete your
personal information except by also deleting your user account. We may not accommodate a
request to change information if we believe the change would violate any law or legal
requirement or cause the information to be incorrect.

Privacy Act (“CCPA” or “Act”) grants residents of the State of California certain privacy rights in
their personal information. This Section only applies to visitors and users of our website who are
California residents (hereinafter “you” or “consumer”). This Notice does not apply to personal
information collected from California-based employees, owners, or contractors.

We may collect information that identifies, relates to, describes, references, is reasonably
capable of being associated with, or could reasonably be linked, directly or indirectly, with a
particular consumer, household, or device (“CCPA personal information”). CCPA Personal
information does not include:


a. Publicly available information from government records;

b. Deidentified or aggregated consumer information; and

c. Information excluded from the CCPA’s scope.


We currently collect, or have collected within the last 12 months, the following categories of
CCPA personal information from consumers:

Category Examples Collected Identifiers.


A real name, alias, postal address, unique personal
identifier, online identifier, Internet Protocol address,
email address, account name, Social Security number,
driver’s license number, passport number, or other
similar identifiers.




Personal information categories listed
in the California Customer Records statute
(Cal. Civ. Code § 1798.80(e)).


A name, signature, Social Security number, physical
characteristics or description, address, telephone
number, passport number, driver’s license or state
identification card number, insurance policy number,
education, employment, employment history, bank
account number, credit card number, debit card
number, or any other financial information, medical
information, or health insurance information.
Some personal information included in this category
may overlap with other categories.




Protected classification characteristics under California
or federal law. Age (40 years or older), race, color, ancestry, national
origin, citizenship, religion or creed, marital status,
medical condition, physical or mental disability, sex
(including gender, gender identity, gender expression,
pregnancy or childbirth and related medical conditions),
sexual orientation, veteran or military status, genetic
information (including familial genetic information).




Commercial information.

Records of personal property, products or services
purchased, obtained, or considered, or other
purchasing or consuming histories or tendencies.



Biometric information.


Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a
template or other identifier or identifying information,
such as, fingerprints, faceprints, and voiceprints, iris or
retina scans, keystroke, gait, or other physical patterns,
and sleep, health, or exercise data.




Internet or other similar network activity.

Browsing history, search history, information on a
consumer’s interaction with a website, application, or




Geolocation data. Physical location or movements.




Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information.




Professional or employment- related
information. Current or past job history or performance evaluations.




Non-public education information (per the Family Education records directly related to a student
maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student




Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). financial information, or student disciplinary records. Inferences drawn from other personal information. Profile reflecting a person’s preferences,
characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES


The CCPA provides California residents with the right to request that we disclose:
a. Categories of any personal information we collected about you;
b. Specific pieces of personal information we collected about you;
c. Categories of sources for any personal information we collected about you;
d. Our business or commercial purpose for collecting that personal information;
e. Categories of any third parties with whom we shared your personal information;
f. Categories of any personal information we disclosed about you for a business purpose;
g. Your right to request that we delete any personal information about you that we collected
from you, subject to certain exceptions outlined below; and
h. our right not to receive discriminatory treatment for the exercise of your privacy rights
conferred by CCPA.

By availing yourself to any of the rights afforded in this Privacy Notice you are declaring that you
are a California resident.

Requests to Know or Delete CCPA Personal Information

You have the right to request that we disclose to you or delete any CCPA personal information
collected from you. To make such a request, please send an email to

Once we receive and confirm your request, we will provide you with your CCPA personal
information, or delete the information from our records unless an exception applies. The CCPA
provides that we are not required to comply with a request to delete personal information if the
information is necessary for us to:

a. Comply with a legal obligation;


b. Complete the transaction for which the information was collected, provide a good or
service you requested, perform a contract with you, to fulfill the terms of a written
warranty or product recall conducted in accordance with federal law, or take actions
reasonably anticipated in the context of our ongoing business relationship with you;

c. Detect security incidents, protect against deceptive, malicious, fraudulent or illegal
activity, or to prosecute those responsible for that activity;

d. Debug products, services or applications to identify and repair errors that impair existing

e. Exercise free speech, to ensure the rights of others to exercise their free speech rights,
or to exercise another right provided by law;

f. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code
§1546 et. seq.);


g. Enable solely internal uses that are reasonably aligned with consumer expectations
based upon your relationship with us; or

h. Make other internal and lawful uses of the information that are compatible with the
context in which you provided the information.

Before we respond to any request involving personal information, the CCPA requires that we
confirm the identity of the person making the request, and if the request is made on behalf of
another person, his or her authority to make the request on the other person’s behalf. We are
not obligated to provide or to delete any information pursuant to your request if we are unable to
adequately verify your identity or the identity of the person making the request on your behalf.
Accordingly, we reserve the right to deny any request where we are unable to satisfactorily
confirm your identity. If you have authorized someone to make a request on your behalf, we
reserve the right to deny the request if we are unable to adequately verify the identity of that
person or if we are unable to verify that the individual making the request is authorized to act on
your behalf.

Limitations on Disclosures of CCPA Personal Information

We are not obligated under the CCPA to respond to any request where compliance or
disclosure would violate an evidentiary privilege under California law, or conflict with federal or
state law. The CCPA does not require that we provide personal information to a consumer more
than twice in a twelve-month period; any disclosures we make will only cover the twelve (12)
month period preceding the request.

We will not charge a fee to process or respond to your request and will provide information free
of charge. Where a person’s requests are repetitive, manifestly unfounded or excessive, the
CCPA authorizes us to either charge a reasonable fee that takes into account our administrative
costs or refuse to act on the request and notify the person making the request our reason for
refusing the request. If we determine that a request warrants a fee, we will explain our decision
and will provide you with a cost estimate.



We will not discriminate against you for exercising any of your CCPA rights. This means, for
instance, that we will not deny you services, charge you a different price, including a discount or
other benefit or impose a penalty for the exercise of your CCPA rights.

are visiting our website from outside the United States, any information you voluntarily provide
via our website and any technical information from your browser will be transferred out of your
country and into the U.S. The laws and protections available to the privacy of your personal
information in the U.S. may significantly differ from the protections available in your country.
Personal data transferred to the U.S. may be subject to lawful access requests by state and
federal authorities in the U.S. If you do not want any personal information to be transferred to
the U.S., please do not provide that information to us via our website.
Visitors from the European Union

For purposes of the General Data Protection Regulation (“GDPR”), we are the data controller for
any personal information provided via our website. We do not have a data protection officer in
the EU. Any information that you provide to us will be stored in the United States; we do not
intend to transfer your personal data to another country or international organization. We will
retain any personal information that you provide via our website for seven (7) years from the
date you provided or last updated that information, unless you request that information be
deleted at an earlier date.

To exercise any of the rights granted to natural persons by the GDPR involving the privacy of
their information, please send an email to

We will review any requests we receive and will endeavor to respond in a timely manner. For
security reasons, we may request specific information from you to help us confirm your identity
before taking action on any request, and to ensure your right of access and the exercise any of
GDPR right does not adversely affect the rights of others.
We reserve the right to refuse to act on a request, or to charge a reasonable administrative fee
when a request is either manifestly unfounded or excessive because of its repetitive character.

12. DATA SECURITY. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where we have given you (or
where you have chosen) a password for access to certain parts of our Site, you are responsible
for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although
we do our best to protect your personal information, we cannot guarantee the security of your
personal information transmitted to our Site. Any transmission of personal information is at your
own risk. We are not responsible for circumvention of any privacy settings or security measures
contained on the Site.


13. CHANGES TO OUR PRIVACY POLICY. It is our policy to post any changes we make to
our privacy policy on this page. If we make material changes to how we treat our users’
personal information, we will notify you by email to the primary email address specified in your
account or through a notice on the Site home page. The date the privacy policy was last revised
is identified at the top of the page. You are responsible for ensuring we have an up-to-date
active and deliverable email address for you, and for periodically visiting our Site and this
privacy policy to check for any changes.


14. CONTACT INFORMATION. To ask questions or comment about this privacy policy and our privacy practices, contact us at:

Attn: Website Terms of Service
122 S. Church Street

Rogersville, TN 37857

  • Privacy Shield. BigCommerce complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland to the United States. BigCommerce has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and will do so with respect to transfers of Personal Data from the United Kingdom to the United States. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit the U.S. Department of Commerce site at

    BigCommerce is responsible for all onward transfers of Personal Data to third parties in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.


  • Definitions.
    1. Information Types.
      • Account Information” means data about how and when a BigCommerce account is accessed and the features used, including Store Information.
      • Browser Information” means provided by a browser, including the IP address, the website visited, network connection, device information, and other data, including Cookies.
      • Contact Information” means basic personal and business information, such as first and last name, company name, email address, postal address, phone number, and may include social media account information.
      • Device Information” means information about your device, such as device ID number, model, and manufacturer, version of your operating system and geographical region, collected from any devices when accessing our website, using the Mobile App, or any of our services.
      • Payment Information” means, for example, credit card, ACH or other payment information.
      • Security Information” means user ID, password and password hints, and other security information used for authentication and account access.
      • Store Information” means information about your store, its products, and its architecture.
      • Support Information” includes information about your hardware and software, authentication data, chat session contents, error reports, performance data, and other communication or technical information and may, with express permission, include remote access to facilitate troubleshooting.
      • Transaction Information” means the data related to transactions that occur on our platform, including product, order, shipping information, Contact Information, and Payment Information.
      • Usage Information” means information collected when you interact with the BigCommerce website, mobile application or any of our services, including functionalities accessed, pages visited, and other interaction data.
    2. Automated Decision Making” means a decision made solely by automated means without human involvement.
    3. Controller” means an entity that determines the purposes and means of the Processing of Personal Data.
    4. Cookie” a small file that resides on your computer’s hard drive that often contains an anonymous unique identifier that is accessible by the website that placed it there, but is not accessible by other sites.
    5. Merchant” means an entity that has used or is using the services for ecommerce.
    6. Mobile App” means the BigCommerce Mobile Application available through third-party app stores for mobile devices.
    7. Partner” means a separate legal entity that is a participant in our Agency Partner Program, our Technology Partner Program or other third-party technology integration with the BigCommerce platform, a theme designer, reseller, or referrer of the services.
    8. Personal Data” or “Personal Information” means information that (i) relates to an identified or identifiable natural person, or (ii) identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
    9. Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, including, but not limited to, alteration, collection, organization, recording, retrieval, storage, transmission, and use.
    10. Processor” means the entity which processes Personal Data on behalf of the Controller.
    11. Sensitive Personal Data” means any data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning health or a natural person’s sex life and/or sexual orientation.
    12. Shopper” means an entity or natural person that interacts with the ecommerce offering of a Merchant through the BigCommerce platform.


  • Merchants.
    1. Merchant Policies. Merchants should help Shoppers understand how the Merchant, BigCommerce and relevant third parties collect and process Shoppers’ Personal Data. To that end, Merchants must:
      • post an accurate privacy policy on their storefront that complies with all applicable laws and regulations;
      • process Personal Data in accordance with applicable laws and, to the extent required under such laws, provide notice to and obtain informed consent from Shoppers for the use and access of their Personal Data by BigCommerce and other third parties; and
      • if the Merchant is collecting any Sensitive Personal Data from Shoppers, obtain affirmative, explicit, and informed consent and allow such Shoppers to revoke their consent to the use and access of Sensitive Personal Data at any time.
    2. Information Collected.
      • When a Merchant interacts with our Website, for example, by signing up for a trial, a subscription, or a newsletter or other content, or performing transactions, BigCommerce may collect and control information such as Account Information, Browser Information, Contact Information, Payment Information, Support Information, Device Information, Security Information, Transaction Information, Usage Information and set a Cookie.
      • When a Merchant interacts with our Mobile App, BigCommerce may collect and control information such as Account Information, Contact Information, Device Information, Usage Information and Security Information.
    3. Information Usage. We use this information as a Controller to provide Merchants with our services, confirm identities, provide support such as debugging, troubleshooting, automated decision making such as the detection of fraudulent account creation when signing up for our service, for advertising and marketing, invoicing, to resolve incidents related to the use of our Website and services, to improve and personalize our services, such as push notifications regarding your store activities, and to comply with legal requirements. We may disclose certain information, including Account Information, Contact Information, Support Information and Transaction Information, to Partners subject to confidentiality obligations that refer Merchants to us or are engaged by a Merchant to provide services, apps or products relating to the Merchant’s store(s) or use of our Website and services, or to confirm identities and improve and personalize our interactions and services. We may use this information in other cases where the Merchant has given express consent.


  • Partners.
    1. Information Collected. When a Partner signs up for a partner account or refers a Merchant to us, BigCommerce may collect and control information such as Account information, Browser Information, Contact Information, Payment Information, Support Information, and Usage Information.
    2. Information Usage. We use this information as a Controller to provide Partners with our services, confirm identities, provide support, for advertising and marketing, invoicing, to resolve incidents related to the use of our Website and services, to improve and personalize our services, and to comply with legal requirements. We may use this information in other cases where the Partner has given express consent.


  • Visitors.
    1. Information Collected. When visitors browse our Website, or engage in communications with us online or offline, we may collect and control, as applicable, Browser Information, Support Information, Contact Information, and Usage Information submitted or communicated to us.
    2. Information Usage. We use this information as a Controller to provide our services, and improve and personalize communications, interactions, our services, and provide support if needed. We may use this information in other cases where the Visitor has given express consent.


  • Shoppers.
    1. Information Collected. When Shoppers interact with a Merchant’s ecommerce offering through the BigCommerce platform, we may collect and process Browser Information and Transaction Information of the Shopper on behalf of the Merchant.
    2. Information Usage. We use this information as a Processor to provide our services to Merchants, support and process orders, and manage risk and fraud. The Merchant is the Controller of this information and Shoppers who have questions about our use of this information should contact the Merchant. We may also use certain information as a Controller to improve and personalize our services, and manage risk and fraud.


  • Legal Basis for Processing (EEA visitors only).
    1. Lawful Basis. We generally collect personal data from you only where (i) we need the personal information to perform a contract with you, (ii) the processing is in our legitimate interests and not overridden by your rights, or (iii) we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
    2. Notice. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information.
    3. Legitimate Interest. If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are. For instance, we may rely on our legitimate interests when responding to your queries, improving and personalizing our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities (e.g. checking your identity, fraud prevention).
    4. Questions. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided below.


  • Communications.
    1. Promotional. We may send promotional communications to existing and prospective Merchants, Partners, and visitors by email, phone, and other channels, such as LinkedIn. For example, we may notify a Merchant when a subscription is ending, or invite the recipient to participate in a survey. You can opt-out of receiving promotional communications from us at any time. For information about managing email subscriptions and promotional communications, please go to our email preferences page.
    2. Account. We send certain required communications, such as account notices or information, to users of our services. You may not opt out of receiving these communications if you have an active storefront.


  • Information Sharing.
    Our services are possible because of a variety of third parties and service providers. Sometimes it is necessary to share Merchant, Partner, or Shopper Personal Data with them to support our services. We may access, transfer, disclose, and/or retain that Personal Data with consent or in the following circumstances. 
    1. Compliance. If we have a good faith belief that doing so is necessary to: (i) comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; or (ii) protect the rights or property of BigCommerce, including enforcing the terms governing the use of the services.
    2. Protection. If we have a good faith belief that doing so is necessary to: (i) protect Merchants, Partners, Shoppers, or visitors; for example, to prevent spam or attempts to defraud us or users of our services, or in response to threats of safety of any person; or (ii) operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
    3. Affiliates. We share Personal Data among BigCommerce-controlled affiliates and subsidiaries for the purposes described in this Privacy Policy.
    4. Service Providers. BigCommerce may use from time to time a limited number of third-party service providers, data processors, contractors, and other businesses to assist us in providing our services for the purposes described in this Privacy Policy.
    5. SDKs and APIs. BigCommerce may include third-party libraries such as Software Development Kits (SDKs) or Application Interfaces (APIs) within our applications (including the Mobile App) for the purposes described in this Privacy Policy, including the following:
      • Functional SDKs: these are software libraries we use to enhance the end user experience and functionality within the application, such as graphics and display of images within the app, and in-app notifications according to preferences.
      • Analytics SDKs: these are external third-party sub processors’ libraries we use in collecting device and usage data for application performance monitoring.
    6. Payment Processing. We share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction.
    7. Apps. Upon receiving a Merchant’s consent to install an application, we will share the Merchant’s Contact Information and other information requested by the app with the app Partner.
    8. Merger; Sale. We may also disclose Personal Data as part of a corporate transaction such as a merger or sale of assets.


  • Automated Decision-Making.
    Some Personal Data may be used in Automated Decision Making to help us screen accounts for risk, fraud, or abuse concerns. You can object to profiling, including profiling for marketing purposes, or contest or dispute such decisions by contacting us here. Subject to applicable law, we can provide you with details underlying the automated decision-making review and rectification of any inaccuracies.


  • Cookies.
    1. Usage. BigCommerce and its third-party service providers use cookies, web beacons, and similar tracking technologies to recognize you when you visit our website, remember your preferences, and give you a personalized experience. When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
    2. Persistence. We use both session-based and persistent cookies on our websites. Persistent cookies remain on your computer when you have gone offline, while session cookies are deleted as soon as you close your web browser. A website may set a cookie if the browser’s preferences allow it. A browser only permits a website to access the cookies that it has set, not those set by other websites.
    3. Types.
      • Essential. These cookies are necessary for our website to work as intended. 
      • Functional. These cookies enable enhanced functionality, like videos and live chat. Without these cookies, certain functions may become unavailable.
      • Analytics. These cookies provide statistical information on site usage. For example, these cookies enable web analytics that allow us to improve our website over time. 
      • Targeting and Advertising. These cookies are used to create profiles or personalize content to enhance your experience. 
    4. Control. It is possible to disable cookies through your device or browser settings, but doing so may affect your ability to use our website. For instance, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit our website. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings. Please use the following links for further instructions: 
    5. Other Resources. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit, or 

  • Third Party Application Stores: Third party application stores, such as Apple’s App Store or Google’s Google Play, might collect additional information and share them with us. Please refer to the application store’s Privacy Policy to better understand how they process any of the personal information they collect and share with app publishers like ourselves. 


  • Information Protection.
    1. We maintain administrative, technical, and physical security measures designed to provide reasonable protection for Personal Data against unauthorized access, disclosure, alteration, loss, and misuse. These security measures include access controls, encryption, and firewalls. We are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by independent third-party qualified security assessors against the ISO 27001 security standard. Unfortunately, no method of Internet use, data transmission, or electronic storage is completely secure, so we cannot guarantee the absolute security of Personal Data.
    2. While we are dedicated to securing our Website and services, you are responsible for securing and maintaining the privacy of your passwords and account information. We are not responsible for protecting Personal Data shared with a third-party based on an account connection that you have authorized. 


  • Accountability and Safeguards for Onward Transfer.
    1. Privacy Shield. We provide services around the world. To provide our services, it may be necessary to transmit Personal Data outside of the country, state, or province where the data was received. As a participant in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework, we are subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
    2. Standard Contractual Clauses. For third-country transfer outside the EU/EEA we also use the Standard Contractual Clauses adopted by the EU Commission as an adequate level of protection.
    3. Data Processors. We will only share or disclose Personal Data to the Processors identified here, which are contractually obligated to provide at least the same level of privacy protection required by the principles underlying the Privacy Shield. Furthermore, we will obligate any Processor to the specified, explicit and legitimate purposes consistent with your consent.
    4. Remedial Measures. If we learn Personal Data is not protected according to our contract, or is being processed beyond your consent, we will take reasonable steps to protect your information and/or cease its illegitimate processing. 


  • Data Subject's Rights.
    1. Generally. You can exercise rights over your Personal Data against the Controller. We provide reasonable steps to allow you to access, rectify, erase, port, or restrict the use of your Personal Data. You have the right to object to the use of your personal data at any time, subject to applicable law. When collection is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal by applicable law. If applicable by national law, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data relating infringes your rights.
    2. Merchants, Partners, and Visitors. Merchants and Partners are able to update many types of collected Personal Data directly within their accounts. Please contact us if you are a Visitor or otherwise unable to access or otherwise change your Personal Data within your account.
    3. Shoppers. We serve as a Processor for Merchants. Shoppers may wish to contact Merchants directly regarding their Personal Data. We can forward Shopper requests for access or deletion to Merchants, but we are unable to delete Merchant data. Requests for deletion of Personal Data may adversely affect our ability to serve you. 
  • Contact Information; Enforcement; Recourse. In compliance with the Privacy Shield Principles, BigCommerce commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BigCommerce at:
 or the Controller:


         BigCommerce, Inc.,
         11305 Four Points
         Austin, TX 78726
         Attention: Legal Department

         or our Article 27 EU Representative:

         BigCommerce Software Ireland Ltd. 
         32 Merrion Street Upper
         Dublin 2
         D02KW80, Ireland

         BigCommerce will respond to any such inquiries or complaints without undue delay and in accordance with applicable law. If BigCommerce fails to respond or its response is insufficient or does not address the concern, BigCommerce has registered with the Association of National Advertisers (ANA) to provide independent third party dispute resolution at no cost to the complaining party. To contact ANA and/or learn more about the company’s dispute resolution services, including instructions for submitting a complaint, please visit Complaining parties may also, in absence of a resolution by BigCommerce and ANA, seek to engage in binding arbitration through the Privacy Shield Panel.

         ANA Contact Information:
         Attn: Privacy Shield
         225 Reinekers Lane, Suite 325
         Alexandria, Virginia 22314

         BigCommerce also commits to periodically reviewing and verifying the accuracy of this Privacy Policy and the company’s compliance with the Privacy Shield Principles, and remedying issues identified. All employees of BigCommerce that have access to Personal Data covered by this Privacy Policy are responsible for conducting themselves in accordance with this Privacy Policy. Failure of a BigCommerce employee to comply with this Privacy Policy may result in disciplinary action. BigCommerce is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

  • Updates. We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the “Date of Last Revision” date displayed at the top of this Privacy Policy.


  • California Consumer Privacy Act.
    1. CCPA Rights. The California Consumer Privacy Act (the “CCPA”) provides certain rights to consumers, including the following:
      • Right to Know: You have the right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices.
      • Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you.
      • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

        These rights are not absolute, and there may be cases when we decline your request as permitted by law. 

        If you are a California resident and a Merchant, Partner or Visitor, we only collect and process Personal Information about you as a result of your business dealings with us. This means that the consumer rights under the CCPA do not apply to you. If you are a California resident and a Shopper, BigCommerce only processes your personal information as a service provider acting on behalf of a Merchant. You should contact the Merchant to exercise any rights under the CCPA. 
    2. Disclosures. BigCommerce does not sell Personal Information.  We share Personal Information with authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Information. We also share Personal Information if you use our services to interact with third parties or direct us to disclose your Personal Information to third parties.
    3. Information Collected. We collect the following types of information from you, your device(s), or from third parties:
      • identifiers, such as Browser Information, Device Information, and Security Information;
      • commercial information, such as Account Information, Contact Information, Transaction Information, and Usage Information;
      • internet or network information, such as Browser Information and Device Information;
      • geolocation data, such as Browser Information and Device Information;
      • financial information, such as Payment Information;
      • other Personal Information, such as Support Information; and
      • information derived from other categories, which could include your preferences, interests, and other information used to personalize your experience.

        We may disclose this Personal Information for the business purposes described in this privacy policy, such as disclosures to service providers that assist us with securing our services or marketing our products.
    4. Right to Know; Deletions. To exercise your “right to know,” contact us here. To exercise your “right to request deletion,” click here. To protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.