🚚 Free US shipping on orders $65+

⭐️️ save 14% with our 5 in 1 premade starter stak ⭐️

California Consumer Privacy Act Notice

California Consumer Privacy Act Notice

Effective Date: May 1, 2024

Last Updated: May 1, 2024

This California Consumer Privacy Act notice (“CCPA Notice”) supplements the information contained in our Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumer” or “you”). We adopt this Privacy Policy to comply with the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively the “CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice. This Privacy Notice covers all personal information processed by our website (https://subtlbeauty.com/) and services (“Services”).

If you have a disability, please contact us here for additional support. If this California Privacy Notice is provided offline, please ask us to provide the Privacy Notice in an alternative format to accommodate your disability.

Categories of Information We Collect

We may collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other contact information. YES
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, address, telephone number, credit card number, or debit card number, username and password for online accounts. YES
C. Protected classification characteristics under California or federal law Race, ethnicity, religious or philosophical beliefs, age, or sex (including gender). NO
D. Commercial information Records products, services or services purchased, obtained, or other purchasing or consuming histories or tendencies. YES
E. Biometric information Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with a website, operating system and web browser information. YES
G. Geolocation data Physical location or movements. YES
H. Sensory data Audio, electronic, visual, thermal, olfactory, or similar information. YES
I. Professional or employment-related information Current job history or job title. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other Personal Information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES
L. Sensitive Personal Information Race, ethnic background, social security numbers, driver’s license, state identification card, passport number, or precise geolocation. NO

Personal information does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

How We Collect Personal Information

We use different methods and sources to collect personal information about you, including:

  • Directly from you. For example, from forms you complete, communications you send to us, or information you provide in your interactions with us.
  • Third parties. For example, from third-party companies that provide services that are used in conjunction with our Services.

Aggregated Information:

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Information”). Aggregated Information could be derived from your personal information but is not considered personal information as this information will not directly or indirectly reveal your identity. For example, we may aggregate your website usage data to calculate the percentage of users accessing our websites and Services. However, if we combine or connect Aggregated Information with your personal information so that it can directly or indirectly identify you, we treat the combined information as personal information which will be used in accordance with this Privacy Policy.

Using of Your Personal Information

We may use your information for the purpose of conducting our business operations, including for the following purposes:

  • Communicate with you. This may include: (i) informing you of our new products and promotional activities that may be of interest to you; (ii) providing information about our products, including communication regarding your purchases, delivery time, your account profile and payment processing; (iii) responding to your feedback about our website and products, including, for example, technical support and service improvements to our website and Products and Services; (iv) responding to your questions or inquiries, including technical questions and troubleshooting using our Products and Services; (v) responding to your general inquiries; (vi) responding to your privacy inquiries; and (vii) allowing you to write reviews on our products; and (viii) sending you newsletters.
  • Develop and manage our relationships with you and our business partners. This may include: (i) to process payments and refunds; (ii) delivering products or carrying out transactions you or our business partners have requested; (iii) providing information about our products that may be of interest to you; (iv) providing you with a more consistent experience in interacting with us, including by learning more about you and how you use and interact with our website and Products and Services to personalize the website; and (v) planning, managing, and performing our contractual relationships (product sales and product delivery) with you and our partners and service providers.
  • Improve our website and Products and Services. This may include: (i) customizing our website to your preferences or interests, (ii) making the website more compatible with your devices and browsers, or otherwise making our website and Products and Services easier to use; (iii) maintaining the security of our website and otherwise protecting them; (iv) improving our website and Products and Services; and (v) developing new products, services and platforms.
  • Address legal issues. This may include: (i) complying with our obligations to retain certain business records for minimum retention periods; (ii) establishing, exercising, or defending legal claims; (iii) identifying potential fraud in the purchases (iv) complying with laws, regulations, court orders, or other legal processes; (v) detecting, preventing, fraud or intellectual property infringement claims, violations of our contracts or agreements, violations of law, or other misuse of our website or Services; and (vi) protecting our rights or property, or yours or other health, safety, welfare, rights, or property. In the preceding twelve (12) months, we have used your personal information from the following categories for business purposes:

Disclosing of Personal Information

We may disclose your personal information to a third party for business purposes. When we disclose personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
  • Category A: Identifiers.
  • Category B: California Customer Records personal information categories. Category D: Commercial information.
  • Category F: Internet or other similar network activity.
  • Category H: Sensory data.
  • Category K: Inferences drawn from other Personal Information
We disclose your personal information for a business purpose to the following categories of third parties:
  • Service Providers: Contractors, service providers, and other third parties (“Service Providers”) we use to support our business. This includes IT infrastructure providers, payment processors, data analytics providers (such as Google analytics), logistics service providers, HR management platforms, and employee benefits providers, vendors, attorneys and consultants. These Service Providers are bound by contractual obligations to keep personal information in accordance with our Privacy Policy and applicable privacy laws.
  • Government, Agencies, Courts, or Litigants: We may share your personal information with third parties when we have a good faith belief that disclosure is necessary to comply with a law, regulation, court order, or other legal processes or to detect, prevent, investigate and respond to fraud or intellectual property infringement claims, violations of our contracts or agreements, violations of law, or other misuse of our Services.

Sale of Personal Information

In the preceding twelve (12) months, we have not sold any personal information.

Sharing of Personal Information for Targeted Advertising Purposes

We have shared the following personal information for cross-context behavioral advertising/targeted advertising.
  • Category A: Identifiers.
  • Category D: Commercial information.
  • Category F: Internet or other similar network activity.
  • Category K: Inferences drawn from other Personal Information

Sensitive Personal Information

Sensitive personal information means personal information that reveals (A) a consumer’s social security number, driver’s license, state identification card, or passport number; (B) a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; (C) a consumer’s precise geolocation; (D) a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; (E) the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication; (F) consumer’s genetic data; (G) biometric information for the purpose of uniquely identifying a consumer; (H) personal information collected and analyzed concerning a consumer’s health; or (I) personal information collected and analyzed concerning a consumer’s sex life or sexual orientation. In the preceding twelve (12) months, we have not collected and used the following sensitive personal information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you the following:
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you. The business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we disclosed your personal information for a business purpose, a list identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers/contractors to delete) your personal information from our records unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
1. Complete the transaction for which we collected the personal information, provide goods or services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform services for you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
7. Comply with a legal obligation.
8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Correction Requests

If you think some of the personal information we have about you is incorrect, you have the right to request that we correct the personal information in compliance with the CCPA.

Your Right to Opt-Out of Sale or Sharing Your Information

We do not sell or disclose personal information with third parties that would be considered a “sale” under the CCPA. Since we do share your personal information for targeted advertising or cross-context behavioral advertising, you are opted-out of “sale” or “sharing” (as defined by the CCPA) your personal information.

Opt-out Preference Signals

Opt-out preference signals or Global Privacy Controls (GPC) provide consumers with a simple and easy-to-use method by which consumers interacting with us online can automatically exercise their opt-out of sale/sharing rights. We will honor your opt-out preference signals if you have your web browser or web browser extension set to opt-out of “selling” or “sharing” of your personal information for targeted advertising.

Retention Criteria

We will retain your personal information as reasonably necessary for the disclosed purpose. The retention periods for each category of personal information, vary depending on compliance with relevant laws, your request for deletion, and our retention policies. For example, we may need to retain your personal information to comply with our legal or reporting obligations in accordance with the laws or to defend against claims. Consequently, it is not possible for us to provide a definitive length of time. Our retention periods are determined by using and balancing the following criteria:
  • The volume, nature, and sensitivity of your information;
  • The potential risk of unauthorized access, use or disclosure, or misappropriation;
  • The purposes for which we process your personal information; and
  • The retention obligations under applicable legal requirements.

Exercising Access, Data Portability, Deletion, and Correction Rights

To exercise the access, data portability, deletion, and correction rights described above, please submit a verifiable consumer request to us by:
  • Emailing us at: support@subtlbeauty.com
  • Use the following link to submit your request: https://subtlbeauty.com/pages/contact-us
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create a business relationship with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response to the email address from which you submit it. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Notice of Financial Incentives 

We do not offer financial incentives or pricing discounts for providing your personal information or registering an account with us.

Contact Information

If you have any questions or comments about this notice, our Privacy Notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Attn: Privacy Department
Subtl Beauty Inc.
100 S Commons #102,
Pittsburgh, PA 15212

Email: support@subtlbeauty.com

Consumer Access Request

Alternatively, please click cookie settings to manage cookies.