Privacy Policy

1. Introduction

Gemstix ("Gemstix," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our products, or participate in our subscription services (collectively, the "Services"). By using our Services, you consent to the practices described in this Privacy Policy.

This Privacy Policy is incorporated by reference into our Gemstix Terms of Service and applies to all users of our website and Services in the United States.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you provide directly to us, including:

• Name, email address, phone number
• Shipping and billing addresses
• Payment information (processed securely by third-party PCI-compliant providers)
• Taste preferences and product feedback
• Account credentials
• Communication preferences

2.2 Automatically Collected Information

When you use our Services, we automatically collect certain information such as:

• IP address and device information
• Browser type and version
• Pages visited, time spent, and referring website addresses
• Clickstream data and navigation patterns
• Cookies and similar tracking technologies

2.3 Age Verification Information

To comply with U.S. tobacco regulations, we collect age information, which may include date of birth and government-issued ID verification at checkout or delivery. We do not knowingly collect any information from persons under 21.

3. How We Use Your Information

We use your information to:

• Process and fulfill your orders and subscriptions
• Verify your age and eligibility to purchase tobacco products
• Personalize cigar selections and improve recommendations
• Communicate with you about your account, orders, or updates
• Send promotional emails
• Improve our Services, website functionality, and customer experience
• Detect and prevent fraud, security issues, or legal violations
• Comply with federal, state, and local laws

We do not use your personal data for behavioral advertising or sell your information to third parties.

4. How We Share Your Information

Gemstix does not sell your personal information. We only share it under the following conditions:

4.1 Service Providers

We may share data with trusted third-party service providers who help us deliver our Services, including payment processors, shipping and logistics partners, customer support providers, and analytics services. These providers are required by contract to protect your information and use it only for the purpose of providing services to Gemstix.

4.2 Legal Compliance

We may disclose information if required by law, court order, or government request, or when necessary to protect our rights, prevent fraud, or ensure customer safety.

4.3 Business Transfers

If Gemstix is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified if ownership or control changes.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your browsing experience, remember preferences, and analyze site performance.

You can control or disable cookies in your browser settings; however, some essential cookies are necessary for core website functionality. Gemstix does not use cookies for cross-site behavioral advertising.

Types of Cookies We Use:

• Essential Cookies: Enable basic functionality such as shopping cart and login.
• Performance Cookies: Help us understand how visitors use our site.
• Functionality Cookies: Remember preferences to enhance your experience.
• Analytics Cookies: Measure engagement and improve site performance.

6. Your Privacy Rights

Depending on your location, you may have rights to:

• Access – Request a copy of personal data we hold about you.
• Correction – Request updates or corrections to inaccurate information.
• Deletion – Request deletion of your data (subject to legal obligations).
• Opt-Out – Unsubscribe from marketing communications.
• Restriction – Request that we limit certain processing of your data.

To exercise any of these rights, please contact us through our online contact form at gemstix.com/contact. We may verify your identity before fulfilling your request.

7. California and State Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request deletion of that information, and opt out of data sales (Gemstix does not sell data).

Residents of Virginia, Colorado, and Connecticut may have similar rights under state privacy laws, which we honor upon request through our contact form at gemstix.com/contact.

8. Data Security

We aim to use commercially reasonable security measures to protect your information. These may include practices such as SSL/TLS encryption for data transmission, using secure payment processors, restricting employee access where appropriate, and periodically reviewing our systems for potential improvements. While we take reasonable precautions to safeguard your data, no online system is completely secure, and you use our Services at your own risk.

9. Data Retention

We retain information only as long as necessary to fulfill the purposes described in this policy or as required by law. Certain data related to tobacco sales and tax compliance may be retained for legal recordkeeping. When data is no longer needed, it is securely deleted or anonymized.

10. Children's Privacy

Our Services are strictly limited to adults aged 21 and over. We do not knowingly collect or store information from anyone under 21. If we learn that we have received information from an underage user, we will delete it immediately.

11. Third-Party Links

Our website may contain links to third-party sites. Gemstix is not responsible for the privacy practices or content of these external websites. We encourage users to review the privacy policies of any third-party sites they visit.

12. International Users

Gemstix operates solely within the United States and does not market or ship products internationally. If you access our Services from outside the U.S., you consent to the transfer of your data to the United States, which may have different data protection laws.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material updates will be posted on our website and emailed to active subscribers when appropriate. The "Effective Date" at the top will indicate the most recent revision.

14. Contact Information

For any privacy-related questions, requests, or concerns, please reach us through our contact form at gemstix.com/contact.