Effective date: 28 Aug 2025 
GLOSSARY  
"CCPA/CPRA": California privacy laws granting rights to know/delete/correct, opt-out of selling/sharing, and limit use of sensitive data. 
"Cookie Preferences & GPC": User controls for cookie consent and recognition of Global Privacy Control signals where required by law. 
"Cookies & Similar Technologies": Necessary, analytics, and marketing/remarketing tools used for storage/identifiers and measurement. 
"Controller/Processor": Entity deciding purposes/means of processing vs. entity processing personal data on behalf of a controller. 
"DPA (Data Processing Agreement)": Contract governing processing by service providers on our behalf. 
"GDPR/UK GDPR": EU/UK data protection regimes providing rights such as access, erasure, objection, and portability. 
"PDPA (Singapore)": Singapore Personal Data Protection Act. 
"Personal Data": Information that identifies or can reasonably identify a person. 
"Processing": Any operation performed on personal data (collecting, storing, using, disclosing, deleting, etc.). 
"SCCs (Standard Contractual Clauses)": EU-approved clauses used to safeguard cross-border transfers of personal data. 

1) DATA WE COLLECT 
You provide: name, email, phone, shipping/billing, account data, support messages, sizing/options, design 
files (UGC). 
Automatic: cookies, IP, device/browser, language, region, logs, interaction data. 
Third parties: PayPal (payment results), fulfillment/shipping partners (production & delivery status),  analytics/marketing vendors.

2) PURPOSES & LEGAL BASES 
Contract performance; security/fraud prevention; legal compliance; service communications; analytics & improvements; (with consent where required) marketing. Legal bases include Art. 6(1)(b), (f), (c), and (a) for consent. 

3) SHARING & TRANSFERS 
With fulfillment/shipping partners, PayPal, IT/analytics/support vendors under DPAs, authorities as required, and in business transfers. Cross-border transfers use appropriate safeguards (e.g., SCCs) as required by law. 

4) RETENTION & SECURITY 
Keep data only as needed or as required by law/disputes. 
• Orders: ≥5 years (or per tax/accounting). 
• Accounts: until deletion request or after 12 months of inactivity. 
Use reasonable technical/organizational measures; no system is 100% secure.

5) COOKIES & ADS 
We use necessary, analytics, and marketing/remarketing cookies. Where required, we present a consent banner and a Preferences center for granular choices. We honor GPC/Do Not Track to the extent required. Under CPRA, you may opt out of selling/sharing via “Do Not Sell or Share My Personal Information.”

6) YOUR RIGHTS 
Depending on location: access, rectify, erase, restrict, object, port, withdraw consent (without affecting prior 
lawful processing). Under CCPA/CPRA, you may know/delete/correct/opt out/limit sensitive data use. We do not “sell” personal data as commonly defined; if ad tech is deemed a sale/share, you can opt-out as above.

7) CHILDREN; THIRD-PARTY LINKS; UPDATES 
Not directed to children under 13 (or local minimum). We are not responsible for third-party sites. We may update this Policy and post a new effective date. 

8) Contact 
Support: Support@squad4gear.com
Privacy: Support@squad4gear.com
Office: VIETECOMMERCE PTE. LTD
Mail (correspondence only): 7500A BEACH ROAD, #04-326, THE PLAZA, SINGAPORE 199591
Support hours: 9:00 AM – 5:00 PM (Vietnam Time | GMT+7)