Privacy Note for California Residents
SPEC-D TUNING
SUPPLEMENTAL PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
(CCPA/CPRA COMPLIANT ADDENDUM)
Last Updated: May 20, 2026
This Supplemental Privacy Notice for California Residents ("Notice") supplements the information contained in the general Privacy Policy of Spec-D Tuning ("we," "us," or "our") and applies solely to individual residents of the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA"). Any terms defined in the CCPA/CPRA have the same meaning when used in this Notice.
1. Information We Collect and Map to Statutory Categories
The following table sets forth the statutory categories of personal information we collect, the specific pieces of information handled via our BigCommerce e-commerce platform, the categories of sources from which they are obtained, and our operational business or commercial purposes. This table accurately reflects our practices and confirms the data we have collected in the preceding 12 months:
|
CCPA/CPRA Statutory Category |
Specific Data Collected (Shopify Platform) |
Coll. |
Categories of Sources |
Business / Commercial Purposes |
|
Category A: Identifiers |
Real name, postal/shipping address, billing address, email address, phone number, and Internet Protocol (IP) address. |
YES |
Directly from the consumer (checkout or account creation); Automatically via Shopify platform tracking. |
To fulfill and ship orders; communicate with customers; manage accounts; detect/prevent fraud; send marketing communications. |
|
Category B: Personal Information (Cal. Civ. Code § 1798.80(e)) |
Name, signature (via delivery confirmation), shipping address, billing address, and telephone number. |
YES |
Directly from the consumer. |
To process transactions and payments; fulfill and ship orders; provide customer support and manage returns/exchanges. |
|
Category C: Protected Classifications |
None collected. |
NO |
N/A |
N/A |
|
Category D: Commercial Information |
Records of products viewed, order history, transaction details, items added to cart, or items added to wishlist. |
YES |
Directly from the consumer; Automatically generated via storefront interactions. |
To process transactions; facilitate returns/exchanges; offer personalized product recommendations; conduct internal data analytics. |
|
Category E: Biometric Information |
None collected. |
NO |
N/A |
N/A |
|
Category F: Internet/Electronic Network Activity |
IP address, device type, browser connection metadata, operating system, and data regarding storefront navigation paths. |
YES |
Automatically collected via e-commerce cookies, Shopify pixels, and web beacons. |
To optimize website performance; secure platform architecture; protect against malicious activity; measure ad campaign reach. |
|
Category G: Geolocation Data |
Broad geographic location (e.g., city, state, or country) derived from the user's IP address. |
YES |
Automatically derived from network traffic. |
To calculate appropriate shipping logistics, localized sales taxes, and to prevent high-risk fraudulent transactions. |
|
Category H: Sensory Data |
None collected. |
NO |
N/A |
N/A |
|
Category I: Professional / Employment Info |
None collected. |
NO |
N/A |
N/A |
|
Category J: Non-Public Education Info |
None collected. |
NO |
N/A |
N/A |
|
Category K: Inferences Drawn from Data |
Profiles reflecting consumer purchasing trends, automotive preferences, or buying tendencies. |
YES |
Internally generated via automated Shopify data analytics models. |
To serve targeted cross-context advertisements and recommend highly relevant automotive parts to consumers. |
2. Retrospective Disclosures (Preceding 12 Months)
A. Personal Information Collected
In the preceding 12 months, we have collected the categories of personal information outlined in Section 1 of this Notice, including Identifiers, Personal Information (Cal. Civ. Code § 1798.80), Commercial Information, Internet/Electronic Network Activity, Geolocation Data, and Inferences.
B. Personal Information Sold or Shared
We do not sell your personal information to data brokers or third parties for monetary cash compensation. However, like many online e-commerce businesses, we leverage standard digital advertising features (including BigCommence enhanced audiences, Meta pixels, and Google Analytics) that transmit behavioral insights from your web browser across platforms to serve targeted, cross-context behavioral ads. Under California law, this data sharing for marketing purposes is legally classified as a "sale" or "share" of personal information.
In the preceding 12 months, we have sold or shared the following categories of personal information for cross-context behavioral advertising purposes:
· Category A (Identifiers): Internet Protocol (IP) addresses, unique cookie identifiers, device identification codes, and tracking tags.
· Category F (Internet or Other Electronic Network Activity): Storefront click history, item interaction records, search phrases, and specific product page view histories.
Categories of Third Parties to Whom Data Was Sold or Shared: Digital advertising networks, programmatic marketing exchanges, automated data analytics providers, and social media advertising platforms.
We do not knowingly sell or share the personal information of consumers under 16 years of age.
C. Personal Information Disclosed for an Operational Business Purpose
We disclose personal information to our secure service providers and operational contractors to maintain core storefront functionality. In the preceding 12 months, we have disclosed the following categories of personal information for necessary business operations:
· Category A (Identifiers): Disclosed to our e-commerce platform provider (BigCommerce), localized payment gateways, international shipping carriers, and customer notification tools.
· Category B (Personal Information under § 1798.80): Disclosed to payment card processing corporations and logistics fulfillment companies to securely process payments and mail physical auto parts.
· Category D (Commercial Information): Disclosed to automated warehouse systems, return handling service providers, and internal standard accounting vendors.
· Category F (Internet or Other Electronic Network Activity): Disclosed to cloud-based IT infrastructure firewall systems and automated chargeback/fraud risk screening vendors.
Categories of Corporate Entities to Whom Data Was Disclosed: E-commerce platform host (BigCommerce), payment processing networks, postal logistics corporations, live customer-support software suites, and threat-prevention security software entities.
3. Sensitive Personal Information (SPI) Disclosures
Under the CPRA, certain elements we collect are classified as Sensitive Personal Information (SPI), specifically your customer account credentials (username and password) and encrypted credit/debit transaction keys required to checkout.
Statement of Use Limitation: Spec-D Tuning collects and processes these sensitive items strictly to execute requested transactional services (such as maintaining your user portal account secure or finalizing card checkout through Shopify Payments). We do not use or disclose Sensitive Personal Information for any secondary profiling, commercial monetization, or purposes other than those explicitly permitted under California Code of Regulations Title 11, § 7027(m). Consequently, a 'Limit the Use of My Sensitive Personal Information' link is not legally required on our storefront.
4. Strict Data Retention Schedules
We retain the categories of personal information we collect for only as long as is reasonably necessary to achieve the fulfillment purposes set forth in this Notice, or to satisfy governing statutory record retention laws.
Our standard retention criteria are mapped directly below by category:
· Categories A, B, and D (Identifiers, Payment Records, Order History): Retained continuously for the duration of your active relationship with our store, and up to seven (7) years post-transaction to fully comply with statutory IRS tax codes, corporate auditing rules, and state automotive product liability statutes.
· Categories F and G (Network Logs, Device Data, Geolocation): Retained for twelve (12) to twenty-four (24) months from your initial web session to facilitate internal security monitoring, optimize software architecture, and conduct baseline site performance diagnostics.
· Category K (Marketing Inferences): Retained for up to twelve (12) months from generation, after which tracking data blocks are automatically refreshed or permanently de-identified within our automated marketing models.
5. Your Legal Privacy Rights under California Law
California residents possess concrete legal rights regarding their personal information. These rights are unconditional, and your choice to exercise them will never result in discriminatory or punitive action:
· Right to Know and Access: You have the right to request that we disclose the exact categories of personal information we have collected about you, the specific pieces of data held, the underlying sources, the business justification, and the corporate categories to whom data was disclosed or shared over the preceding 12 months.
· Right to Delete: You have the right to request that we delete personal information collected from you, subject to certain legal exceptions (such as our ongoing obligation to fulfill a current automotive parts order or handle an active 12-month product warranty claim).
· Right to Correct Inaccurate Data: You can demand that we correct inaccurate or out-of-date personal information that we maintain within your customer record database.
· Right to Opt-Out of the Sale or Sharing of Personal Information: You have the right to legally block us from sharing your browsing analytics or personal information for cross-context behavioral marketing campaigns.
6. How to Exercise Your California Privacy Rights
To submit an official request to exercise your Right to Know, Delete, or Correct, please initiate contact through any of our dedicated communication mechanisms below:
· Email Intake Portal: specdtuning.usa@gmail.com
· Direct Corporate Tel: (909) 348-9813
· Postal Mailing Address: Spec-D Tuning, Attn: Privacy Compliance, 21901 Ferrero Pkwy, City of Industry, CA, 91789
Verification Protocols
To protect your data from identity theft or unauthorized intrusion, we must reasonably verify your identity prior to fulfilling a privacy request. We will ask you to confirm matching personal identifiers already present in our secure BigCommerce database (such as verifying the last email used for a transaction or cross-checking recent shipping addresses). We will never ask for highly sensitive data during this process.
Global Privacy Control (GPC) & Browser Opt-Out Signals
Our website is configured to actively recognize the Global Privacy Control (GPC) browser-level opt-out signal. If you visit our automotive storefront with a browser or extensions that transmit the GPC signal enabled, our platform will automatically process that signal as a valid, lawful request to opt-out of the 'sale' or 'sharing' of your data for that specific device and browser session. If you are concurrently logged into a customer store account, we will map that opt-out preference across your account globally.
Authorized Agents
You may designate a legally registered authorized agent to file a privacy request on your behalf. To accept an agent request, the agent must submit formal written power-of-attorney authorization signed directly by you, or you must independently contact us to confirm the agent's permission status and verify your identity directly.