Privacy Policy

Effective Date: April 18, 2026

Last Revised: April 18, 2026

Thank you for visiting https://roseandhoney.com/ (the "Website"). Your privacy matters to us. This Privacy Policy ("Policy") describes how Rose + Honey Skincare ("Company," "we," "us," or "our") collects, uses, maintains, protects, and discloses information about you when you use our Website and related services (collectively, "Services").

This Policy applies to information collected on the Website, through your use of the Services, and through communications between you and us (including email, text, and other electronic messages). It does not apply to information collected by third parties whose services you access through the Services.

Please read this Policy carefully. By accessing or using the Services, you agree to the terms of this Policy. If you do not agree, please refrain from using the Services.

1. Changes to This Policy

We may update this Policy from time to time. The "Last Revised" date at the top reflects the most recent update. If we make material changes, we will notify you by email (to the address on your account), via a message within the Services, or by posting a prominent notice on the Website homepage. Your continued use of the Services after any changes constitutes your acceptance of the updated Policy.

2. Information We Collect

A. Information You Provide Directly

We collect personal information you knowingly provide, including:

  • Personal identifiers: name, address, email address, phone number, username, and password.

  • Account information: details you provide when registering, completing questionnaires, or contacting customer service.

  • Correspondence: records of emails and phone communications with us.

  • User content: information you submit to public areas of the Services.

  • Transaction information: payment details (processed securely through Stripe), billing and shipping addresses, and purchase history.

  • Search queries: searches you conduct on the Website.

B. Information Collected Automatically

When you interact with our Services, we automatically collect:

  • Activity information: pages viewed, features used, actions taken, and session duration.

  • Device and browser information: operating system, IP address, browser type and language.

  • Location information: general location derived from IP address or, with your permission, GPS data.

We use standard technologies to collect this information, including cookies, web beacons, JavaScript, entity tags, HTML5 local storage, and resettable device identifiers. You may adjust your browser settings to limit cookie collection, though some features may be affected.

C. Demographic and Aggregate Information

We may collect or derive demographic information (such as age range or general location) that does not individually identify you. This aggregate data helps us understand how our Services are used.

D. Information from Third Parties

We may receive information about you from third-party sources, such as data providers, social networks, and advertising partners. We handle this information in accordance with this Policy and any additional restrictions from the source.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Services.

  • Process transactions and send related communications (receipts, confirmations, appointment reminders).

  • Respond to your questions and provide customer support.

  • Send promotional communications about our services, offers, and events (you may opt out at any time).

  • Analyze usage trends to improve website performance and user experience.

  • Detect and prevent fraud, security breaches, and unauthorized activity.

  • Comply with legal obligations and enforce our agreements.

  • Display relevant advertising through our advertising partners.

  • Develop new products, features, and services.

4. How We Share Your Information

We do not sell your personal information in exchange for money. However, under California law, certain data sharing with advertising partners may constitute a "sale" or "sharing" for cross-context behavioral advertising purposes. See Section 8 for your opt-out rights.

We may share your information in the following circumstances:

  • Service providers: companies that help us operate our business (payment processing via Stripe, email delivery via Mailgun, SMS via Twilio, workflow automation via Zapier, analytics via Google Analytics, tag management via Google Tag Manager). These providers are contractually bound to protect your data.

  • Advertising and marketing partners: Google (Google Ads, Google Ads Remarketing, Google Ads Conversion Tracking) and Meta/Facebook (Facebook Pixel, Facebook Custom Audience, Facebook Lookalike Audience, Facebook Remarketing) for advertising and retargeting purposes.

  • Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

  • Legal compliance: when required by law, court order, or government request.

  • Protection of rights: to protect the safety, rights, or property of the Company, our users, or the public.

  • With your consent: for any purpose you authorize at the time of disclosure.

We may share aggregated or de-identified data that cannot reasonably be used to identify you without restriction.

5. Third-Party Services and Advertising

We use the following third-party services. Each operates under its own privacy policy:

  • Google Analytics & Google Tag Manager – web analytics and tag management (Google Privacy Policy)

  • Google Ads, Google Ads Remarketing & Conversion Tracking – advertising and conversion measurement

  • Meta/Facebook Pixel, Custom Audience, Lookalike Audience & Remarketing – advertising and retargeting

  • Stripe – payment processing

  • Mailgun – email communications

  • Twilio – SMS communications

  • Zapier – workflow automation

Some of these services use cookies and tracking technologies. You can opt out of interest-based advertising at www.aboutads.info or www.networkadvertising.org. You can opt out of Google’s use of cookies at Google Ads Settings. You can opt out of Meta’s use of cookies for ads at Meta’s ad preferences page.

6. Your Choices and Controls

Cookies

Most browsers allow you to refuse or delete cookies through their settings. Note that disabling certain cookies may affect the functionality of the Services.

Promotional Communications

You may opt out of marketing emails by clicking "unsubscribe" in any promotional email, updating your account preferences, or contacting us directly. Even after opting out, we may send transactional messages related to your account or purchases.

Location Information

You may disable location access through your device or browser settings.

Do Not Track

Our Website does not currently respond to browser Do Not Track (DNT) signals. However, we do honor the Global Privacy Control (GPC) signal — see Section 8.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law. When personal information is no longer needed, we securely delete or anonymize it.

8. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the rest of this Policy. It is provided in accordance with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers: name, email address, phone number, IP address, account credentials.

  • Commercial information: purchase history, transaction records.

  • Internet or other electronic network activity: browsing behavior, search queries, interaction with advertisements.

  • Geolocation data: general location derived from IP address.

We do not collect sensitive personal information as defined by the CPRA (e.g., Social Security numbers, precise geolocation, racial or ethnic origin, health data).

Purposes for Collection

We collect the categories above to provide and improve our Services, process transactions, communicate with you, conduct marketing and advertising, ensure security, and comply with legal obligations.

Sale and Sharing of Personal Information

California law defines "sale" and "sharing" broadly to include making personal information available to third parties for advertising purposes. Our use of Google and Meta advertising tools may constitute a "sale" or "sharing" of internet activity information (such as cookies and browsing data) with those third parties for cross-context behavioral advertising.

We do not sell the personal information of consumers we know to be under 16 years of age without affirmative authorization.

Your California Privacy Rights

As a California resident, you have the right to:

  • Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the third parties with whom we share it.

  • Access: obtain a copy of the personal information we hold about you in a portable, readily usable format.

  • Delete: request that we delete your personal information, subject to legal exceptions.

  • Correct: request correction of inaccurate personal information we maintain about you.

  • Opt out of sale/sharing: direct us to stop selling or sharing your personal information with third parties for cross-context behavioral advertising. You may also use a GPC-enabled browser, and we will honor that signal as an opt-out request.

  • Limit use of sensitive personal information: we do not collect sensitive personal information, so this right is not currently applicable.

  • Non-discrimination: we will not discriminate against you for exercising any of these rights.

How to Exercise Your Rights

To submit a request, contact us using the details in Section 11. We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf; we may require written proof of authorization.

We will acknowledge receipt within 10 business days and respond within 45 days. If we need more time (up to 90 days total), we will notify you and explain why. You may submit up to two verifiable requests per 12-month period at no charge.

Financial Incentives

We may offer promotions or discounts in exchange for your email address or other personal information. Participation is voluntary, and you may opt out at any time by contacting us.

Shine the Light

California Civil Code § 1798.83 permits California residents to request a list of third parties to whom we have disclosed personal information for direct marketing purposes in the preceding year. To make such a request, contact us at the address in Section 11.

9. Virginia Privacy Rights (VCDPA)

This section applies to Virginia residents. Under the Virginia Consumer Data Protection Act (VCDPA), you have the right to:

  • Access and confirm whether we process your personal data.

  • Correct inaccurate personal data.

  • Delete personal data you have provided or that we have collected about you.

  • Obtain a portable copy of your personal data.

  • Opt out of processing for targeted advertising, sale of personal data, or profiling in furtherance of decisions with significant legal effects.

  • Non-discrimination for exercising your rights.

To exercise these rights, contact us using the details in Section 11. We will respond within 45 days (extendable by 45 additional days with notice). If we deny your request, you may appeal, and if the appeal is denied, you may contact the Virginia Attorney General.

10. How We Protect Your Information

We implement reasonable technical, physical, and administrative safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Sensitive information (such as payment data) is encrypted in transit using SSL/TLS technology. However, no system can be guaranteed to be 100% secure, and we cannot warrant the security of any information you transmit to us.

You are responsible for keeping your account credentials confidential. Please notify us immediately if you suspect unauthorized access to your account.

11. Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us.

12. Links to Third-Party Websites

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Cookie Policy

We use cookies and similar tracking technologies as described in Section 2(B). By using the Services, you consent to our use of cookies in accordance with this Policy. You may manage your cookie preferences through your browser settings or through consent tools available on the Website.

14. Terms of Use

Use of the Services is also governed by our Terms of Use, available at https://roseandhoney.com/terms. In the event of any conflict between this Policy and the Terms of Use, the Terms of Use shall govern with respect to your use of the Services.

15. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us:

Rose + Honey Skincare

910 Grand Avenue, Suite 204

San Diego, California 92109

Email: info@roseandhoney.com

Phone (Pacific Beach): 858-355-8124

Phone (Solana Beach): 858-366-3655

Website: https://roseandhoney.com

© 2026 Rose + Honey Skincare. All rights reserved.