Privacy Policy

Your Privacy Matters – How TracyVN LLC Protects Your Personal Information

At TracyVN LLC, we respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website tracyvn.store (the “Site”) or make a purchase – whether you are buying Resistance Training DevicesBalance Training EquipmentCardiorespiratory Exercise Equipment, or any other Exercise Equipment from our catalog.

Our headquarters are located at 5441 S Macadam Ave Ste R, Portland, OR 97239, and we operate in compliance with United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) , the Oregon Consumer Identity Theft Protection Act, and general e-commerce data protection standards. If you are a resident of the European Economic Area (EEA) or the United Kingdom, please see Section XII for GDPR-specific provisions – though we primarily serve the US market, we extend certain protections to all international customers.

By using our Site or providing us with your personal information, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our Site or make purchases from TracyVN LLC.

I. Information We Collect

We collect several types of information from and about users of our Site, including:

A. Personal Information You Voluntarily Provide

When you interact with tracyvn.store, we may ask you to provide certain personal details. This includes:

  • Identity Data: Your full name, billing address, shipping address, email address, and phone number (including mobile, if provided).

  • Payment Data: When you make a purchase, you provide payment information (credit/debit card number, expiration date, CVC, billing ZIP code). Important: We do NOT store your full payment information. All payment data is collected and processed directly by Stripe, our PCI-DSS Level 1 certified payment processor. Stripe may store your card information (tokenized) on their servers for future transactions if you opt into their “Link” feature. We only receive the last 4 digits of your card, the card brand, and a payment token.

  • Account Data: If you create an account on our Site (optional), we store your name, email address, hashed password, and order history.

  • Communications Data: When you contact us via email (tracydao@outlook.com.vn), phone (+84987755357), or our website’s contact form, we may keep a record of that correspondence.

  • Product Reviews and Testimonials: If you submit a product review, photo, or video, we may publish that content on our Site (with your name or username, as you provide). You have the option to remain anonymous by using a pseudonym.

  • Marketing Preferences: If you sign up for our email newsletter, we collect your email address and your preferences regarding email frequency.

B. Information Automatically Collected (Through Technology)

When you browse our Site, certain information is automatically logged by our servers and third-party tools. This includes:

  • Device Information: IP address (which may approximate your location), browser type and version, operating system, device type (desktop, tablet, mobile), screen resolution.

  • Usage Data: Pages visited, time spent on each page, products viewed, search queries, clickstream data (links clicked), and the website you visited before arriving at tracyvn.store (referrer URL).

  • Cookie Data: We use cookies and similar tracking technologies (see Section V below).

  • Transaction Data: Order history, purchase amounts, shipping status, returns/refund history (associated with your identity, but stored securely).

C. Information from Third Parties

We may receive information about you from:

  • Stripe: Payment confirmation, fraud risk scores (aggregated, not detailed), and the last 4 digits of your card for order verification.

  • Shipping Carriers (USPS, UPS, FedEx, DHL): Delivery status updates, address corrections.

  • Social Media Platforms: If you interact with our social media pages (Facebook, Instagram), we may receive aggregated demographic data but not your personal social media profile without your explicit consent (e.g., if you tag us in a photo).

  • Fraud Prevention Services: We use Stripe’s Radar and other fraud detection tools that provide risk signals without sharing your full personal data.

We do not purchase personal data from data brokers or third-party marketing lists.

II. How We Collect Your Information

We collect information through the following methods:

  • Directly from you: When you fill out forms on our Site (checkout, account registration, contact forms, review submissions).

  • Automatically: Via cookies, log files, web beacons, and analytics tools (Google Analytics, Stripe’s analytics).

  • Via email: When you reply to our emails or send us messages.

  • Via phone: If you call our customer service line, we may take notes about your inquiry (but we do not record calls unless you are explicitly notified and consent).

III. How We Use Your Information

We use your personal information for legitimate business purposes, including:

A. Order Processing and Fulfillment (Contractual Necessity)

  • To process and complete your purchases (verify payment via Stripe, pack and ship your products, provide tracking information).

  • To manage returns, refunds, and warranty claims (communicate with you about the process, verify eligibility).

  • To send you order confirmations, shipping updates, and delivery notifications (transactional emails – you cannot opt out of these as they are necessary for your purchase).

B. Customer Support (Legitimate Interest)

  • To respond to your inquiries via email, phone, or live chat.

  • To troubleshoot technical issues with our Site or your order.

  • To provide assembly instructions, product manuals, or replacement parts.

C. Improving Our Site and Products (Legitimate Interest)

  • To analyze website usage patterns (e.g., which products are viewed most frequently, where users drop off in checkout) to optimize our user experience.

  • To conduct internal research on customer demographics and preferences.

  • To test new features and improve website performance.

D. Marketing and Promotions (Consent or Legitimate Interest)

  • To send you promotional emails about new products, sales, or fitness tips – only if you have opted in by subscribing to our newsletter. You can unsubscribe at any time via the link in any marketing email.

  • To display personalized product recommendations on our Site (based on your browsing history).

  • To serve targeted ads on third-party platforms (Google, Facebook, Instagram) using retargeting cookies – you can opt out via your browser settings or by contacting us.

We do not send unsolicited SMS or phone marketing. If you receive an SMS from us, it will be transactional (e.g., shipping alert) and only if you provided your mobile number during checkout and opted into SMS updates.

E. Legal Compliance and Fraud Prevention (Legal Obligation)

  • To detect, investigate, and prevent fraudulent transactions (using Stripe’s fraud tools and internal reviews).

  • To comply with applicable laws, regulations, legal processes, or governmental requests (e.g., tax reporting, subpoenas).

  • To enforce our Terms and Conditions, Return Policy, and other agreements.

  • To protect the rights, property, or safety of TracyVN LLC, our customers, or others.

F. Other Uses

  • To administer contests, sweepstakes, or giveaways (with separate consent).

  • To generate aggregated, anonymized statistics for internal reporting (no personal identifiers).

We will not use your personal information for purposes materially different from those described above without notifying you and obtaining your consent where required by law.

IV. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. Ever. That is a hard line at TracyVN LLC. However, we do share your data in the following limited circumstances:

A. Service Providers (Necessary for Operations)

We engage trusted third-party companies to perform functions on our behalf. These providers have access to your personal information only to perform specific tasks and are contractually obligated to protect your data and not use it for any other purpose.

Service Provider Purpose Data Shared
Stripe Payment processing, fraud detection Payment token, billing address, IP address, order total
USPS, UPS, FedEx, DHL Shipping and delivery Name, shipping address, phone number (for customs, international)
Google Analytics Website analytics, usage tracking IP address (anonymized), browsing behavior, device info
Klaviyo (or similar email platform) Email marketing (for subscribers only) Email address, name, order history (to segment campaigns)
Gorgias (or similar helpdesk) Customer support ticketing Name, email address, order number, conversation history
Returnly / Loop (if applicable) Returns processing Order details, return reason, contact information
Cloud hosting (e.g., Shopify, AWS, or similar) Website hosting and data storage All personal data as encrypted files

B. Legal and Regulatory Authorities

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government investigation). We will notify you of such disclosure unless prohibited by law.

C. Business Transfers

If TracyVN LLC is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site of any change in ownership or use of your personal information, as well as any choices you may have regarding your information.

D. With Your Consent

We may share your information for any other purpose disclosed to you and with your explicit consent (e.g., publishing a testimonial with your full name and photo after you approve).

E. Aggregated or De-Identified Data

We may share aggregated, anonymized statistics (e.g., “30% of our customers prefer resistance bands over tubes”) with business partners or in public reports. This data does not identify any individual.

F. Third-Party Direct Marketing – None

We do not share your personal information with third parties for their own direct marketing purposes. If we ever consider such a program, we will first obtain your opt-in consent and update this policy.

V. Cookies and Tracking Technologies

A. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. They help the website remember your actions and preferences (e.g., login status, cart contents) over a period of time.

B. Types of Cookies We Use

Cookie Type Purpose Duration
Essential (Strictly Necessary) Enable core functionality: shopping cart, checkout, Stripe payment, account login. Cannot be disabled without breaking the Site. Session (expires when you close browser) to persistent (up to 1 year)
Functional Remember your preferences (e.g., language, region, saved cart for returning visitors). Up to 1 year
Analytics/Performance Help us understand how visitors use our Site (e.g., which pages are popular, how long they stay). We use Google Analytics. Up to 2 years
Advertising/Targeting Track your browsing across websites to deliver relevant ads on Google, Facebook, or Instagram. Up to 90 days
Stripe Cookies Stripe sets its own cookies for fraud prevention and payment processing. These are essential. Varies (Stripe’s policy applies)

C. Managing Cookies

You can control cookies through your browser settings:

  • Block all cookies: Most browsers allow you to refuse cookies entirely. However, blocking essential cookies will prevent you from adding items to your cart or completing a purchase on tracyvn.store.

  • Delete existing cookies: Instructions vary by browser (Chrome, Firefox, Safari, Edge). Search your browser’s help menu for “clear cookies.”

  • Opt out of Google Analytics: Install the Google Analytics Opt-out Browser Add-on.

  • Opt out of targeted advertising: Visit the Network Advertising Initiative (NAI) opt-out page at optout.networkadvertising.org or the Digital Advertising Alliance (DAA) at optout.aboutads.info.

D. Do Not Track (DNT) Signals

Some browsers transmit “Do Not Track” signals. Our Site does not currently respond to DNT signals because there is no consistent industry standard. However, you can opt out of tracking cookies as described above.

E. Web Beacons and Pixels

We use small transparent images (web beacons or tracking pixels) in our marketing emails to confirm opens and link clicks. This helps us measure campaign effectiveness. You can disable this by turning off HTML images in your email client, but our emails will still be readable.

VI. Data Security – How We Protect You

We take the security of your personal information seriously and have implemented appropriate technical and organizational measures to protect it against accidental loss, unauthorized access, alteration, or disclosure.

A. Technical Safeguards

  • SSL/TLS Encryption: All data transmitted between your browser and our Site is encrypted using 256-bit SSL (Secure Sockets Layer) technology. Look for the padlock icon in your browser’s address bar.

  • Stripe’s PCI Compliance: Payment information is processed directly by Stripe, which maintains PCI Service Provider Level 1 certification – the highest level of security in the payments industry.

  • Encrypted Storage: Any personal data stored on our servers (e.g., order history, account details) is encrypted at rest using AES-256.

  • Firewalls and Intrusion Detection: Our hosting infrastructure is protected by enterprise-grade firewalls and real-time intrusion detection systems.

  • Access Controls: Only authorized TracyVN employees who need access to perform their jobs (e.g., customer support, order fulfillment) have access to personal data. Each employee has unique credentials, and access is logged and audited.

B. Organizational Safeguards

  • Employee Training: All staff receive annual privacy and security training. They are bound by confidentiality agreements.

  • Incident Response Plan: We have a written plan to respond to data breaches, including notification to affected individuals and regulators as required by law.

  • Third-Party Audits: We periodically review our service providers’ security practices (Stripe, our hosting provider, etc.).

C. Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities within 72 hours of discovery, as required by applicable law (e.g., Oregon’s data breach notification law, GDPR).

D. What You Can Do

  • Use a strong, unique password if you create an account with us (do not reuse passwords from other sites).

  • Keep your email address and phone number up to date so we can reach you in case of a security issue.

  • If you receive suspicious communications claiming to be from TracyVN (e.g., phishing emails asking for your credit card), do not respond. Forward them to tracydao@outlook.com.vn and then delete them.

VII. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Retention Periods:

  • Order data (name, address, purchase history, payment token reference): Retained for 7 years from the date of the last transaction to comply with tax laws (IRS requires records for 3-7 years, depending on the type of transaction).

  • Account information (email, hashed password, saved addresses): Retained for as long as your account is active. You may delete your account at any time by contacting us; we will delete your account data within 30 days, except for order data which may be anonymized and retained for tax purposes.

  • Email marketing opt-out records: Retained indefinitely (to ensure we do not accidentally email you again).

  • Customer service communications (emails, chat logs): Retained for 2 years from the last communication, then deleted unless needed for an ongoing dispute or warranty claim.

  • Cookies and analytics data: Retained as described in Section V (up to 2 years for Google Analytics; session cookies deleted when you close your browser).

Anonymization:

After the retention period expires, we will either delete your personal information or anonymize it (remove any identifiers so that it can no longer be linked to you) for statistical analysis.

VIII. Your Privacy Rights (Including CCPA for California Residents)

Depending on where you reside, you may have certain rights regarding your personal information. TracyVN LLC respects these rights and provides easy mechanisms to exercise them.

A. Rights for All US Customers (General)

  • Right to Access: You may request a copy of the personal information we hold about you.

  • Right to Correct: You may request that we correct inaccurate or incomplete information.

  • Right to Delete: You may request that we delete your personal information, subject to legal exceptions (e.g., we may need to retain order data for tax purposes).

  • Right to Opt Out of Marketing: You may unsubscribe from promotional emails at any time via the “Unsubscribe” link or by emailing us.

B. California Consumer Privacy Act (CCPA) – Additional Rights for California Residents

If you are a California resident, the CCPA grants you the following rights:

  • Right to Know (Categories and Specific Pieces): You have the right to request that we disclose:

    • The categories of personal information we have collected about you.

    • The sources of that information.

    • The business or commercial purpose for collecting or selling (we do not sell).

    • The categories of third parties with whom we share information.

    • The specific pieces of personal information we hold about you.

  • Right to Delete: You have the right to request deletion of your personal information, subject to exceptions (e.g., to complete a transaction, detect security incidents, comply with legal obligations).

  • Right to Opt-Out of Sale: We do not sell your personal information, so there is nothing to opt out of. However, we will update this policy if that changes.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights (e.g., we will not charge you different prices or deny services).

  • Right to Limit Use of Sensitive Personal Information: We do not collect “sensitive” personal information as defined by the CCPA (e.g., Social Security numbers, precise geolocation, biometric data, health data beyond fitness equipment purchases).

How to Exercise Your CCPA Rights:

  • Call us at +84987755357 or email tracydao@outlook.com.vn with “CCPA Request” in the subject line.

  • We will verify your identity by asking for information matching our records (e.g., order number, email address, shipping address). We may request additional verification for sensitive requests.

  • We will respond within 45 days (or inform you if we need an additional 45 days, with explanation).

  • You may authorize an agent to make a request on your behalf. The agent must provide written permission signed by you, and we may still verify your identity directly.

C. Other State Laws (Virginia, Colorado, Connecticut, Utah)

If you reside in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you have similar rights to access, correct, delete, and opt out of certain processing. We honor these rights as described above. Please contact us using the same methods.

D. How to Submit a Request

  • Email: tracydao@outlook.com.vn (put your specific request in the subject line, e.g., “ACCESS REQUEST” or “DELETION REQUEST”).

  • Phone: Call +84987755357 and ask to speak with the Privacy Officer.

  • Mail: Send a letter to:
    TracyVN LLC – Privacy Officer
    5441 S Macadam Ave Ste R, Portland, OR 97239

We will not respond to requests that are abusive, excessive, or repetitive.

IX. Children’s Privacy

Our Site and products are intended for adults aged 18 years and older. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. Upon verification, we will delete that information from our records.

If we discover that we have inadvertently collected personal information from a child under 13, we will take steps to delete it as soon as possible. We do not target our marketing to children, and our fitness equipment is not designed for unsupervised use by children (all products have warnings about keeping resistance bands and small parts away from young children).

X. Third-Party Links

Our Site may contain links to third-party websites, services, or applications (e.g., Stripe’s payment pages, social media buttons, or blog references). These third parties have their own privacy policies, and we are not responsible for their practices. We encourage you to read the privacy policies of any linked site you visit.

Examples:

  • Stripe’s Privacy Policy: stripe.com/privacy

  • Google Analytics: policies.google.com/privacy

  • Facebook: facebook.com/privacy

When you click on a third-party link, you leave tracyvn.store. This Privacy Policy applies only to information collected by TracyVN LLC.

XI. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new “Last Updated” date.

  • Sending an email to the address associated with your account (if you have an account or have made a purchase) at least 30 days before the changes take effect.

  • Displaying a prominent notice on our Site homepage for 30 days.

Your continued use of the Site after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree, please discontinue use and request deletion of your data.

XII. International Users (GDPR Information)

While TracyVN LLC is based in the United States and primarily serves US customers, we do sell products to international customers, including those in the European Economic Area (EEA), the United Kingdom, and Switzerland. If you are visiting from the EEA or UK, the General Data Protection Regulation (GDPR) may apply to you. We are committed to complying with GDPR requirements for those individuals.

A. Legal Bases for Processing (GDPR Article 6)

Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following bases:

  • Contractual Necessity: To process your orders, provide shipping, and manage returns (you cannot purchase from us without this).

  • Legitimate Interests: To improve our Site, prevent fraud, and send order-related communications. We balance our interests with your rights.

  • Consent: For marketing emails, cookies (non-essential), and optional data sharing. You may withdraw consent at any time.

  • Legal Obligation: To comply with tax laws, respond to legal requests, and maintain records.

B. Your GDPR Rights

If you are an EEA or UK resident, you have the following rights:

  • Right to Access (Article 15): Obtain confirmation of whether we process your data, and access that data.

  • Right to Rectification (Article 16): Correct inaccurate or incomplete data.

  • Right to Erasure (“Right to be Forgotten”) (Article 17): Request deletion of your data, subject to legal exceptions (e.g., tax retention).

  • Right to Restrict Processing (Article 18): Limit how we use your data while we resolve a dispute.

  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format (CSV) and transmit it to another controller.

  • Right to Object (Article 21): Object to processing based on legitimate interests (e.g., direct marketing, analytics).

  • Right to Withdraw Consent: At any time, for processing based on consent (e.g., marketing emails).

  • Right to Lodge a Complaint: With your local supervisory authority (e.g., the ICO in the UK, or your country’s data protection authority).

To exercise these rights, contact us at tracydao@outlook.com.vn with “GDPR Request” in the subject line. We will respond within 30 days.

C. International Data Transfers

As we are located in the United States, your personal information will be transferred from your country to the US. The US may not have data protection laws equivalent to the GDPR. However, we ensure appropriate safeguards by:

  • Using Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to our US-based servers and service providers (Stripe, etc.).

  • Ensuring our service providers (e.g., Stripe, Google) are certified under the EU-US Data Privacy Framework (or its successor) or have their own SCCs.

By using our Site and providing your information, you acknowledge that your data will be transferred to and processed in the United States.

D. Data Protection Officer (DPO)

We have appointed an internal DPO for GDPR purposes. You can contact our DPO at tracydao@outlook.com.vn (subject: “ATTN: DPO”).

XIII. Contact Us – Privacy Inquiries

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please reach out. We take privacy seriously and will investigate any legitimate complaint.

TracyVN LLC
Attn: Privacy Officer
5441 S Macadam Ave Ste R, Portland, OR 97239
United States

Phone / SMS: +84987755357
Email: tracydao@outlook.com.vn (use subject line “Privacy Inquiry” for faster routing)

For California residents (CCPA) and GDPR requests: Please include your full name, email address used on our Site, and a clear description of your request. We will verify your identity before fulfilling the request.

Response Time: We aim to respond to all privacy inquiries within 5 business days for general questions, and within 30 days for formal data subject access requests (45 days for complex CCPA requests). If we need an extension, we will notify you.

Complaints: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For US customers, you may contact the Federal Trade Commission (FTC) or your state’s Attorney General. For EU/UK customers, we will provide the contact information of your relevant supervisory authority upon request.

XIV. Summary – Our Privacy Promise to You

  • We do not sell your personal information. Never have, never will.

  • We only collect what we need to process your orders, ship your products, and improve your experience.

  • We protect your data with industry-standard encryption, access controls, and regular audits.

  • We respect your rights to access, correct, and delete your data.

  • We are transparent about how we use cookies and third-party tools.

  • We will notify you of any data breach or material policy change.

Thank you for trusting TracyVN LLC with your personal information. We are honored to support your fitness journey with Resistance Training DevicesBalance Training EquipmentCardiorespiratory Exercise Equipment, and other Exercise Equipment – and we will always treat your privacy with the same care we treat your health.

This Privacy Policy was last updated on March 15, 2025. A printable version is available upon request by emailing tracydao@outlook.com.vn.

TracyVN LLC – Building Trust Through Transparency

5441 S Macadam Ave Ste R, Portland, OR 97239
+84987755357 | tracydao@outlook.com.vn | tracyvn.store