Last updated · 2026-06-07

Privacy Notice

This notice explains what Chariot Archive Inc. (“Chariot”, “we”) collects when you visit chariotarchive.com, how we use it, who we share it with, and what choices you have. We try to be plain about it.

1. Who we are

Chariot Archive Inc. is a Delaware corporation operating out of Austin, Texas. We are the importer of record for the apparel we sell. If you want to reach us about anything in this notice, email hello@chariotarchive.com.

2. What we collect

• Account information — the email address and password you create at signup, the date you agreed to our terms, and your assigned member number.
• Order information — the items you order, the amount you paid, any promotional code you redeemed, the store credit applied, and your order status.
• Payment information — processed by Stripe. We never see or store your full card number. Stripe shares with us only what we need to recognise your order (the payment intent ID, last four digits of the card, country).
• Shipping information (Drop 1 onward) — the name and address you provide for delivery. We share this with our carrier (USPS or UPS) to deliver your order.
• Referral information — a short referral code we generate for your account, and a record of friends who used your link to sign up.
• Support communications — if you write to us, we keep the message and our reply so we can resolve the issue.
• Technical data — your IP address, browser type, and the pages you visit, captured automatically by our hosting provider (Vercel) and used for abuse-prevention rate-limiting.
• Audit log — security-relevant events (failed logins, fulfillment runs, manual corrections). We hash your email and IP before storing them in this log so the entries are not directly identifying.

3. How we use what we collect

• To create and operate your Chariot account.
• To process and ship your orders, including paying duties and applying store credit.
• To send transactional email (order confirmations, shipping notifications, password resets).
• To detect and stop abuse — failed-login throttling, promo-code redemption caps, contact-form spam.
• To meet legal and tax obligations — we have to keep order records and pay sales tax.
• With your separate consent only, to send drop announcements by email.

4. Who we share it with

We use the following service providers. They process your information only on our instructions and only to provide their service to us.

• Stripe, Inc. — payment processing. Stripe privacy policy.
• Supabase Inc. — database and authentication. Supabase privacy policy.
• Resend Inc. — transactional email delivery. Resend privacy policy.
• Vercel Inc. — website hosting and request logs. Vercel privacy policy.
• Carrier (Drop 1 onward) — USPS or UPS for delivery.

We do not sell your personal information. We do not run third-party advertising trackers on this site. We do not share your information with advertisers or data brokers.

5. How long we keep it

• Order records: at least 7 years from the order date, to meet tax recordkeeping requirements.
• Account information: until you ask us to delete it (see Section 7).
• Hashed audit log entries: 30 days for routine events, longer for entries connected to fraud or disputes.
• Webhook event records: 30 days for de-duplication.
• Rate-limit buckets: less than 1 hour.

6. Where we store it

Our Supabase database, Vercel hosting, Stripe, and Resend infrastructure are all located in the United States. If you are using the site from outside the US, the information you provide is transferred to the US for processing.

7. Your rights and choices

Wherever you live, you can:

• Access your account information through your account dashboard.
• Correct wrong information by editing it in your account or emailing us.
• Delete your account by emailing hello@chariotarchive.com. We will delete identifying information within 30 days, except for order records we are legally required to keep (see Section 5).
• Export your data — email us and we will send you a copy of everything we have on you within 30 days.
• Opt out of marketing email at any time by using the unsubscribe link.

If you live in California, the EU, or another jurisdiction with stronger rights (CCPA, GDPR, similar), the rights above apply to you. You may also have the right to object to specific processing, to restrict it, or to lodge a complaint with your data protection authority. Email us if you want to do any of those.

8. How we protect what we collect

• Passwords are hashed using bcrypt by Supabase — we never see your password.
• Payments use Stripe's tokenized iframes — your card details never touch our server.
• All requests use HTTPS with strict transport security (HSTS preload).
• The browser is locked down against framing, cross-site script injection, and click-jacking through a strict Content Security Policy.
• Server access uses the principle of least privilege — only a small set of server-side functions can write money or identity fields, with row-level security enforced in the database.

9. Cookies and similar technologies

We use a small set of strictly necessary cookies for authentication, security (rate-limit fingerprinting), and remembering your shopping intent. We do not run any advertising, tracking, or analytics cookies. We do not need your consent for the necessary cookies because they exist only to make the site work.

10. Children

Chariot is intended for adults aged 18 and older. We do not knowingly collect information from anyone under 13. If you believe a child has provided us with their information, email us and we will delete it.

11. Changes to this notice

We may update this notice from time to time. If we make material changes we will email account holders and update the “Last updated” date at the top of this page.

12. Contact

Email: hello@chariotarchive.com
Postal: Chariot Archive Inc., Austin, Texas, USA

← Back to Chariot