Privacy Policy

Version: 2025-01-24 | Last updated: January 24, 2025

1. Introduction

Cherry Suede, operated by Randy Young ("we", "us", "our"), is based in Ontario, Canada and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). As we serve members in the UK and European Union, we also comply with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR.

2. Data Controller

Randy Young, operating as Cherry Suede, based in Ontario, Canada, is the data controller for your personal data. You can contact us at band@cherrysuede.com.

3. What Data We Collect

3.1 Data You Provide

• Account Information: Email address, name (optional), phone number (optional)
• Shipping Addresses: Postal addresses for physical deliveries
• Payment Information: Processed securely by PCI-compliant payment providers; we do not store card details
• Event Preferences: Cities and events you're interested in

3.2 Data We Collect Automatically

• Usage Data: How you interact with our service
• Technical Data: IP address, browser type, device information
• Consent Records: When and how you provided consent

4. How We Use Your Data

We use your data for:

5. Data Sharing

We share your data with:

• Payment providers: For secure payment processing
• Resend: For sending emails
• Supabase: For data storage and authentication
• Vercel: For hosting our website
• Shipping carriers: For delivery of physical products

We never sell your personal data. All our service providers are GDPR-compliant and process data only as instructed by us.

6. Your Rights

Under PIPEDA and GDPR (for UK/EU members), you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing
• Right to Withdraw Consent: Withdraw consent at any time

You can exercise these rights through your privacy settings or by contacting us.

7. Data Retention

We retain your data for:

• Active members: As long as your account is active
• Order records: 7 years for legal/tax compliance
• Marketing preferences: Until you withdraw consent
• Deleted accounts: Anonymized immediately, legal records retained as required

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, regular security assessments, and strict access controls.

9. International Transfers

Our primary data processing occurs in Canada. Some of our service providers may process data outside Canada and the UK/EEA. When this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions. Canada has been recognized by the European Commission as providing adequate protection for personal data.

10. Cookies

We use essential cookies for authentication, security, checkout, preferences, and core site functionality. These cookies are required for the site to work.

With your consent, we may also use optional analytics cookies, such as Google Analytics, to understand how visitors use the site and improve the experience. With your consent, we may use optional marketing and advertising cookies, such as Meta Pixel, TikTok Pixel, and similar advertising technologies that are enabled in our site settings, to measure campaigns and show relevant ads.

Optional cookie consent is collected through our cookie banner. You can decline optional cookies and still use the site. You can change your preferences by using the cookie controls where shown, or by clearing the csb_cookie_consentcookie in your browser and revisiting the site.

Our cookie preference cookie is stored for up to one year. Third-party analytics and advertising providers may set their own cookies or similar identifiers with retention periods controlled by those providers and their settings.

Cookie preferences

11. Tour Notification Signups and Campaign Data

If you sign up for Cherry Suede tour notifications without creating or logging into an account, we collect your email address, your marketing consent choice, and any optional city preferences you provide. We use this information to send tour announcements, presale alerts, and event updates, and to understand where fans would like Cherry Suede to play.

For advertising campaign landing pages, we may also record limited attribution information such as UTM parameters, referring page information, campaign route, signup time, and whether a Meta click identifier was present. We use this data to measure campaign performance, prevent abuse, maintain consent records, and improve future tour planning.

Service providers that may process this data for us include hosting, database, email delivery, analytics, and advertising measurement providers such as Supabase, Resend, Meta, Google, and other providers enabled in our site settings.

12. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes and may require you to acknowledge the updated policy.

14. Complaints

If you have concerns about how we handle your data, please contact us first at band@cherrysuede.com.

For Canadian members: You may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

For UK members: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

For EU members: You may contact your local data protection authority.

15. Contact

For privacy-related questions, contact Randy Young (Cherry Suede) at: band@cherrysuede.com