Privacy Policy

Introduction

Box & Band (“we,” “us,” or “our”) is operated by xStudioWorks LLC, a wholly owned subsidiary of TGxVentures LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at boxandband.com and use our cigar tracking application (collectively, the “Service”). Please read this policy carefully. By accessing or using the Service, you agree to the terms outlined below.

Information We Collect

Account Information. When you create an account, we collect your name, email address, and authentication credentials. If you sign in through a third-party provider such as Google or Apple, we receive limited profile information (name, email, and profile image) as authorized by that provider.

User-Generated Content. We collect the content you voluntarily submit through the Service, including cigar reviews, ratings, tasting notes, humidor entries, wishlist selections, and any suggestions you submit through our forms.

Usage Data. We automatically collect certain information when you access the Service, including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits. This data helps us understand how the Service is used and improve performance.

Cookies and Similar Technologies. We use cookies and similar tracking technologies to operate the Service and remember your preferences. Essential cookies are required for core functionality such as authentication. Analytics and marketing cookies are used only with your consent, which you may manage at any time through our cookie consent banner. Your cookie preferences are stored locally on your device.

How We Use Your Information

We use the information we collect to operate, maintain, and improve the Service; to personalize your experience and deliver content relevant to your interests; to process your account registration and manage your subscription; to communicate with you about your account, updates, and promotional offers (where you have opted in); to monitor and analyze usage trends and preferences; to detect, prevent, and address technical issues and security threats; and to comply with legal obligations.

Third-Party Services

We rely on select third-party service providers to operate the Service. These include Supabase for database hosting and authentication, Vercel for web hosting and content delivery, and Google for OAuth authentication services. These providers act as data processors and are contractually required to safeguard your information and use it only for authorized purposes. We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction, including the United States, through our third-party service providers. We take commercially reasonable steps to ensure that your data remains protected in accordance with this Privacy Policy regardless of where it is processed.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. If you request account deletion, we will remove your personal data within thirty (30) days, except where retention is required by law or necessary for legitimate business purposes such as fraud prevention or dispute resolution. Anonymized or aggregated data that can no longer identify you may be retained indefinitely.

Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include Row Level Security policies on our database, input sanitization, security headers, and encrypted data transmission. Authentication is handled by our third-party provider, and we do not store passwords directly. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to access, correct, or delete your data; the right to object to or restrict certain processing; and the right to data portability. You may request account deletion by emailing privacy@boxandband.com or through your account settings where available. We will respond to your request within the timeframe required by applicable law.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information. You have the right to know what personal information we collect, use, disclose, and share; to request deletion of your personal information; to request correction of inaccurate personal information; to opt out of the sale or sharing of personal information; and to limit the use of sensitive personal information. We do not sell or share personal information as defined under California law. To exercise any of these rights, please contact us at privacy@boxandband.com. We will not discriminate against you for exercising your privacy rights.

Do Not Track

Some web browsers offer a “Do Not Track” signal that requests websites not track the user’s browsing activity. There is currently no industry standard for recognizing or responding to these signals, and the Service does not respond to Do Not Track requests at this time.

Business Transfers

If xStudioWorks LLC or its parent company TGxVentures LLC is involved in a merger, acquisition, financing, reorganization, or sale of assets, your personal information may be transferred or disclosed as part of that transaction. We will notify affected users of any change in ownership or control of their personal information.

Age Requirement

The Service is intended for adults of legal smoking age in their jurisdiction. We do not knowingly collect personal information from anyone under the age of 21. If we learn that we have collected information from a person under 21, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you through the Service or via email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

xStudioWorks LLC
Email: privacy@boxandband.com