Free shipping $80+ · 10% off $150+ $99/yr Membership — save 6% every order 21+

Privacy Policy

This policy describes what personal information geek-bar.org collects when you visit, register or buy on the site; how that information is used; and what rights you have over your data under US state privacy laws (CCPA) and applicable international frameworks (GDPR).

Last updated: 13 May 2026

What Information We Collect

We collect personal information in three contexts:

  • When you register an account — name, email address, password (stored hashed, never plaintext), and optionally a phone number and shipping address.
  • When you place an order — billing address, shipping address, payment card last-four and expiration (the full card number is handled by our payment processor and not stored on our servers), the items you ordered, the order total and tax. Age verification at checkout collects either a date of birth or an ID document image, processed by a third-party verification service.
  • When you browse the site (any visitor) — IP address, browser user agent, pages visited, referring URL, cookies, and other standard web analytics data through Google Analytics 4 and our own server logs.

How We Use Your Information

  • Fulfil your order — process payment, generate shipping labels, communicate order status, handle returns and refunds.
  • Manage your account — authenticate logins, store your order history, deliver membership benefits if you are a member, generate referral links for the refer-and-earn program.
  • Verify your age — comply with US law requiring 21+ verification for vape product sales.
  • Improve the site — aggregated analytics on pages visited, cart abandonment rates, and which devices and flavors are in demand. This is statistical analysis, not personal targeting.
  • Send transactional emails — order confirmations, shipping notifications, return-status updates. We do not send marketing emails unless you have explicitly opted in.
  • Prevent fraud and counterfeit purchasing — basic fraud-detection signals on order patterns and IP geography.

We do not sell your personal information to third parties under any circumstance.

Cookies & Tracking

geek-bar.org uses cookies and similar technologies for the following:

  • Essential cookies — session management, cart contents, login state. The site does not function without these.
  • Analytics cookies — Google Analytics 4 measures aggregated site usage. You can opt out via the Google Analytics Opt-Out Browser Add-on.
  • Cloudflare — site security and DDoS protection cookies set by our CDN provider.
  • Age-verification cookies — remember that you have completed age verification so you do not have to re-verify on every page load.

We do not use third-party advertising cookies or behavioral tracking pixels (no Facebook Pixel, no Google Ads remarketing, etc.). The site is not currently configured to retarget users on external advertising platforms.

Third-Party Services

We use the following third-party services that may receive your personal information as part of operating the site:

  • Payment processor — handles credit card processing. Your full card number is sent directly to the processor and not stored on our servers.
  • Age verification service — verifies that you are 21+ at checkout. May process date-of-birth or ID document data.
  • Shipping carriers — USPS, UPS, FedEx. Receive your shipping address and contact information to deliver packages.
  • Google Analytics 4 — aggregated site analytics. Configured with IP anonymization where available.
  • Cloudflare — CDN and security. Routes visitor traffic and may log IP addresses for security purposes.
  • Email delivery service — sends transactional emails (order confirmations, shipping updates) on our behalf.

Each third party has its own privacy policy governing data they collect.

Your Rights (CCPA & GDPR)

If you are a California resident under the CCPA, or in the EU or UK under GDPR, you have specific rights over your personal data:

  • Right to access — request a copy of the personal information we hold about you.
  • Right to correction — request that inaccurate personal information be corrected.
  • Right to deletion — request deletion of your personal data (with exceptions for legal or audit-required records).
  • Right to opt out of sale of personal data — we do not sell personal data, so this right is automatic for our users.
  • Right to data portability — request a copy of your data in a portable format.

To exercise any of these rights, contact service@geek-bar.org with the request. We respond within 30 days under GDPR and 45 days under CCPA. We may need to verify your identity before fulfilling the request.

Data Retention

Order records are retained for 7 years for accounting and tax-audit purposes (US standard). Account data is retained as long as your account is active and for 24 months after account closure, after which it is deleted unless legal retention requirements apply. Age-verification records are retained per the verification service's own retention policy. Analytics data is anonymized after 26 months.

Contact for Privacy Questions

For privacy-specific questions, data access requests, or to exercise any of the rights listed above, email service@geek-bar.org. For general customer support, use the main contact page.

This policy may be updated as our practices or applicable law change. Material changes will be communicated via email to account holders and posted with the updated date at the top of this page.