Privacy Policy

Data Controller Information

For the purposes of applicable data protection law, the data controller responsible for your personal information is:

• Website: GearSteal.com
• Contact Email: privacy@gearsteal.com
• Mailing Address: [Your Business Address]

A. Information You Provide Directly

• Contact form submissions — your name, email address, and any message you write to us.
• Newsletter / email sign-up — your email address and, optionally, your name and outdoor gear preferences.
• Comments — if you leave a comment on our site, your name, email address, website URL (optional), and comment content are collected.
• Account registration — if we offer user accounts in the future, username, email, and password (stored as a cryptographic hash, never in plain text).
• Deal submissions / user-contributed content — any deals, coupon codes, or reviews you voluntarily submit.

B. Information Collected Automatically

• Log data — IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, time spent on each page.
• Device information — device type (desktop, mobile, tablet), screen resolution, language settings.
• Click data — which links and affiliate offers you click, which deals you view, and which coupons you interact with.
• Cookie data — see Section 5 for a full breakdown of all cookies we use.
• Analytics data — aggregated behavioral data collected through Google Analytics 4 (anonymized IP addresses).

C. Information We Do NOT Collect

• Payment card numbers or banking information (we process no transactions directly).
• Social Security numbers or government-issued ID numbers.
• Precise GPS location data.
• Biometric data of any kind.
• Health or medical information.

• Direct input — when you fill out a form, subscribe to our newsletter, or contact us.
• Cookies and similar tracking technologies — small text files stored on your device. See Section 5 for details.
• Web beacons / pixel tags — tiny invisible images embedded in emails or pages that confirm delivery and opening.
• Server logs — automatically recorded by our web server (hosted on [Hosting Provider]).
• Third-party analytics — Google Analytics 4 processes usage data on our behalf under a data processing agreement.
• Affiliate tracking — when you click an affiliate link, the destination retailer uses their own cookies and tracking systems.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences, keep you logged in, and understand how the site is being used. Cookies cannot run programs, carry viruses, or access other files on your device.

Categories of Cookies We Use

Managing & Disabling Cookies

You can control cookies in the following ways:

• Cookie consent banner — when you first visit the site, you can accept or decline non-essential cookies via our consent popup.
• Browser settings — all major browsers let you block or delete cookies. Note: blocking strictly necessary cookies will break core site functionality.
• Google Analytics opt-out — install the Google Analytics opt-out browser add-on.
• Interest-based advertising — opt out via AboutAds.info or NAI opt-out tool.

What Happens When You Click an Affiliate Link

• You are redirected to the retailer’s website (e.g. REI, Backcountry, Amazon, Cabela’s).
• The retailer’s website may set its own cookies on your device to track that the referral came from GearSteal.com.
• If you make a purchase, the retailer pays us a commission based on their affiliate programme terms.
• The retailer’s own privacy policy governs any data they collect from you after you arrive on their site.
• We do not receive any personal payment information from you or the retailer.

Affiliate Networks We Work With

• AWIN — privacy policy at awin.com/privacy-policy
• Amazon Associates — privacy policy at amazon.com/privacy
• ShareASale — privacy policy at shareasale.com/privacy
• CJ Affiliate (Commission Junction) — privacy policy at cj.com/legal/privacy
• Other individual retailer programmes as applicable.

• Service providers — trusted third parties listed in Section 7 who process data on our behalf under confidentiality agreements.
• Affiliate networks — click data shared with AWIN and other networks purely to track commissions. No personal information is included beyond what is technically necessary.
• Legal requirements — if required by a court order, subpoena, or applicable law, we may disclose information to government or law enforcement authorities.
• Protection of rights — if we believe disclosure is necessary to protect the rights, property, or safety of GearSteal.com, our users, or the public.
• Business transfer — if GearSteal.com is acquired, merged, or undergoes a change of ownership, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

• HTTPS / SSL encryption — all data transmitted between your browser and GearSteal.com is encrypted via TLS.
• Secure hosting — our servers are hosted in a data centre with physical security controls and regular security patching.
• Password hashing — any user passwords are stored using strong cryptographic hashing (bcrypt). We never store passwords in plain text.
• Access controls — site admin access is restricted to authorised personnel with two-factor authentication enabled.
• Plugin & software updates — WordPress core, themes, and plugins are kept updated to minimise vulnerabilities.
• Regular backups — automated daily backups are retained offsite for 30 days.
• Spam & bot protection — Google reCAPTCHA and Akismet are used to prevent automated abuse of forms and comments.

Legal Bases for Processing

We rely on one or more of the following legal bases when processing your personal data:

• Consent (Art. 6(1)(a)) — for newsletters, marketing cookies, and optional features.
• Contract (Art. 6(1)(b)) — to fulfil any service we agreed to provide you.
• Legitimate Interest (Art. 6(1)(f)) — for analytics, site security, and affiliate tracking, where this does not override your rights.
• Legal Obligation (Art. 6(1)(c)) — where processing is required by law.

International Data Transfers

Some of our service providers (e.g. Google, Mailchimp) are based in the United States. Where we transfer data outside the EEA, we ensure adequate safeguards are in place, such as:

• EU Standard Contractual Clauses (SCCs) with service providers.
• Adequacy decisions by the European Commission.
• Data processing agreements that include appropriate technical and organisational measures.

Supervisory Authority

EU residents have the right to lodge a complaint with their national data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.

Your CCPA Rights

• Right to Know — you may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to Delete — you may request deletion of personal information we collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale — we do not sell personal information. However, if this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
• Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights.
• Right to Correct — you may request correction of inaccurate personal information we hold.
• Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information as defined under CCPA.

Categories of Personal Information Collected (CCPA)

To submit a CCPA request, email us at privacy@gearsteal.com with the subject line “CCPA Rights Request”. We will verify your identity before processing the request.

Newsletters & Deal Alerts

If you subscribe to our newsletter, we will send you periodic emails containing outdoor gear deals, coupon codes, and product recommendations. By subscribing, you consent to receive these communications.

• Unsubscribe: Every email contains an unsubscribe link. You can opt out at any time.
• Data used: Your email address and, optionally, your name and gear preferences.
• Frequency: We aim to send no more than [X] emails per week.
• Email open tracking: Our email service provider uses pixel tracking to measure open rates. This data is anonymised and used only to improve our communications.

Transactional Emails

We may send you transactional emails (e.g. confirmation of contact form submission, password reset if accounts are offered). These are not marketing emails and cannot be opted out of while you use relevant features.

• Update the “Last Updated” date at the top of this page.
• Post a notice on the homepage or in a prominent location on the site.
• Where required by law or where changes are significant, notify you by email (if you are subscribed) at least 30 days before the changes take effect.