Overview

Subliminal Fields (“we”, “us”, “our”) operates subliminalfields.com (the “Service”). This Privacy Policy explains: what personal information we collect; how we use, share and protect it; the legal bases for processing; and your rights under applicable laws including GDPR (EU), CCPA (California), and LGPD (Brazil).

We wrote this policy to be practical and transparent. If something below is unclear, contact us (see Contact section).

What Personal Data we collect

We collect different categories of data depending on how you interact with the Service. Typical categories include:

Identity & contact

First and last name, email address, shipping & billing address, phone number, social profile details when you provide them.

Payment & financial (limited)

Order information and payment transaction metadata. We do not store full payment card numbers — these are handled by our payment processors.

Verification documents

When required for identity verification or bank transfers, we may request ID documents, date of birth, or bank statements. These are only requested when strictly necessary and handled with care.

Usage Data & device

IP address, device identifiers, browser type, pages visited, timestamps, session duration, and diagnostic info collected automatically while using the Service.

Note: We avoid collecting special-category data (e.g., health or biometric) unless you voluntarily provide it and explicitly consent. If you submit content publicly on the Site, that content may be viewable by other users based on the publishing method.

Usage Data

“Usage Data” is automatically gathered by our systems. It typically includes technical data (IP address, OS, browser), the pages you visit, the time and date of your visit, time spent on pages, and other diagnostic data. When you use a mobile device, we may collect device model, OS version, unique device identifier, and mobile carrier information.

We use Usage Data to maintain and improve the Service, secure the platform, and generate aggregated analytics used to understand user behavior and measure product performance.

Tracking technologies & cookies

We use cookies and similar tracking technologies (web beacons, tags, local storage) to operate the Service, remember preferences, provide features, and analyze traffic. There are two main types:

  • Session cookies: expire when you close your browser and are used for short-lived functions like login sessions.
  • Persistent cookies: remain for a specified period and are used to remember preferences and provide functionality across visits.

Cookie categories we use

  • Necessary / Essential: authentication, fraud prevention, checkout safety.
  • Cookies policy / acceptance: remember cookie preferences so we don’t prompt you repeatedly.
  • Functionality: remember language, accessibility choices, or saved fields.
  • Tracking & performance: analytics cookies from third parties to measure traffic and test features.
  • Targeting & advertising: third-party cookies used for interest-based advertising.

For granular controls, visit our Cookies Policy page, and use your browser privacy settings. Disabling certain cookies can reduce functionality of the Service.

How we use Personal Data

We process personal data for specific and legitimate purposes, including:

  • Providing & maintaining the Service, monitoring performance and uptime.
  • Managing your account, processing orders, payments, refunds and shipping.
  • Communicating transactional messages, security alerts and support responses.
  • Delivering marketing, newsletters, and promotions (where you consent or where permitted by law).
  • Personalizing and improving the Service (recommendations, UI preferences).
  • Detecting, preventing and responding to fraud, abuse or security incidents.
  • Handling legal obligations, disputes, and enforcement of our Terms of Service.

We rely on lawful bases for processing under GDPR: consent, contract performance, legal obligations, vital interests when necessary, public interest when applicable, and legitimate interests where fair and balanced.

Sharing Personal Data & third parties

We share personal data only with parties necessary to provide the Service. Typical recipients include:

  • Service providers: payment processors, hosting providers, analytics vendors, email & communications platforms.
  • Affiliates & business partners: where you opt-in to co-marketing or combined services.
  • Professional advisors: lawyers, auditors and other advisors in connection with legal obligations.
  • Law enforcement & governmental authorities: when required by law, court order, or to protect rights, life, or safety.

When sharing with vendors, we contractually require them to protect data and use it only for the agreed purpose. Where appropriate, we use standard contractual clauses or other safeguards for international transfers.

Payments

We use reputable third-party payment processors (for example PayPal, WeChat Pay, Alipay, or other processors we partner with). We do not store full payment card numbers on our servers. Payment information you provide is transmitted directly to the payment processor and governed by their privacy and security policies. Payment processors comply with PCI-DSS standards for secure handling of payment data.

Bank transfers or identity verification that require additional documents (ID, bank statements) are requested only when necessary to complete a transaction or verification, and are stored securely and only for as long as necessary.

Retention & deletion

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, to meet contractual or legal obligations, resolve disputes, and enforce agreements.

Retention examples:

  • Data necessary for order fulfillment — retained through the order lifecycle + statutory retention periods (e.g., tax records)
  • Marketing data — retained until you unsubscribe or withdraw consent
  • Usage analytics — typically retained in aggregated or pseudonymized form for analytics purposes; raw logs for a limited period for security

When the retention period expires we delete or anonymize data. Note that some backups may store limited residual data for a short period until rotated.

International transfers

Your data may be processed in countries outside your residence. When transfers occur, we implement appropriate safeguards (e.g., EU standard contractual clauses, approved frameworks, or other legally recognized mechanisms) to protect your information.

By using our Service and providing personal data, you consent to such transfers where permitted by applicable law.

Security

We maintain administrative, technical, and physical safeguards to protect personal data. Access is limited on a need-to-know basis and we regularly test our security controls. However, no system is perfectly secure — we cannot guarantee absolute security of data transmission or storage. If a breach occurs that creates a risk to your rights, we will notify you and relevant authorities as required by law.

Your rights (GDPR, CCPA, LGPD)

Depending on your jurisdiction, you may have rights to:

GDPR (EU)

  • Access personal data
  • Rectify inaccurate data
  • Request erasure (right to be forgotten) subject to exceptions
  • Restrict processing
  • Data portability
  • Withdraw consent
  • Complain to a supervisory authority

CCPA (California)

  • Request disclosure of categories of data collected and shared
  • Request deletion of personal data (subject to exceptions)
  • Opt-out of sale of personal data (where applicable)
  • Right to non-discrimination for exercising rights

LGPD (Brazil)

Brazilian users have rights similar to GDPR including confirmation, access, correction, deletion, portability, and revocation of consent. You can lodge complaints with the ANPD.

How to exercise your rights: Contact us (see Contact) and provide sufficient information to verify your identity. We may request additional details to confirm your request. We respond within applicable legal timeframes (e.g., 45 days for CCPA requests; GDPR generally one month subject to extensions).

Children & minors

Our Service is not intended for children under 13 (or the local minimum age). We do not knowingly collect personal information from children without parental consent. If you believe a child has provided us personal data, contact us to request removal. Parents or guardians may request deletion of their child's data and we will take steps to remove it as required by law.

Media playback & third-party embeds

We embed third-party media (YouTube, Vimeo, Spotify, etc.). When these embeds load they may set cookies and collect interaction data per the third party’s policies. For GDPR users, we require consent before activating third-party cookies linked to media playback. CCPA users may exercise opt-outs via our privacy controls.

AI data processing

We may use AI tools for personalization, content generation, and analytics. Such processing may leverage behavioral data, interaction logs, and non-sensitive text inputs. Where required by law, AI-driven features operate on an explicit consent basis; you can opt out via privacy settings. Any data used for AI will be processed according to this policy and applicable legal safeguards.

Contact & exercise rights

For questions about this policy or to exercise your data rights, contact us:

We will typically ask for identity verification before handling rights requests to protect your privacy. For CCPA verifiable requests from California residents, please include sufficient information for verification and the details of your request.

Last updated: October 20, 2025

© Subliminal Fields • subliminalfields.com