Privacy Policy
Effective date: June 24, 2026
This Privacy Policy describes how Bighorn Boots (“we,” “us,” or “our”) collects, uses, and protects information through the Corporate Benefits Portal (the “Service”). By using the Service, you agree to the practices described here.
1. Information We Collect
We collect the following categories of information:
- Account information: Name, work email address, and employer (corporate account) provided at registration or enrollment.
- Usage data: Pages visited, actions taken within the portal, and timestamps, collected automatically for security and operational purposes.
- Transaction data:Voucher issuances, redemptions, and purchase activity associated with your employer’s benefit program.
- Authentication data: Hashed passwords and, for administrator accounts, multi-factor authentication credentials. We never store plaintext passwords.
- Integration credentials: OAuth tokens for connected third-party services (see Section 4). These are stored server-side and never exposed to end users.
2. How We Use Your Information
- To operate the Service and provide employee benefit functionality.
- To process and record voucher transactions on behalf of your employer.
- To authenticate users and protect accounts.
- To generate invoices and billing reports for corporate account administrators.
- To communicate service-related notices (e.g., account status changes).
- To diagnose errors and maintain platform reliability.
We do not sell, rent, or trade personal information to third parties for marketing.
3. Legal Basis for Processing (if applicable)
Where applicable law requires a legal basis for processing, we rely on: (a) performance of a contract — processing is necessary to provide the Service to your employer; (b) legitimate interests — operating a secure, reliable platform; and (c) compliance with legal obligations.
4. Third-Party Services
The Service integrates with the following third-party platforms on behalf of the operating retailer. Each is bound by its own privacy policy.
- Supabase — database and authentication infrastructure. Data is stored in the United States and encrypted at rest.
- Vercel — hosting and serverless compute. Deployed in the United States (US East region).
- Intuit QuickBooks Online— invoice generation and billing for corporate accounts. Only the retailer’s administrator has access to QuickBooks data.
- Lightspeed Retail — point-of-sale integration for in-store redemptions.
- Shopify — e-commerce integration for online redemptions.
We access these services only as required to operate the benefit program and do not use them to build advertising profiles.
5. Data Retention
We retain account and transaction data for as long as your employer’s account is active and for a reasonable period afterward to satisfy legal, auditing, or contractual obligations. You may request deletion of your personal data by contacting us at the address below, subject to any retention requirements imposed by law or contract.
6. Data Security
We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the data we hold, including encryption in transit (TLS) and at rest, role-based access controls, and multi-factor authentication for privileged accounts. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data. To exercise these rights, contact your employer’s account administrator or reach us directly at ethan@fornshellgroup.com. We will respond within 30 days.
8. Cookies and Tracking
The Service uses session cookies required for authentication. We do not use advertising cookies or cross-site tracking technologies.
9. Children's Privacy
The Service is intended solely for business use and is not directed to individuals under 18. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice within the Service at least 14 days before taking effect. Continued use of the Service after that date constitutes acceptance of the revised policy.
11. Contact
Questions about this policy or your data should be directed to:
Bighorn Boots
ethan@fornshellgroup.com