Privacy Policy

This Privacy Policy explains our privacy practices for Surprise.com, the Surprise app (collectively, the “Site”) and services and events provided by Surprise.com Inc (“SDC,” “we,” or “us”). We believe in full disclosure when it comes to our privacy practices. This Privacy Policy explains what information we collect from you, how we collect it, how we use it and how we protect it. We want you to feel safe in our community, so we use industry-standard safeguards and procedures. We also let you control how much personal information you share and how certain information is used.

By visiting our Site, you accept the terms of this Privacy Policy. You’re not authorized to use this Site unless you agree with this Privacy Policy.

This Privacy Policy applies only to our Site, services and events. We’re not responsible for the practices employed by any third-party sites including ones to which we link or that link to us. Those sites will have rules and practices of their own.

If you have any questions or concerns about this Privacy Policy or our privacy practices, please email us at legal@surprise.com.

A: Information We Collect or Receive From You

B: What We Do with Your Information

C: Managing the Information You Share with Us

D: Protecting Your Information

E: Children’s Privacy

F: Data Retention

G: Updates to This Privacy Policy

A. INFORMATION WE COLLECT OR RECEIVE FROM YOU

We collect information from you on this Site to provide a meaningful, safe, efficient, and customized experience. We use this information to:

make it easier for you to use this Site,

communicate with you about your orders, billing and payment,

verify your identity when you make a purchase on our Site,

help you more quickly find information on SDC’s products and services,

provide targeted online marketing for the Site,

create content on this Site that’s more relevant to you, and

alert you to new products, services and special offers that might specifically interest you.

1. Information You Provide.

a. When You Join SDC. In order to join SDC you must complete a quiz that asks for profile and preference information (your “Surprise Profile”). We use the Surprise Profile information to personalize your experience. We will use the Surprise Profile information to send you Surprise Box items that fit your unique profile, alerts about SDC products, services, and other news that might interest you.

At the end of the quiz, in order to join SDC you must choose a username and password. Your username will be visible to other users when they visit the Site, so please choose carefully. You also must provide a valid email address and your age. We use your email to communicate with you about our Site and your account. We ask for your age to make sure you’re old enough to use our Site and services.

If you provide us your email address but choose not to become a member, then we will retain your email address for a period of time to invite you back to the Site.

b. When You Order from Us. If you subscribe to Surprise Box or order any SDC Member Store products from us, you must provide your: name, shipping address, billing address, and credit card information. If you order products through our SDC app, your name, shipping address, and email address may be shared with our Brand Partners, whose products you are purchasing. Please review the privacy policy for that Brand Partner before providing your information.

We use the this information, along with your email, for billing purposes, to fulfill your orders, and to communicate with you about your orders.

We collect your credit card information through our Site. The credit card information is encrypted and transmitted for storage to a high security vault according to strict industry standards. Once the data reaches the vault it is “tokenized”. That means no credit card information is retained in SDC’s own systems. Instead we retain a token associated with your account that has no intrinsic value. Your credit card information is not exposed anywhere in our own systems. Please do not send your credit card information to our team directly, for example by sending this information to an SDC customer care representative. Please use our secure, online system to enter your credit card information.

c. When You Request Information from Us. If you want us to notify you regarding particular products or special offers, contact us through hello@surprise.com, or if you sign up for our emails, you’ll need to give us your email address. We use it to honor your requests, whether that’s emailing you information about certain products or emailing you to tell you about an SDC offer. You may choose to opt out of receiving these type of marketing messages at any time by clicking on the appropriate link at the bottom of the email you receive.

d. When You Post Public Content. We use this content to bring our community of Surprise users to life.

Public information you post on the Site. Information you post publicly on our Site is intended for public consumption. Please be aware that your username and profile image will be publicly displayed whenever you post a comment or review. In addition, postings you make on our Site may appear when Internet users execute searches on the subject of your posting. If you do not want this information to be displayed, you may terminate your account at any time. Please note that if you are a minor, living in California, and you have posted information publicly that you cannot remove yourself, you have the right to request it be hidden from public view. If you wish to have this information removed, please email us at legal@surprise.com and request removal. We may request additional information from you in order to complete your request.

Site visitors may be able to identify you or associate you with your SDC account if you include personal information in your account profile or in any content you post. We cannot control who reads your postings or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.

You can reduce the risk of being personally identified by choosing a username and profile image that do not identify you and by taking care to exclude any personal information in your comments, reviews, looks, or videos. You can change your username and profile picture at any time by logging into your account.

Public information you post on other sites. We also may collect information you post publicly on third-party sites, but only if you choose to follow instructions we provide. For example, we may collect pictures you post publicly on Instagram and re-post them on our Site, but only if you choose to use the hash tag “#SurpriseBox” inside your Instagram post. You can always have us remove the information from our Site by contacting us through hello@surprise.com.

e. When You Share Information about Your Contacts. You may choose to share personal information about friends, relatives or colleagues with SDC, such as the person’s name, shipping address and email address. Please do not do so without their express permission.

You may choose to manually invite your friends to SDC by using the “Invite with Email” button on the Site or by uploading data about your contacts to the Site. You also may grant SDC permission to access your contacts list and pull the email addresses of your contacts to invite them to the Site.

If you use the Site to send others an email invitation to become an SDC member or subscriber, we may store the personal information of each recipient in order to process those requests or facilitate future activities. All information that you enter or upload about your contacts is covered by these Terms of Use and our Privacy Policy. We use this information about your friends to enable SDC to send invitations and reminders to your friends and to ship products to your friends, if applicable. By providing personal information of others to SDC, you represent that you have their permission to do so.

f: When You Connect to Us with a Third-Party Service. You can connect to your SDC account using external third-party services. The Site collects personal information about you from your social media accounts, but only if you opt-in and permit us to do so. When you connect to us through a third-party service like Facebook, Twitter, YouTube, and Instagram, we receive information from that third party identifying your account. We collect and store this information and use it to help you connect to our Site and to share your public content. Connecting your SDC account to a third-party service is completely optional, and you will have the opportunity to grant permission when you attempt to connect. You can revoke permission by logging into the third party service and disconnecting the SDC application from there, and through the native applications on your smart phone. We may retain the information we collected previously from you.

2. Information We Automatically Collect or Receive.

a. Log Files. Like most sites, SDC automatically receives and stores in log files certain information from your browser when you visit the Site. This information includes your Internet protocol (“IP”) address, browser type, Internet service provider, the referring/exit pages, your operating system, and the date/time stamp of your Site visit. Log files do not identify individual Site visitors. We use this information, which doesn’t identify individual Site visitors, to analyze and understand how the Site works for you so we can improve it, to administer the Site, and to gather demographic information about Site visitors for targeted online marketing purposes. We may, however, link this automatically collected information to your personal information.

b. Cookies and Other Tracking Technologies Policy.

We use a variety of technologies to help us understand how you use Surprise.com, our Surprise app, and our services so that we can provide you with a better experience. This guide explains the tracking technologies SDC uses and is part of our commitment to a high standard of transparency in our privacy practices.

(i) Types of tracking technologies

  • Cookies. This is a small data file sent from a server to your web browser that is stored in your browser and sent back to the server each time the browser makes a request to the server. Cookies can improve a site user’s experience by, for example, allowing the site to keep a user logged in while browsing, saving a user’s site preferences, and allowing a user to add items to a shopping cart and preserve cart contents between site visits, even when the user is not logged in.
  • Clear gifs, web beacons, tracking pixels. These are tiny graphics with a unique identifier. They function similarly to cookies and are used to track the online movements of web users. Unlike cookies which are stored on a user’s computer hard drive, clear gifs are embedded on web pages and are single pixel wide. SDC does not tie information gathered by clear gifs to your personally identifiable information.
  • If you have turned on location services in your mobile device, we may collect information about your geolocation. If you do not want us to collect this information, you may turn off location services on your smart phone. Turning off location services will not affect your ability to access the app, but you may not be able to access certain geolocation based promotions that SDC may offer from time to time.
  • SDKs. Software development kits (“SDKs”) are blocks of code provided by our partners that may be installed in our mobile applications. SDKs help us understand how you interact with our mobile applications and collect certain information about the device and network you use to access the application.

(ii) Tracking Technology Lifespans

  • Single-session tracking technology: lasts only as long as your site visit. Single-session cookies expire and delete themselves when you leave the site or close your browser. They are used for technical purposes such as enabling better navigation through a site or generating aggregated statistics about how a site is used. Single-session cookies do not publicly expose your personal information.
  • Multi-session or persistent tracking technology: remains on your browser or mobile device until you choose to delete it or the cookie expires. Persistent cookies are used to recognize a computer that has previously visited a site. This can improve the user’s experience, for example by continuing preference settings from previous visits and by allowing users to login without entering a password with every site visit.

(iii) Tracking Purposes

We use tracking technologies for these general purposes:

  • Because it is strictly necessary. This tracking is needed to make SDC work properly.
  • For performance. This tracking helps SDC understand how the Site is functioning so SDC can improve the Site.
  • For functionality. This tracking retains your personal preferences as you use the Site.
  • For advertising. This tracking helps us to refrain from delivering advertising to you that is not of interest to you

(iv) Cookies SDC currently uses

  • Single session cookies are used to ensure the Site displays correctly on your device.
  • Persistent cookies are used to measure Site metrics such as which pages are popular, how often people visit the Site, whether people are visiting the Site for the first time, and whether visitors make purchases on the Site. They also are used to enhance Site functionality, for example to allow returning users to use the Site without logging in.

(v) Cookies for email subscribers

We may use cookies to measure the effectiveness of our email communications and to tailor email content. For example, we may connect the data showing that you clicked a link in an email from SDC then completed an action on our Site such as buying a Surprise Box. This links cookie data with an individual user, so we only do this for users who have consented and opted in to receiving emails from SDC.

(vi) Third Party Cookies

SDC partners with third-party service providers who set cookies and tracking pixels for Site visitors and members on our behalf in order to deliver their services. These services include targeted online marketing and analysis of data collected through cookies. These technologies allow a partner to recognize your computer or mobile device each time you visit SDC.com or other sites that also utilize the third party’s services, but do not allow access to personally identifiable information from SDC.

Third parties may choose to include SDC widgets on their sites. When you load a site that has chosen to include our widgets, we receive analytics information through a cookie that may be used to enhance our data or to improve our services.

SDC does not have access to or control over these third-party technologies, and they are not covered by our Privacy Policy.

(vii) Managing Cookies

You can delete cookies stored in your browser at any time. You also can choose not to accept cookies from any site, including SDC.com, by changing the settings of your browser. If you reject or block all cookies in your browser settings, then you will not be able to fully use SDC’s services.

(viii) Do not track

SDC does not currently take steps to respond to browsers “Do Not Track” signals as no uniform standard to respond to such signals has been developed at this time

c. Information from other sources. We may receive information about our users from third party social platforms, such as Facebook or Instagram. When you access or use our site or mobile application through such a site, you allow us to access or collect information made available by the third party site in accordance with its privacy policy. This information may be available from your profile or account with the third party site or from cookies placed on your device by the third party site. Depending on your privacy settings this information may include: Facebook interests, gender, friends and location.

d. Information collected automatically. We automatically collect information from your browser or device when you visit the Site. This information includes your IP address, device ID, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and the referring site address.This information also includes your operating system or application, your location, and your activities voluntarily have submitted to us (for example, your email address). If you are accessing our third party Affiliate’s stores through the SDC shopper app, this information is automatically collected, too.

e. Information collected from your mobile device When visiting any of our mobile applications, we may use an advertising identifier created by your mobile operating system to store information on our servers and later retrieve it. The Android Advertising ID and Apple iOS IDFA are examples of advertising identifiers. For more information about advertising identifiers, please check the settings of your mobile device.

3. Other Information We Receive About You.

As you might expect, we usually collect or receive information through our Site. But we also may collect information offline, and it’s important to us that we preserve the privacy of your personal information both online and off. For example, if you enter a drawing or request information at one of our live events such as SDC Live, we may ask for your email address. There are other ways we could learn of personal information offline, but this Privacy Policy doesn’t try to predict all those methods. We just want you to know that we try to treat offline information collection, uses, and disclosures consistently with our online privacy practices.

If you’re not an SDC member but we contacted you, then we may have received your contact information from one of your friends. An SDC member may give us your name and email address so SDC can send a personalized invitation to you to join SDC. We also may send you personalized email ‘reminders’ about SDC from your friends. Similarly, an SDC member may provide your personal information to us so we can ship a gift or other merchandise to you. We ask your contacts to share your personal information only with your permission, and you may unsubscribe from any marketing email you receive by following the unsubscribe link contained at the bottom of the communication.

B. WHAT WE DO WITH YOUR INFORMATION

Information we collect from you may be either personal or aggregate. Personal information is identifiable to you, like your name, email address, shipping and billing addresses, credit card information, and phone number. Aggregate information is summary data of the behaviors and interests of groups or categories, so it won’t identify you.

  1. Aggregate Information. We use aggregate information for the purposes of internal business research, sales and business development and reporting back to our brand partners. We may share aggregated information about our visitor and user base with third parties such as our Brand Partners. This information may include the number of daily visitors to our Site and the number of orders placed on a certain date. We also may share Surprise Profile information with brand partners.
  2. Personal Information. We use your information to fulfill transactions requested by you and to send you offers of products and services that may be of interest to you. The following describes the limited circumstances in which we may share your personal information:
    1. Disclosures to SDC Agents, Consultants and Related Third Parties. Like most technology companies, we use third parties to help ensure our business runs smoothly. We disclose your information to these third-party companies so they can perform their specific functions for us. For example, we may provide your name, shipping address, email and phone number to third-party shippers like the U.S. Postal Service, the United Parcel Service or DHL to deliver our products to you. We also may provide your credit card information to third-party credit card processors and issuers to help us process your orders from us. SDC’s third party vendors may recognize a tracking code used by your browser or application to enable you to receive customized content, or to enable you to use other technologies such as tags and scripts. The tracking code may reflect de-identified demographic or other data linked to data you. When we employ other companies to perform functions of this nature, we only disclose the information that they need to perform their requested function. We do not authorize them to retain, share, store, or use personal information provided by us for any other purpose.

If you visit or make a purchase from SDC Shopper online or on our SDC app, we disclose to our Brand Partners your name, and shipping address so that they may fulfill your order and ship products directly to you. We also share your email address with the Brand Partners whose product you purchase in case they need to contact you about that product. We may also disclose to our Brand Partners information about the frequency with which you purchased or accessed a product, which may in turn result in you receiving an email or push notification about that product or service.

We may also share the product reviews you post with our Brand Partners who may repost your reviews about their products on their websites or social media channels owned and operated by those Brand Partners.

Disclosures Required by Law or Otherwise. We may disclose your personal information if we believe, in good faith, that it’s necessary to: (1) comply with a legal obligation such as in response to a court order or subpoena; (2) protect the safety of fellow users or the public; (3) protect against legal liability; or (4) protect and defend SDC’s rights or property.

Disclosures for a Business Transaction or Insolvency. We also may disclose your personal information in connection with an actual or proposed corporate transaction or insolvency proceeding involving all or part of SDC’s business or assets. For example, if we merge with another company, we may disclose your personal information to that company, but the disclosure would be subject to our Privacy Policy.

Disclosures through Social Media. Remember that you control the privacy settings on each of your social media platforms. We allow you to share information from the Site to social media. In order for this to happen you first must opt-in. You can revoke permission to do this by logging into the social media service and disconnecting the SDC application from there.

Disclosure to Affiliates. Affiliates are companies that are owned or controlled by SDC. We may share your personal information with our Affiliates in order to bring new product offerings to you.

Disclosure to Third Party Marketers. We may disclose your personal information to third party marketing cooperatives to enhance our marketing efforts and to offer new products and services to you.

C. MANAGING THE INFORMATION YOU SHARE WITH US

  1. Log Into Your SDC Account. You can change the personal information you provide to us, including reviews, looks and videos, by logging into your SDC account and making the appropriate changes.
  2. Contact Us. If you are unable to remove content you have posted publicly, you can request that we take down public posts on the Site by contacting help@surprise.com. We will remove your public posts from view, but we may retain personal information about you solely for the purposes authorized under this Privacy Policy. For example, we may retain information to prevent, investigate, or identify possible wrongdoing in connection with the Site or to comply with legal obligations. If you do not want your profile information displayed, you may terminate your account.
  3. Opt-Out. You can always “opt-out” of having your personal information used for certain purposes. At your request, we will stop sending you certain emails or even deactivate your account to prevent any future purchases through it. You can submit these requests at any time by contacting hello@surprise.com.
  4. Block Cookies and Targeted Advertising. You can prevent SDC and its third-party partners from setting and accessing cookies on your computer by setting your Internet browser to block cookies.

D. PROTECTING YOUR PERSONAL INFORMATION

At SDC, we take data security seriously. We use industry standard technical, physical and administrative safeguards to secure our customers’ data. Online, we encrypt your personal information using Transport Layer Security (“TLS”). TLS allows for a private, reliable Site connection where your identity is authenticated with cryptography. Offline, we restrict access to your personal information to only those SDC employees who need it to perform a specific job function. We require all SDC employees with access to your personal information to follow specific security protocols concerning its proper handling. We also hold our vendors who need access to your personal information to strict confidentiality and security requirements. Third-party service providers assist us with the physical security of some of our computer hardware. When you visit our Site, you access servers that we backup constantly. Our servers are hosted at locations which are private and secure data center facilities, behind physical and virtual firewalls.

Please remember, however, that while we use industry-standard security measures to safeguard your personal information, we can’t guarantee absolute security. We wish we could, but 100% security just doesn’t exist anywhere online or off. We recommend that you do your part by keeping your passwords secure, changing them often and not using the same password across multiple accounts.

E. CHILDREN’S PRIVACY

This Site is not directed to children under the age of 18 (see SDC’s Terms of Use). We do not knowingly collect, maintain, or use personal information from children under age 18. If a parent or guardian becomes aware that his or her child has provided us personal information without their consent, he or she should contact us at legal@surprise.com. If we confirm we collected such information, we will take all reasonable measures to delete that information from our system as soon as possible.

F. DATA RETENTION

SDC will retain your information for the length of time necessary to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or allowed by law. If you no longer want SDC to use your information to provide you Services, you may close your account. If you close your account then your profile and the content you posted to the Site will no longer appear on the Site.

You may make changes to your personal data at any time by logging on to your account. If you would like to request information about your personal data or would like to delete your personal data, you may do so by logging on to your account and going to Account/Profile. Please note that SDC may need to retain limited information about you in order to fulfill any order requests made by you, for litigation purposes or to fulfill other legal or regulatory obligations.

G. UPDATES TO THIS PRIVACY POLICY

We will post any changes and updates to this Privacy Policy on this Site so you can always be aware of what information we collect, use and disclose. We encourage you to review this Privacy Policy periodically so you’ll know if it has been changed or updated.