1. Overview
We collect information you provide directly (for example, when you create an account, request a demo, or place an order), information we collect automatically as you use the Services (such as device and usage data), and information we receive from third parties (such as enrichment and analytics providers). We use this information to operate the Services, personalize your experience, fulfill orders, improve our products, protect against fraud, and communicate with you.
You have meaningful choices about how your information is processed. You can manage cookie categories at any time using our Cookie Preferences center, opt out of targeted advertising or “sales”/“sharing” of your information via our Do Not Sell or Share page, and exercise applicable data rights by submitting a privacy request. We honor Global Privacy Control (GPC) signals as opt-outs where applicable.
2. Who we are
The data controller (or “business” under U.S. state privacy laws) for personal information processed under this policy is Activate Swag, Inc., a Delaware corporation with its principal place of business at 1500 Market Street, Philadelphia, PA 19102, United States.
For privacy inquiries, contact our Privacy Team at privacy@activateswag.com. EEA/UK residents may also contact our EU/UK representative at the same address.
3. Information we collect
A. Information you provide to us
- Account & profile: name, work email, phone number, company, role, password.
- Order details: shipping and billing addresses, recipient lists, product selections, imprint artwork, size/color preferences, payment details (processed by our payment processor — we do not store full card numbers).
- Communications: messages you send to support, sales, or chat; survey responses; feedback.
- Demo & sales inquiries: company, team size, budget, use case, meeting preferences.
B. Information collected automatically
- Device & connection: IP address, browser type/version, operating system, device identifiers, referrer URL.
- Usage: pages viewed, clicks, timestamps, scroll depth, referring source, session length, crash logs.
- Cookies & similar technologies: see our Cookie Policy for a full list of categories and third parties.
- Approximate location: derived from IP address (not precise GPS unless you grant it).
C. Information from third parties
- Identity and fraud-prevention providers (to verify business accounts).
- Analytics and advertising partners (aggregated metrics, audience attributes).
- Enrichment providers (public business details such as company size or industry).
- Integrations you authorize (e.g., HR, CRM, or shipping platforms you connect).
We do not knowingly collect sensitive personal information (such as health, biometric, genetic, precise geolocation, or information revealing racial or ethnic origin) and ask that you do not submit such information through the Services.
4. How we use information
- Provide, operate, and maintain the Services, including fulfilling orders, shipping products, and managing recipient redemption pages.
- Personalize your experience, including recommending products and tailoring content.
- Communicate with you about your account, orders, support requests, and service changes.
- Send marketing communications where permitted — you can unsubscribe at any time.
- Measure performance, analyze trends, and improve the Services, including training internal models on aggregated/de-identified data.
- Detect, prevent, and respond to fraud, abuse, security incidents, and legal violations.
- Comply with legal obligations and enforce our Terms of Service.
5. Legal bases for processing (EEA/UK)
If you are in the European Economic Area, United Kingdom, or Switzerland, we process personal information under the following GDPR/UK GDPR lawful bases:
- Contract — to provide the Services you request and fulfill orders.
- Legitimate interests — to operate and secure our business, prevent fraud, improve the Services, and conduct direct marketing to business contacts where appropriate (balanced against your rights).
- Consent — for non-essential cookies, certain marketing emails, and other specific activities. You can withdraw consent at any time.
- Legal obligation — to comply with applicable laws, tax, accounting, and regulatory requirements.
7. Data retention
We keep personal information only as long as necessary for the purposes set out in this policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention windows:
- Account data: for the life of your account plus up to 24 months after closure, unless a longer period is required by law.
- Order records and invoices: up to 7 years (tax and accounting).
- Support communications: up to 3 years after ticket resolution.
- Marketing preferences and unsubscribe lists: retained to honor your choices.
- Web analytics: 14–26 months in aggregate form.
8. Your privacy rights
Subject to applicable law, you may have the right to:
- Access / know — request a copy of the personal information we hold about you.
- Correct — ask us to fix inaccurate or incomplete information.
- Delete — ask us to delete information we no longer need to retain.
- Port — receive a machine-readable copy of certain information.
- Object / restrict — object to or limit certain processing.
- Withdraw consent — where processing is based on consent.
- Opt out of sale/sharing — including for cross-context behavioral advertising.
- Non-discrimination — you will not receive inferior service for exercising your rights.
9. U.S. state rights (California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Delaware, and others)
If you are a resident of a U.S. state with a comprehensive privacy law, you have the rights described above, subject to your state's specific requirements.
California (CCPA/CPRA) — notice at collection
In the preceding 12 months, we have collected the categories of personal information listed in Section 3 (identifiers, commercial information, internet/network activity, geolocation (approximate), professional/employment information, and inferences). We do not collect “sensitive personal information” beyond account credentials, which we use only for authentication. We disclose information for the business purposes listed in Section 6. We may “share” information with advertising partners for cross-context behavioral advertising; you can opt out on our Do Not Sell or Share page or via GPC signal.
California residents can also request information about our disclosures in the past 12 months under “Shine the Light” (Cal. Civ. Code §1798.83).
Appeals: If we deny your privacy request and you live in a state that provides an appeal right (e.g., Colorado, Connecticut, Virginia), you can appeal by replying to our response email, and we will review your request within the statutory timeframe.
10. EEA, UK, and Switzerland
Residents of the EEA, UK, and Switzerland have the rights described in Section 8 plus the right to lodge a complaint with a supervisory authority (for example, the Information Commissioner's Office in the UK, or your local Data Protection Authority). However, we encourage you to contact us first so we can try to resolve your concern.
11. International transfers
We are headquartered in the United States and process information in the U.S. and other countries. When we transfer personal information from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary technical and organizational measures. Contact us for a copy of the relevant safeguards.
12. Security
We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, least-privilege access controls, regular security reviews, vendor due diligence, and incident response procedures. No security program is perfect; please safeguard your account credentials and report suspected issues to security@activateswag.com.
13. Children's privacy
The Services are designed for business users and are not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, email privacy@activateswag.com and we will promptly delete it.
14. Automated decisions and profiling
We use automated systems (including SwagGenius AI recommendations) to help suggest products and personalize content. These systems do not make decisions that produce legal or similarly significant effects without meaningful human review. Where required by law, you have the right to opt out of profiling in furtherance of decisions that produce such effects — submit a request via /privacy/request.
15. Third-party links and services
The Services may contain links to third-party websites and services. We are not responsible for their privacy practices. Review their policies before providing information.
16. Changes to this policy
We may update this policy from time to time. If changes are material, we will notify you by email or via the Services before they take effect. The “Last updated” date at the top reflects the latest revision.
17. Contact us
Activate Swag, Inc.
Attn: Privacy Team
1500 Market Street, Philadelphia, PA 19102, USA
Email: privacy@activateswag.com
Phone: +1 888 998 2033