top of page

Privacy Policy

Privacy Policy

 

RushRoot® Privacy Policy

Effective Date: April 14, 2025

At RushRoot LLC (“RushRoot,” “we,” “us,” or “our”), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your data when you visit our website, nutfit.com (“Website”), or purchase our high-protein drinks and supplements (“Products”). This policy complies with California law, including the California Consumer Privacy Act (CCPA), as RushRoot is based in Los Angeles, CA. By using the Website, you consent to the practices described below.

 

1. Information We Collect

We collect information to provide, improve, and personalize your experience. The types of information include:

  • Personal Information (data that identifies you or can be linked to you):

    • Contact Details: Name, email address, phone number, and shipping/billing address when you place an order or contact us.

    • Account Information: Username, password, and order history if you create an account.

    • Payment Information: Credit/debit card details or other payment data processed securely through our third-party payment processor (we do not store full payment details).

    • Communication Preferences: Marketing opt-ins/outs and survey responses.

  • Non-Personal Information (data that does not identify you):

    • Browsing Data: IP address, browser type, device information, pages visited, and time spent on the Website, collected via cookies and analytics tools.

    • Aggregate Data: General trends or demographics (e.g., number of visitors from California) used to improve our services.

  • Voluntarily Provided Information: Feedback, reviews, or inquiries sent to support@rushroot.com or via forms.

 

2. How We Collect Information

  • Directly from You: When you:

    • Place an order or create an account.

    • Sign up for newsletters or promotions.

    • Contact customer support or submit feedback.

  • Automatically: Through:

    • Cookies and Tracking Technologies: To analyze Website usage and personalize content (e.g., product recommendations). You can manage cookie preferences via our cookie banner or browser settings.

    • Analytics Tools: Third-party services (e.g., Google Analytics) track browsing patterns anonymously.

    • Log Files: Record IP addresses and access times for security and performance.

  • From Third Parties: Limited to:

    • Payment processors verifying transactions.

    • Marketing partners if you opt into shared promotions.

 

3. How We Use Your Information

We use your information to operate our business and enhance your experience, including:

  • Order Fulfillment: Process and ship orders, issue refunds, and provide customer support.

  • Website Functionality: Maintain accounts, personalize browsing, and ensure security.

  • Marketing and Promotions: Send newsletters, discounts, or product updates if you opt in (you can unsubscribe anytime via email links or support@rushroot.com.

  • Analytics and Improvement: Analyze Website usage to optimize performance, design, and product offerings.

  • Legal Compliance: Meet obligations under California law (e.g., CCPA requests) or respond to legal processes (e.g., subpoenas).

  • Fraud Prevention: Detect and prevent fraudulent transactions or Website misuse.

 

4. How We Share Your Information

We do not sell your personal information to third parties, as defined under the CCPA. We may share data in these cases:

  • Service Providers: With trusted vendors who assist us, such as:

    • Payment processors (e.g., Stripe, PayPal) for secure transactions.

    • Shipping carriers (e.g., USPS, FedEx) for order delivery.

    • Analytics providers (e.g., Google Analytics) for anonymized insights.

    • Marketing platforms (e.g., Mailchimp) for opt-in campaigns. These providers are contractually bound to protect your data and use it only for specified purposes.

  • Business Transfers: If RushRoot is sold or merges, your information may transfer to the new entity, with notice and CCPA protections.

  • Legal Requirements: To comply with laws, court orders, or government requests (e.g., tax audits), or to protect RushRoot’s rights (e.g., fraud investigations).

  • With Your Consent: For specific purposes you approve, such as joint promotions.

 

5. California Privacy Rights (CCPA)

If you’re a California resident, the CCPA grants you rights over your personal information collected in the past 12 months:

  • Right to Know: Request details about the categories of personal information we collect, use, share, or sell (we do not sell data).

  • Right to Delete: Request deletion of your personal information, subject to exceptions (e.g., order records for tax purposes).

  • Right to Opt-Out: Opt out of any sale of personal information (not applicable, as we do not sell data).

  • Right to Non-Discrimination: We won’t discriminate against you (e.g., deny services, charge different prices) for exercising these rights.

How to Exercise Your Rights:

  • Submit requests via:

    • Email: privacy@rushroot.com

    • Phone: 1-800-NUT-FIT1 (1-800-xxx-root)

    • Form: Available on rushroot.com/privacy-request

  • We’ll verify your identity (e.g., confirm email or order number) to protect your data.

  • Response time: Within 45 days (extendable by 45 days with notice), per CCPA requirements.

  • Authorized agents may submit requests with your written permission.

Categories Collected (Past 12 Months):

  • Identifiers (name, email, address), payment info, internet activity (IP address, browsing), commercial info (orders).

  • Shared: Only with service providers (e.g., shipping, analytics), not sold.

 

6. Cookies and Tracking

  • We use cookies, pixels, and similar technologies to enhance functionality, analyze traffic, and personalize ads (if you opt in).

  • Types:

    • Essential: Enable Website navigation and checkout (non-disableable).

    • Analytics: Track usage patterns anonymously (e.g., page views).

    • Marketing: Deliver targeted ads if you consent.

  • Manage Preferences: Adjust settings via our cookie banner or browser. Disabling cookies may limit Website features.

  • Do Not Track: We honor browser “Do Not Track” signals, per CalOPPA, by disabling non-essential tracking when enabled.

 

7. Data Security

  • We implement industry-standard measures to protect your data, including:

    • Encryption for payment processing and data transmission (e.g., SSL/TLS).

    • Secure servers for account information.

    • Access controls for employee data handling.

  • No system is 100% secure. If a breach occurs, we’ll notify affected users within 72 hours, per California law (Cal. Civ. Code § 1798.82), and take corrective action.

  • You’re responsible for safeguarding your account credentials and reporting suspicious activity to support@rushroot.com.

 

8. Data Retention

  • We retain personal information only as long as needed for the purposes outlined:

    • Order Data: 7 years for tax/legal compliance.

    • Account Data: Until you request deletion or account closure.

    • Browsing Data: Up to 2 years for analytics, unless anonymized.

  • We securely delete or anonymize data thereafter, per CCPA guidelines, unless required by law (e.g., audit records).

 

9. Third-Party Links

  • The Website may link to third-party sites (e.g., social media, payment processors). These sites have their own privacy policies, and we’re not responsible for their practices. Review their terms before sharing data.

 

10. Children’s Privacy

  • The Website is not intended for children under 13. We do not knowingly collect data from children under 13, per the Children’s Online Privacy Protection Act (COPPA). If we learn such data was collected, we’ll delete it immediately. Contact us at privacy@rushroot.com if you believe this occurred.

 

11. International Users

  • RushRoot operates in the U.S. and stores data on U.S. servers. If you access the Website from outside the U.S., your data may be transferred to and processed in the U.S., subject to these terms. We comply with California law for all users but may not meet foreign privacy standards (e.g., GDPR).

 

12. Updates to This Policy

  • We may update this Privacy Policy to reflect legal or operational changes. Updates will be posted here with a new “Effective Date.” Material changes (e.g., new data uses) will be notified via email or Website notice at least 30 daysin advance, per CCPA and CalOPPA.

  • Continued use of the Website after changes constitutes acceptance.

 

13. Contact Us

For questions, CCPA requests, or privacy concerns:

  • Email: privacy@rushroot.com

  • Phone: 1-800-xxx-root (1-800-688-3481)

  • Hours: Monday–Friday, 9:00 AM–5:00 PM PST

  • Address: RushRoot LLC, 1234 Fitness Lane, Los Angeles, CA 90001

We’re committed to resolving issues promptly and protecting your trust.

 

Notes on Compliance and Design

  • California Compliance:

    • CCPA: Details rights to know, delete, opt-out (though no data sales occur), and non-discrimination. Lists categories collected/shared, with clear request process (45-day response). Avoids financial incentives requiring data sharing, per § 1798.125.

    • CalOPPA: Discloses cookies, third-party sharing, and Do Not Track handling, with accessible policy link on rushroot.com

    • Data Breach Notification (Cal. Civ. Code § 1798.82): Commits to 72-hour notice for breaches, exceeding requirements.

    • Prop 65: Cross-references Terms & Conditions for supplement warnings, ensuring consistent consumer info.

  • Customer-Friendly:

    • Simple language explains data use (e.g., orders, marketing), building trust for $43.75M sales model (10M shoppers, per prior plans).

    • Opt-in marketing and cookie controls align with e-commerce norms (e.g., OWYN’s clear unsubscribe links).

    • Multiple contact options (email, phone, form) ease CCPA requests, reducing friction.

  • Operational Feasibility:

    • Limits data sharing to essential vendors (payment, shipping), protecting NutFit’s lean operation ($410K payroll, 6-person team).

    • Retention periods (7 years for orders, 2 for analytics) balance compliance and storage costs ($3K/year warehouse).

    • No data sales avoid CCPA complexity, fitting NutFit’s direct-to-consumer model.

  • Assumptions:

    • Online-only (rushroot.com), no physical stores, per prior plans.

    • Fictional LA address/phone for consistency.

    • Basic tech stack (Google Analytics, Stripe) assumed, common for $43.75M-scale e-commerce.

    • No subscriptions or loyalty programs, keeping data use simple.

  • Pairing with Terms & Conditions:

    • Cross-referenced in Terms (Section 5), ensuring cohesive legal framework.

    • Consistent tone, contact details, and California focus (CLRA, CCPA).

    • Supports Return Policy by clarifying order data use (e.g., refunds, shipping).

bottom of page