Privacy Policy

Effective date: 1/15/2025 Last updated: 12/31/2025

This Privacy Policy explains how Rabbit-Labs (“Rabbit-Labs,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit or make a purchase from https://rabbit-labs.com (the “Site”), use our services, or otherwise interact with us.

This Policy is intended to address requirements under applicable privacy laws, including (where applicable) the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other U.S. state privacy laws (including the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and Utah Consumer Privacy Act (UCPA)). Where local law provides additional rights, those rights apply to residents of those jurisdictions.

1) Who we are (Controller/Business)

Rabbit-Labs is the entity responsible for the processing of your personal information.

Business address:499 Ernston RoadSuite A6 Parlin, NJ 08859 United States

Contact: support@rabbit-labs.com

Contact form: https://rabbit-labs.com/contact-us/

If you are in the EEA/UK, Rabbit-Labs generally acts as the data controller for personal data processed through the Site.

2) Scope

This Policy applies to information we collect:

• On the Site and through our checkout (WooCommerce)

• Through customer support (e.g., live chat, email)

• Through cookies and similar technologies

This Policy does not cover third-party websites, apps, or services that may be linked from the Site.

3) Personal information we collect

We collect personal information from you, automatically from your device, and from third parties.

A. Information you provide

Depending on how you interact with us, we may collect:

• Identifiers and contact details: name, shipping/billing address, email, phone number

• Order and account information (if applicable): order history, account profile

• Order details: items purchased, order number, shipping method, communications about your order

• Customer support content: messages, attachments, and troubleshooting details you send to us

• Marketing preferences: opt-in/opt-out status

B. Information collected automatically

When you visit the Site, we may automatically collect:

• Device and network data: IP address, device identifiers, browser type, operating system

• Usage data: pages viewed, links clicked, time spent, referring/exit pages

• Approximate location: derived from IP address

• Security and fraud signals: risk indicators, suspected automated traffic, abnormal purchase patterns

C. Information from third parties

We may receive information from:

• Payment processors (confirmation of payment status and limited transaction details)

• Shipping carriers (delivery status)

• Fraud prevention and security providers (risk scoring/signals)

• Analytics providers (site performance and usage, including Google Analytics)

• Cart recovery providers (abandoned cart events and related identifiers)

4) Payments, embedded applets, and PCI-DSS

We offer payment options through third-party payment processors such as Stripe, PayPal, and Amazon Pay.

• Payment fields may be presented through embedded components/applets provided by these processors.

• Your card information is not processed by our Site servers. It is collected and processed directly by the payment processor.

• We do not store full payment card numbers, card verification codes (CVV), or magnetic stripe data.

Payment processing is handled by our payment providers in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).

5) How we use personal information

We use personal information to:

1. Provide and operate the Site

2. Process orders and fulfill purchases (payment confirmation, shipping, returns)

3. Provide customer support and communicate with you

4. Prevent fraud, abuse, and security incidents

5. Improve and maintain the Site (debugging, analytics, performance)

6. Recover abandoned carts and complete requested transactions (including via Recapture)

7. Comply with legal obligations and enforce our terms

6) Legal bases for processing (EEA/UK)

If you are located in the EEA or UK, we process your personal data under one or more of the following legal bases:

• Contract: to process and deliver your orders and provide requested services

• Legitimate interests: to secure the Site, prevent fraud, improve services, and communicate with customers (balanced against your rights)

• Consent: for certain cookies/analytics where required

• Legal obligation: to comply with tax, accounting, consumer protection, and other laws

7) Cookies, analytics, and cart recovery

We use cookies and similar technologies (e.g., pixels, tags) for:

• Site functionality and security

• Remembering preferences

• Analytics (including Google Analytics)

• Abandoned cart / cart recovery tracking (including via Recapture)

We do not run ads on the Site. However, some analytics or cart-recovery tools may use cookies or identifiers to recognize your browser/session and help restore your cart.

Where required by law (e.g., EEA/UK), we will request consent for non-essential cookies.

8) VPNs, anonymizers, and script blockers

To protect our customers and our business from fraud and abuse, we use security and fraud-prevention tools that may rely on device, network, and browser signals.

Use of VPNs, anonymizer services, certain script blockers, or similar tools that materially interfere with our ability to detect fraud is prohibited for checkout/transactions. If such interference is detected, we may:

• decline or cancel a transaction,

• request additional verification, and/or

• limit access to certain Site features.

This is done to protect customers and prevent unauthorized transactions.

Stripe Identity verification

If an order triggers our anti-fraud systems, we may require additional verification using Stripe Identity.

Stripe Identity may use automated methods (including AI) and biometric/facial recognition technology to help verify your identity by comparing a selfie or live image to a government-issued identification document.

If you choose not to complete the requested verification, we may be unable to process the order and may decline or cancel the transaction.

Stripe Identity is provided by Stripe and is subject to Stripe’s own terms and privacy practices. For more information about how Stripe processes personal information, please review the Stripe Privacy Policy: https://stripe.com/privacy

This is done to protect customers and prevent unauthorized transactions.

9) How we share personal information

We may share personal information with:

• Service providers who help us operate the Site (hosting, analytics, customer support tools)

• Analytics providers (including Google Analytics)

• Payment processors (Stripe, PayPal, Amazon Pay) to process payments

• Shipping and logistics providers to deliver orders

• Fraud prevention and security vendors

• Cart recovery providers (including Recapture) to help restore carts and complete requested transactions

• Professional advisors (legal, accounting) as needed

• Authorities when required by law or to protect rights and safety

We do not sell personal information in the traditional sense.

Some jurisdictions define sale or sharing broadly (e.g., CCPA/CPRA) to include certain disclosures for cross-context behavioral advertising. Because you indicated you do not run ads, we do not use the Site for cross-context behavioral advertising; however, we will honor applicable opt-out rights if a tool is ever configured in a way that qualifies as a sale or sharing under applicable law.

10) International data transfers

If you access the Site from outside the United States, your information may be transferred to and processed in the United States and other countries where we or our service providers operate.

Where required by law for EEA/UK transfers, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and/or the UK International Data Transfer Agreement (IDTA), as applicable.

11) Data retention

We retain personal information only as long as reasonably necessary for the purposes described in this Policy, including:

• fulfilling orders and providing support,

• maintaining business records,

• complying with legal obligations (e.g., tax/accounting),

• resolving disputes, and

• enforcing agreements.

Retention periods vary depending on the type of data and legal requirements.

12) Security

We take reasonable administrative, technical, and physical measures designed to protect personal information.

• The Site uses modern SSL/TLS encryption to protect data in transit.

• Access to personal information is limited to authorized personnel and service providers who need it.

No method of transmission or storage is 100% secure; however, we take precautions to safeguard information.

13) Your privacy rights

Your rights depend on where you live.

A. EEA/UK rights (GDPR / UK GDPR)

Subject to certain conditions, you may have the right to:

• access your personal data

• correct inaccurate data

• request deletion (“right to erasure”)

• restrict processing

• data portability

• object to processing (including certain direct marketing)

• withdraw consent (where processing is based on consent)

You also have the right to lodge a complaint with your local data protection authority.

B. California rights (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know what personal information we collect, use, disclose, and share

• Delete personal information (with exceptions)

• Correct inaccurate personal information

• Opt out of the sale or sharing of personal information (as those terms are defined under CCPA/CPRA)

• Limit the use and disclosure of sensitive personal information (if applicable)

• Non-discrimination for exercising your rights

C. Other U.S. state privacy rights

Residents of certain U.S. states (including Virginia, Colorado, Connecticut, and Utah) may have rights to access, delete, correct, and obtain a copy of personal data, and to opt out of certain processing (e.g., targeted advertising, sale, profiling in furtherance of decisions producing legal or similarly significant effects), subject to applicable exceptions.

D. Right to be forgotten / deletion requests

In the EEA/UK, deletion rights are commonly referred to as the right to erasure under GDPR/UK GDPR. In the U.S., some states provide a right to delete (e.g., California under CCPA/CPRA).

We will honor valid deletion requests subject to legal exceptions, including where we must retain information to:

• complete transactions and fulfill orders,

• detect security incidents and prevent fraud,

• comply with legal obligations (e.g., tax/accounting),

• exercise or defend legal claims.

14) Childrens privacy (COPPA)

The Site is not directed to children and we do not knowingly collect personal information from children under 13.

Under the U.S. Childrens Online Privacy Protection Act (COPPA), if you are under 13 years of age, you must not use the Site or submit personal information through the Site.

If you are under 13, you must discontinue use of the Site immediately unless you are using the Site under the supervision of a parent or legal guardian who provides any required consent and is responsible for the childs activity.

If you believe a child under 13 has provided us personal information, please contact us at support@rabbit-labs.com or via our contact form at https://rabbit-labs.com/contact-us/ or by mail at:

499 Ernston RoadSuite A6Parlin, NJ 08859United States

15) How to exercise your rights

To submit a request, contact us at: support@rabbit-labs.com or via our contact form at https://rabbit-labs.com/contact-us/.

You may also send requests by mail to:

Rabbit-Labs
499 Ernston Road
Suite A6
Parlin, NJ 08859
United States

We may need to verify your identity before completing your request. Authorized agents may submit requests on your behalf where permitted by law.

16) Changes to this Privacy Policy

We may update this Policy from time to time. The updated version will be posted on the Site with a revised Last updated date.

17) Important note

This Policy is provided for general informational purposes and should be reviewed by qualified counsel to ensure it matches your specific business practices, vendors, and regulatory obligations.