Your privacy matters. This policy explains what data we collect, how we use it, and the choices you have.
Last updated:
Contents
Who We Are
Crash & Burn (“we”, “us”, “our”) is an independent retailer curating authentic Supreme clothing and collaborations. We operate the website shopcrashandburn.com and process personal information as a data controller.
Legal name: Crash & Burn
Address: 415 N Fairfax Ave, Los Angeles, CA 90036, United States
This policy applies to personal information collected through our website, customer support, newsletters, and social channels that link to this policy. It does not cover third-party services we do not control.
Information We Collect
Information you provide
Account and order details (name, email, shipping/billing address, phone)
Payment details processed by our payment partners (we receive tokens/confirmation, not full card numbers)
Support messages, return requests, and survey responses
Newsletter sign-ups and marketing preferences
Information collected automatically
Device and usage data (IP address, browser, OS, pages viewed, links clicked, timestamps)
Approximate location from IP for fraud prevention and localization
Cookies, pixels, and similar technologies (see Cookies & Tracking)
Information from third parties
Payment processors for fraud prevention and transaction verification
Analytics and advertising partners for site performance and ad measurement
Social networks if you engage with our content or login via social features
Cookies & Tracking
We use cookies and similar technologies to run our website, measure performance, and personalize content/ads. You can manage preferences at any time.
Strictly necessary
Required for core functionality such as security, cart, and checkout. These cannot be disabled.
Session management
Authentication
Security & fraud prevention
Performance & analytics
Help us understand traffic and improve the site (e.g., page load, popular products).
Advertising & personalization
Used for retargeting and measuring marketing effectiveness.
How We Use Your Information
Provide and deliver products, process payments, and fulfill orders
Communicate about orders, returns, and support
Improve, personalize, and expand our services and catalog
Send marketing communications with your consent (you can opt out anytime)
Detect, prevent, and address fraud, security, and technical issues
Comply with legal obligations and enforce our terms
Legal Bases (GDPR/UK GDPR)
Contract: to fulfill purchases and provide requested services
Consent: for certain marketing and non-essential cookies
Legitimate interests: to secure our services, prevent fraud, and improve performance
Legal obligation: to maintain records and comply with applicable laws
How We Share Information
Service providers: hosting, payment processing, shipping, analytics, marketing
Advertising partners: to deliver and measure ads when consented/allowed
Business transfers: as part of a merger, acquisition, or asset sale
Legal and safety: to comply with law or protect our rights and users
We do not sell personal information for money. We may “share” or use targeted advertising as defined under California law; see the “Do Not Sell or Share” section below.
Data Retention
We retain personal information only as long as necessary for the purposes outlined in this policy, including fulfilling orders, complying with legal obligations, resolving disputes, and enforcing agreements. Retention periods vary by data type and applicable law.
Data Security
We implement administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
International Transfers
Your information may be transferred to and processed in countries other than your own. Where required, we use approved safeguards such as Standard Contractual Clauses.
Your Rights
GDPR/UK GDPR
Access, correction, deletion
Portability and restriction of processing
Object to processing (including direct marketing)
Withdraw consent at any time
Lodge a complaint with your supervisory authority
California (CCPA/CPRA)
Know, access, and delete your personal information
Correct inaccurate information
Opt out of “selling” or “sharing” personal information
Limit use of sensitive information (if applicable)
Non-discrimination for exercising rights
Submit a privacy request
Do Not Sell or Share My Personal Information
California residents can opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising.
We’ll set your advertising cookies preference to “off.” You can also use a browser or global privacy control (GPC). We honor GPC signals when detected.
Children’s Privacy
Our services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will delete it where required.
Changes to This Policy
We may update this policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated version with a new “Last updated” date and, where appropriate, notify you via email or site notice.
Contact Us
Questions about this policy or your privacy rights?