Privacy Policy

Introduction

Sofa Air ("we," "us," or "our") operates the website sofaair.com. This Privacy Policy describes what information we collect, how we use it, who we share it with, and your choices regarding that information. By using our website or placing an order, you agree to the practices described below.

1. Information You Provide to Us

Account Registration

When you create an account, we collect your email address and password. You may optionally add your full name and phone number in your account settings.

Placing an Order

When you make a purchase, we collect the information needed to fulfill your order:

• Email address
• Full name
• Shipping address (street address, city, state, ZIP code, country)
• Phone number
• Payment information (processed securely by Stripe — we never see or store your full card number)

Saved Addresses

If you choose to save addresses to your account for faster checkout, we store your name, full address, and phone number for each saved entry.

Product Reviews

When you submit a product review, we store your rating, review title, review text, and any images you upload. Reviews are linked to your account and may be displayed publicly on our product pages.

Contact Form

When you use our contact form, we collect your name, email, subject, and message. This information is sent to our team via email and is not stored in a database.

2. Information We Collect Automatically

Site Analytics (First-Party)

We operate our own analytics system to understand how visitors use our website. This system does not use tracking cookies. Instead, it generates a daily-rotating anonymous session identifier derived from your IP address and browser information (user agent). This identifier cannot be reversed to reveal your identity and resets every day.

Through this system, we collect:

• IP address
• Device and browser information (device type, browser name, operating system)
• Pages visited and timestamps
• Referrer URL (the page that sent you to our site)
• UTM campaign parameters (if you arrived via a marketing link)
• On-site events (e.g., adding items to cart, starting checkout, search queries)

Meta Pixel (Facebook)

We use the Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram. The Meta Pixel may set cookies on your device (such as _fbp and _fbc) and collects information about your browsing activity, including pages viewed, products viewed, items added to cart, and purchases.

We also use Meta's Conversions API (server-side) to send purchase data to Meta. When this happens, your personal information (email, phone, name, city, state, ZIP code) is cryptographically hashed (SHA-256) before being transmitted — Meta receives only the hashed values, not your actual data.

You can manage your Meta ad preferences at facebook.com/adpreferences.

Google Services

Our website includes Google Tag Manager and may use Google Analytics and Google Ads conversion tracking. When active, these services collect browsing data such as pages visited, conversion events, and device information. Google may set its own cookies to facilitate this tracking.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

3. How We Use Your Information

• Order fulfillment: Processing your purchase, calculating shipping, delivering your order, and sending order confirmation and shipping notification emails
• Customer support: Responding to your inquiries via the contact form or email
• Account management: Maintaining your account, saved addresses, wishlists, and review history
• Site improvement: Understanding how visitors use our website so we can improve navigation, product pages, and the checkout experience
• Advertising measurement: Evaluating the effectiveness of our ads on Meta (Facebook/Instagram) and Google platforms
• Fraud prevention: Detecting and preventing fraudulent transactions

4. Third-Party Services We Use

We share your information with the following service providers, only as necessary to operate our business:

• Stripe — Payment processing. Stripe receives your payment details, email, and shipping address to process transactions securely. Stripe is PCI-DSS compliant. Stripe Privacy Policy
• Supabase — Database and authentication hosting. Your account data, orders, and site content are securely stored with Supabase. Supabase Privacy Policy
• Vercel — Website hosting. Vercel processes web requests and may log IP addresses and request metadata. Vercel Privacy Policy
• Resend — Transactional email delivery. Resend processes your email address and name to send order confirmations, shipping updates, and contact form responses. Resend Privacy Policy
• Meta (Facebook) — Advertising analytics. Receives hashed customer data for conversion tracking via the Conversions API. Meta Privacy Policy
• Google — Tag Manager, Analytics, and Ads conversion tracking. Google Privacy Policy
• Google Maps — Address autocomplete at checkout. Your address input is sent to Google to validate and format your shipping address. Google Privacy Policy

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

5. Cookies & Local Storage

Essential Cookies

• Supabase authentication cookies — Keep you signed in to your account. These are session cookies that expire when your session ends.

Advertising & Analytics Cookies

• Meta Pixel cookies (_fbp, _fbc) — Used for ad measurement and targeting. Expires after 90 days.
• Google cookies (_ga, _gat, etc.) — Used for analytics and ad conversion tracking when Google services are active.

Local Storage

We use your browser's local storage (not cookies) to store:

• Shopping cart contents — So your cart persists between visits
• Delivery preference — Your selected delivery option

Local storage data stays on your device and is not transmitted to our servers until you proceed to checkout.

For more details, see our Cookie Policy.

6. Data Security

We take the security of your information seriously:

• All data transmitted between your browser and our servers is encrypted with SSL/TLS (HTTPS)
• Payment information is processed by Stripe, a PCI-DSS Level 1 certified provider — we never handle or store your full card details
• Database access is protected by row-level security policies, ensuring users can only access their own data
• Customer data sent to Meta via the Conversions API is cryptographically hashed before transmission

7. Data Retention

• Order data is retained indefinitely for legal, tax, and dispute-resolution purposes
• Account data is retained for as long as your account is active
• Analytics sessions are anonymized through daily hash rotation and do not contain personally identifiable information beyond the IP address
• Contact form messages are delivered via email and not stored in our database

8. Your Rights

You have the right to:

• Access the personal information we hold about you
• Correct inaccurate information in your account settings
• Delete your account and associated personal data
• Opt out of advertising cookies by adjusting your browser settings or using the opt-out links provided above for Meta and Google

To exercise any of these rights, please email us at info@sofaair.com.

9. Children's Privacy

Our website is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please reach out:

• Email: info@sofaair.com
• Phone: (808) 909-1272