PRIVACY POLICY
www.tisasarmsusa.com
Effective Date: January 01, 2026
Tisas Corp, d/b/a Tisas USA (“Company,” “we,” “us,” or “our”), is committed to protecting the privacy of individuals who visit our website at www.tisasarmsusa.com (the “Website”) and who purchase our products. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit the Website, create an account, make a purchase, or otherwise interact with us.
1. Information We Collect
We collect the following categories of personal information:
Identifiers: Name, email address, mailing address, shipping address, billing address, phone number, IP address, and account login credentials (username and password).
Commercial Information: Records of products purchased, purchase history, order details, shopping cart contents, and product browsing history.
Financial Information: Payment card type and last four digits of card number, billing address, and transaction amounts. We do not store full payment card numbers on our systems. Payment information is processed and stored by our third-party payment processor and is subject to their privacy policy and security measures.
Internet or Electronic Network Activity: Browser type and version, operating system, device type, referring URLs, pages visited on the Website, time and date of visits, clickstream data, and information collected through cookies, pixels, web beacons, and similar technologies.
Geolocation Data: Approximate geographic location based on IP address.
Inferences: Information derived from the above categories that may be used to create a profile reflecting your preferences, interests, or purchasing behavior.
2. How We Collect Information
We collect personal information: (a) directly from you when you create an account, make a purchase, subscribe to our newsletter or marketing emails, contact customer service, or submit a product review; (b) automatically when you visit the Website through cookies, pixels, web beacons, and similar tracking technologies; and (c) from third-party sources, including our payment processor, shipping carriers, analytics providers, and marketing platforms.
3. How We Use Your Information
We use personal information for the following business and commercial purposes: to process and fulfill your orders, including payment processing, shipping, and delivery confirmation; to create and manage your account on the Website; to communicate with you about your orders, including order confirmation, shipping notifications, and customer service responses; to send you marketing communications, including newsletters, promotional offers, and product announcements, where you have consented or where permitted by applicable law; to operate, maintain, analyze, and improve the Website and our products and services; to personalize your experience on the Website, including product recommendations; to detect, prevent, and address fraud, unauthorized activity, and security threats; to comply with applicable laws, regulations, legal processes, and governmental requests; and to enforce our Terms of Use, Conditions of Sale, and other agreements.
4. Cookies and Tracking Technologies
[NOTE TO CLIENT: This section will be finalized once the VP of Marketing confirms the specific analytics and advertising tools to be deployed. The language below is drafted to accommodate the most common tools used in e-commerce. If Meta Pixel, Google Ads remarketing, or similar advertising technologies are used, additional disclosures and opt-out mechanisms will be required, and Section 5 below regarding sale/sharing of personal information will need to be updated.]
We use cookies and similar tracking technologies to operate the Website, remember your preferences, analyze Website traffic, and improve user experience. The categories of cookies we use include:
Strictly Necessary Cookies: These cookies are essential for the Website to function properly. They include session cookies for the shopping cart, authentication cookies for user account login, and security cookies. These cookies cannot be disabled without impairing Website functionality.
Analytics and Performance Cookies: [Pending confirmation — e.g., Google Analytics] We use analytics tools to collect information about how visitors use the Website, including pages visited, time spent on pages, referral sources, and user navigation patterns. This information is used in aggregate to improve the Website and does not personally identify individual visitors.
Functional Cookies: These cookies remember your preferences, such as language, region, and display settings, to provide a more personalized experience.
Advertising and Targeting Cookies: [Pending confirmation — e.g., Meta Pixel, Google Ads] If deployed, these cookies track your browsing activity across the Website and may be used by third-party advertising partners to deliver targeted advertisements. If we use these cookies, this Privacy Policy will be updated to reflect the specific tracking technologies and to provide the required opt-out mechanisms under applicable law, including the CCPA.]
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. If you disable cookies, some features of the Website may not function properly.
5. How We Share Your Information
We may disclose your personal information to the following categories of recipients for the following purposes:
Service Providers: We share personal information with third-party service providers that perform services on our behalf, including payment processing, order fulfillment, shipping and delivery (UPS, FedEx), website hosting (BigCommerce), email marketing, customer service, and data analytics. These service providers are contractually required to use your information only for the purposes for which it was disclosed and to maintain appropriate security measures.
Shipping Carriers: We share your name, shipping address, phone number, and order information with shipping carriers to deliver your purchases.
Legal and Regulatory Disclosures: We may disclose personal information if required by law, regulation, legal process, or governmental request, including in response to a subpoena, court order, or request from a law enforcement agency. We may also disclose personal information to protect the rights, property, or safety of Company, our customers, or the public.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of substantially all of our assets, your personal information may be transferred to the acquiring or successor entity.
We do not currently sell your personal information as that term is defined by the California Consumer Privacy Act. [NOTE: If advertising/targeting cookies are deployed, this disclosure may need to be revised to address “sharing” for cross-context behavioral advertising under the CCPA, which would require a “Do Not Sell or Share My Personal Information” link on the Website.]
6. Your Privacy Rights
California Residents. If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code § 1798.100 et seq.):
(a) Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purposes for collecting or selling the information, and the categories of third parties with whom we shared the information.
(b) Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions permitted by law.
(c) Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
(d) Right to Opt Out: You have the right to opt out of the sale or sharing of your personal information. We do not currently sell or share personal information; however, if this changes, we will provide the required opt-out mechanism.
(e) Right to Limit: You have the right to limit the use and disclosure of your sensitive personal information to purposes necessary to provide the goods or services you request.
(f) Right to Non-Retaliation: We will not discriminate against you for exercising any of your CCPA rights.
To submit a request, contact us by email at kaya@tisasarmsusa.com or by calling (404) 446-7014. We will verify your identity before fulfilling your request by matching information you provide against information in our records. We will respond within forty-five (45) calendar days. You may designate an authorized agent to submit a request on your behalf with signed written permission.
We honor Global Privacy Control (GPC) signals transmitted by your browser as valid opt-out requests.
Residents of Other States. We extend comparable rights to residents of states with comprehensive consumer privacy statutes now in effect, including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Indiana, Nebraska, Minnesota, Maryland, Kentucky, and Rhode Island. Florida’s Digital Bill of Rights also applies to certain large businesses, and we extend comparable rights to Florida residents. To exercise your rights, contact us using the methods described above. If you are unsatisfied with our response, you may appeal by emailing us at kaya@tisasarmsusa.com with the subject line “Privacy Appeal.”
7. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations. Our retention periods are as follows: order and transaction records are retained for seven (7) years to satisfy tax, accounting, and regulatory requirements; customer account information is retained for the duration of your account and for two (2) years after account closure or your last activity; marketing contact information is retained until you unsubscribe or request deletion; and website analytics data is retained for twenty-six (26) months.
8. Data Security
We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit using SSL/TLS protocols, access controls limiting employee access to personal information on a need-to-know basis, and regular security assessments. Our Website is hosted on BigCommerce, which is PCI DSS Level 1 certified. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.
9. Children’s Privacy
The Website is not directed at children under the age of eighteen (18). We do not knowingly collect personal information from children under eighteen. If we learn that we have collected personal information from a child under eighteen, we will take steps to delete such information promptly. Under CCPA regulations approved by the California Office of Administrative Law in September 2025, effective January 1, 2026, personal information about consumers under the age of sixteen (16) is classified as sensitive personal information and receives enhanced protections, including the right to limit processing and mandatory privacy risk assessments. The regulations cover personal information about a minor, not only information collected directly from a minor. Neural data was added to the sensitive personal information definition effective the same date. Additional CCPA regulatory provisions apply on staggered effective dates, including automated decision-making technology requirements effective January 1, 2027, and cybersecurity audit obligations phased in through 2030. Enhanced administrative penalties apply to violations involving minors’ personal information.
10. Do Not Track and Global Privacy Control
We honor Do Not Track signals and Global Privacy Control (GPC) signals transmitted by your browser. GPC is currently required as a valid universal opt-out mechanism in California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, and Texas. When we detect a GPC signal, we treat it as a valid opt-out of the sale and sharing of personal information and will not track your browsing activity for cross-context behavioral advertising purposes.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on the Website with a revised “Last Updated” date. Your continued use of the Website after the posting of changes constitutes acceptance of such changes.
12. Contact Us
Tisas Corp d/b/a Tisas USA
Attn: Erdal Kaya, Privacy Inquiries
2410 Satellite Blvd., Suite D, Buford, Georgia 30518
Email: kaya@tisasarmsusa.com
Phone: (404) 446-7014
——————————