The BBQ Authority (bbq-authority.com)
Effective Date: March 23, 2026
1. Introduction
The BBQ Authority (“Company,” “we,” “our,” or “us”) is committed to protecting your personal information and maintaining transparency in how we collect, use, and share it.
This Privacy Policy applies to information collected through:
- Our website: www.bbq-authority.com
- Customer accounts and transactions
- Marketing communications
- In-store interactions at our showroom
This policy is designed to comply with applicable U.S. privacy laws, including:
- California Consumer Privacy Act (CCPA/CPRA)
- Virginia Consumer Data Protection Act (VCDPA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Texas Data Privacy and Security Act (TDPSA)
2. Data Inventory & Categories of Personal Information
We collect the following categories of personal data:
| Category | Description | Sources | Retention |
|---|---|---|---|
| Identifiers | Name, email, phone, address, IP | Direct, cookies | Per GAAP + legal |
| Commercial Data | Orders, purchase history | Direct | Per GAAP |
| Internet Activity | Browsing behavior, device info | Cookies/tools | 12–26 months typical |
| Geolocation | Approximate IP-based location | Automated | Short-term |
| Financial Data | Payment data (tokenized) | Authorize.net | Not stored directly |
| Communications | Emails, chat transcripts | Direct | Operational need |
| Marketing Data | Engagement, preferences | Klaviyo, cookies | Until opt-out |
| Inferences | Product interests | Derived | Rolling basis |
3. Sources of Personal Data
We collect data from:
- Direct interactions (checkout, account creation, showroom visits)
- Automated technologies (cookies, pixels, analytics tools)
- Service providers and partners
4. Purpose of Processing
We process personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Order fulfillment | Contractual necessity |
| Customer support | Legitimate interest |
| Account management | Contract |
| Marketing & advertising | Consent / opt-out rights |
| Analytics & improvement | Legitimate interest |
| Fraud prevention | Legal obligation |
| Compliance | Legal obligation |
5. Technologies and Tracking
We use:
- Google Analytics 4
- Meta Pixel
- Google Ads
- Klaviyo
- OptinMonster
These tools may collect behavioral data and support cross-context behavioral advertising.
6. Sharing of Personal Data
We disclose personal data to:
- Ecommerce platforms (BigCommerce, Volusion)
- Payment processor (Authorize.net)
- Advertising partners (Google, Meta)
- Marketing platforms (Klaviyo)
- Analytics providers
- Customer support tools
Sale / Sharing Disclosure
We do not sell personal data for monetary consideration.
We engage in targeted advertising, which may qualify as:
- “Sharing” under California law
- “Targeted advertising” under other state laws
7. Cookies, Consent & Universal Opt-Out
We use cookies for:
- Essential operations
- Analytics
- Advertising
We implement a consent management platform ( CookieYes) that allows:
- Opt-in/opt-out of non-essential cookies
- Granular preference controls
We honor universal opt-out signals, including:
- Global Privacy Control (GPC)
| Cookie Type | Purpose | Provider | Duration |
|---|---|---|---|
| Essential | Site functionality | BigCommerce / Volusion | Session |
| Analytics | Traffic analysis | Google Analytics | Up to 26 months |
| Advertising | Retargeting | Google / Meta | Varies |
| Marketing | Email tracking | Klaviyo | Varies |
| Lead Capture | Popups/forms | OptinMonster | Session |
8. Consumer Privacy Rights (Multi-State)
Depending on your state of residence, you may have the right to:
- Access personal data
- Correct inaccuracies
- Delete personal data
- Obtain a copy (data portability)
- Opt out of:
- Targeted advertising
- Sale/sharing of personal data
- Profiling (where applicable)
California-Specific Additions
California residents also have the right to:
- Limit use of sensitive personal information
- Request detailed disclosure of data categories and sharing
9. Exercising Your Rights
You may submit a request via:
? privacy@bbq-authority.com
? Mail:
The BBQ Authority
1702 Ogden Ave
Lisle, IL 60532
We will:
- Verify your identity
- Respond within legally required timeframes
- Provide an appeal process where required (VA, CO, CT, TX)
10. Appeals Process (Required for Multi-State Laws)
If we deny your request, you may appeal by contacting:
? privacy@bbq-authority.com
We will respond to appeals within applicable legal timeframes.
11. Data Retention
We retain personal data:
- In accordance with Generally Accepted Accounting Principles (GAAP)
- As required by tax, legal, and regulatory obligations
- As necessary for business operations and dispute resolution
12. Data Security
We implement:
- Encryption and secure transmission
- PCI-compliant payment handling via Authorize.net
- Access controls and monitoring
- Vendor security vetting
13. Customer Accounts
Users may create accounts to:
- Store personal information
- Access order history
- Manage preferences
Users are responsible for account security.
14. Showroom Data Collection
We may collect personal data during in-store interactions.
We do not use in-store behavioral tracking technologies.
15. Children’s Data
We do not knowingly collect personal data from children under 13.
16. Third-Party Links
We are not responsible for the privacy practices of third-party websites.
17. Updates to This Policy
We may update this policy periodically. Changes will be reflected with a revised effective date.
18. Contact Information
The BBQ Authority
1702 Ogden Ave
Lisle, IL 60532
Email: privacy@bbq-authority.com
| Cookie Type | Purpose | Provider | Duration |
|---|---|---|---|
| Essential | Site functionality | BigCommerce / Volusion | Session |
| Analytics | Traffic analysis | Google Analytics | Up to 26 months |
| Advertising | Retargeting | Google / Meta | Varies |
| Marketing | Email tracking | Klaviyo | Varies |
| Lead Capture | Popups/forms | OptinMonster | Session |