Privacy
Privacy Policy.
Last updated: April 30, 2026
Effective date: April 30, 2026
Who we are
Coastal Brewing Co. is a Lowcountry coffee, tea, and matcha brand operated by A.I.M.S. — AI Managed Solutions at brewing.foai.cloud and at our retail and pop-up locations.
This Privacy Policy describes what personal information we collect, why we collect it, how we use it, who we share it with, and what choices you have.
If you have a question about this policy, write us at bpo@achievemor.io.
What we collect
When you place an order
- Name and shipping address so we can ship to you
- Email address so we can confirm orders, send tracking, and reach you about issues
- Phone number (optional, used only for delivery exceptions)
- Payment information — handled by our payment processor (Stripe). We never see your full card number; the processor returns a tokenized reference and the last four digits.
When you create an account or subscribe
- The above plus a password (stored hashed, never in plain text)
- Subscription preferences (frequency, SKU, payment method on file)
- Order history
When you chat with our team
- The conversation transcript so we can review and improve service
- Your email if you provide it for follow-up
When you visit the storefront
- Standard server logs: IP address, browser, device type, referrer, pages viewed, time on page
- Cookies (see Cookies below)
When you sign up for the newsletter
- Email address only
We do not collect biometric data, government identifiers (Social Security Number, driver's license number), or precise geolocation. We do not collect data from anyone we know to be under 13.
Why we collect it (the legal basis)
| Purpose | Legal basis |
|---|---|
| Fulfill your order | Performance of contract |
| Process payment | Performance of contract |
| Send order updates | Performance of contract |
| Send marketing emails | Consent (you can unsubscribe anytime) |
| Improve the storefront | Legitimate interest |
| Comply with tax + accounting law | Legal obligation |
| Detect fraud and abuse | Legitimate interest |
Who we share with
We share your data only with parties that need it to fulfill your order or operate the business:
- Payment processor (Stripe) — to charge your card and handle refunds
- Fulfillment partner — to print labels, roast, pack, and ship your order
- Carriers (USPS, UPS, FedEx) — for delivery
- Email service — for transactional and marketing emails
- Tax authorities — when required by law
We do not sell your personal information. We do not rent your email list to third parties. We do not share your data for cross-context behavioral advertising.
Cookies
We use cookies and similar storage to:
- Keep you logged in
- Remember items in your cart
- Measure storefront usage (anonymized analytics)
You can disable cookies in your browser settings. Some features (cart, login, checkout) won't work without them.
How long we keep it
| Data | Retention |
|---|---|
| Order records (legally required) | 7 years |
| Active customer account | Until you ask us to close it |
| Marketing email list | Until you unsubscribe |
| Server access logs | 90 days |
| Chat transcripts | 1 year |
Your rights
Depending on where you live, you may have rights under the California Consumer Privacy Act (CCPA), EU/UK General Data Protection Regulation (GDPR), Virginia, Colorado, and other state privacy laws, or similar.
You generally have the right to:
- Access the personal information we hold about you
- Correct information that's wrong
- Delete your information (subject to legal retention obligations like tax records)
- Opt out of marketing emails (every email has an unsubscribe link)
- Port your data to another service (we'll provide a machine-readable copy)
- Not be discriminated against for exercising any of these rights
To exercise these rights, write bpo@achievemor.io. We respond within 30 days. We may need to verify your identity before disclosing or deleting data.
California residents specifically
The CCPA gives California residents the right to know what categories of personal information we collect and sell, the right to delete personal information, and the right to opt out of any sale. We do not sell your personal information. That said, you may direct any access, deletion, or opt-out request to bpo@achievemor.io.
You may also designate an authorized agent to make a request on your behalf. We'll require reasonable verification.
EU and UK residents
Where we process your personal data under GDPR or UK GDPR, you have the rights listed above plus the right to lodge a complaint with your supervisory authority. The legal basis for our processing is generally either contract (to fulfill your order) or consent (for marketing email). You can withdraw consent anytime.
Security
We use commercially reasonable physical, administrative, and technical safeguards to protect personal data:
- Encryption in transit (TLS) on every page that handles personal data
- Encryption at rest for stored credentials and payment tokens
- Access controls limiting who on our team can see customer data
- Vendor agreements requiring our processors to maintain comparable safeguards
No system is perfectly secure. If we detect a breach affecting your personal data, we'll notify you and the appropriate authorities as required by law.
Children's privacy
Our products and storefront are not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we've collected a child's data, write us and we'll delete it promptly.
Changes to this policy
We update this policy when we change practices. The “Last updated” date at the top reflects the current version. Material changes (new categories of data collected, new third parties, new uses) will be announced on the storefront and emailed to active subscribers.
Contact
For any privacy question or request:
Email: bpo@achievemor.io
Mail: Coastal Brewing Co. (c/o A.I.M.S. — AI Managed Solutions), Privacy Officer, Bluffton, SC 29910
We'll respond within 30 days.
See also Terms of Service & Sale, Accessibility, and Contact & Support.