Privacy policy

Effective Date: 05/18/2026 | Last Updated: 05/18/2026

DIY Parts, Inc. ("DIY Parts," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and your rights and choices regarding your data when you use our website at diyparts.com and related services (collectively, the "Services").

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Services.

1. Our Position on Data Sales and Sharing

DIY Parts does not sell your personal information for monetary compensation, and we do not believe that our current data practices constitute a "sale" of personal information as that term is defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

We share certain data with advertising and analytics partners, including Google. We structure these relationships as service provider or business purpose arrangements, meaning these partners are contractually restricted from using your data for their own independent purposes beyond providing services to us. Specifically:

Google Ads: We have accepted Google's Restricted Data Processing (RDP) terms and U.S. State Privacy Laws Addendum. Under these terms, Google acts as our service provider with respect to advertising data and is restricted from using that data for independent ad targeting.
Google Analytics: Data shared with Google Analytics is governed by Google's data processing terms, which restrict Google's use of that data.

Even though we do not classify our data sharing as a "sale," we provide opt-out rights for targeted advertising to all users. See Section 9 (Your Privacy Rights and Choices) for details.

2. Information We Collect

2.1 Contact and Account Information

Name, email address, phone number
Billing and shipping addresses
Account credentials (username, password, preferences)

2.2 Payment Information

Credit card details and billing information collected and processed by our third-party payment processor (Shopify Payments). We do not store full card numbers on our own servers.

2.3 Device and Technical Information

IP address, browser type, operating system, device type, and hardware model
Device identifiers (e.g., unique device IDs)
Mobile network information

2.4 Usage and Browsing Information

Pages visited, time spent, features used, and search queries on our site
Log data for troubleshooting and security purposes
Referring URLs (the page that sent you to our site)

2.5 Advertising and Tracking Identifiers

Google Click ID (GCLID) and related Google Ads identifiers collected when you arrive at our site via a Google ad
Cookies, pixels, and similar tracking technologies used for ad conversion measurement and remarketing (see Section 7)
Hashed customer data (email address, phone number, name, and billing address) shared with Google for Enhanced Conversions — see Section 5 for full details

2.6 Order and Transaction Data

Purchase history, order details, and shipping information
Location information you provide at checkout (city, state, ZIP, country) — we do not collect precise GPS or real-time geolocation data

2.7 Customer Support and Communication Data

Records of emails, support tickets, chat logs, and phone calls
Feedback, reviews, and survey responses

2.8 Sources of Information

We collect personal information from the following sources:

Directly from you, when you place an order, create an account, contact support, or submit a form
Automatically, through cookies and tracking technologies when you visit our website
From third-party advertising platforms (e.g., Google) that provide us with aggregated or attributed ad performance data
From our e-commerce platform provider, Shopify, which processes transactions on our behalf

3. How We Use Your Information

We use personal information for the following business and commercial purposes:

Order fulfillment: Processing purchases, payments, and shipments
Customer support: Responding to inquiries, troubleshooting, and improving your experience
Product and service improvement: Analyzing feedback and usage patterns to improve features and functionality
Personalization: Tailoring content and recommendations based on your preferences and purchase history
Advertising and marketing: Delivering and measuring ads on Google and through our website; sending promotional communications where permitted
Security and fraud prevention: Detecting, preventing, and responding to unauthorized access or misuse
Legal compliance: Fulfilling legal obligations, responding to legal process, and protecting our rights

4. Data Sharing and Disclosure

We may share your information with the following categories of third parties:

4.1 Service Providers

Shopify (e-commerce platform and payment processing)
Shipping carriers (UPS, FedEx, USPS) for order delivery
IT support and hosting providers

These parties are contractually required to use your data only to perform services for us.

4.2 Advertising and Analytics Partners

Google Ads: For conversion tracking, remarketing, and audience building. Google receives certain identifiers (including GCLID and cookie data) when you interact with our ads or visit our site. We have enabled Restricted Data Processing under Google's U.S. State Privacy Laws Addendum.
Google Analytics: For website traffic analysis and usage reporting. Google Analytics receives your IP address and browsing behavior on our site.

We do not currently share data with any other advertising networks or social media platforms.

4.3 Legal Authorities

We may disclose information in response to subpoenas, court orders, or regulatory requirements, or to protect our legal rights.

4.4 Corporate Transactions

In the event of a merger, acquisition, or sale of assets, customer data may be transferred as part of that transaction. We will notify you as required by law.

4.5 With Your Consent

We may share data with third parties when you have specifically requested or consented to such sharing.

5. Google Enhanced Conversions

We use Google's Enhanced Conversions feature in Google Ads. This feature allows us to more accurately measure whether our ads lead to purchases on our website.

Here is how it works:

When you complete a purchase, we collect certain customer data you provided during checkout: email address, phone number, name, and billing address.
Before sending this data to Google, we apply a one-way cryptographic hashing process (SHA-256). Hashing converts the data into a string of characters that cannot be reversed to reveal the original information.
The hashed data is transmitted to Google solely for the purpose of matching your purchase against Google's records to confirm whether a Google ad contributed to the sale. This is called conversion attribution.
Google does not use this hashed data for independent ad targeting against you.

You may opt out of this data sharing. See Section 9 (Your Privacy Rights and Choices).

6. Data Retention

We retain personal data according to the following schedule:

Active account data: Retained while your account is active or while you have an open relationship with us.
Order and transaction records: Retained for seven (7) years from the date of the transaction, consistent with IRS record-keeping requirements for business records and applicable tax obligations.
Customer support communications: Retained for three (3) years from the date of the interaction.
Advertising and analytics data: Governed by Google's own retention policies; we do not independently store raw ad event data beyond what is reported in our Google Ads and Analytics dashboards.
Legal holds: Data subject to a legal hold or regulatory inquiry will be retained for as long as required by applicable law or the resolution of the matter.

When data is no longer needed, we securely delete, anonymize, or de-identify it.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. Below are the categories of cookies we use and their purposes:

Strictly necessary cookies: Required for the website to function (e.g., shopping cart, session management, checkout). These cannot be disabled.
Analytics cookies: Used to understand how visitors interact with our website. We use Google Analytics, which places cookies that collect anonymized browsing data (pages visited, time on site, general location).
Advertising and targeting cookies: Used to deliver and measure Google Ads campaigns. These cookies track whether you arrived at our site via a Google ad (via the GCLID identifier) and help us build remarketing audiences. Specific cookies include _gcl_aw, _gcl_dc, and related Google Ads cookies.
Preference cookies: Store your preferences and settings to improve your experience on return visits.

7.1 Your Cookie Choices

When you first visit our website, you are presented with a cookie consent banner that allows you to accept all cookies or reject non-essential cookies ("Do not sell or share"). You can also manage your cookie preferences at any time through our privacy preference center, accessible via the Your Privacy Choices link in our website footer.

Additional opt-out options:

Google Analytics: Use the Google Analytics opt-out browser add-on
Google Ads: Manage ad personalization at adssettings.google.com
Browser settings: You can block or delete cookies through your browser settings, though some website features may not function correctly if you do so.

7.2 Consent Mode and Default Tracking Behavior

Our website uses Google Consent Mode. Tracking technologies on our site are active by default for all visitors. If you select "Do not sell or share" in our cookie banner, we will apply restricted data processing to your session, limiting how Google uses your data for advertising purposes.

7.3 Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals. If your browser or browser extension sends a GPC opt-out signal to our site, our consent management platform will treat this signal as a request to opt out of the sale or sharing of your personal information and will apply restricted data processing accordingly.

8. Children's Privacy

Our Services are not directed to children. We do not knowingly collect personal information from anyone under the age of 16.

Under the CCPA and CPRA, the sale or sharing of personal information of consumers between the ages of 13 and 15 requires opt-in consent from the consumer. For consumers under 13, opt-in consent must be obtained from a parent or legal guardian. Because we do not knowingly collect data from users under 16, we do not engage in these practices with respect to minors.

If we become aware that we have inadvertently collected personal information from a child under 16, we will delete that information promptly. If you believe we have collected information from a minor, please contact us at support@diyparts.com.

9. Your Privacy Rights and Choices

9.1 How to Opt Out of Targeted Advertising

Regardless of your state of residence, you may opt out of the use of your personal information for targeted advertising at any time by:

Clicking "Do not sell or share" in the cookie banner when you visit our site
Using the Your Privacy Choices link in our website footer to open our privacy preference center
Visiting our Do Not Sell My Information page, linked in our website footer
Enabling a Global Privacy Control (GPC) signal in your browser

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months, including the sources, purposes for collection, and categories of third parties to whom we have disclosed it.
Right to delete: Request deletion of personal information we have collected from you, subject to certain exceptions (e.g., data needed to complete a transaction or comply with legal obligations).
Right to correct: Request correction of inaccurate personal information we maintain about you.
Right to opt out: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising (see Section 9.1 above).
Right to limit use of sensitive personal information: We do not collect sensitive personal information beyond what is necessary for the services we provide (primarily billing and shipping addresses). You have the right to limit our use of sensitive personal information to what is necessary to perform the requested service.
Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

9.3 Multi-State Coverage

The following states have enacted consumer privacy laws that provide rights similar to those described above: Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana. If you are a resident of one of these states, you have rights including the right to access, delete, and correct your personal information, and the right to opt out of targeted advertising and profiling.

Note: Several of these states (Colorado, Connecticut, Virginia) define "targeted advertising" broadly. Even under our data classification position, you retain the right to opt out of targeted advertising under these state laws, and we honor that right through our cookie preference center and "Do Not Sell My Information" page.

9.4 How to Submit a Privacy Request

To exercise any of the rights described in this section, you may contact us by:

Email: support@diyparts.com — use the subject line "Privacy Request"
Mail: DIY Parts, Inc., PO Box 1716, Asheboro, NC 27204

We will respond to verifiable requests within 45 days of receipt. If we need additional time, we will notify you and may extend our response by up to an additional 45 days (90 days total), as permitted by applicable law. We may ask you to verify your identity before processing your request.

9.5 Authorized Agents

California residents may designate an authorized agent to submit privacy requests on their behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly with us before processing the request. Contact us at support@diyparts.com to begin the authorized agent process.

9.6 EU, UK, and Swiss Residents (GDPR)

If you are located in the European Union, United Kingdom, or Switzerland, you have additional rights under the GDPR and applicable local law, including the right of access, rectification, erasure, data portability, restriction of processing, and the right to object to processing. You also have the right to lodge a complaint with your local supervisory authority. To exercise these rights, contact us at support@diyparts.com.

10. Data Security

We use technical, administrative, and organizational measures designed to protect your personal information, including:

Encryption of data in transit (HTTPS/TLS) and at rest
Access controls limiting data access to authorized personnel
Secure hosting with firewall, intrusion detection, and continuous monitoring
Contractual data security requirements imposed on third-party vendors
Incident response and breach notification procedures consistent with applicable law

No security system is completely foolproof. In the event of a data breach that affects your rights and freedoms, we will notify affected individuals and applicable authorities as required by law.

11. Data Transfers and Storage

DIY Parts operates exclusively in the United States. All personal data we collect is processed and stored within the United States. We do not intentionally transfer customer personal data to servers or processors located outside of the United States.

Our service providers, including Shopify and Google, may process data within the United States in accordance with their own data processing terms.

12. Third-Party Links and Services

Our website may contain links to external websites or display third-party content. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

For information about how Google uses data it collects through its products, visit: policies.google.com/privacy

13. Updates to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. For material changes — such as new categories of data collected, new sharing arrangements, or significant changes to your rights — we will provide more prominent notice, such as a banner on our website or an email notification to registered account holders, where required by applicable law.

Your continued use of our Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a privacy concern, please contact us:

Email: support@diyparts.com
Mail: DIY Parts, Inc., PO Box 1716, Asheboro, NC 27204 USA
Phone: (844) 900-1707

Language