Privacy policy

PRIVACY POLICY
Last Updated: February 27, 2026

This Privacy Policy describes how shop.thegoodforco.com and thegoodforco.com (the “Site” or “we,” “us,” or “our”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site, and when you communicate with us (including by text message/SMS).

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information.”

Device information

Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
Disclosure for a business purpose: shared with our processor Shopify, Afterpay, PayPal, ShopPay.

Order information

Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify and UPS for shipping purposes.

Customer support information

Examples of Personal Information collected: name, phone number, email, order number, shipping address.
Purpose of collection: to provide customer support.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our call center and service providers to provide support for your purchase.

AI-Powered Chat Communications

Examples of Personal Information collected: chat messages, questions about products or services, name (if voluntarily provided), email address (if voluntarily provided), IP address, browser information, device type, and chat timestamps.

Purpose of collection: to provide real-time customer assistance, answer product and service questions, schedule appointments, provide water treatment recommendations, and improve our customer support experience.

Source of collection: collected from you when you interact with our website chat feature.

Third-party processing: Chat conversations are processed using third-party artificial intelligence technology to generate responses. Our AI service provider(s) process chat data on our behalf under contractual obligations that prohibit them from using your data for their own purposes.

Disclosure for a business purpose: shared with our AI service provider(s) solely for the purpose of generating chat responses and improving chat functionality. Chat data is not sold, shared for advertising purposes, or used by our AI providers for training their models on your personal conversations.

Retention: Chat transcripts are retained for up to 12 months for quality assurance and customer service purposes, after which they are deleted unless retention is required for legal compliance.

Consent: Before initiating a chat conversation on our website, you will be presented with a disclosure notice explaining that the chat is powered by AI technology and that your messages may be processed by third-party services. By choosing to proceed with the chat, you consent to this processing. You may decline to use the chat feature at any time without affecting your ability to contact us through other channels (phone, email, or in-person).

Text Message (SMS/MMS) Communications (10DLC / Toll-Free Compliance)

TEXT MESSAGE (SMS/MMS) COMMUNICATIONS

10DLC & Toll-Free Number Compliance

The GoodFor Company operates text messaging services in compliance with:
- A2P 10DLC (Application-to-Person 10-Digit Long Code) registration requirements
- Toll-free number verification standards
- TCPA (Telephone Consumer Protection Act)
- CTIA (Cellular Telecommunications Industry Association) guidelines
- All applicable federal, state, and carrier-mandated SMS regulations

By providing your mobile phone number and opting in to receive text messages, you acknowledge and agree to these SMS terms.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

What Messages We Send

If you provide your mobile phone number and opt in, we may send you SMS/MMS text messages for purposes including but not limited to:

- Appointment confirmations and reminders (for water treatment services, plumbing services, water quality testing, and consultations)
- Service notifications and updates
- Order confirmations and shipping updates
- Installation scheduling and technician arrival notifications
- Service maintenance reminders and filter replacement alerts
- Customer support follow-ups and service satisfaction surveys
- Promotional offers, special announcements, or marketing messages (only if you have separately opted in to marketing texts)

Message Frequency & Costs

Message frequency: Varies based on your service needs, purchase activity, and preferences. You may receive:
- Transactional messages (order/appointment related): as needed per transaction
- Service reminders: periodic (e.g., monthly or quarterly for maintenance)
- Marketing messages (if opted in): typically no more than 4-8 per month

Message and data rates: Standard message and data rates may apply as determined by your mobile carrier. You are responsible for any charges incurred. Contact your carrier for details about your messaging plan.

How We Collect SMS Consent

We collect your mobile phone number and SMS opt-in consent when you voluntarily provide your number and take an affirmative action such as:

- Checking an SMS consent checkbox during checkout or on a web form
- Booking an appointment through our scheduling platform (Calendly) and agreeing to receive appointment reminders via text
- Signing up through a dedicated SMS subscription form on our website
- Providing your number to our customer service team and verbally agreeing to receive text messages
- Replying to an initial opt-in message or texting a keyword (such as JOIN, START, or SUBSCRIBE) to one of our business numbers
- Enrolling in SMS notifications through account settings or preference centers

Your consent is explicit, documented, and obtained before we send you any promotional or marketing text messages. Transactional messages (such as order confirmations or appointment reminders for services you requested) may be sent based on your business relationship with us.

Phone Numbers We Use

Text messages may be sent from the following verified business phone numbers owned and controlled by The GoodFor Company:

- (833) 488-3489 — Toll-free number (verified for toll-free SMS messaging)
- (619) 342-3436 — Local Southern California 10DLC registered number
- Other 10DLC registered local numbers or toll-free numbers as added and verified by The GoodFor Company

All phone numbers used for SMS are registered and compliant with carrier and regulatory requirements for business text messaging.

OPT-IN KEYWORDS AND CONFIRMATION MESSAGE

If you text a keyword to one of our business phone numbers to opt in, you may use:
- START
- SUBSCRIBE
- JOIN
- YES

Upon successful opt-in, you will receive the following confirmation message:

"The GoodFor Company: You're now subscribed to text messages including service updates, reminders, and promotions. Msg & data rates may apply. Msg frequency varies. Reply HELP for help or STOP to opt out."

This confirmation message acknowledges your consent and provides opt-out instructions as required by telecommunications regulations.

Opting Out of Text Messages

You may opt out of receiving text messages from The GoodFor Company at any time using any of the following methods:

- Reply with any of these keywords to any text message: STOP, END, CANCEL, UNSUBSCRIBE, QUIT, or OPTOUT
- Email us at hello@thegoodforco.com with your opt-out request
- Call us at (833) 488-3489 or (619) 342-3436 and request removal from our SMS list

After you opt out, you will receive one final confirmation message acknowledging your request. No further promotional or non-transactional text messages will be sent unless you choose to re-enroll.

Note: Opting out of SMS does not affect:
- Your ability to purchase products or schedule services
- Email communications (unless separately opted out)
- Your account status or access to our services

Help & Support

For assistance with text messages, you may:
- Reply HELP to any text message to receive help information
- Email us at hello@thegoodforco.com
- Call (833) 488-3489 (toll-free) or (619) 342-3436 (local)

SMS Data Privacy & Security

Your mobile phone number and SMS opt-in consent status are treated as sensitive Personal Information and are protected as follows:

No Sale or Rental: We will never sell, rent, lease, or exchange your mobile phone number or SMS consent data with third parties for their marketing or promotional purposes.

Limited Sharing: Your mobile phone number may only be shared with:
- SMS platform providers and telecommunications carriers who transmit messages on our behalf (solely for message delivery)
- Service providers who assist with SMS program management and compliance (under strict confidentiality agreements)
- Law enforcement or regulatory agencies when required by law or legal process

No Affiliate Sharing: SMS opt-in consent is specific to The GoodFor Company and is not transferred, shared, or sold to affiliates, partners, subsidiaries, or other brands for their independent use or marketing purposes.

Data Security: We implement appropriate technical and organizational security measures to protect your mobile phone number and SMS data from unauthorized access, disclosure, alteration, or destruction.

Consent Is Not Required to Purchase

Providing your mobile phone number and consenting to receive text messages is entirely optional and is NOT a condition of:
- Purchasing any products from our website or store
- Scheduling appointments for water treatment, plumbing, or other services
- Receiving customer service or technical support
- Accessing your account or using website features

You may decline to provide your phone number or opt out of SMS at any time without affecting your ability to do business with us through other channels (email, phone calls, in-person, etc.).

Carrier Disclaimer & Message Delivery

Mobile carriers are not liable for delayed or undelivered messages. T-Mobile is not liable for delayed or undelivered messages.

While we make commercially reasonable efforts to ensure timely message delivery, we cannot guarantee delivery due to factors outside our control including:
- Mobile carrier network issues, outages, or technical problems
- Your device being powered off, out of service range, or unable to receive messages
- Device memory limitations or messaging app restrictions
- SMS platform or telecommunications network disruptions

We are not responsible for delivery failures, delays, or costs incurred due to carrier-related issues.

Supported Carriers

Our SMS services are compatible with all major U.S. mobile carriers including AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, and most regional carriers.

If you change carriers or phone numbers, you must update your contact information with us to continue receiving text messages.

SMS Compliance & Record-keeping

We maintain records of SMS opt-in consents, opt-out requests, and message delivery logs as required by:
- Federal Communications Commission (FCC) regulations
- TCPA (Telephone Consumer Protection Act) requirements
- CTIA (Cellular Telecommunications Industry Association) best practices
- A2P 10DLC and toll-free verification standards
- Carrier-specific compliance requirements

Records may include:
- Date, time, and method of opt-in consent
- Source of consent (web form, Calendly booking, verbal agreement, etc.)
- Opt-out request details and processing timestamps
- Message delivery logs and campaign identifiers

These records are retained for the period required by law and to demonstrate our compliance with applicable telecommunications regulations and carrier audit requirements.

Changes to SMS Terms

We reserve the right to modify our SMS practices and these terms at any time to reflect changes in:
- Regulatory requirements or carrier mandates
- Our business operations or service offerings
- SMS platform providers or technology

If we make material changes to how we use your mobile phone number or SMS consent, we will notify you via text message, email, or by posting an updated Privacy Policy with a new "Last Updated" date.

Your continued participation in our SMS programs after receiving notice of changes constitutes acceptance of the modified terms. If you do not agree to the changes, you may opt out at any time.

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.

Sharing Personal Information

Under the California Privacy Rights Act (CPRA), the entities we share your data with are classified into three categories: Service Providers, Contractors, and Third Parties. Below is a detailed disclosure of how we share your Personal Information with each category.

Service Providers
Service Providers process your Personal Information on our behalf, under written contracts that prohibit them from retaining, using, or disclosing your data for any purpose other than performing services for us. Our Service Providers include:

- Shopify (e-commerce platform): Processes orders, manages product catalog, handles customer accounts, and provides website hosting. Receives order information, customer account data, device information, and browsing activity.
- Payment Processors (Afterpay, PayPal, ShopPay): Process payment transactions. Receive payment information, billing address, and order details. PCI-DSS compliant.
- UPS (shipping carrier): Fulfills and delivers orders. Receives shipping address, recipient name, phone number, and order weight/dimensions.
- Calendly (scheduling platform): Manages appointment bookings. Receives name, email, phone number, and scheduling preferences.
- Klaviyo (email and SMS marketing platform): Manages email campaigns and SMS communications. Receives name, email, phone number, purchase history, and marketing preferences.
- Voiceflow (AI chatbot platform): Powers our website chat feature. Receives chat messages, IP address, and browser information. Processes data under AI service provider obligations.
- Twilio (SMS/communications platform): Delivers text messages on our behalf. Receives phone numbers and message content for delivery purposes only.
- SendGrid (email delivery): Delivers transactional and marketing emails. Receives email addresses and email content.

Contractors
We do not currently engage any Contractors (as defined by CPRA) to process Personal Information.

Third Parties
Third Parties receive Personal Information for their own business purposes. We share data with the following Third Parties, which may constitute a "sale" or "sharing" under the CCPA/CPRA:

- Google (Google Analytics, Google Ads): Receives device information, browsing activity, IP address, and purchase event data for analytics and advertising purposes. You can opt out via our cookie banner, the "Do Not Sell or Share" link, or by enabling GPC in your browser.
- Meta/Facebook (Meta Pixel): Receives browsing activity, purchase events, and device information for advertising and conversion tracking. You can opt out using the same methods described above.
- Pinterest (Pinterest Tag): Receives browsing activity and conversion events for advertising purposes. Opt-out available through cookie banner preferences.
- TikTok (TikTok Pixel): Receives browsing activity and conversion events for advertising purposes. Opt-out available through cookie banner preferences.

Important: All Third-Party tracking is blocked by default on our website until you provide explicit consent through our cookie banner. If you decline cookies or enable Global Privacy Control (GPC), no data is shared with these Third Parties.

We may also share your Personal Information with law enforcement, regulatory agencies, or other parties when required by law, legal process, or to protect our rights and safety.

Behavioral Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

We use Google Analytics 4 (GA4) to help us understand how our customers use the Site. Google Analytics collects information including your IP address, browser type, device information, pages viewed, time spent on pages, referring URLs, and interactions with Site features. Google may use your IP address to determine your approximate geographic location. This data is transmitted to and processed by Google on servers that may be located outside your jurisdiction.

Under California law, the collection of IP addresses and browsing data by Google Analytics may be considered a form of electronic surveillance. To address this, our website uses a Consent Management Platform (Consentmo) that blocks Google Analytics from loading until you provide explicit consent through our cookie banner. If you decline analytics cookies, no data is transmitted to Google.

Additionally, we have configured Google Consent Mode V2, which communicates your consent preferences directly to Google's systems, ensuring that Google respects your cookie choices.

You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.
You can opt out of Google Analytics by: (1) declining Statistics cookies in our cookie banner, (2) enabling Global Privacy Control (GPC) in your browser, (3) installing the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout, or (4) submitting a request through our Privacy Request Center.
We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s educational page at:
http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work

You can opt out of marketing emails by using the unsubscribe link at the bottom of any marketing email.
You can also manage ad personalization through:

FACEBOOK: https://www.facebook.com/settings/?tab=ads
GOOGLE: https://www.google.com/settings/ads/anonymous
BING: https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads
Additionally, you can opt out of some services by visiting: http://optout.aboutads.info/

Using Personal Information

We use your Personal Information to provide our services to you, which includes offering products for sale, processing payments, shipping and fulfillment of your order, providing customer support, and keeping you up to date on new products, services, and offers (in accordance with your preferences).

Retention

We retain your Personal Information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Below are the specific retention periods for each category of Personal Information we collect:

Order and Transaction Data (name, billing/shipping address, payment records, order history): Retained for 7 years from the date of transaction to comply with tax, accounting, and financial reporting requirements under IRS regulations and California tax law.

Customer Account Information (name, email address, phone number, account preferences): Retained for as long as your account is active, plus 2 years after your last interaction with us, unless you request earlier deletion.

Customer Support Records (name, email, phone, support tickets, correspondence): Retained for 3 years from the date of your most recent support interaction for quality assurance and to maintain continuity of service.

AI Chat Transcripts (chat messages, questions, AI-generated responses): Retained for up to 12 months for quality assurance and customer service improvement, then automatically deleted unless retention is required for legal compliance.

Device and Browsing Data (IP address, browser type, cookies, pages viewed, search terms): Retained for up to 26 months through analytics platforms (e.g., Google Analytics default retention). Cookie-specific retention periods are listed in our Cookie Banner preferences panel.

SMS/Text Message Records (phone number, opt-in/opt-out status, message logs): Opt-in consent records and message delivery logs are retained for 5 years to demonstrate compliance with TCPA, FCC, and carrier audit requirements. Opt-out requests are processed immediately and records of the opt-out are retained for the same compliance period.

Scheduling and Appointment Data (name, email, phone, appointment details): Retained for 3 years from the date of the appointment for service history and follow-up purposes.

Marketing and Advertising Data (ad interaction data, email engagement, pixel data): Retained for up to 2 years from collection, or until you opt out of marketing, whichever comes first. Upon opt-out, marketing data is suppressed (not used for targeting) but may be retained in suppression lists to honor your opt-out preference.

When your data reaches the end of its retention period, it is securely deleted or anonymized so that it can no longer be associated with you. If you request deletion of your data before the retention period expires, we will honor your request unless retention is required by law (for example, tax records that must be kept for 7 years).

You may request deletion of your Personal Information at any time through our Privacy Request Center at https://thegoodforco.com/pages/us-privacy-requests.

Sensitive Personal Information

Under the California Privacy Rights Act (CPRA), certain categories of Personal Information are classified as "Sensitive Personal Information" and are subject to additional protections. We collect the following categories of Sensitive Personal Information:

- Financial account information: Credit card numbers, debit card numbers, and other payment credentials collected during checkout to process your purchases. This information is handled by our PCI-compliant payment processors (Shopify Payments, Afterpay, PayPal, ShopPay) and is not stored in plain text on our systems.

- Account login credentials: Email address and password combinations used to access your customer account on our Site. Passwords are stored in encrypted/hashed form and are never accessible to our staff in plain text.

We use Sensitive Personal Information solely for the following purposes, as permitted under CPRA:
- Processing transactions and fulfilling orders you have requested
- Providing customer support related to your account or payment issues
- Detecting and preventing fraud, security incidents, and unauthorized access
- Maintaining and servicing your customer account
- Verifying your identity when you exercise your privacy rights

We do not use Sensitive Personal Information for any purposes beyond those listed above. We do not use it to infer characteristics about you, for advertising or marketing purposes, or for any purpose that is not necessary to provide the services you have requested.

Your right to limit: You have the right to limit our use of your Sensitive Personal Information to only what is necessary to provide our services. Because we already limit our use to these essential purposes, no additional action is required on your part. However, if you believe your Sensitive Personal Information is being used beyond these purposes, you may submit a request through our Privacy Request Center at https://thegoodforco.com/pages/us-privacy-requests or contact us at hello@thegoodforco.com.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you, including:

temporary denylist of IP addresses associated with repeated failed transactions (hours)
temporary denylist of credit cards associated with denylisted IP addresses (days)

CCPA / CPRA (California Residents)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

- Right to Know: You have the right to request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting or selling it, and the categories of third parties with whom we share it.

- Right to Delete: You have the right to request that we delete the Personal Information we have collected from you, subject to certain exceptions.

- Right to Correct: You have the right to request that we correct inaccurate Personal Information that we maintain about you.

- Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your Personal Information, including sharing for cross-context behavioral advertising. You can exercise this right by clicking the "Do Not Sell or Share My Personal Information" link on our website, enabling Global Privacy Control (GPC) in your browser, or contacting us directly.

- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of your Sensitive Personal Information (such as payment card details or account login credentials) to only what is necessary to provide our services.

- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your rights.

To exercise any of these rights, you may:
- Submit a verifiable request through our Privacy Request Center at https://thegoodforco.com/pages/us-privacy-requests
- Email us at hello@thegoodforco.com
- Call us at (833) 488-3489 (toll-free) or (619) 342-3436 (local)

For step-by-step self-service actions — including downloading your data, correcting your information, or deleting your account — visit our Privacy Request Center at https://thegoodforco.com/pages/us-privacy-requests for easy-to-use tools.

We will verify your identity before processing your request and respond within 45 days. If we need additional time, we will notify you of the extension and the reason for it.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below. We may require the authorized agent to provide proof of their authority to act on your behalf.

How We Share Information with Third Parties:
We share Personal Information with service providers (such as payment processors, shipping carriers, and analytics services) only as needed for business operations. These partners are contractually required to use your data only as instructed by us and are prohibited from using it for their own independent purposes. We do not sell your Personal Information in exchange for monetary consideration. When we use third-party analytics and advertising tools (such as Google Analytics), some browsing data may be shared with these providers in ways that may constitute "sharing" under the CCPA. You can opt out of this sharing using the methods described above.

To exercise these rights, submit a verifiable request via our LINK. We will respond within 45 days.

Cookies

(Your cookie section remains as-is; included here for completeness.)

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies…

Cookies Necessary for the Functioning of the Store
_ab; _secure_session_id; cart; cart_sig; cart_ts; checkout_token; secret; secure_customer_sig; storefront_digest; _shopify_u

Reporting and Analytics
_tracking_consent; _landing_page; _orig_referrer; _s; _shopify_s; _shopify_sa_p; _shopify_sa_t; _shopify_y; _y

(And the remainder of your cookie explanation stays unchanged.)

Do Not Track & Global Privacy Control

Global Privacy Control (GPC) is a browser-based signal that communicates your privacy preferences to websites you visit. When we detect a GPC signal from your browser, we treat it as a valid opt-out request under the California Consumer Privacy Act (CCPA/CPRA). Specifically, we will:

- Treat the GPC signal as a request to opt out of the sale or sharing of your personal information
- Block non-essential tracking cookies and third-party data sharing for your session
- Not require you to take any additional action to exercise your opt-out rights

You can enable GPC in compatible browsers such as Firefox, Brave, or DuckDuckGo, or by installing a GPC-compatible browser extension.

Regarding legacy "Do Not Track" (DNT) browser signals: while there is no uniform standard for responding to DNT signals, if we detect a DNT signal from your browser, we will treat it with the same respect as a GPC signal and limit tracking accordingly.

Changes

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons.

Contact

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at:

Email: hello@thegoodforco.com
Phone (Toll-Free): (833) 488-3489
Phone (Local SoCal): (619) 342-3436

Mailing Address:
Goodfor LLC
2712 Loker Ave W, #1259
Carlsbad, CA 92010
United States

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.