Privacy Policy
- What This Policy Covers
- Information We Collect
- How We Use Your Information
- Cookies and Tracking Technologies
- How We Share Your Information
- Data Retention
- Data Security
- Children's Privacy
- Your Privacy Rights
- How to Exercise Your Rights
- State-Specific Disclosures
- International Transfers
- SMS/Text Message Program
- Changes to This Policy
- Contact Us
- Privacy Regulations We Follow
At Boring Mattress Company, LLC ("Boring," "we," "us," or "our"), we believe privacy shouldn't be complicated. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website, buy our products, or interact with us in any way.
The short version: We collect what we need to sell you a great mattress and deliver it to your door. We don't sell your personal data. We use standard tools to run our business and improve your experience. You have rights over your data, and we make it easy to exercise them.
What This Policy Covers
This Privacy Policy applies when you:
- Visit boring.co or any of our websites
- Purchase products from us
- Sign up for our newsletter or marketing emails
- Contact us via email, phone, chat, or text
- Interact with us on social media
This policy does not cover third-party websites we may link to—they have their own privacy practices.
Information We Collect
We collect personal information in several ways. Here's what we gather and why:
Information You Give Us
| Category | Examples | Why We Collect It |
|---|---|---|
| Contact Information | Name, email, phone number, mailing address | To process orders, communicate with you, and provide customer support |
| Payment Information | Credit/debit card number, billing address | To process your purchase (handled by our payment processors) |
| Order Information | Products purchased, shipping address, order preferences | To fulfill and deliver your order |
| Account Information | Username, password | To create and manage your account |
| Communications | Emails, chat transcripts, phone call recordings, texts you send us | To respond to your inquiries and improve our service |
| Feedback & Reviews | Product reviews, survey responses, support tickets | To improve our products and services |
| Demographic Information | Age range, preferences (from surveys) | To better understand our customers |
Information Collected Automatically
When you visit our website, we automatically collect:
| Category | Examples | Why We Collect It |
|---|---|---|
| Device Information | IP address, device type, operating system, browser type | To ensure our site works properly on your device |
| Usage Data | Pages viewed, time on site, click patterns, referring site | To improve our website and understand what interests you |
| Location Data | General location based on IP address | To show relevant content and comply with local laws |
| Cookies & Tracking | Session data, preferences, advertising identifiers | To personalize your experience and measure ad effectiveness |
Information from Third Parties
We may receive information about you from:
- Payment processors (transaction confirmations)
- Analytics providers (aggregated usage data)
- Advertising partners (ad performance data)
- Social media platforms (if you log in using social accounts)
How We Use Your Information
We use your personal information for the following purposes:
To Provide Our Products and Services
- Process and fulfill your orders
- Arrange shipping and delivery
- Communicate about your order status
- Handle returns and warranty claims
- Provide customer support
To Improve and Personalize Your Experience
- Maintain and improve our website
- Personalize content and recommendations
- Analyze usage patterns and trends
- Test new features and products
- Develop and train AI tools to enhance our services
To Communicate With You
- Send transactional emails (order confirmations, shipping updates)
- Respond to your questions and requests
- Send marketing emails and texts (with your consent)
- Conduct surveys and gather feedback
To Protect Our Business
- Prevent fraud and unauthorized transactions
- Maintain security of our systems
- Enforce our terms of service
- Comply with legal obligations
To Advertise and Market
- Serve relevant advertisements on other websites
- Measure advertising effectiveness
- Conduct retargeting campaigns
Cookies and Tracking Technologies
We use cookies and similar technologies to make our site work and improve your experience.
Types of Cookies We Use
| Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential Cookies | Required for basic site functionality (cart, checkout, login) | No—site won't work without these |
| Functional Cookies | Remember your preferences (language, region) | Yes |
| Analytics Cookies | Help us understand how visitors use our site | Yes |
| Advertising Cookies | Deliver relevant ads and measure their effectiveness | Yes |
Analytics and Advertising Partners
We use the following third-party services:
Analytics:
- Google Analytics (GA4) — Analyzes website traffic. Opt out here
- Microsoft Clarity — Captures site usage through heatmaps and session recordings. Learn more
- Shoplift — A/B testing and optimization
Advertising:
- Google Ads — Conversion tracking and remarketing. Manage settings
- Meta/Facebook Pixel — Measures ad effectiveness. Manage settings
- Reddit Pixel — Ad tracking and conversions
- Google Merchant Center — Product feed for Shopping ads
E-Commerce:
- Shopify — Powers our online store. Learn more
Managing Cookies
You can control cookies through:
- Your browser settings (most browsers let you block or delete cookies)
- Our cookie consent banner (when available)
- Opt-out links for specific services listed above
Note: Blocking certain cookies may affect your experience on our site.
Do Not Track
Our website does not currently respond to "Do Not Track" browser signals. However, you can use the Global Privacy Control (GPC) signal, which we honor for opt-out requests where required by law.
How We Share Your Information
We don't sell your personal data for money. But we do share it in certain situations:
Service Providers
We share information with companies that help us run our business:
E-Commerce & Payments:
- Shopify — E-commerce platform and payment processing
- Shipping carriers — For order delivery
Marketing & Communications:
- Loops — Email marketing
- Social Snowball — Referral program
Customer Experience:
- Help Scout — Customer support
- OpenPhone — Business phone
- Calendly — Appointment scheduling
- Judge.me — Product reviews
- Moast — Customer reviews and social proof
Privacy & Compliance:
- Enzuzo — Cookie consent and privacy management
These providers only use your information to perform services for us.
Advertising Partners
We may share certain information (like device identifiers and browsing data) with advertising partners to serve you relevant ads. Under some state laws, this may be considered "selling" or "sharing" your data. See Section 8 for how to opt out.
Legal Compliance
We may disclose your information:
- To comply with laws, regulations, or legal processes
- To respond to lawful government requests
- To protect our rights, privacy, safety, or property
- To enforce our terms and policies
- In connection with fraud prevention
Business Transfers
If Boring Mattress is acquired, merges with another company, or sells assets, your information may be transferred as part of that transaction. We'll notify you of any such change.
With Your Consent
We may share your information in other situations with your explicit consent.
Data Retention
We keep your personal information only as long as necessary to:
- Fulfill the purposes described in this policy
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
Examples:
- Order data: Retained for 7 years for tax and legal compliance
- Account data: Retained while your account is active, plus a reasonable period after closure
- Marketing preferences: Retained until you unsubscribe
- Website analytics: Typically retained for 26 months
Data Security
We implement reasonable security measures to protect your information, including:
- Encryption of data in transit (HTTPS)
- Secure payment processing (we don't store full credit card numbers)
- Access controls and authentication
- Regular security reviews
However, no system is 100% secure. You can help by:
- Choosing a strong password
- Keeping your login credentials private
- Logging out of shared devices
Children's Privacy
Our products are not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately at hello@boring.co and we will delete it.
Your Privacy Rights
Depending on where you live, you may have specific rights regarding your personal information.
Rights for All Customers
- Access: Request a copy of the personal information we have about you
- Correction: Ask us to fix inaccurate information
- Deletion: Request that we delete your personal information
- Opt-out of marketing: Unsubscribe from marketing emails or texts at any time
Additional Rights for U.S. Residents
If you live in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may also have the right to:
- Know what personal information we collect and how we use it
- Portability: Receive your data in a portable format
- Opt-out of sale/sharing: Stop us from selling or sharing your data for targeted advertising
- Limit sensitive data use: Restrict how we use sensitive personal information
- Non-discrimination: Not be treated differently for exercising your rights
Opt-Out of Sale/Sharing
We may share certain data with advertising partners in ways that could be considered a "sale" or "sharing" under state privacy laws. To opt out:
- Click "Do Not Sell or Share My Personal Information" in our website footer
- Use a browser with Global Privacy Control (GPC) enabled—we honor GPC signals
- Email us at hello@boring.co
Sensitive Personal Information
We do not collect sensitive personal information (like precise geolocation, genetic data, or health information) except as needed to provide our products. We do not use sensitive data to make inferences about you.
How to Exercise Your Rights
To submit a privacy request:
- Email: hello@boring.co
- Web: boring.co/pages/data-request
Verification
To protect your privacy, we'll verify your identity before processing requests. This may include:
- Confirming your email address
- Matching information you provide with what we have on file
- Asking for additional verification for sensitive requests
Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We'll require:
- Written authorization from you
- Verification of the agent's identity
- Verification of your identity
Response Time
We'll acknowledge your request within 10 business days and provide a substantive response within 45 days (or notify you if we need more time, up to 90 days total).
Appeals
If we deny your request, you may appeal by emailing hello@boring.co with "Privacy Appeal" in the subject line. We'll respond within the time required by applicable law.
If you're unsatisfied with our appeal response, you may contact your state's Attorney General:
- California: oag.ca.gov/privacy
- Colorado: complaints.coag.gov
- Connecticut: portal.ct.gov/AG
- Virginia: oag.state.va.us
State-Specific Disclosures
California Residents (CCPA/CPRA)
Categories of Personal Information Collected (past 12 months):
- Identifiers (name, email, address, IP address)
- Commercial information (purchase history)
- Internet activity (browsing, search history)
- Geolocation data (from IP address)
- Inferences (preferences based on activity)
Categories Sold or Shared for Targeted Advertising:
- Identifiers (advertising IDs)
- Internet activity (browsing data)
To Opt Out: Click "Do Not Sell or Share My Personal Information" in our footer or enable GPC.
Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes by emailing hello@boring.co.
Nevada Residents
Nevada residents may opt out of the sale of personal information by emailing hello@boring.co with "Nevada Do Not Sell Request" in the subject line. Note: We do not currently sell personal information as defined under Nevada law.
International Transfers
Our services are based in the United States. If you're outside the U.S., your information will be transferred to and processed in the United States, where data protection laws may differ from your country. By using our services, you consent to this transfer.
For transfers from the EU/EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission.
SMS/Text Message Program
If you opt in to receive text messages from us:
- We'll send order updates, promotions, and other marketing messages
- Message frequency varies; message and data rates may apply
- You can opt out anytime by replying STOP
- We don't share your phone number with third parties for their marketing
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we'll:
- Update the "Last Updated" date at the top
- Post the new policy on our website
- Notify you by email if the changes are significant
Your continued use of our services after changes take effect means you accept the updated policy.
Contact Us
Questions or concerns about this Privacy Policy? We're here to help.
Boring Mattress Company, LLC
- Email: hello@boring.co
- Website: boring.co/contact
- Mail: 315 W Elliot Rd #107-430, Tempe, AZ, 85284
Privacy Regulations We Follow
We're committed to complying with privacy laws across jurisdictions, including:
United States:
- California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
- California Online Privacy Protection Act (CalOPPA)
- Colorado Privacy Act (CPA)
- Connecticut Data Privacy Act (CTDPA)
- Delaware Personal Data Privacy Act
- Indiana Consumer Data Protection Act (INCDPA)
- Iowa Consumer Data Protection Act (ICDPA)
- Kentucky Consumer Data Protection Act (KCDPA)
- Maryland Online Consumer Protection Act
- Minnesota Consumer Data Privacy Act
- Montana Consumer Data Privacy Act
- Nebraska Data Privacy Law
- New Hampshire Data Privacy Act
- New Jersey Data Privacy Act
- Oregon Consumer Privacy Act (OCPA)
- Rhode Island Data Transparency and Privacy Protection Act
- Tennessee Information Protection Act (TIPA)
- Texas Data Privacy and Security Act (TDPSA)
- Utah Consumer Privacy Act (UCPA)
- Virginia Consumer Data Protection Act (VCDPA)
This Privacy Policy is effective as of the date shown at the top of this page.