Data Deletion Policy

Data Deletion Policy

Last Updated: May 7, 2026

Website: fromrebel.com

Overview

At Rebel, we respect your right to control your personal data. This policy explains how you can request the deletion of your personal information from our systems, what data we can delete, and what data we may be required to retain under applicable law.

What Personal Data We Hold

When you interact with fromrebel.com, we may collect and store the following types of personal data:

  • Account information — name, email address, password (encrypted)
  • Order information — billing address, shipping address, purchase history
  • Payment information — partial payment card details (note: full card data is handled by our payment processor and is not stored on our servers)
  • Communication history — emails, support tickets, and chat records
  • Marketing preferences — email subscription status and preferences
  • Device and usage data — IP address, browser type, and browsing behavior on our site (collected via cookies and analytics tools)

How to Request Data Deletion

You may submit a data deletion request at any time using one of the following methods:

Email: privacy@fromrebel.com
Subject line: Data Deletion Request

Please include the following in your request:

  • Your full name
  • The email address associated with your account
  • A description of what data you would like deleted (e.g., full account, order history, marketing data only)

We will acknowledge your request within 5 business days and complete the deletion within 30 days of verification.

What Happens After You Submit a Request

  1. Verification — We will verify your identity to ensure we are deleting the correct account and data.
  2. Review — We will assess what data can be fully deleted and what, if any, must be retained for legal or operational reasons.
  3. Deletion — Eligible data will be permanently deleted from our active systems.
  4. Confirmation — We will send you a confirmation email once the deletion is complete.

Please note that data may persist in encrypted backups for up to 90 days following deletion from active systems. These backups are not accessible for standard operations and are purged on a rolling schedule.

Data We Are Required to Retain

Certain data cannot be deleted immediately or at all due to legal, regulatory, or operational obligations. This includes:

  • Transaction records — Order and payment records may be retained for up to 7 years to comply with tax and accounting regulations.
  • Fraud prevention data — Information used to detect or prevent fraudulent activity may be retained as required.
  • Legal holds — Data subject to an active legal dispute, investigation, or regulatory requirement cannot be deleted until the matter is resolved.
  • Aggregated/anonymized data — Data that has been fully anonymized and cannot be linked back to you is not subject to deletion requests.

Shopify and Third-Party Data

fromrebel.com is built on Shopify. Some of your data is stored and processed by Shopify as our e-commerce platform provider. To request deletion of data held directly by Shopify, you may also contact Shopify’s privacy team at privacy@shopify.com or visit Shopify’s Privacy Center.

We also work with third-party services including payment processors, shipping carriers, email marketing platforms, and analytics providers. Data shared with these third parties for order fulfillment or service delivery may need to be deleted directly with those providers. We are happy to identify which third parties hold your data upon request.

Your Rights

Depending on your location, you may have additional rights regarding your personal data, including:

  • Right to Access — Request a copy of the personal data we hold about you.
  • Right to Rectification — Request correction of inaccurate or incomplete data.
  • Right to Erasure — Request deletion of your personal data (subject to the limitations noted above).
  • Right to Portability — Request a copy of your data in a structured, machine-readable format.
  • Right to Object — Object to certain types of data processing, including direct marketing.

Residents of California (CCPA), the European Union (GDPR), and other applicable jurisdictions may have specific rights under local law. We honor all applicable data subject rights regardless of where they originate.

Contact Us

If you have questions about this policy or wish to exercise your data rights, please contact us:

Rebel Email: privacy@fromrebel.com
Website: fromrebel.com

This policy applies to personal data collected through fromrebel.com and associated Rebel services. It is subject to change; material updates will be posted on this page with a revised date.