Effective Date: April 18, 2026 | Last Updated: April 18, 2026
Backyard Supplies Inc. ("Backyard Supplies," "we," "us," or "our") operates the website located at backyardsupplies.com (the "Site"). We are an e-commerce retailer specializing in pools, spas, outdoor kitchens, and outdoor living products, headquartered at 456 East Jericho Turnpike, Huntington Station, New York 11746.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our Site, create an account, make a purchase, sign up for our newsletter, submit a product inquiry or contact form, or otherwise interact with us. It also explains your rights regarding your personal information under applicable federal and state laws.
We are committed to transparency and to handling your personal information responsibly. We encourage you to read this Privacy Policy in its entirety. By using our Site, you acknowledge that you have read and understand this Privacy Policy.
This Site is intended for users located in the United States. We ship to all 50 states but do not offer international shipping or knowingly market to individuals outside the United States.
We collect personal information through several channels. The categories below describe each type of information, where it comes from, and why we collect it.
When you create an account or place an order, we collect:
If you create a customer account, we also store:
When you subscribe to our newsletter through the signup form on our Site, we collect your email address. Our newsletter is managed through Mailchimp (The Rocket Science Group, LLC).
When you submit a product inquiry through the form on our product pages, we collect:
When you submit our general contact form, we collect:
We track coupon usage associated with your billing email address to enforce per-customer limits on promotional offers (for example, the WELCOME10 one-time-use coupon).
When you visit our Site, certain information is collected automatically through cookies, pixels, and similar technologies. This includes:
We may receive limited information from third-party services we use:
We use the personal information we collect for the following purposes:
Our Site uses cookies and similar tracking technologies to provide functionality, analyze usage, and deliver targeted advertising. A cookie is a small text file placed on your device by a website you visit. Below is a comprehensive list of the cookies and tracking technologies used on our Site.
These cookies are essential for the Site to function properly. They enable core features like shopping cart functionality, user authentication, and secure checkout. You cannot opt out of these cookies because the Site cannot operate without them.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| woocommerce_cart_hash | WooCommerce | Stores a hash of your shopping cart contents to ensure cart data is up to date | Session |
| woocommerce_items_in_cart | WooCommerce | Indicates whether your cart contains items, used to control cache behavior | Session |
| wp_woocommerce_session_* | WooCommerce | Contains a unique session identifier so the server can associate your cart and checkout data with your browser session | 2 days |
| wordpress_logged_in_* | WordPress | Indicates when you are logged in and identifies your user account | Session / 14 days (if "Remember Me" is checked) |
| wordpress_sec_* | WordPress | Stores authentication details for the WordPress admin area (admin users only) | Session / 14 days |
| wp-settings-* | WordPress | Stores your WordPress dashboard preferences (admin users only) | 1 year |
| __stripe_mid | Stripe | Fraud prevention — used to identify your device and detect fraudulent payment behavior | 1 year |
| __stripe_sid | Stripe | Fraud prevention — used to identify your browsing session for payment security | 30 minutes |
These cookies are set by our hosting provider, SiteGround, to optimize Site performance, manage caching, and ensure pages load quickly.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| sg_* | SiteGround | Performance optimization, caching, and load balancing to ensure fast page delivery | Varies |
These cookies help us understand how visitors interact with our Site by collecting information about pages visited, time spent, traffic sources, and user behavior. This data is used in aggregate to improve the Site.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique users by assigning a randomly generated number as a client identifier. Included in each page request and used to calculate visitor, session, and campaign data for analytics reports. | 2 years |
| _ga_* | Google Analytics | Used by Google Analytics 4 to persist session state (e.g., session count, engagement time, page views within a session) | 2 years |
| _gid | Google Analytics | Distinguishes unique users for a 24-hour period. Used to throttle request rates and provide short-term session analytics. | 24 hours |
| _clck | Microsoft Clarity | Persists the Clarity user identifier and settings. Used to link multiple page views by the same user into a single session for heatmaps and session recordings. | 1 year |
| _clsk | Microsoft Clarity | Stores and combines page views by a user into a single session recording | 1 day |
| CLID | Microsoft Clarity | Identifies the first time Clarity saw a user on any site that uses Clarity | 1 year |
| ANONCHK | Microsoft Clarity | Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID, so this is always set to 0. | Session |
| MR | Microsoft Clarity | Indicates whether to refresh MUID | 7 days |
| MUID | Microsoft Clarity | Identifies unique web browsers visiting Microsoft sites. Used to provide advertising, site analytics, and other operational purposes. | 1 year |
| SM | Microsoft Clarity | Used in synchronizing the MUID across Microsoft domains | Session |
These cookies are used to deliver advertisements that are relevant to you, measure the effectiveness of advertising campaigns, and build audience profiles for targeted advertising. Data collected through these cookies may be shared with third-party advertising platforms.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| _fbp | Meta (Facebook) | Used by Meta to deliver, measure, and improve the relevancy of ads. Stores a unique browser identifier to track browsing activity across websites that use the Meta Pixel for cross-context behavioral advertising. | 3 months |
| _fbc | Meta (Facebook) | Stores the last click identifier from a Facebook ad. Used to attribute conversions (purchases, page views, add-to-cart events) back to specific Facebook ad clicks. | 3 months |
In addition to cookies, we use the following tracking technologies:
Our Site uses Google Fonts, a font delivery service provided by Google LLC. When you load a page on our Site, your browser connects to Google's servers to download the font files. In doing so, your IP address and certain browser information (user agent, referring URL) are transmitted to Google. Google states that it does not use this data to create user profiles or for targeted advertising. For more information, see Google Fonts Privacy and Data Collection.
Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies, accept only first-party cookies, or delete cookies when you close your browser. Please note that disabling cookies may affect the functionality of our Site — for example, you may not be able to add items to your cart or complete checkout if session cookies are blocked.
For more information on managing cookies in your browser:
We do not sell your personal information for monetary consideration. However, as explained in Section 6, our use of certain advertising technologies may constitute "sharing" of personal information under the California Consumer Privacy Act.
We share your personal information with the following categories of third parties, each for the specific purposes described below:
Stripe, Inc. — We use Stripe to process all credit and debit card payments. When you make a purchase, your payment card information is transmitted directly to Stripe's PCI DSS-compliant servers. We do not store, process, or have access to your full card numbers. Stripe may also collect device information and browser metadata for fraud prevention purposes. Stripe's Privacy Policy
Google Analytics (Google LLC) — We use Google Analytics 4 to analyze website traffic, user behavior, demographics, and conversion events. Google Analytics uses cookies to collect pseudonymous data about your interactions with our Site. Google may use this data in accordance with its own privacy policy. Google's Privacy Policy
Microsoft Clarity (Microsoft Corporation) — We use Microsoft Clarity for session recordings, heatmaps, and click tracking. Clarity captures user interactions on our Site, including mouse movements, clicks, scrolls, and page rendering. Microsoft Clarity masks sensitive input fields by default but may capture information visible on the page during a session recording. Microsoft's Privacy Statement
Meta Platforms, Inc. (Facebook/Instagram) — We use the Meta Pixel on our Site, which transmits data about your browsing behavior to Meta for cross-context behavioral advertising. This includes page views, product views, add-to-cart events, purchases, and other conversion actions. Meta uses this data to deliver targeted ads, build advertising audiences, measure ad performance, and provide retargeting. Because Meta uses this data for its own advertising purposes across its platform (Facebook, Instagram, Messenger, and the Meta Audience Network), this constitutes "sharing" of personal information under the CCPA/CPRA. See Section 6 for your opt-out rights. Meta's Privacy Policy
Mailchimp (Intuit Inc.) — If you subscribe to our newsletter, your email address and engagement data (open rates, click rates) are stored and processed by Mailchimp. We use Mailchimp to send marketing emails, promotional offers, and company updates. You can unsubscribe at any time using the link in any marketing email. Intuit's Privacy Statement
Google Tag Manager (Google LLC) — We use Google Tag Manager to manage the deployment of tracking scripts on our Site. While GTM itself does not collect personal information, it facilitates the loading of other services (such as Google Analytics and Meta Pixel) that do.
Google Search Console (Google LLC) — We use Google Search Console to monitor our Site's search performance, indexing status, and search queries that lead users to our Site. This service processes aggregated search data and does not collect personal information directly from visitors.
SiteGround (SiteGround Hosting Ltd.) — Our Site is hosted on SiteGround's servers. SiteGround automatically logs server access data, including your IP address, the pages you request, your browser type, and the date and time of your visit. This data is used for server management, security monitoring, and performance optimization. SiteGround's Privacy Policy
Google Fonts (Google LLC) — Our Site loads fonts from Google's content delivery network. When a page loads, your browser makes a request to Google's servers, transmitting your IP address. Google states that this data is not used for tracking or advertising purposes. See Section 4.6 above for more detail.
Trustindex (Trustindex Ltd.) — We use Trustindex to display customer reviews on our Site. When Trustindex widgets load, your browser may connect to Trustindex's servers, transmitting your IP address and basic browser information. Trustindex's Privacy Policy
We may also disclose your personal information:
Backyard Supplies does not sell your personal information for monetary compensation. We have never sold personal information and have no plans to do so.
However, under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the term "sharing" has a specific legal meaning. "Sharing" means disclosing a consumer's personal information to a third party for cross-context behavioral advertising, whether or not for monetary consideration. Cross-context behavioral advertising means the targeting of advertising to a consumer based on personal information obtained from the consumer's activity across websites, applications, or services other than the one with which the consumer intentionally interacts.
Our use of the Meta (Facebook) Pixel constitutes "sharing" of personal information under the CCPA/CPRA. When the Meta Pixel is active on our Site, it collects identifiers (including browser identifiers and cookies such as _fbp and _fbc) and data about your browsing behavior, and transmits this data to Meta Platforms, Inc. Meta uses this data across its family of platforms (Facebook, Instagram, Messenger, Meta Audience Network) for purposes including:
Because Meta uses this data for its own advertising purposes beyond simply providing a service to us, this data transfer meets the CCPA/CPRA definition of "sharing" for cross-context behavioral advertising.
The following categories of personal information may be shared with Meta through the Meta Pixel:
You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising. See Section 10 for detailed instructions on how to opt out of Meta Pixel tracking and other advertising technologies.
We also honor Global Privacy Control (GPC) signals. If your browser or a browser extension sends a GPC signal, we will treat it as a valid request to opt out of the sharing of your personal information for cross-context behavioral advertising.
We retain your personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of data:
| Data Type | Retention Period | Reason |
|---|---|---|
| Order records and transaction data | 7 years after order date | Tax, accounting, and legal compliance (IRS record-keeping requirements) |
| Customer account data | Duration of active account + 3 years after last activity | Customer service, order history, and dispute resolution |
| Contact form and product inquiry submissions | 2 years after submission | Customer service follow-up and business records |
| Newsletter subscriber email addresses | Until you unsubscribe or 2 years of inactivity | Marketing communications (consent-based) |
| Payment card information | Not stored on our servers | Processed and stored by Stripe in tokenized form per Stripe's retention policies |
| Server logs (IP addresses, access logs) | 90 days | Security monitoring and troubleshooting (managed by SiteGround) |
| Analytics cookies (_ga, _ga_*) | 2 years (set by Google) | Website usage analysis |
| Advertising cookies (_fbp, _fbc) | 3 months (set by Meta) | Ad targeting and conversion attribution |
| Session recording data (Microsoft Clarity) | 30 days | Behavioral analytics and site optimization (managed by Microsoft) |
| Coupon usage records | Duration of the promotional program | Enforcement of per-customer coupon limits |
When your personal information is no longer needed for the purposes described above, we will delete or anonymize it. If deletion is not immediately possible (for example, because the information is stored in backup archives), we will securely store and isolate the information until deletion is feasible.
We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect it from unauthorized access, use, alteration, and destruction. These measures include:
As a business that collects personal information of New York residents, we comply with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act. This law requires us to implement and maintain reasonable safeguards to protect the security, confidentiality, and integrity of private information, including Social Security numbers, driver's license numbers, financial account numbers, and — as of March 2025 — medical and health insurance information. Our data security program includes the administrative, technical, and physical safeguards described above, consistent with the SHIELD Act's requirements.
In the event of a data breach involving your private information, we will notify affected New York residents within 30 days as required by the SHIELD Act's amended breach notification provisions, and we will report the breach to the New York Attorney General, the Department of State, the State Police, and the Department of Financial Services as required by law.
While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately using the information in Section 14.
Your privacy rights depend on where you live. Below we describe the rights available to all U.S. residents, followed by additional rights for residents of specific states. We respond to all verifiable privacy requests free of charge.
Regardless of your state of residence, you have the right to:
If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) provides you with the following rights:
Authorized agents: You may designate an authorized agent to submit a request on your behalf. We will require the agent to provide proof of your written authorization and may require you to verify your identity directly with us.
If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) provides you with the following rights:
If we decline your request, you have the right to appeal. To appeal, contact us using the information in Section 14 with the subject line "Privacy Rights Appeal." We will respond to your appeal within 60 days.
If you are a Colorado resident, the Colorado Privacy Act (CPA) provides you with rights similar to those described for Virginia residents, including the right to access, correct, delete, and obtain a portable copy of your personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and certain profiling. Colorado also requires us to honor universal opt-out mechanisms such as Global Privacy Control (GPC).
If you are a Connecticut resident, the Connecticut Data Privacy Act (CTDPA) provides you with rights to access, correct, delete, and obtain a portable copy of your personal data, as well as the right to opt out of targeted advertising, the sale of personal data, and profiling. Connecticut requires us to recognize and honor universal opt-out signals including GPC.
If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA) provides you with the right to access, correct, delete, and obtain a portable copy of your personal data. You also have the right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, and profiling that produces legal or similarly significant effects.
We recognize that privacy laws in additional states — including Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island — provide residents with varying privacy rights. If you are a resident of any of these states, you may submit a request to exercise your rights by contacting us using the methods described in Section 14, and we will respond in accordance with applicable law. Common rights across these state laws include the right to access, correct, and delete your personal data, obtain a portable copy of your data, and opt out of targeted advertising and the sale of personal data.
To exercise any of the privacy rights described above, you may submit a request through any of the following methods:
To protect your personal information, we must verify your identity before processing your request. We will ask you to provide information that matches what we have on file, such as your name, email address, and order history. If you have an account with us, we may ask you to log in to verify your identity. If we cannot verify your identity, we may ask for additional documentation.
We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension and the reason for it. In no case will our response take longer than 90 days from receipt of your request.
We provide multiple ways for you to opt out of data collection and targeted advertising:
Every marketing email we send includes an "Unsubscribe" link at the bottom. Click that link and follow the instructions to remove your email address from our marketing list. We will process your unsubscribe request within 10 business days as required by the CAN-SPAM Act. You will continue to receive non-marketing transactional emails (order confirmations, shipping updates, password resets, etc.).
You can opt out of Meta's targeted advertising in several ways:
You can opt out of Google Analytics data collection by:
You can opt out of Microsoft Clarity session recording and behavioral analytics by:
You can manage or delete cookies through your browser settings. See Section 4.7 above for browser-specific instructions. Additionally, you can use browser extensions like Privacy Badger, uBlock Origin, or Ghostery to block tracking cookies selectively.
Global Privacy Control is a browser-level signal that communicates your preference to opt out of the sale or sharing of personal information. Multiple states, including California, Colorado, and Connecticut, require businesses to honor GPC signals. We treat a GPC signal as a valid opt-out request. You can enable GPC through compatible browsers (such as Brave or DuckDuckGo) or browser extensions (such as Privacy Badger or OptMeowt).
Our Site is intended for individuals who are 18 years of age or older. We do not knowingly collect, solicit, or maintain personal information from children under the age of 13 as defined by the Children's Online Privacy Protection Act (COPPA), or from minors under 16 as referenced by the CCPA/CPRA.
We do not direct our Site or products to children. Our products (pools, spas, outdoor kitchens, and related equipment) are intended for purchase by adults.
If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe that a child under 13 has provided us with personal information, please contact us immediately at sa***@**************es.com or call 855-310-YARD, and we will take steps to delete the information.
Our Site is operated from the United States and is intended for U.S. residents. We do not offer international shipping and do not specifically target or market to individuals outside the United States. If you access our Site from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our Site, you consent to the transfer of your information to the United States.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information. Your continued use of our Site after the posting of changes constitutes your acceptance of those changes.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We will respond to your inquiry as promptly as possible. For privacy rights requests, see Section 9.8 for response timeframes.
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA/CPRA:
| Category | Examples | Collected | Source |
|---|---|---|---|
| A. Identifiers | Name, email address, postal address, phone number, IP address, unique cookie identifiers | Yes | You, cookies, analytics |
| B. Personal information (Cal. Civ. Code 1798.80(e)) | Name, address, phone number, credit card number (processed by Stripe, not stored) | Yes | You |
| C. Protected classifications | Age (18+ verification only) | No | N/A |
| D. Commercial information | Products purchased, order history, shopping cart contents, product views, coupon usage | Yes | You, Site activity |
| F. Internet or electronic network activity | Browsing history on our Site, pages visited, click behavior, search queries, referral URLs, session recordings | Yes | Cookies, analytics tools |
| G. Geolocation data | Approximate location derived from IP address | Yes | Automatic (IP-based) |
| H. Sensory data | N/A | No | N/A |
| I. Professional or employment information | N/A | No | N/A |
| K. Inferences | Product preferences based on browsing behavior (generated by Meta and Google, not by us directly) | Indirectly | Third-party analytics |
We collect personal information for the business purposes described in Section 3, including order fulfillment, customer service, marketing and advertising, analytics, fraud prevention, and legal compliance.
As described in Section 6, we share the following categories of personal information with Meta Platforms, Inc. for cross-context behavioral advertising: identifiers (cookie IDs, browser identifiers), internet or electronic network activity information (browsing history, product views), and commercial information (add-to-cart events, purchase events).
In compliance with the California Online Privacy Protection Act (CalOPPA), we disclose the following:
As described in Section 8.3, we comply with the New York SHIELD Act's data security requirements and breach notification obligations. Private information under the SHIELD Act includes Social Security numbers, driver's license numbers, financial account numbers, biometric information, email addresses combined with passwords or security questions, and — as of March 2025 — medical and health insurance information. We implement reasonable administrative, technical, and physical safeguards to protect this information.
In compliance with the CAN-SPAM Act, we confirm that:
We are committed to fair and transparent data practices in compliance with Section 5 of the Federal Trade Commission (FTC) Act, which prohibits unfair or deceptive acts or practices in or affecting commerce. Our data collection, use, and disclosure practices are consistent with the representations made in this Privacy Policy. We do not engage in deceptive practices regarding the handling of your personal information.
This Privacy Policy constitutes the complete description of our privacy practices as of the date listed above. If you have any questions or concerns, please do not hesitate to contact us.
Backyard Supplies Inc.
456 East Jericho Turnpike, Huntington Station, New York 11746
855-310-YARD | sa***@**************es.com