Golden West Packaging Group

Privacy Policy

Last updated: May 8, 2026

1. Introduction

Golden West Packaging Group ("GWPG," "we," "us," or "our") operates the GWPG Store (gwpg-store.com), the e-commerce extension of our corporate site at gwpg.com. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit the store, place an order, or interact with us. It is intended to align with the privacy practices of our corporate site while adding details specific to e-commerce activity (accounts, orders, payments, cart, shipping).

2. Information We Collect

Account Information

When you create an account or are invited by an administrator, we collect your name, email address, and password (stored as a one-way hash). If provided, we also store your company name, customer number, phone, shipping address, and billing address.

Order & Transaction Information

When you place an order we collect: items, quantities, pricing, shipping and billing addresses, contact information, shipping selection (carrier, account number for customer-billed shipments), tax-exemption details when applicable, sales rep / referral source, and order status. Payment card details are processed directly by Stripe and are never stored on our servers.

Net-Terms & Tax Records

For business customers approved for Net-Terms billing or tax-exempt status, we maintain those flags on your account solely to apply the correct treatment at checkout (skip Stripe payment, suppress tax). We retain the resale certificate number you supply for tax-exempt orders.

Cart & Browsing Data

Authenticated carts are stored on our server tied to your account. Guest carts and recently-viewed products are stored only in your browser's local storage and stay on your device.

Usage Data

We collect basic usage data (page views, cart activity, order completion events) for internal analytics and security audit logging. We do not currently load third-party analytics trackers (Google Analytics, Facebook Pixel, etc.) on this store.

3. Cookies, Local Storage & Your Consent

Cookie Consent Banner

On your first visit you will see a banner at the bottom of the page with two choices: Essential Only or Accept All. Your choice is recorded in your browser's local storage and respected on subsequent visits. You can revoke or change your choice at any time by clearing your browser's storage for this site.

Strictly Necessary Cookies

These cookies are required for the site to function and are set regardless of your consent choice:

  • Session token — Keeps you logged in as you navigate the site (encrypted JWT)
  • CSRF token — Protects against cross-site request forgery attacks
  • Callback URL — Remembers where to redirect you after login
  • Cookie consent record — Stores your banner choice so we don't re-prompt you on every page

Analytics & Improvement Cookies

If you choose Accept All we may load additional cookies that help us understand how the store is used so we can improve it. If you choose Essential Only these cookies are not loaded. At the time this policy was last updated, no analytics or advertising cookies are loaded on this store; the consent mechanism is in place ahead of any future addition.

Local Storage

If you browse the store without logging in, your cart items and recently viewed products are stored in your browser's local storage. This data stays on your device and is not sent to our servers. It is cleared when you clear your browser data.

4. Third-Party Services

Stripe (Payment Processing)

We use Stripe to process credit card payments. When you proceed to checkout you are redirected to Stripe's secure payment page. Stripe may set its own cookies on their domain (checkout.stripe.com) to process your payment, apply tax, and prevent fraud. These cookies are governed by Stripe's Privacy Policy. We do not store your credit card number, CVV, or full card details on our servers.

Google Maps (Shipping Distance)

We use the Google Maps Distance Matrix API server-side to calculate the distance between your shipping address and our fulfillment facility for free-shipping eligibility. Your address is sent from our server to Google for this calculation. Google's use is governed by their Privacy Policy.

Email Services

We use a transactional email provider to send order confirmations, account invitations, password reset emails, and shipping updates. Your email address and order details are shared with our email provider solely to deliver these transactional emails. We do not send marketing email without separate consent.

Cloud Hosting & Storage

The store runs on Vercel (hosting) and Supabase (PostgreSQL database). Product images and order attachments are stored in cloud object storage. All providers are bound by data-processing agreements requiring confidentiality and security.

5. How We Use Your Information

We use the information we collect to:

  • Process, fulfill, and ship your orders
  • Manage your account and provide customer support
  • Send order confirmations and shipping updates
  • Apply correct shipping, freight, and tax treatment (including tax-exempt and Net-Terms accounts)
  • Improve our products and store experience through internal analytics
  • Prevent fraud, maintain security, and comply with legal obligations
  • Audit access and changes to sensitive account data

6. How We Share Your Information

We do not sell or rent your personal information. We share it only with:

  • Service providers listed in Section 4 (payment, email, hosting, maps), strictly to perform their function
  • Fulfillment and shipping partners necessary to deliver your order (carrier names, account numbers if you provided them)
  • Legal authorities when required by valid legal process or to protect rights, safety, or property
  • A successor entity in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy

7. Data Retention

We retain your account information and order history for as long as your account is active or as needed to provide services, comply with tax and accounting obligations, resolve disputes, and enforce our agreements. Authentication cookies expire when you log out or after your session ends. You may request deletion of personal data not subject to a legal retention requirement using the contact information below.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information. Passwords are hashed using industry-standard algorithms (bcrypt). Two-factor authentication (2FA) is available for additional account security. All data is transmitted over encrypted HTTPS connections. Access to admin interfaces is restricted by role and audited.

9. Your Rights

You have the right to access, correct, or request deletion of your personal information. You can update your profile, saved addresses, password, and 2FA settings from your account settings. To request account deletion or a data export, contact us using the information below.

10. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you the following rights:

  • The right to know what personal information we collect and how we use it
  • The right to request a copy of the personal information we hold about you
  • The right to request deletion of your personal information, subject to legal exceptions
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of your personal information
  • The right to limit the use of sensitive personal information
  • The right not to be discriminated against for exercising these rights

Do Not Sell or Share My Personal Information. We do not sell personal information for monetary consideration. If we ever begin to share personal information for cross-context behavioral advertising, the cookie consent banner provides an opt-out by selecting Essential Only. To submit an access, deletion, or correction request, contact us using the information in Section 13.

11. Your EU / UK Privacy Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, GDPR gives you the right to access, rectify, erase, restrict processing of, port, or object to processing of your personal data. Our legal bases are: (a) performance of a contract (to fulfill your order), (b) consent (for non-essential cookies), (c) legitimate interest (to improve and secure the store), and (d) legal obligation (tax / accounting). You also have the right to lodge a complaint with your local supervisory authority.

12. Children's Privacy

The GWPG Store is intended for use by businesses and adults. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

13. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or want to update your data, please contact us:

Golden West Packaging Group

17740 Shideler Pkwy

Lathrop, CA 95330

Phone: (888) 501-5893

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page and, for material changes affecting cookie or data-collection practices, will re-prompt the cookie consent banner on your next visit. Continued use of the store after changes constitutes acceptance of the revised policy.

← Back to Store