Privacy Policy

Last Updated: January 3, 2023

Tomboy Malibu, Inc. (“Tomboy Malibu”, “we”, “us”, or “our”) is committed to protecting your privacy. Tomboy Malibu is a fashion retailer that blends expert styling, proprietary technology and unique product to deliver an easy, enjoyable, personalized shopping experience. We have prepared this Privacy Policy (“Privacy Policy”) to describe our practices regarding the personal information we collect from users on our website, located at (the “Site”), our mobile application entitled “Tomboy Malibu” (the “App”) and the services offered through the Site and App, and any orders that you place (collectively, the “Services”).

Questions; Contacting Tomboy Malibu; Reporting Violations

If you have any questions, concerns or complaints about our Privacy Policy, our data collection or processing practices, or if you want to report any security violations to us, please contact us at or 3903 Fontainebleau Drive, Tampa, Florida, 33634.

Information Collected

Information You Provide to Us.

When you sign up for an account for our Services (an “Account”), you provide us with information such as your name, email address, password, and postal address or you connect to the Services via a social networking site. You may also provide us with additional contact information such as mobile phone number. In addition, if you fill out your style profile, we collect information such as your date of birth, sizing, fit and style preferences. If you post a photo to your Account, we will collect that photo.

When you receive a shipment, we record what you keep and what you return.

If you contact us via email, social media, or our online help center, we will collect your contact information, as well as any other content included in the message, in order to send you a reply and/or address your request or feedback.

When you place an order for the Services or when you order products through the Services, we or our third-party payment processor will collect payment, shipping, including postal address, and billing information in order to process the transaction.

When you post content (text, images, photographs, videos, messages, comments or any other kind of content) on our Services, the information contained in your posting will be stored in our servers and other users of the Services will be able to see it if you post it in an area made public, such as comments on our blogs.

We retain information on your behalf, such as messages you send (including the content of the message and the recipient data) using your Account.

When you participate in one of our surveys, we may collect additional profile information.

We may collect the unique device ID number of the mobile device on which you use the App.

If you participate in a sweepstakes, contest or giveaway on our Services, we may ask you for contact information such as your email address and/or home phone number to notify you if you win. We may also ask for first and last names, and sometimes post office addresses to verify your identity. In some situations we may need additional information as a part of the entry process, such as a prize selection choice. Participation in sweepstakes, contests, and giveaways are voluntary.

We may also collect personal information at other times through our Services as described to you at the point of collection or otherwise with your consent.

For online payments, we use the payment services of braintreepayments ( We do not process, record or maintain your complete credit card or bank account information. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to

Information Collected from Third Party Companies.

We may receive information about you from other sources. We may add this information to the information we have already collected from you via our Services in order to improve and market the Services.

Information Collected from Social Networking Sites.

The Services allow users to share information with us via social networking sites, such as Facebook, Facebook Messenger, Instagram, Pinterest, TikTok, LinkedIn or Twitter (each an “SNS”). In some cases, you can sign-in to the Services using your SNS account information. By sharing your SNS profile, you are allowing us, including your stylist to access some of your SNS information depending on your SNS settings or as allowed by you (such as profile information and profile photo). We may receive that information from your SNS profile and that information may be imported to the Services. Our Services also allow you to share information via such SNS profiles, such as referral links. You acknowledge and agree that you are solely responsible for your use of SNSs and that it is your responsibility to review the terms of use and privacy policy of the third party provider of such SNSs. We will not be responsible or liable for: (i) the availability or accuracy of such SNSs; (ii) the content, products or services on or availability of such SNSs; or (iii) your use of any such SNSs. You can remove your SNS profile information via your Account Settings or Style Profile, as applicable, at any time. If you disconnect an SNS account that you have previously connected, the SNS public profile data and SNS-provided-email will be deleted from our active databases.

Information Collected Automatically


When you use our Services, some information is automatically collected. For example, when you use our Services, your geographic location, how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“UDID”), and your browser type, operating system, Internet Protocol (IP) address, and domain name are all collected. This information is generally used to help us deliver the most relevant information to you and administer and improve the Services. For example, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App.

Log Files.

As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to maintain and improve the performance of the Services.

Cookies and Similar Technologies.

Like many online services, we use cookies and similar technologies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We and some third parties may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services and to market the Services or other products.


We work with a number of companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering targeted advertising that is likely to be of greater interest to you, on our sites and apps and those of third parties. While not a comprehensive list, some of these companies we work with are Facebook, Pinterest, TikTok, Google AdWords, and Microsoft. To learn more, including how to opt out of receiving targeted advertisements from our advertising partners, see Your Choices Regarding Information.

We also work with affiliate marketing companies, including Impact. To better understand how these companies use your information, please see the privacy policies available on their respective websites.

Analytics Companies.

We work with a number of analytics companies that collect information about activity on our Services and report website trends without personally identifying individual visitors. These services identify and report website trends and allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. We may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their respective websites. Examples of such companies are: Hotjar, UserVoice, Medallia, and Google Analytics. If you do not want Google Analytics to collect and use information about your use of our website , then you can install an opt-out in your web browser. You also may opt-out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads Settings.

Use of Your Personal Information

General Use.

In general, personal information you submit to us is used to respond to requests that you make, aid us in serving you better, or market our Services. We use your personal information to:

  • choose items for you and deliver your shipment;
  • respond to comments, requests and questions and provide customer service;
  • facilitate the creation of your Account and secure it on our network;
  • identify you as a user in our system;
  • provide, process and deliver the Services you request;
  • improve the quality of experience when you interact with our Services, including the testing of different page designs to see which performs better;
  • send you administrative email notifications, such as security or support and maintenance advisories;
  • resolve disputes and/or troubleshoot problems;
  • develop, improve, and deliver marketing and advertising for the Services;
  • process and deliver orders;
  • respond to your inquiries related to employment opportunities or other requests; and
  • send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes (including via telephone or text, with your consent where required by law).

We may store and process your personal information in the United States and other countries.

User Feedback.

We may post user feedback on the Services from time to time. If you make any comments on a blog, SNS page or forum associated with the Services, you should be aware that any information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs and forums.

Creation of Anonymous Data.

We may create anonymous data records from personal information by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.

Disclosure of Your Personal Information

We disclose your personal information as described below and elsewhere in this Privacy Policy.

Third Parties Designated by You.

We may disclose your personal data to third parties where you have instructed us or provided your consent to do so.

Service Providers.

We may disclose your personal information with to service providers to: provide you with the Services; conduct quality assurance testing; facilitate creation of accounts; to provide technical support; market the Services; and/or to provide other services to Tomboy Malibu.

Third Party Vendors.

We also disclose information to third party vendors such as advertising and data providers including Google, Facebook, Pinterest, Wiland, Epsilon, LiftEngine, and Dataline that use limited personal information collected from you to tailor advertisements to you for us and for other companies. Please see the privacy policies of those companies for more information.

Business Partners.

In order to facilitate your purchase of items from third party partners, we may disclose certain Personal Information about you when you ask us to do so.

Corporate Restructuring.

We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

Other Disclosures

Regardless of any choices you make regarding your personal information (as described below), Tomboy Malibu may disclose personal information if it believes in good faith that such disclosure is necessary: (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served on Tomboy Malibu; (iii) to protect or defend the rights or property of Tomboy Malibu or users of the Services; and/or (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.


The Services allow you to invite your friends to sign up for the Services by sharing a referral link via an SNS, email or other means, or by sending invitations through Tomboy Malibu’s referral page on the App or websites. If you choose to upload your contacts to the Services, we will receive and store those contacts’ information and use it to send invitations on your behalf when you choose to do so. When you refer someone via our App or Site, your referral will include your name and, if shared with us, your photo.

Third Party Websites

Our Site or App may contain links to third party websites. When you click on a link to any other website or location, you will leave our Site, App or Services and go to another site, and another entity may collect personal information or anonymous data from you. We have no control over, do not review, and are not responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of your personal information after you click on links to such outside websites. We encourage you to read the privacy policies of every website and app you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

Your Choices Regarding Information

You have several choices regarding the use of information on our Services:


We offer you choices regarding the collection, use, and disclosing of your personal information. We will periodically send you newsletters and emails that directly promote the use of our Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information below). Despite your indicated email preferences, we may send you service related communications, including notices of any updates to our Terms of Use or Privacy Policy.


If you decide at any time that you no longer wish to accept cookies from our Services for any of the non-essential purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. For additional information about cookies, including the Self-Regulatory Principles for Online Behavioral Advertising, to which we adhere, and to exercise your choices about not having this information used for behavioral advertising, visit and/or, If you do not accept cookies, however, you may not be able to use all portions of the Services or all functionality of the Services. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided below.

Opt Out of Online Targeted Advertising.

Under the laws of certain US jurisdictions, you also have the right to opt out of our processing or sharing of your information for online targeted advertising purposes. Note that certain state laws also allow you to opt out of the “sale” of your information to third parties in exchange for valuable consideration. While we do not sell your information in exchange for money, we may use analytics or online advertising tools that result in the disclosure of your information to our third-party vendors and that are subject to this opt out right. You can opt out of both activities by clicking the “Your Privacy Choices” link in the footer of this page and by completing this form. Please note that if you have a legally recognized browser-based opt out preference signal turned on via your device browser (such as Global Privacy Control), we recognize such preference in accordance with and to the extent required by applicable law.

Changes to Personal Information.

You may change your personal information in your Account by editing your profile within your Account. You may request that we delete your personal information in your Account, but please note that we may be required to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our backup archives for a certain period of time until they are overwritten. We may retain your information for fraud prevention or similar purposes.

While we and others give you the choices to control the information collected and used as described in this Privacy Policy, there are many web browser signals and other similar mechanisms that can indicate your choice to disable tracking, and we may not be aware of or honor every mechanism except where required by, and such mechanisms satisfy, applicable law.

Text Messaging.

Consent to receive automated marketing messages from Tomboy Malibu is not a condition of any purchase. You may opt out of receiving commercial text messages by responding to any text message you receive from us with any of the following replies: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT. If you sign up for our text messaging program, cookies may be used to personalize your experience (e.g., shopping cart reminders).

Information Disclosed to Third Parties.

This Privacy Policy addresses only our use and disclosure of information we collect from and/or about you on the Services. If you disclose information to others, or authorize us to do the same under this Privacy Policy, the use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.

Access, Correction, and Deletion Requests.

Depending on your state of residence, you may request that we:

  • provide you the categories of personal information we collect and how we process it;
  • provide you the opportunity to correct inaccurate information we have about you;
  • provide access to and/or a copy of certain information we hold about you;
  • delete certain information we have about you; or
  • provide you with information about the financial incentives that we offer to you, if any.

If you sign up as a client of Tomboy Malibu, you may update or correct your profile information through your account settings, or delete your profile information and preferences at any time by contacting us at . If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, you may contact us by email at or submit a request through If you are a California resident, you may designate an agent to exercise your rights under the CCPA (defined below). We will take steps to verify the identity of the agent, and that your agent has been authorized to make a request on your behalf. Such steps may include requiring that the agent submit a signed written authorization or a copy of a power of attorney. If we deny your request in whole or in part, you may have the right to appeal the decision; depending on your jurisdiction (such as Colorado) you can email us at to appeal.

Please note your rights and choices vary depending upon your location. Certain information may be exempt from such requests under applicable law. We will take reasonable steps to verify your identity.

Additional Privacy Information for California Residents

Notice of Collection for California Residents.

The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights as described herein and in this Privacy Policy. The terms in this section use the definitions set forth in the CCPA.

The CCPA provides California residents with the right to not be discriminated against (as provided for in applicable law) for exercising rights to access and delete your personal information (as referred to in Access, Correction, and Deletion Requests, above). Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you or we may need to retain it to comply with our own legal obligations.

The CCPA, and its accompanying regulations, specify that we should identify the categories of personal information we collect and purposes for which we may use it and the parties with which we share it. The following information is offered in addition to the disclosures made elsewhere in this Privacy Policy.

Categories of Personal Information We Collect About You

Summarized in the table below are the categories of personal information we may collect about you, depending on how you interact with us. The following table also describes how we collect and use such categories of information.

Categories of information collected

Purposes of use (see chart below for additional information)

Sources of personal information

Identifiers and Contact Information, e.g., name, email address, postal address, phone number, and password

  • All purposes
  • Directly from you (e.g., through your Style Profile)

Demographic information, e.g., age, employment, and lifestyle information

  • Provide the Services
  • Personalize your experience
  • Directly from you (e.g., through your Style Profile)

Physical Characteristics and Audio Data, e.g., height, weight, and audio recordings when you call customer support

  • Provide the Services
  • Personalize your experience
  • Legal purposes
  • Directly from you (e.g., through your Style Profile and your customer support calls)

Financial and Transactional Information, e.g., payment card information, delivery information, and information about your transactions and purchases with us

  • Provide the Services
  • Legal purposes
  • Directly from you (e.g., what and how you order from us)

User-Generated Content, e.g., photos, videos, any information you submit in public forums or message boards, and feedback or testimonials you provide about our Services

  • Communicate with you
  • Provide the Services
  • Personalize your experience
  • Legal purposes
  • Directly from you (e.g., through your Fix requests and feedback)

Customer Service Information, e.g., questions and other messages you address to us directly through online forms, by email, over the phone, or by post; summaries or voice recordings of your interactions with customer care

  • All purposes
  • Directly from you (e.g., through your customer support messages)

Device Information and Device Identifiers, e.g., IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers

  • Provide the Services
  • Personalize your experience
  • Secure our services and users
  • Legal purposes
  • From cookies, pixels, tags, and similar tracking technologies

Usage Data, e.g., information about content viewed or download, domain names, landing pages, browsing activity, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, whether you open an email and your interaction with email content, access times, error logs, and other similar information

  • Provide the Services
  • Secure our Services and users
  • Legal purposes
  • Directly from you (e.g. through your use of the Services)
  • From cookies, pixels, tags, and similar tracking technologies

Geolocation, e.g., city, state and ZIP code associated with your IP address

  • Provide the Services
  • Secure our Services and users
  • Legal purposes
  • From cookies, pixels, tags, and similar tracking technologies

Other Information, e.g., any other information you choose to directly provide to us in connection with your use of the Services

  • All purposes
  • Directly from you (e.g., through your customer support messages, survey responses, or social media information)

The following chart provides additional information about the business or commercial purposes for collecting and using your information.

Purposes of Use

Communicate with you, for example, to:

  • Process and deliver orders;
  • Respond to comments, requests and questions and to provide customer service;
  • Send you administrative email notifications, such as security or support and maintenance advisories;
  • Send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes; and
  • Respond to your inquiries related to employment opportunities or other requests.

Provide the Services, for example, to:

  • Provide, process and deliver the Services you request;
  • Choose the items for and to deliver your shipment; and
  • Improve the quality of experience when you and others interact with our Services, including the testing of different page designs to see which performs better.

Personalize your experience, for example, to:

  • Identify you as a user in our system;
  • Personalize your experience with our Services; and
  • Develop, improve, and deliver marketing and advertising for the Services.

Secure our Services and users, for example, to:

  • Resolve disputes and/or troubleshoot problems;
  • Monitoring, preventing, and detecting fraud, such as through verifying your identity;
  • Combatting spam or other malware or security risks;
  • Detecting security incidents;
  • Debugging to identify and repair errors that impair existing intended functionality; and
  • Monitoring, enforcing, and improving the security of our Services.

Defend our legal rights and compliance with the law, for example, to:

  • Comply with any applicable procedures, laws, or regulations and to protect our legitimate interests or those of others; and
  • Protect or exercise our legal rights or those of others (e.g., to enforce compliance with our Terms of Use, Privacy Policies, or to protect our Services, users, or others).

Commercial purposes, for example, to:

  • Tailor advertising to keep you aware of what we’re up to and to help you see and find our products.

For the avoidance of doubt, Tomboy Malibu does not process sensitive personal information for any purpose other than to provide the Services or as required by applicable law.

We retain information for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. In determining how long to retain information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. The purposes for which we process information (as well as the other factors listed above) may dictate different retention periods for the same types of information. For example, we retain your email address as an authentication credential as long as you have an account with us and an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes. If you opt out of email marketing, we maintain your email on our suppression list for an extended time to comply with your request.

We may delete or de-identify your information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law, or when it is no longer needed to fulfill these purposes unless a longer retention period is required to comply with applicable laws. There may be technical or other operational reasons where we are unable to fully delete or de-identify your information. Where this is the case, we will take reasonable measures to prevent further processing your information.

How We Disclose, Share, and Sell Your Information

We may disclose all the categories of personal information identified in this California Privacy Notice or elsewhere in this Privacy Policy for our operational or business purposes where the use of such personal information is reasonably necessary and proportionate to achieve the purpose for which it was collected or for another operational or business purpose that is compatible with the context in which the personal information was collected. We may disclose such information with the following categories of entities and third parties:

  • Service providers.
  • Third parties designated by you.
  • An entity that is part of corporate restructuring, including a successor-in-interest or assign.
  • Governmental entities.
  • Third parties who are involved in a legal investigation or in protecting or defending the rights or property of Tomboy Malibu or users of the Services; and/or investigating or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.

Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration.

The categories of personal information that we “share” or “sell” for advertising or analytics purposes are:

  • Online identifiers and contact information;
  • Device information; and
  • Any other information collected through automated technologies.

We “sell” or “share” this information with the following types of third parties: online advertising partners and data cooperative providers.

California residents may opt-out of Tomboy Malibu’s “sale” or sharing of their personal information by clicking the “Your Privacy Choices” link in the footer of this page and following the prompts.

Metrics Regarding CCPA Requests for January – December 2021

Request Type


Completed (in whole or part)


Average Response Time

CCPA Request to Know




29 days

CCPA Request to Delete




7 days

CCPA Do Not Sell Request




1 day

Shine the Light Disclosure.

The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. If you would like to opt out of such sharing, please use the Your Privacy Choices link in the footer of this page. If you are a California resident and would like a copy of this notice, please submit a written request to the following address: Tomboy Malibu Legal Dept., 1 Montgomery Street, Suite 1100, San Francisco, CA 94104. In your request, please specify that you want a “Tomboy Malibu California Shine the Light Notice.” Please allow at least 30 days for a response.


To protect your privacy and security, we take reasonable steps to verify your identity and requests before granting the rights above, including account access or making corrections to your information. You are solely responsible for maintaining the secrecy of your unique password and account information at all times.

How We Respond to Do Not Track Signals

Do Not Track is a privacy preference that users can set in certain web browsers. We do not currently recognize or respond to browser-initiated Do Not Track signals, but we do honor legally recognized browser opt-out signals at set forth above (such as global privacy control). Learn more about Do Not Track.

A Note About Children

Our Services are not directed to children under the age of 13 and children under the age of 13 are not eligible to use our Services. We do not collect or maintain personal information from children we actually know are under the age of 13. If a child under 13 submits personal information to us and we learn that the personal information is the personal information of a child under 13, we will take steps to remove the personal information from our databases. If you believe that a child under 13 provided us with personal information, please contact us at

For minors over the age of 13, we may collect information from them. We do not “sell” that information as defined under the CCPA.

The children’s products we offer via our Services are intended for purchase by adults. We collect some limited personal information about children from the adults purchasing children’s products via our Services. Information about children that we collect from adults and store includes name, birth date, height, weight and style preferences.

If you provide us information about a child and you are not the parent or legal guardian of that child, please obtain the parent or legal guardian’s consent to provide us such information.

Users Outside of the United States

If you are using the Services in the United Kingdom, please see our UK Privacy Policy at . If you are a non-U.S. user of the Services outside of the US and UK, by using the Services and/or providing us with information, you acknowledge and agree that your personal information may be processed for the purposes identified in this Privacy Policy. In addition, your personal information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your information, you consent to such transfer.

Contact Information

Organization Name: Tomboys Clothing, Llc

IRS EIN (Taxpayer Id) 82-1183377

Business / Mailing Address:

3903 Fontainebleau Drive,


Florida, 33634