Main Street Surron Bikes LLC (“Main Street Surron Bikes,” “we,” “us”) operates mainstreetsurronbikes.com. This policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have. By using our site, you agree to this policy.
Information you provide directly:
Payment information: processed directly by our PCI-DSS-compliant payment processors (Shopify Payments/Stripe, PayPal, and our financing partners). We never see or store your full card number.
Information collected automatically:
Information from third parties: shipping carriers (delivery status), payment/fraud-screening providers (transaction risk signals), and financing partners (application approval status only — we never receive your credit details).
We do not sell your personal information for money. Some advertising cookies may constitute "sharing"/"selling" under California law — Section 6 explains your opt-out right.
Only as needed to run the store:
All service providers are contractually limited to using your data only to provide services to us.
We use:
Manage preferences anytime via the "Cookie Settings" link in our footer, or through your browser. You can also opt out of Google's personalized ads at adssettings.google.com and learn about industry opt-outs at aboutads.info.
All customers can access, correct, or delete their data, and unsubscribe from marketing, by emailing privacy@mainstreetsurronbikes.com.
California residents (CCPA/CPRA): you have the right to know what personal information we collect, use, and disclose; to delete it; to correct it; to opt out of “sale”/”sharing” (including cross-context behavioral advertising); and to non-discrimination for exercising these rights. Use the “Do Not Sell or Share My Personal Information” link in our footer or email us. We honor Global Privacy Control (GPC) browser signals.
Colorado, Connecticut, Virginia, Utah, Texas, Oregon and other state-law residents: you have equivalent rights of access, correction, deletion, portability, and opt-out of targeted advertising, and (where applicable) the right to appeal a refused request.
EU/UK visitors (GDPR): we primarily serve the US, but if GDPR applies to you, you have rights of access, rectification, erasure, restriction, portability, and objection, and may lodge a complaint with your supervisory authority. Our legal bases are contract performance (orders), legitimate interests (fraud prevention, support), consent (marketing, cookies), and legal obligation (tax records).
We respond to verified privacy requests within 30 days (45 for CCPA where permitted, with notice).
TLS/SSL encryption sitewide, PCI-compliant payment handling, access controls limiting staff data access to what their role requires, and hashed password storage. No system is 100% secure; if a breach affects your data, we will notify you as required by law.
Our products and website are intended for adults. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us data, email privacy@mainstreetsurronbikes.com and we will delete it.
Browser "Do Not Track" signals have no industry standard, so we do not respond to them — but we do honor GPC opt-out signals (Section 6) and our cookie banner choices.
We'll post updates here with a new "Last updated" date; material changes will be highlighted on this page or by email for account holders.