Privacy Policy

Cutting Edges – Scissor, Clipper, and Knife Sharpening Services

Effective Date: January 1, 2026
Last Revised: January 1, 2026

Contact Information

Business Name: Cutting Edges
Website: www.cuttingedges.org
Email: sharp@cuttingedges.org
Physical Address: 425 Lafayette Dr, El Paso, TX 79915

1. Introduction and Scope

This Privacy Policy describes how Cutting Edges (“we,” “us,” “our,” or “Company”) collects, uses, discloses, and protects personal information from individuals (“you,” “your,” or “User”) who access or use our website, services, or interact with our business. This Policy applies to all users globally and complies with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other relevant privacy legislation.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Categories of Personal Data Collected

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Contact Information: Name, email address, phone number, mailing address

  • Service Information: Details about items requiring sharpening, service preferences, special instructions

  • Payment Information: Credit/debit card numbers, billing address, payment history (processed through third-party payment processors)

  • Account Information: Username, password, account preferences (if you create an account)

  • Communications: Content of emails, messages, or other communications you send to us

2.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers

  • Usage Data: Pages visited, time spent on pages, clickstream data, referral URLs

  • Location Data: General geographic location derived from IP address

  • Cookies and Tracking Technologies: Session identifiers, preference settings, analytics data (see Section 4)

2.3 Information from Third Parties

  • Business Partners: Referral sources, marketing partners

  • Payment Processors: Transaction verification and fraud prevention data

  • Public Sources: Publicly available business directories or social media (for business customers)

3. Legal Basis for Processing Personal Data

Under GDPR and similar regulations, we process personal data based on the following lawful grounds:

  • Consent: You have given explicit consent for specific processing activities

  • Contract Performance: Processing is necessary to fulfill our service agreement with you

  • Legal Obligation: Processing is required to comply with applicable laws and regulations

  • Legitimate Interest: Processing is necessary for our legitimate business interests, such as fraud prevention, network security, and direct marketing (where not overridden by your rights)

  • Vital Interests: Processing is necessary to protect your vital interests or those of another person

For California residents under CCPA/CPRA, we collect and process personal information for disclosed business and commercial purposes as detailed in this Policy.

4. Cookie Usage and Tracking Technologies

4.1 Types of Cookies We Use

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website performance:

  • Strictly Necessary Cookies: Essential for website functionality and security

  • Performance Cookies: Collect anonymous data about website usage and performance

  • Functional Cookies: Remember your preferences and settings

  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics)

  • Marketing Cookies: Track visitors across websites to display relevant advertisements

4.2 Cookie Management

You can control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Note that disabling certain cookies may impact website functionality. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

4.3 Do Not Track Signals

We currently do not respond to Do Not Track (DNT) browser signals. California residents have additional rights under CCPA/CPRA (see Section 7).

5. How We Use Personal Information

We use collected personal information for the following purposes:

5.1 Service Delivery

  • Processing and fulfilling service requests

  • Communicating about appointments, pickup, and delivery

  • Providing customer support and responding to inquiries

  • Managing accounts and maintaining service records

5.2 Business Operations

  • Processing payments and preventing fraud

  • Analyzing and improving our services

  • Conducting internal research and development

  • Maintaining security and preventing unauthorized access

5.3 Marketing and Communications

  • Sending promotional materials, newsletters, and special offers (with consent where required)

  • Conducting customer surveys and feedback requests

  • Personalizing marketing content based on preferences

5.4 Legal and Compliance

  • Complying with legal obligations and regulatory requirements

  • Enforcing our terms of service and other agreements

  • Protecting our rights, property, and safety

  • Responding to legal requests and preventing illegal activity

6. Third-Party Sharing and Disclosures

We do not sell personal information. We may share personal data with the following categories of third parties:

6.1 Service Providers

  • Payment Processors: To process transactions securely

  • Web Hosting and IT Services: To maintain and secure our website

  • Analytics Providers: To analyze website usage (e.g., Google Analytics)

  • Email Service Providers: To send communications and newsletters

  • Appointment Scheduling Tools: To manage bookings and reminders

6.2 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred to the successor entity.

6.3 Legal Requirements

We may disclose personal information when required by law, court order, subpoena, or to:

  • Comply with legal processes

  • Enforce our agreements

  • Protect our rights and property

  • Investigate fraud or security issues

  • Protect the safety of our customers and the public

6.4 With Your Consent

We may share information with third parties when you provide explicit consent.

7. User Rights Under Data Protection Laws

7.1 Rights Under GDPR (EU/EEA Residents)

You have the following rights regarding your personal data:

  • Right to Access: Request confirmation of whether we process your data and obtain a copy

  • Right to Rectification: Request correction of inaccurate or incomplete data

  • Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain circumstances

  • Right to Restriction of Processing: Request limitation of processing under specific conditions

  • Right to Data Portability: Receive your data in a structured, machine-readable format

  • Right to Object: Object to processing based on legitimate interests or for direct marketing

  • Right to Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing)

  • Right to Lodge a Complaint: File a complaint with your local supervisory authority

7.2 Rights Under CCPA/CPRA (California Residents)

California residents have the following rights:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected

  • Right to Delete: Request deletion of personal information (subject to exceptions)

  • Right to Correct: Request correction of inaccurate personal information

  • Right to Opt-Out: Opt out of the sale or sharing of personal information (we do not currently sell data)

  • Right to Limit Use of Sensitive Personal Information: Limit use and disclosure of sensitive personal information

  • Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment

7.3 Exercising Your Rights

To exercise any of these rights, contact us at:

We will respond to verified requests within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA/CPRA, with possible extensions). We may require additional information to verify your identity before processing requests.

8. Data Retention Periods

We retain personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

  • Service Records: Retained for the duration of the customer relationship plus 7 years for tax and accounting purposes

  • Payment Information: Retained for the duration required by financial regulations (typically 7 years)

  • Marketing Communications: Retained until you unsubscribe or request deletion

  • Website Analytics: Aggregated and anonymized data retained indefinitely; identifiable data retained for 26 months

  • Account Information: Retained until account closure plus 90 days, then deleted unless legal obligations require longer retention

  • Legal Claims: Data may be retained longer if necessary for legal proceedings

After retention periods expire, we securely delete or anonymize personal information in accordance with data protection principles.

9. Security Measures

We implement appropriate technical and organizational security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction:

9.1 Technical Safeguards

  • Encryption: SSL/TLS encryption for data transmission; encryption of sensitive data at rest

  • Access Controls: Role-based access restrictions and authentication mechanisms

  • Firewalls and Network Security: Protection against unauthorized network access

  • Regular Security Updates: Timely patching and updating of systems and software

  • Secure Payment Processing: PCI-DSS compliant payment processors

9.2 Organizational Safeguards

  • Employee Training: Regular privacy and security training for staff

  • Confidentiality Agreements: Binding obligations for employees and contractors

  • Vendor Management: Due diligence and contractual protections for third-party processors

  • Incident Response Plan: Procedures for detecting, responding to, and recovering from security incidents

  • Regular Audits: Periodic security assessments and vulnerability testing

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

10. Data Breach Notification Procedures

In the event of a data breach that compromises personal information, we will:

10.1 Internal Response

  • Immediately investigate the breach and assess its scope and impact

  • Contain and remediate the breach to prevent further unauthorized access

  • Document the breach details, affected data, and response actions

  • Notify senior management and legal counsel

10.2 Regulatory Notification

  • GDPR: Notify the relevant supervisory authority within 72 hours of becoming aware of a breach (unless unlikely to result in risk to individuals)forcepoint+1

  • CCPA/CPRA: Comply with California breach notification requirements

  • Other Jurisdictions: Comply with applicable state, federal, and international breach notification laws

10.3 Individual Notification

  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms

  • Provide clear information about the breach, data affected, potential consequences, and mitigation measures

  • Offer assistance such as credit monitoring services where appropriate

11. International Data Transfers

Our business is located in the United States. If you access our services from outside the U.S., your information will be transferred to, stored, and processed in the United States.

11.1 Transfers from the EU/EEA

For data transfers from the European Economic Area (EEA) to the United States, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms for data transfers

  • Adequacy Decisions: Relying on jurisdictions deemed adequate by the European Commission

  • Additional Safeguards: Supplementary measures to ensure data protection equivalent to EU standards

11.2 Transfers Under CCPA/CPRA

We do not sell personal information to third parties. Any cross-border data sharing is limited to service providers subject to contractual obligations to protect personal information.

11.3 Your Consent

By using our services, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate, subject to the protections described in this Policy.

12. Children’s Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 16, we will promptly delete such information. Parents or guardians who believe we may have collected information from a child should contact us immediately at sharp@cuttingedges.org.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Revised” date at the top of this Policy

  • Notify users via email or prominent website notice (for material changes)

  • Obtain renewed consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of our services after changes become effective constitutes acceptance of the updated Policy.

14. Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if such modification is not possible, severed from this Policy.

15. Jurisdiction and Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Texas, United States, without regard to its conflict of law principles. However, specific provisions will be governed by applicable data protection laws, including GDPR for EU/EEA residents and CCPA/CPRA for California residents.

Any disputes arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in El Paso County, Texas, except where mandatory consumer protection laws require otherwise.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cutting Edges
Email: sharp@cuttingedges.org
Mailing Address: 425 Lafayette Dr, El Paso, TX 79915
Phone: (915) 274-0599

For GDPR-related inquiries, you may also contact your local data protection authority.

For CCPA/CPRA-related inquiries, California residents may contact us using the information above or submit requests through our website.

17. Revision History

Version Effective Date Summary of Changes
1.0 January 1, 2026 Initial Privacy Policy published

Acknowledgment: By using our website and services, you acknowledge that you have read this Privacy Policy and agree to its terms.