TintLaws Privacy Policy

1. Scope of this policy

This Privacy Policy applies to tintlaws.com and any related subdomains operated by TintLaws (“we,” “us,” “our,” or “TintLaws”). It covers visitors to our public webpages, readers of our guides, and anyone who communicates with us through our contact form or email.

This policy does not apply to third-party websites we link to, including state DMV websites, official statutes, film manufacturer product pages, and partner services. Those sites have their own privacy policies; we encourage you to read them.

2. Information we collect

2.1 Information you provide voluntarily

• Contact form submissions. When you use our contact page to report a correction, ask a question, or request a record of your data, you may provide your name, email address, and the message text. Providing this information is voluntary, but without it we cannot respond to you.
• Newsletter signups (if we operate one). If you subscribe, we collect the email address and (optionally) your first name. Every newsletter includes a one-click unsubscribe link.

2.2 Information collected automatically

• Server access logs. Our hosting provider records the IP address of each visit, the timestamp, the page requested, the HTTP status returned, the user agent (browser identity), and the referring URL. Logs are retained by the host for operational and security purposes.
• Analytics events. Page views, session length, approximate geographic region (from IP), device type, and interaction events (e.g., you clicked a “Find a shop” button). Analytics are aggregated and cannot identify you individually in our reports.
• Cookies and local storage. See Section 4.

2.3 Information we do NOT collect

• We do not collect government-issued IDs, Social Security numbers, or driver’s license numbers.
• We do not collect payment card information (the site has no paid features).
• We do not collect health records or medical exemption paperwork. If you submit such materials by email, we will delete them promptly and ask you to communicate only with the issuing state agency.
• We do not use biometric identification, facial recognition, or tracking pixels that fingerprint your device.

3. How we use information

We use the limited information we collect for the following purposes:

• Operate the site — serve pages, prevent abuse, and maintain security.
• Improve content — understand which articles and state pages are most useful so we can deepen them.
• Respond to you — when you submit a contact form or email us.
• Comply with law — preserve records if we receive a valid legal process.

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects about individual visitors.

4. Cookies, pixels, and similar technologies

Cookies are small text files stored on your browser. We use them sparingly:

We do not use advertising cookies, behavioral-retargeting pixels, or social media tracking scripts on this site as of the last update date.

How to control cookies. All major browsers let you block, delete, or limit cookies. Blocking strictly-necessary cookies may break parts of the site (e.g., your consent choice will not be remembered). For analytics opt-out, see Section 5.

5. Analytics and measurement

We use a privacy-preserving analytics service (Google Analytics 4 or a comparable tool such as Plausible or Fathom) to measure aggregate traffic. IP addresses are truncated or hashed before storage by the analytics provider. We do not combine analytics data with any personally identifying information.

Opt out of Google Analytics. You can install the Google Analytics Opt-Out Browser Add-on to prevent your data from being used by any site running GA. You can also enable “Do Not Track” or “Global Privacy Control” in your browser — we honor both signals (see Section 16).

6. Advertising and affiliate relationships

TintLaws is reader-supported. We may earn a commission when a visitor clicks a labeled partner link and completes a qualifying action with that partner — for example, booking a telemedicine consultation for a medical exemption evaluation through a partner such as myeyerx.net. Partner links are clearly labeled rel="sponsored" and disclosed in-page. Our editorial decisions about which laws to document and how to describe them are not influenced by partner relationships.

We do not currently run display advertising networks (no banner ads, no programmatic ads) and do not place retargeting pixels.

7. Third-party service providers

We rely on a small number of third-party service providers to operate the site:

Each provider has its own privacy policy and is contractually or by operation of law required to protect data it receives from us. We do not sell, rent, or trade visitor information to any third party.

8. Legal bases for processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal information under the General Data Protection Regulation (GDPR) are:

• Legitimate interests — for analytics (measuring aggregate traffic), site security, and responding to correspondence you initiate.
• Consent — for non-essential cookies, newsletter signups, and any other optional tracking you affirmatively enable.
• Compliance with legal obligation — to preserve records where required by applicable law or valid legal process.

EEA, UK, and Swiss residents have the right to object to processing based on legitimate interests, withdraw consent at any time, and request access, correction, deletion, restriction, or portability. See Section 15.

9. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020, collectively “CCPA”) gives you specific rights regarding your personal information:

• Right to know what personal information we collect, use, disclose, and (hypothetically) sell.
• Right to delete personal information we collected from you, subject to exceptions.
• Right to correct inaccurate personal information we maintain.
• Right to opt out of sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA.
• Right to non-discrimination for exercising any of these rights.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information under the CCPA definition.

To exercise any of these rights, email us at editor@tintlaws.com with the subject line “California Privacy Request” and describe your request. We will verify your identity (typically by asking you to confirm information we already have on file, such as an email thread) and respond within the 45-day statutory window. We may extend the response time by an additional 45 days where permitted by law.

Shine the Light (California Civil Code § 1798.83). California residents may annually request a list of categories of personal information we disclosed to third parties for their direct marketing purposes. TintLaws does not disclose personal information for third-party direct marketing.

10. Other U.S. state privacy rights

Residents of states with comprehensive privacy laws — currently including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, and others as newly-enacted — have rights similar to those described above: access, deletion, correction, portability, and opt-out of targeted advertising / sale.

We honor all verifiable requests from residents of these states. Submit requests to editor@tintlaws.com with the subject line indicating your state. We respond within the statutory window of each state (typically 30–45 days).

11. Children’s privacy (COPPA)

TintLaws is intended for a general audience of licensed drivers and consumers interested in U.S. window tint law. The site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has provided us with personal information, please contact us at editor@tintlaws.com and we will promptly delete the information.

12. Data retention

We retain information only as long as necessary for the purposes it was collected:

• Contact form correspondence — retained up to 24 months after the last exchange, then purged, unless a legal hold applies.
• Server access logs — retained by the hosting provider for 30–90 days per their retention policy.
• Analytics data — aggregate reports retained up to 26 months (GA default); individual event data retained per analytics provider terms.
• Newsletter subscribers — retained until you unsubscribe.
• Cookie consent records — retained 12 months so we do not re-prompt you needlessly.

13. Security

We use commercially reasonable technical and organizational safeguards:

• HTTPS (TLS 1.2+) enforced on every page of the site.
• HSTS preloaded to prevent downgrade attacks.
• DNSSEC where supported by our DNS registrar.
• Access to the editorial CMS and email is protected by multi-factor authentication.
• Regular security updates applied to our static-site generator and dependencies.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect personal information, we cannot guarantee absolute security. If you believe your interaction with us is no longer secure, please contact us immediately.

14. International transfers

TintLaws is operated from the United States. If you access the site from outside the U.S., your information will be transferred to, stored, and processed in the U.S. By using the site, you consent to this transfer. For EEA / UK / Swiss residents, we rely on the European Commission’s Standard Contractual Clauses with our sub-processors where required, and we apply the same protections to your information regardless of where it is processed.

15. Your choices and rights

Wherever you are located, you have the following choices regarding your personal information:

• Access a copy of the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal information, subject to exceptions for legal retention.
• Port your information in a structured, commonly used, machine-readable format.
• Object to processing based on our legitimate interests.
• Withdraw consent for any processing you previously consented to. Withdrawal does not affect the lawfulness of prior processing.
• Lodge a complaint with your local data protection authority.

To exercise any right, email editor@tintlaws.com. We will verify your identity (usually by asking you to reply from an email address we already have on file) and respond within the statutory time frame.

16. Do Not Track and Global Privacy Control

Some browsers allow you to send a “Do Not Track” (DNT) signal or a Global Privacy Control (GPC) signal to websites. TintLaws honors GPC signals as valid opt-out requests under applicable U.S. state law. We do not use behavioral-advertising tracking, so DNT affects only optional analytics where the analytics vendor supports it.

17. Links to other websites

Our pages link extensively to state government websites, statute databases, DMV forms, film manufacturer pages, and educational sources. We are not responsible for the privacy practices of these third-party sites. Check their privacy policies before providing any personal information.

18. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page always reflects the most recent revision. Material changes will be announced by a banner on the homepage for at least 30 days. Your continued use of the site after the effective date of a revision constitutes acceptance of the updated policy.

19. Contact us

Questions, requests, or complaints about this Privacy Policy can be sent to:

You can also reach us through our contact page.