Privacy Policy

Our Security Policy

The Mountain Rose Herbs website and the technologies used to transmit your order are protected through BigCommerce security. All communication between the customer's device and Mountain Rose Herbs’ website shopping cart is encrypted using Secure Socket Layer (SSL) 256-bit encryption technology. This ensures that sensitive information, including payment details, is transmitted securely. Our website and systems comply with Payment Card Industry Data Security Standard (PCI DSS) requirements. This ensures a secure environment for processing, transmitting, and storing credit card information.

We currently use either Stripe or PayPal to authorize credit card payments. At the moment you submit your online order with Mountain Rose Herbs, only authorized employees have access to your order details. Your credit card number is transmitted directly to the corresponding payment gateway. Your credit card number is not visible to any Mountain Rose Herbs employee throughout the entire order process.  When a customer uses Apple Pay, sensitive card data is replaced with a token. Stripe supports the use of these tokens for processing payments securely. Apple Pay transactions are secure as they use the device's Secure Element, a dedicated chip for storing encrypted payment information. Apple Pay is typically supported on Apple devices, including iPhones, iPads, and Macs with Touch ID or Face ID.  Google Pay uses tokenization to secure payment information. Stripe supports the use of these tokens for processing transactions. Google Pay is available on various Android devices and can be used for both in-app and web-based transactions. Stripe integrates with the Google Pay API to facilitate payments. The API allows for a seamless checkout experience on supported devices.

You can find information about Stripe’s privacy practices here.
You can find information about PayPal’s privacy practices here.

For sales orders placed with our Customer Service staff using our 800 number, your credit card data will be entered directly onto the website and not written down or retained. For compliance purposes we store hard copies of all invoices with limited customer data. These are further filed in a secure environment, and then they are shredded after a predetermined time. For certain Terms (resale/wholesale) customers, this Security Policy may be subject to other applicable policies and practices relating to your specific relationship with Mountain Rose Herbs; please refer to your agreement paperwork for specific terms contained therein.

No part of your financial information is ever stored on any computer with an outside connection to a publicly accessible network (Internet). We do, however, store contact information (excluding financial information) on multiple third-party servers for our internal business use only and take the utmost caution to ensure its privacy.

While we have many security measures to help protect your personal information from unauthorized access and use our best efforts to ensure the security and confidentiality of your personal information, no data transmission can be guaranteed to be 100% secure. Because this is the case, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. You should only submit personal data within a secure environment, and you remain solely responsible for the security of your electronic device at all times. In addition, using public Wi-Fi can expose users to various risks due to its unsecured nature. To mitigate these risks, users should avoid connecting to public Wi-Fi networks without using a virtual private network (VPN) for encryption, keep their browsers and other software up to date with the latest security patches, and exercise caution when browsing the internet and interacting with online content.

Our Privacy Policy

Since our start in 1987, Mountain Rose Herbs has never sacrificed our customers’ personal information for the purpose of extending marketing relationships with outside firms. We have never sold, traded, or rented our mailing list or customer information. We make the decision to protect your privacy because that’s how we want to be treated. It’s just the right thing to do.

With regard to your online privacy, we collect the following pieces of information:

  • When you subscribe to any of our email communications, fill out any form on our website, or provide an email address during the checkout process, the personal information you provided will be stored on a third-party server. You may unsubscribe from marketing-type email communications at any time; You can unsubscribe here.
  • When you interact with our system, we may store cookies in your browser that allow us to associate carts and checkouts with your shopping sessions. “Cookies” are small text files that are stored on your computer by a web server. This is based on permissions set in your browser software. Cookies do not read any information on your personal computer, rather, they’re used as identifiers to customize the use of the website based on information stored on the host server. The use of cookies is a standard Internet practice. Please note that not accepting cookies still enables you to access and use our website but may limit certain features and personalization access to content.

What Regulations Does Mountain Rose Herbs Follow for its Privacy Policy?

The products and services offered on this website are intended for users who reside in the United States and as such, Mountain Rose Herbs follows privacy rights for the United States. If you are visiting our website from another country, please note that the data protection laws where you reside may be different and Mountain Rose Herbs may not comply with those regulations.

How Long Does Mountain Rose Herbs Keep Your Information?

Your information will only be kept for as long as is necessary for the purposes set out in this privacy notice, unless a longer period is required or permitted by law (such as for tax, accounting, or other legal requirements).

You may also request, at any time, that we review, change, or delete your personal information or your preferences to receive any emails, products, or services from us. To do so, please send us a written request via mail or email. Our contact information can be found at the bottom of this page.

Controls for Do-Not-Track Features

Web browsers and mobile operating systems may have a Do-Not-Track (DNT) feature or setting which you can activate to signal your privacy preferences. Please know that there is no uniform technology standard for recognizing and implementing DNT signals across the internet and we cannot control the DNT handling of third parties that may interact with our website. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

Children’s Online Privacy Protection Act

The Mountain Rose Herbs website is intended for a general audience and is not intended to collect any personal information from children. We care very deeply about the safety and privacy of children online and comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). Children under the age of 13 should not send us any personal data, including email addresses. If you are under the age of 13 and would like to contact us, please ask your parent or legal guardian to contact Mountain Rose Herbs for you. We ask that parents supervise their children while online.

If we become aware we have received personal information from a child under 13, we will promptly delete the personal information from our servers. If you want to notify us of our potential receipt of information by a child or children under 13, please contact us via the contact methods found at the bottom of this page.


California Residents

Pursuant to the California Consumer Privacy Act of 2018 (CCPA), California residents have additional rights regarding their data collection. This section sets out and explains these rights.

Right to Know About Personal Information That We Collect or Share

You have the right to request that we disclose the specific personal information we have collected over the past twelve months by submitting a verifiable consumer request. Once we receive, review, and confirm your request, we will disclose to you the following information (where applicable):


  • The types of personal information we have collected about you.
  • The sources from which we collected it.
  • The purpose for collecting or using your personal information.
  • The categories of third parties with whom your personal information is shared.
  • The specific pieces of your personal information we collected.

What Personal Information Do We Collect and How Do We Share It?

The below breakdown discloses how we may have collected or shared personal information during the past 12 months.

1) Personal Identifiers This includes full name, address, email address, phone number, etc. 
We collect this information from our users, consumers, and business partners. This information may be shared with trusted partners to communicate on our behalf.

2) Personal Information Categories Listed in the California Customer Records Statute (Cal. Civ. Code ¤ 1798.80(e)). Within this category, we only collect full name, address, email, and phone number when you provide it to us. We may share this information with trusted partners to communicate on our behalf or to better serve the ads and products you may be interested in.

3) Protected Classes Under California or Federal Law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). We may collect this information, but only when you provide it directly to us. We may share this information with trusted partners only to communicate on our behalf. For example, our email host provider.


Right to Request Deletion of Your Information

You have the right to request that we delete the personal information that we collected and retained, subject to exceptions listed below. Once we receive and confirm your request, we will delete, and will direct our trusted partners to delete your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1)    Complete the transaction for which the information was collected.

2)    Fulfill the terms of a warranty or product recall conducted in accordance with federal law.

3)    Protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.

4)    Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.

5)    Use internally only for occasions reasonably aligned with our relationship with the consumer.

6)    Comply with a legal obligation.

7)    For use internally in a way that is compatible with the context in which you provided the information.

How to Exercise Your Rights to Access and Deletion

Please submit a written request to us using the contact information found on the bottom of this page. Only you or an authorized agent may make a request related to your personal information. If an authorized agent is making this request on your behalf, they must have your written permission AND must verify their own identity.

The following information must be provided to process your request:

1)    First and last name

2)    Mailing address

3)    Email address

4)    Sufficient information for us to reasonably verify your identity.

5)    A description of the request with sufficient detail so we can properly understand and respond.

We will not use any of the information requested to verify your identity for anything beyond responding to the request. Please note that if we cannot verify your identity or have determined that an agent does not have the authority to make such a request, we will not be able to fulfill your request.

How We Handle CCPA Requests

When we receive a request, we will confirm receipt within 10 business days and provide information about how we will process the request. However, if additional time to evaluate and fulfill your request is reasonably necessary, we will notify you of the required extension within the 10-day period. This can be up to an additional 30 days. If we provide a disclosure of your information, it will cover the 12-month period preceding receipt of your request. The information will be provided in writing and delivered to the email address provided in your user account if you maintain an account with our business. We can also send this via mail if your account is no longer active.

There is no fee to process or respond to your request unless the request is manifestly unfounded or excessive. If you submit unfounded requests, or an excessive number of requests, we can refuse to act on the request and notify you of the reason for refusal. We are not required to provide you with your personal information more than twice in a 12-month period.

We will not discriminate against you solely for exercising any rights within this Privacy Policy. We will not deny you goods or service, charge you different prices or rates for goods or services, or provide a different level or quality of goods or services.

However, we may offer legally permitted financial incentives that can result in different prices, rates, or that relate to your customer level status. Any incentive program will contain written terms describing that program’s material aspects. These kinds of financial incentive programs require your opt-in consent and consent may be revoked at any time.

Changes to This Privacy Policy

We reserve the right to amend these Security and Privacy Policies at any time in order to address future developments of our business, changes in industry, or legal trends. We will post the revised Policies on our website. Any changes will become effective upon the posting of the revised Online Privacy Policy on the website.

Our promise to you is that we will never sell or trade your information or buying habits. Every bit of information you have given to us stays safely with us and our trusted third-party partners—period.

By using the Mountain Rose Herbs website, you are consenting to our Privacy Policy. If you do not agree with this policy, do not use the website.


Last updated on March 4, 2024.