Privacy & Data Policies


The sole purpose of all data collection and review is to best serve current and potential customers (for our store and our stories) in the most efficient and accessible manner possible.



We aim to keep things transactional. You do something warranting a confirmation (e.g. placing an order), we send an email to confirm and another when something ships.

We occasionally send out marketing communications via our mailing list, which is built and maintained using MailChimp. All signups are voluntary via our site or posted on social media.

In certain rare cases, we might reach out to you out of the blue to notify you of an important change. This will either be done directly (if you are the only person affected) or via a one-off MailChimp email blast (if several people are affected). In an instance of the latter, we will explicitly state that you have not been signed up for our mailing list, that we are using an external system to ensure privacy across a wide swath of people. In short: To ensure we don’t goof and give away your data to a wide list of people.

As a failsafe, this site retains complete copies of certain outgoing email messages, including the recipient(s), subjects, and message content. The site also maintains a record of any links visited by the recipients of such messages for tracking purposes. In the event of a system or networking failure, the full details of a failed email message are logged for debugging purposes. If a subsequent send attempt succeeds, the entry is deleted. In short: Our server keeps a “Sent Email” folder.

In all instances, if we send you an email, you can respond directly and we will get back to you as quickly as possible. Our contact email address is



While crawling through mountains of data is fun and something we often do as part of our marketing efforts, we don’t really need to know much about you specifically, and so don’t ask for or collect anything beyond what is required to understand who, generally, is using our site and services.

  • If you set up an account, we have access to the information you provide.
  • If you place an order, we have access to some of the billing details, though because that information is handled by our PCI-compliant payment gateway, our retrospective view is limited in the same way yours is: billing address, masked payment details, dates, and amounts.
  • All billing is done via Stripe or PayPal. The choice between the two is granted to the user with each order placed.
  • Cookies and tracing pixels may be used exclusively for the same purposes as above.
  • We are experimenting with Google Adwords to better bridge marketing efforts and reducing internal administration time.

All orders require an Evil Supply Co. account for accounting, inventory, and shipping records. In the event you wish your account to be permanently closed and your information deleted, we will comply by removing all traces of personal information and replacing with dummy info. Names will be replaced with “John Doe” variants, addresses will be replaced with “123 Main Street” variants, etc.

Please reach out to with this request. For logistics reasons, to prevent someone else from deleting your data, you will need to email us from the address that created your Evil Supply Co. account.


Third Parties

We have zero interest in monetizing any information about site usage or individual users through partnerships with advertisers, etc.  No information about you (even stripped of personally-identifiable information) will be shared, leased, or sold to any third parties, subject to the following exceptions:

  • We use Google Analytics and MailChimp to gather data about who uses our site and how.
  • We use Tumblr, Facebook, Pinterest, Twitter, Instagram, and other social media networks and tools to gather data about who sees and interacts with our social media posts and how.
  • Communications like emails have to cross networks to go from us to you; various third-parties might be involved along the way, including our mailhost and yours.
  • Your billing information is necessarily shared with our payment gateway and merchant bank, Stripe or PayPal.
  • We will not voluntarily disclose any information to any law enforcement agency, government, or civil litigant, however we might be compelled to do so if the legal burdens are satisfied. In such cases we will do everything in our power to limit the scope of such disclosures.


Disclosure Transparency

Law enforcement agencies, governments, civil litigants, and others might reach out to obtain information about a customer, server logs, user data, etc. As mentioned previously, we will not release any information unless legally compelled to do so. In the interest of transparency, any such requests will be enumerated here in broad strokes.

To date, no such incidents have occurred.


Need more?

Feel free to reach out to with any questions or comments.