Thank you for visiting Blue Marble®. We want you to know that your privacy is important to us. Blue Marble® was founded by consumers just like you, so we treat our customers the way we would like to be treated — and we strive to ensure your experience with Blue Marble® is one that you will want to repeat and share with your friends. Part of our commitment to you is to respect and protect your privacy and the personal information you may provide to us.

This Privacy Policy tells you what information we collect, why we collect it, and how we use it. It covers our website at thinkbluemarble.com, our retail showroom in Ashland, Oregon, and any Blue Marble® service that links to this Policy. Throughout this Policy, “we,” “our,” and “us” refer to JMW Sales, Inc., the Oregon company that operates Blue Marble®.

We serve two types of customers: individual shoppers and gift-buyers who purchase through marketplaces like Amazon, Walmart, and Target; and wholesale buyers like retailers, schools, libraries, and nonprofits who order directly with our team. This Policy covers both groups.

We do not allow children under 13 to create accounts or use our website independently. See Section 12 to learn more about how we protect children’s privacy.

Not sure what an abbreviation means? We’ve included a plain-English Glossary in Appendix A at the end of this Policy.

Laws this Policy covers:

We also monitor: Maryland (MODPA), Minnesota (MCDPA-MN), Kentucky (KCDPA), Rhode Island (DTPPA), Indiana (ICDPA-IN), and Tennessee (TIPA).

By using our Services, you agree to the terms of this Privacy Policy. If you have any questions, just reach out at help@thinkbluemarble.com — we’re happy to help.

JMW Sales, Inc. is an Oregon company operating as Blue Marble®. We are responsible for the personal information collected through our Services. If you have any questions, we’re easy to reach:

• Email: help@thinkbluemarble.com
• Phone: 541.708.6739
• Mail: JMW Sales, Inc. dba Blue Marble®, 101 A St., Ashland, Oregon 97520 USA
• Website: thinkbluemarble.com

Here’s a breakdown of the types of information we collect, where it comes from, why we collect it, and who we share it with. Don’t worry — we only collect what we actually need.

3.1  Information You Give Us

We collect information when you make a purchase, sign up for emails, contact our team, visit our showroom, or submit a review or wholesale order.

3.2  Information We Collect Automatically

When you visit our website, Google Analytics and the Meta Pixel automatically collect technical data like your IP address, browser type, pages visited, and approximate location. See Section 8 for details on cookies.

3.3  Sensitive Information

We don’t intentionally collect sensitive personal information — things like Social Security numbers, health data, biometric data, precise location, or information about race, religion, or sexual orientation. Please don’t submit that kind of information through our Services.

3.4  When You Sign Up for Email

When you sign up for our email list, we collect your email address and, optionally, your name and preferences. We share this with our email platform (Mailchimp or Klaviyo) solely to send you newsletters and promotions. You can unsubscribe at any time using the link in any email, or by emailing help@thinkbluemarble.com.

3.5  How Payments Work

B2C (Consumer) Transactions

When you buy Blue Marble® products through Amazon, Walmart, or Target, the marketplace handles your payment. We never see or store your card data.

B2B (Wholesale / Business) Transactions

For wholesale orders, we accept payment through Fortis, our PCI-compliant payment gateway. Our team enters card details directly into Fortis — raw card data never touches our internal systems. We only keep tokenized references for accounting purposes.

3.6  Third-Party Tracking Tools on Our Site

We only use your information for the reasons listed below. We don’t sell your personal information. We also don’t use automated systems to make important decisions about you without a real person involved.

We work with trusted partners and vendors who help us run our business. Every one of them is required by contract to protect your information and never use it for anything other than what they’re hired to do.

5.1  Our Service Providers

• Amazon, Walmart, Target — B2C sales and payments. They collect payment data; we don’t receive it.
• Fortis — our PCI-compliant B2B payment gateway. Card data goes straight to Fortis, never through our systems.
• Google Analytics — website analytics
• Meta (Facebook/Instagram) — advertising and remarketing via the Meta Pixel
• Mailchimp or Klaviyo — email marketing and subscription management
• Order fulfillment and shipping carriers — to deliver your purchases
• Cloud hosting and data storage — to keep our website and records running
• Customer service platforms — to manage inquiries
• Fraud detection services — to protect against unauthorized activity

5.2  Advertising Partners

We use Google and Meta for advertising. To do this, we share some browsing and identifier data with them. You can opt out at any time — see Section 7 and Section 8. We never share children’s information with advertising partners.

5.3  Business Partners

With your consent, we may share information with selected business partners such as product financing providers. We’ll always tell you first and give you the chance to opt out.

5.4  Promotions and Contests

If you enter a co-sponsored promotion, we’ll tell you who the sponsor is and only share your information with them to run the event.

5.5  When the Law Requires It

We may share information to comply with a legal obligation, protect safety, prevent fraud, or enforce our Terms of Service.

5.6  Business Transfers

If we’re ever part of a merger or sale, your information might be transferred. We’ll always let you know before your information is governed by a different privacy policy.

5.7  What We Will Never Do

• We will never sell your personal information for money
• We will never sell or share children’s personal information — under any circumstances
• We will never share your information with third parties for their own marketing without your consent

We don’t hold onto your information longer than we need to. Here’s how long we keep different types of information and why.

Depending on where you live, you may have rights over the personal information we hold about you. Here’s a summary — and don’t worry, we’ll honor all of them.

7.2  Extra Rights for California Residents

12-Month Look-Back: We have not sold personal information for money. We have shared Identifiers, Network Activity, and Inferences with Google and Meta for cross-context behavioral advertising.

Authorized Agent: You can designate someone to act on your behalf with a signed written authorization. No account required.

B2B Exemption: Business contact information provided in a wholesale context has narrower CCPA applicability. Contact us if you have questions and we’ll evaluate in good faith.

Shine the Light (Cal. Civil Code § 1798.83): Email help@thinkbluemarble.com with subject “Shine the Light Request.”

7.3  How to Make a Request

If we deny your request, you can appeal within 45 days by emailing us with subject “Privacy Rights Appeal.” We’ll respond to appeals within 60 days and tell you how to contact your state Attorney General if needed.

Like most websites, we use cookies and tracking tools. Here’s what they are and how to control them:

• Strictly Necessary: Required for the website to work (e.g., shopping cart). Can’t be turned off.
• Performance / Analytics: Google Analytics tracks how visitors use our site — pages visited, time spent, traffic sources.
• Targeting / Advertising: The Meta Pixel and Google tags power interest-based ads and remarketing on Facebook, Instagram, and Google. This constitutes “sharing” under California law.

For EU/EEA, UK, and Canadian residents, and anyone else where required by law, we show a cookie consent banner before placing non-essential cookies.

8.2  Tracking in Our Emails

Our email platform uses tracking pixels to see if you open emails or click links. This helps us improve future emails. You can turn this off by unsubscribing or disabling automatic image loading in your email client.

8.3  How to Opt Out

• Google Ad Preferences: https://adssettings.google.com
• Meta Ad Preferences: https://www.facebook.com/ads/preferences
• S. Industry Opt-Out: https://optout.aboutads.info
• EU Industry Opt-Out: https://www.youronlinechoices.eu
• Global Privacy Control (GPC): https://globalprivacycontrol.org — we honor this signal automatically

We don’t place advertising or analytics cookies on any page we know is accessed by children.

9.1  U.S. Email Rules (CAN-SPAM)

Every marketing email we send clearly identifies Blue Marble® as the sender, has an honest subject line, includes our mailing address (101 A St., Ashland, Oregon 97520 USA), and has a working unsubscribe link. We honor unsubscribes within 10 business days. Don’t worry — order confirmations and shipping notices aren’t affected.

9.2  Canadian Email Rules (CASL)

We only email Canadian customers based on express consent (you signed up) or implied consent (you bought from us within the past 24 months). Every email includes our contact details and a working unsubscribe link honored within 10 business days.

9.3  Managing Your Preferences

We use Mailchimp or Klaviyo to manage our email list. They’re prohibited from using your email for anything other than delivering our emails. Unsubscribe any time using the link in any email or by emailing help@thinkbluemarble.com.

If you’re in the EU/EEA or UK, the GDPR and UK GDPR give you these rights:

• Access (Art. 15): Get a copy of your personal data
• Rectification (Art. 16): Correct inaccurate data
• Erasure (Art. 17): Delete your data in certain circumstances
• Restriction (Art. 18): Pause processing in certain circumstances
• Portability (Art. 20): Receive your data in a machine-readable format
• Object (Art. 21): Object to processing for marketing or legitimate interests
• Automated decisions (Art. 22): Not be subject to solely automated, legally significant decisions
• Withdraw consent: At any time, without affecting prior lawful processing

Legal bases: Contract (order fulfillment); Consent (marketing and cookies); Legitimate Interests (fraud prevention, security, analytics); Legal Obligation (compliance).

International transfers: EU/EEA and UK data transferred to the U.S. is protected by Standard Contractual Clauses (SCCs) and the UK IDTA. Copies available on request.

Complaints: EU supervisory authorities: https://edpb.europa.eu. UK ICO: https://ico.org.uk.

We comply with PIPEDA and provincial privacy laws including Alberta PIPA, BC PIPA, and Quebec Law 25 (Bill 64).

• Right to access: request the personal information we hold about you
• Right to correction: request correction of inaccurate data
• Right to withdraw consent: at any time, with reasonable notice
• Right to complain: Office of the Privacy Commissioner of Canada at www.priv.gc.ca

Quebec residents may also request de-indexation of personal information published without authorization and receive information about automated decision-making affecting them.

We’ll respond to Canadian access or correction requests within 30 days. Contact: help@thinkbluemarble.com.

11B

Rights for Australian Residents

If you’re visiting us from Australia, we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

11B.1  Your Rights

• Right to access: ask us for a copy of the personal information we hold about you
• Right to correction: if your information is inaccurate or out of date, you can ask us to correct it
• Right to know: ask us what types of information we hold and why

To make any of these requests, email help@thinkbluemarble.com — subject: “Privacy Request.” We’ll respond within 30 days.

11B.2  Cross-Border Transfers

We’re based in the United States. Your personal information may be transferred to and stored in the U.S. We take steps to ensure it receives protection comparable to the Australian Privacy Act. By using our Services, you consent to this transfer.

11B.3  How to Complain

If you have a concern and we haven’t resolved it to your satisfaction, you can contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992 (within Australia)
• Mail: GPO Box 5218, Sydney NSW 2001

We encourage you to contact us first at help@thinkbluemarble.com so we can try to resolve things directly.

12.1  Our Site Is for Adults

Our website is directed to adults. Children under 13 are not intended users, and we don’t offer features to attract them to browse independently.

12.2  What We Don’t Collect from Children

• We do not knowingly collect personal information from children under 13
• We do not allow children under 13 to create accounts or sign up for emails
• We do not use persistent identifiers from children for advertising or third-party sharing
• We do not collect biometric identifiers from children
• We do not place advertising or tracking tools on pages we know children access

12.3  If We Make a Mistake

If we discover we’ve accidentally collected a child’s information, we’ll promptly delete it. Parents or guardians should contact help@thinkbluemarble.com immediately — we’ll act within 5 business days.

12.4  Third-Party Tools and Children

We audit all third-party tools (including Google Analytics and the Meta Pixel) at least annually to confirm they don’t collect data from children. We require all vendors to confirm COPPA compliance in writing.

12.5  Extra Protection for Teens

State law teen protections are in Section 7. We’re monitoring COPPA 2.0, which would extend federal protections to consumers under 17, and will update our practices when it’s enacted.

12.6  Questions from Parents

Contact help@thinkbluemarble.com. For general tips on protecting kids online, visit www.ftc.gov.

Protecting your information is important to us. Here’s what we do to keep it safe:

• SSL/TLS encryption for all data in transit
• Encryption of personal data at rest
• Role-based access controls and multi-factor authentication
• Regular security assessments and vulnerability scanning
• Employee privacy and security training
• Data Processing Agreements with all vendors who access personal information

Payment note: B2C card data is handled entirely by third-party marketplaces — it never reaches us. B2B card data goes directly to Fortis and never passes through our internal systems.

The Internet isn’t 100% secure — no one can promise that. But we work hard to reduce risk and respond quickly if something goes wrong.

We’re based in the United States. If you’re visiting from another country, your information may be transferred to and stored in the U.S. or other countries where our service providers operate. Different countries have different privacy laws — but we take steps to make sure your information stays protected no matter where it goes.

• EU/EEA and UK: Transfers protected by Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA). Copies available on request.
• Canada: We ensure recipients provide comparable protections as required under PIPEDA.
• Australia: By using our Services, you consent to the transfer of your information to the U.S. We take steps to ensure it receives comparable protection.

We’re committed to making thinkbluemarble.com accessible to everyone, including people with disabilities. We work to meet WCAG 2.1 Level AA — the standard referenced by most global accessibility laws.

• United States: We’re working to conform to WCAG 2.1 Level AA as required under ADA Title III for ecommerce services.
• EU: Our website is designed to meet European Accessibility Act (EAA) requirements, effective June 28, 2025.
• Canada: We’re working toward compliance with the Accessible Canada Act and Ontario’s AODA.
• Australia: We’re committed to meeting applicable digital accessibility requirements for Australian customers.

If you run into an accessibility barrier on our website, please let us know at help@thinkbluemarble.com — subject: “Accessibility Request.” We’ll work to fix it.

• Marketing emails: Click “Unsubscribe” in any email, or email help@thinkbluemarble.com. Honored within 10 business days. Won’t affect order or shipping emails.
• Targeted advertising and data sharing: Use the “Do Not Sell or Share My Personal Information” link on our homepage, email us, or enable Global Privacy Control (GPC) in your browser.
• Cookie settings: Use our Cookie Preference Center or your browser settings. Some features may not work if you disable certain cookies.
• Accessing or updating your info: Contact help@thinkbluemarble.com.

Our website may link to third-party sites including Facebook, Instagram, Pinterest, Twitter/X, Snapchat, and Google. This Privacy Policy doesn’t apply to those sites — they’re not ours to control. Read their privacy policies before sharing personal information with them.

Privacy law moves fast. We keep a close eye on what’s coming and will update this Policy when new laws take effect.

• COPPA 2.0 (federal): Would extend federal children’s privacy protections to consumers under 17 and establish a data “eraser button” for teens. Not yet enacted.
• American Privacy Rights Act (APRA): Would create a national U.S. privacy baseline. Not yet enacted.
• New state privacy laws: Multiple states have active legislation in 2025–2026 sessions. We review and update annually.

From time to time we may update this Policy. When we do, we’ll change the date at the top of the page. If there are any big changes, we’ll let you know by email or with a notice on our website. Checking back periodically is always a good idea!

If you have any questions about this Policy, or about how we handle your personal information, please get in touch. We’re happy to help!

• Company: JMW Sales, Inc. doing business as Blue Marble®
• Email: help@thinkbluemarble.com
• Phone: 541.708.6739
• Mail: JMW Sales, Inc. dba Blue Marble®, 101 A St., Ashland, Oregon 97520 USA
• Website: thinkbluemarble.com

Regulatory contacts:

• EU/EEA supervisory authorities: https://edpb.europa.eu
• UK Information Commissioner’s Office (ICO): https://ico.org.uk
• Canada — Office of the Privacy Commissioner (OPC): www.priv.gc.ca
• Australia — Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au
• S. Federal Trade Commission (FTC / COPPA): www.ftc.gov

Blue Marble®  •  help@thinkbluemarble.com  •  541.708.6739  •  thinkbluemarble.com

© 2026 JMW Sales, Inc. All rights reserved.  Last updated: March 24, 2026.

Every abbreviation and key term used in this Policy, defined in plain English, A–Z.

A

ADA

Americans with Disabilities Act. U.S. federal law. Title III applies to ecommerce websites as places of public accommodation.

AODA

Accessibility for Ontarians with Disabilities Act. Ontario law requiring WCAG 2.1 digital accessibility compliance.

APP

Australian Privacy Principles. 13 principles in the Privacy Act 1988 (Cth) governing how organizations handle personal information in Australia.

APRA

American Privacy Rights Act. Proposed U.S. federal privacy law. Not yet enacted.

B

Blue Marble®

The registered trade name of JMW Sales, Inc., operating thinkbluemarble.com and the Ashland, Oregon showroom.

B2B

Business-to-Business. Wholesale, retail, school, library, and corporate orders processed directly through our team and ERP.

B2C

Business-to-Consumer. Individual purchases through Amazon, Walmart, and Target.

C

CAN-SPAM Act

U.S. federal law (15 U.S.C. § 7701) requiring honest commercial email practices and a working opt-out. Enforced by the FTC.

CASL

Canada’s Anti-Spam Legislation. Requires consent before sending commercial emails to Canadians. Fines up to CAD $10 million.

CCPA

California Consumer Privacy Act. California’s main consumer privacy law, significantly updated by the CPRA.

COPPA

Children’s Online Privacy Protection Act. U.S. federal law restricting online collection of personal information from children under 13. Updated by the FTC in 2025 (compliance deadline: April 22, 2026).

COPPA 2.0

Proposed federal law to extend COPPA to consumers under 17. Not yet enacted.

CPA

Colorado Privacy Act. Effective July 1, 2023.

CPRA

California Privacy Rights Act. 2020 amendment that significantly strengthened the CCPA.

CTDPA

Connecticut Data Privacy Act. Effective July 1, 2023.

D

dba

Doing Business As. Blue Marble® is the dba name of JMW Sales, Inc.

DOJ

U.S. Department of Justice. The DOJ Data Security Program (April 8, 2025) limits certain cross-border transfers of sensitive American data.

DPA

Data Processing Agreement. A contract between a data controller and a vendor governing how personal data is handled. Required under GDPR.

DPDPA

Delaware Personal Data Privacy Act. Effective January 1, 2025.

DTPPA

Rhode Island’s Data Transparency and Privacy Protection Act. Effective January 1, 2026.

E

EAA

European Accessibility Act. EU directive requiring ecommerce services for EU customers to meet WCAG 2.1 Level AA. Effective June 28, 2025.

EDPB

European Data Protection Board. The EU body ensuring consistent GDPR enforcement. Directory at edpb.europa.eu.

EEA

European Economic Area. The 27 EU member states plus Iceland, Liechtenstein, and Norway.

F

FTC

Federal Trade Commission. U.S. agency enforcing the FTC Act, COPPA, and CAN-SPAM.

FTC Act

Federal Trade Commission Act. Prohibits unfair or deceptive trade practices. Section 5 gives the FTC broad privacy enforcement authority.

Fortis

Our PCI-compliant payment gateway for B2B transactions. Card data goes directly to Fortis and never touches our systems.

G

GDPR

General Data Protection Regulation. The EU’s comprehensive data protection law for residents of the EU/EEA.

GPC

Global Privacy Control. A browser signal telling websites you want to opt out of sale/sharing. We honor it automatically. Learn more at globalprivacycontrol.org.

I

ICDPA

Consumer Data Protection Act. Refers to both Iowa’s (effective Jan 1, 2025) and Indiana’s (effective Jan 1, 2026) privacy laws.

ICO

Information Commissioner’s Office. The UK’s data protection authority. ico.org.uk.

IDTA

International Data Transfer Agreement. The UK’s mechanism for lawfully sending personal data to countries outside the UK.

J

JMW Sales, Inc.

The Oregon corporation that operates Blue Marble® at thinkbluemarble.com. The data controller and legal entity responsible for this Policy.

M

MCDPA

Montana Consumer Data Privacy Act. Effective October 1, 2024. Includes protections for consumers aged 13–15.

MCDPA-MN

Minnesota Consumer Data Privacy Act. Effective July 31, 2025.

Meta Pixel

JavaScript code from Meta (Facebook/Instagram) that collects visitor data from our website for advertising analytics.

MODPA

Maryland Online Data Privacy Act. Effective October 1, 2025. The strictest U.S. data minimization standard.

N

NDB scheme

Notifiable Data Breaches scheme. Australia’s mandatory data breach notification program under the Privacy Act 1988 (Cth), requiring notification to the OAIC and affected individuals for eligible data breaches.

NDPA

Nebraska Data Privacy Act. Effective January 1, 2025.

NHPA

New Hampshire Privacy Act. Effective January 1, 2025.

NJDPA

New Jersey Data Privacy Act. Effective January 15, 2025.

O

OAIC

Office of the Australian Information Commissioner. Australia’s privacy regulator. www.oaic.gov.au.

OCPA

Oregon Consumer Privacy Act. Effective July 1, 2024. Includes protections for consumers aged 13–15.

OPC

Office of the Privacy Commissioner of Canada. Canada’s federal privacy regulator. priv.gc.ca.

P

PCI DSS

Payment Card Industry Data Security Standard. Security rules for businesses handling card data. v4.0.1 mandatory since March 31, 2025.

PIPEDA

Personal Information Protection and Electronic Documents Act. Canada’s federal private-sector privacy law.

PIPA (Alberta / BC)

Personal Information Protection Act. Provincial privacy laws in Alberta and British Columbia.

S

SBA

U.S. Small Business Administration. Defines “small business” thresholds used in Texas and Nebraska privacy laws. JMW Sales, Inc. exceeds these thresholds.

SCCs

Standard Contractual Clauses. EU-approved contracts for transferring personal data to countries outside the EU/EEA.

SDK

Software Development Kit. Third-party tools (like Google Analytics or the Meta Pixel) embedded in websites that may collect user data.

SSL/TLS

Secure Sockets Layer / Transport Layer Security. Encryption protecting data in transit. All data to/from thinkbluemarble.com is TLS-encrypted.

T

TDPSA

Texas Data Privacy and Security Act. Effective July 1, 2024.

TIPA

Tennessee Information Protection Act. Effective July 1, 2025.

U

UCPA

Utah Consumer Privacy Act. Effective December 31, 2023.

UK GDPR

United Kingdom’s version of the EU GDPR, effective January 1, 2021. Enforced by the ICO.

V

VCDPA

Virginia Consumer Data Protection Act. Effective January 1, 2023.

W

WCAG

Web Content Accessibility Guidelines. W3C standards for digital accessibility. WCAG 2.1 Level AA is referenced by the ADA, EU EAA, and Canadian accessibility laws.

JMW Sales, Inc. dba Blue Marble®  •  Appendix A: Glossary

© 2026 JMW Sales, Inc. All rights reserved.