Privacy policy

Privacy Policy

How LBMGB LLC and Paragraph handle personal information collected through us.paragraph.wine.

Effective: 2026-05-08 · Last Updated: 2026-05-09

1. Who We Are

This Privacy Policy describes how LBMGB LLC, a North Carolina limited liability company doing business as A Route West (rebranding to Avenor) (“LBMGB,” “we,” “us”), collects, uses, shares, and protects personal information in connection with the online store at us.paragraph.wine (the “Site”).

LBMGB acts as the U.S. merchant of record for the Paragraph brand, selling non-alcoholic wine and related products on a consignment basis on behalf of Paragraph SA (Switzerland) and its affiliated Spanish entity (collectively, “Paragraph”). LBMGB and Paragraph act as joint controllers of personal information collected through the Site for the purposes described below.

If you are a California resident, please also see our California Consumer Privacy Notice.

2. Personal Information We Collect

Information you provide to us

Identifiers — name, billing/shipping address, email address, phone number.
Account credentials — username and password (passwords are stored hashed via Shopify).
Order and transaction information — products ordered, order amount, order history.
Payment information — payment method, last four digits and brand of payment card. Full card numbers are processed by our payment processors and are not stored by LBMGB.
Communications — messages, reviews, survey responses, and support inquiries.
Marketing preferences — opt-in to email (and, in the future, SMS), back-in-stock notification subscriptions, and your cookie consent choices.

Information collected automatically

Device and connection data — IP address, device identifiers, browser type, operating system, language, time zone.
Usage data — pages viewed, links clicked, referring/exit URLs, time on page, scroll depth, site search queries, outbound clicks, file downloads, video engagement, and form interactions.
Ecommerce events — view_item, view_item_list, select_item, add_to_cart, remove_from_cart, view_cart, begin_checkout, add_payment_info, add_shipping_info, and purchase, plus newsletter sign-up and partner-redirect events.
Event identifiers — per-event UUIDs (event_id) for client-server deduplication.
Cookie and similar technology identifiers — first-party and third-party cookies, pixels, SDKs, and local storage. Your cookie consent state is stored in browser localStorage for up to 13 months under the key lbmgb_consent_v1.
Approximate location derived from IP address.

Pseudonymized identifiers we generate

When you log in, place an order, sign up for the newsletter, or submit a back-in-stock notification, we generate SHA-256 (RFC 6234) one-way cryptographic hashes of your normalized email address, E.164 telephone number, given and family names, locality, administrative region, and postal code in your browser. These pseudonymized identifiers within the meaning of Article 4(5) GDPR are transmitted to the destinations enumerated in Section 4 and processed within the Joint Processing Environment described in Section 5A. Plaintext source values are not transmitted to such destinations except as expressly stated below in respect of Klaviyo.

Information from third parties

Paragraph — historical purchase or marketing records when you opt in to a Paragraph-wide profile.
Payment processors — fraud and risk signals (Shopify, PayPal, Apple Pay).
Advertising and analytics partners — audience and conversion signals.
Affiliated Controllers — pseudonymized identifiers and derived behavioral aggregates as described in Section 5A.

We do not knowingly collect personal information from anyone under 16 years of age.

3. How We Use Personal Information

We use personal information for the following purposes and for additional purposes that are materially compatible with the following purposes within the meaning of Article 6(4) GDPR and analogous compatibility provisions of applicable U.S. state privacy regimes:

Process orders, payments, returns, refunds, and shipping notifications.
Provide and operate the Site, including account creation, login, and customer support.
Detect, prevent, and respond to fraud, abuse, security incidents, and unlawful activity.
Send transactional communications (order confirmations, shipping updates, account notices, back-in-stock notifications you have requested).
Send marketing communications, where you have opted in or as otherwise permitted by law, including without limitation cross-channel, cross-device, and cross-property marketing communications coordinated across LBMGB and the Affiliated Controller Group described in Section 5A.
Personalize the Site experience and recommend products, including by means of statistical and machine-learning models trained on aggregated and pseudonymized data.
Measure, analyze, attribute, and optimize the performance of the Site, products, marketing campaigns, advertising creative, and audience segmentation, including cross-device measurement where you have consented to advertising cookies.
Develop, test, and improve the Site, our products, our marketing infrastructure, and the products and marketing infrastructure of the Affiliated Controller Group.
Comply with legal obligations (tax, accounting, regulatory reporting, dispute resolution).
Enforce our Terms of Use and other policies.
Develop, improve, and operate the Paragraph brand and product line, in coordination with Paragraph.

4. Cookies, Tracking, Analytics, and Advertising Technologies

Scope of consent obtained through the Site

By accepting the cookie banner described below, by creating an account, by submitting an email address or telephone number through any form on the Site, or by continuing to use the Site after notice of this Policy, you provide your express, informed, specific, freely given, unambiguous, and revocable consent, within the meaning of Article 4(11) GDPR and analogous provisions of applicable U.S. state privacy regimes, to the processing of your personal information for each of the purposes enumerated in Section 3, by each of the categories of recipients enumerated in Sections 4 and 5, including without limitation:

the categories of cookies, tags, pixels, SDKs, server-to-server transmissions, and similar technologies enumerated in this Section 4, and any successor or materially similar technologies adopted by LBMGB or the Operator from time to time for the purposes enumerated in Section 3;
the processing of pseudonymized identifiers and derived behavioral aggregates within the Joint Processing Environment described in Section 5A;
the engagement of additional sub-processors and advertising partners, including without limitation additional advertising networks, attribution platforms, customer data platforms, marketing automation platforms, and analytics platforms, provided that such engagement is consistent with the categories of recipients and purposes enumerated in this Policy;
the cross-context behavioral advertising, audience suppression, statistical similarity modeling, and multi-controller identity resolution operations described in Section 5A; and
the processing of your personal information for the development, training, evaluation, and operation of statistical and machine-learning models for the purposes enumerated in Section 3, exclusive of the prohibited uses enumerated in Section 5A.

This consent is provided in addition to, and not in lieu of, any other lawful basis for processing relied upon by LBMGB under Article 6(1) GDPR or applicable U.S. state law (including without limitation contractual necessity, legitimate interests, and compliance with legal obligations). Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal, and does not affect processing carried out under a separate lawful basis.

How tracking works on this Site

We use cookies, pixels, tags, SDKs, and similar technologies to operate the Site, remember your preferences, measure performance, and deliver relevant advertising. All non-essential tags are loaded through Google Tag Manager. Google Tag Manager and the events it sends are routed through a first-party server-side endpoint we operate at metrics.us.paragraph.wine (a server-side GTM, or sGTM, proxy). Loading of all non-essential tags is gated by your consent choices, expressed through the cookie banner described in the next section, and translated into Google Consent Mode v2 signals (analytics_storage, ad_storage, ad_user_data, ad_personalization).

Our consent banner and your regional defaults

We use a custom consent banner powered by Shopify’s Customer Privacy API. Defaults vary by region:

European Economic Area, United Kingdom, and Switzerland — analytics and marketing cookies are off by default. No analytics or advertising tags fire until you click “Accept” in the banner.
United States and rest of world — analytics and marketing cookies are on by default on first visit (an opt-out model permitted under U.S. state privacy laws). You may withdraw consent at any time using the “Do Not Sell or Share My Personal Information” link in the Site footer, which reopens the banner.

Your consent choice is stored in browser localStorage for up to 13 months and synchronized to Google Consent Mode v2 and to our server-side endpoint.

Global Privacy Control (GPC)

We honor the Global Privacy Control browser signal (navigator.globalPrivacyControl === true) as a verified consumer request to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising, in accordance with California Code of Regulations title 11, § 7025(b), Colorado Privacy Act regulation 4 CCR 904-3 Rule 5.04, Connecticut Data Privacy Act § 42-520(b)(1), and analogous opt-out preference signal requirements adopted by other state regulators.

When the GPC signal is asserted by your browser:

Our cookie banner records your consent state as denied for the marketing category. Because Google Consent Mode v2 couples advertising audience export and dynamic remarketing to analytics_storage, the analytics category is also denied so that audience signal is not transmitted to advertising surfaces while you have asserted an opt-out preference.
The denial is propagated to Google Consent Mode v2 (ad_storage, ad_user_data, ad_personalization, analytics_storage all set to denied), to Shopify’s Customer Privacy state (sale_of_data: false), and to our server-side tag endpoint, with prospective effect.
Your pseudonymized identifiers are excluded from the Joint Processing Environment described in Section 5A on a forward basis from the time the signal is detected.
The GPC-derived opt-out persists across sessions on the same browser. You may affirmatively override it for the same browser by re-opening the consent banner via the “Do Not Sell or Share My Personal Information” link in the Site footer and granting consent — in which case the affirmative grant supersedes the browser signal for that browser only, consistent with California Code of Regulations title 11, § 7025(c).

Honoring GPC does not require, and does not constitute, identification of the natural person to whom the browser belongs.

Categories of cookies and tags we load

Category	Examples	Purpose	Consent gate
Strictly necessary	Shopify session, cart, checkout cookies; `lbmgb_consent_v1` consent record	Operate the Site, secure your session, remember your consent choice	Always on
Performance / Analytics	Google Analytics 4 (via Google Tag Manager and our sGTM endpoint); Shopify Analytics	Measure traffic, content engagement, and feature usage	`analytics_storage`
Performance / Analytics — Google signals	Cross-device modeling, demographics & interests, remarketing audiences	For visitors signed in to a Google account who have enabled Ads Personalization, Google may associate their visit with their Google account to enable cross-device measurement and richer reporting	`analytics_storage` + `ad_user_data`
Marketing / Advertising — Google	Google Ads conversion tags, Google Ads Enhanced Conversions, dynamic remarketing	Audience building, conversion measurement, retargeting; uses pseudonymized identifiers to improve match rates	`ad_storage` + `ad_user_data`
Marketing / Advertising — Meta	Meta Pixel and Meta Conversions API (CAPI), delivered through Google Tag Manager and our sGTM endpoint	Audience building, conversion measurement, retargeting on Facebook and Instagram; uses pseudonymized identifiers	`ad_storage` + `ad_user_data`
Email & lifecycle — Klaviyo	Klaviyo onsite behavioral tracking, Klaviyo identify (logged-in customers and newsletter subscribers), Klaviyo back-in-stock subscriptions	Email and on-site marketing, segmentation, lifecycle automation, low-stock alerts	`analytics_storage` for behavioral tracking; opt-in submission for back-in-stock
Joint Processing Environment	Pseudonymized identifiers and derived behavioral aggregates pooled across Affiliated Controllers (see Section 5A)	Negative-audience exclusion, statistical similarity modeling, multi-controller identity resolution	`ad_storage` + `ad_user_data` (and analytics consent in EEA/UK/CH)

Google Analytics 4 — enhanced measurement, Google signals, and user-provided data

We use the following optional Google Analytics 4 features. None of them load until you have granted analytics_storage consent through our cookie banner.

Enhanced measurement — Google Analytics 4 automatically measures scroll depth, outbound clicks, site search, video engagement, file downloads, and form interactions.
Google signals — for visitors signed in to a Google account who have enabled Ads Personalization, Google may associate their visit with information Google holds about that account (approximate location, demographics, and interests) to enable cross-device measurement, remarketing audiences, and demographic and interest reporting, in accordance with Google’s Advertising Features Policy. Visitors may review their Google account settings at myaccount.google.com.
User-provided data collection — SHA-256 hashed identifiers (email, phone, name, address) are transmitted to Google Analytics and Google Ads (Enhanced Conversions) for conversion measurement and audience matching. Plaintext source values are not transmitted, and Google does not return raw user data to us.

You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, by withdrawing consent in our cookie banner, or by disabling Ads Personalization in your Google account.

Meta Pixel and Conversions API

Where you have granted advertising consent, ecommerce events are transmitted to Meta both client-side (Meta Pixel) and server-side (Meta Conversions API, routed through our sGTM endpoint) with SHA-256 hashed identifiers attached for Advanced Matching purposes. Plaintext source values are not transmitted to Meta.

Klaviyo — identity and back-in-stock

We engage Klaviyo as our email marketing processor. Where you have granted analytics consent, Klaviyo loads onsite behavioral tracking. When you log in, sign up for our newsletter, or submit our forms, your email address, telephone number, and given and family names are transmitted to Klaviyo in plaintext for purposes of identity resolution and lifecycle messaging. Back-in-stock subscription submissions transmit your email address and the relevant product variant identifier to Klaviyo’s subscribe endpoint.

5. How We Share Personal Information

(a) Paragraph (joint controllers)

Paragraph SA (Switzerland) and its Spanish affiliate, as joint controllers, receive customer, order, and product-interest data. International transfers are governed by the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the Swiss FADP equivalent under our written DPA.

(b) Service providers (processors and contractors)

Shopify — ecommerce platform, hosting, checkout, Shopify Payments, Customer Privacy API.
PayPal, Apple Pay, Stripe (where applicable) — payment processing.
Klaviyo — email marketing platform; receives plaintext identifiers as our processor.
Google — Tag Manager (client and server), Analytics 4, Ads conversion measurement and Enhanced Conversions; receives event data and pseudonymized identifiers.
Meta — advertising and conversion measurement (Meta Pixel and Conversions API); receives event data and pseudonymized identifiers.
Operator (server-side tracking and Joint Processing Environment) — the entity defined as the Operator in Section 5A, acting as processor to LBMGB and to each Affiliated Controller, operating the first-party server-side tag endpoint at metrics.us.paragraph.wine and the Joint Processing Environment. Categories of personal data disclosed to the Operator are limited to (i) the pseudonymized identifiers and (ii) the derived behavioral aggregates enumerated in Section 5A, together with the event-stream data routed through the server-side tag endpoint. The Operator is contractually restricted from re-identifying, selling, sharing for cross-context behavioral advertising other than as enumerated in Section 5A, disclosing to additional third parties, retaining beyond the purposes for which the data was disclosed, or using the data outside of the direct business relationship between LBMGB and the Operator, within the meaning of § 1798.140(ag)(1) CCPA.
Logistics, fulfillment, and shipping carriers.
Customer support, fraud prevention, and analytics tools.
Additional processors and contractors engaged by LBMGB or the Operator from time to time consistent with the categories of recipients and purposes enumerated in this Policy.

(c) Advertising partners

We share device identifiers, pseudonymized contact data, and behavioral information with Google, Meta, and (subject to the consent and purpose limitations enumerated in this Policy) additional advertising networks, attribution platforms, and analytics platforms, for the purposes enumerated in Section 4 and Section 5A. Under the California Privacy Rights Act and analogous state laws, this may constitute a “sale” or “share” of personal information; California residents and other state-law residents may opt out via the “Do Not Sell or Share My Personal Information” link in the Site footer.

(d) Legal and safety

We may disclose personal information to comply with applicable law, lawful requests, court orders, subpoenas, or to protect the rights, property, or safety of LBMGB, Paragraph, our users, or others.

(e) Business transfers

In connection with a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to the successor entity, subject to confidentiality protections.

We do not sell personal information for monetary consideration. The “share” categorization above relates only to disclosure of identifiers to advertising partners and to the Joint Processing Environment for cross-context behavioral advertising.

5A. Affiliated Controllers and Joint Marketing Infrastructure

LBMGB engages a service provider (the “Operator”) which acts as a processor on behalf of LBMGB and, separately, on behalf of additional first-party data controllers operating direct-to-consumer properties under common engagement with the Operator (each, an “Affiliated Controller”; collectively, the “Affiliated Controller Group”). For the purposes enumerated below, LBMGB and each Affiliated Controller act as independent controllers of their respective data sets and as joint controllers, within the meaning of Article 26 GDPR and analogous provisions of the CPRA, CPA, CTDPA, VCDPA, UCPA, OCPA, TDPSA, and successor state regimes, with respect to the processing operations described in this Section 5A. A joint-controller arrangement (the “JCA”) executed between LBMGB and the Operator allocates responsibilities consistent with Article 26(1) GDPR; the essence of that arrangement is summarized in this Section 5A and the full arrangement is available on request pursuant to Article 26(2) GDPR.

Categories of personal data processed

The following categories of personal data are processed by the Operator on behalf of LBMGB and the Affiliated Controller Group within a logically segmented data environment maintained by the Operator (the “Joint Processing Environment”):

Pseudonymized identifiers within the meaning of Article 4(5) GDPR, comprising one-way cryptographic hashes (SHA-256, RFC 6234) of normalized email addresses, E.164 telephone numbers, given and family names, locality, administrative region, and postal code. Plaintext source values are not transmitted to, persisted in, or otherwise made available within the Joint Processing Environment, and the Joint Processing Environment does not maintain a re-identification key, lookup table, or rainbow-table reversal capability with respect to such hashes.
Derived behavioral aggregates keyed to the pseudonymized identifiers above, comprising recency, frequency, and monetary metrics (including lifetime order count, lifetime monetary value, and last-engagement timestamps), exclusive of any transaction-level event log, line-item product detail, payment instrument data, browsing event sequence, or geolocation granularity finer than postal code.

Specified, explicit, and legitimate purposes

Processing within the Joint Processing Environment is limited, by contractual and technical control, to the following purposes (Article 5(1)(b) GDPR; § 1798.100(c) CCPA), and to additional purposes that are materially compatible with the following purposes within the meaning of Article 6(4) GDPR:

Negative-audience exclusion — suppression of pseudonymized identifiers from prospecting audiences syndicated to advertising networks by LBMGB or any Affiliated Controller, where those identifiers correspond to individuals already in a converted or active state with respect to any controller in the Affiliated Controller Group.
Statistical similarity modeling — generation of seed sets for similarity-based audience expansion (“lookalike” or “act-alike” modeling) on advertising platforms, using pseudonymized identifiers and derived behavioral aggregates as seed inputs.
Multi-controller identity resolution — deterministic recognition, on the basis of matching pseudonymized identifiers, of natural persons interacting with more than one controller within the Affiliated Controller Group, for purposes of frequency capping, message-cadence coordination, and avoidance of contradictory marketing.

Processing for any purpose not enumerated above — including without limitation onward sale, profiling producing legal or similarly significant effects within the meaning of Article 22 GDPR, automated decision-making affecting eligibility, pricing differentiation, insurance, credit, employment, or housing determinations, training of generative or foundation models, or disclosure of derived behavioral aggregates to third parties — is contractually prohibited and technically restricted within the Joint Processing Environment.

Lawful bases (Articles 6 and 9 GDPR)

LBMGB relies on the following lawful bases, as applicable:

Article 6(1)(a) GDPR — consent, where the data subject has granted marketing-purpose consent through the consent mechanism described in Section 4;
Article 6(1)(f) GDPR — legitimate interests of LBMGB and the Affiliated Controller Group in efficient direct marketing, fraud prevention, marketing-frequency moderation, and avoidance of duplicative communications, balanced under Recital 47 GDPR against the data subject’s reasonable expectations and the pseudonymization, purpose-limitation, and data-minimization safeguards described herein.

No special categories of personal data within the meaning of Article 9(1) GDPR, and no sensitive personal information within the meaning of § 1798.140(ae) CCPA, are processed within the Joint Processing Environment.

Sub-processing and international transfers

The Joint Processing Environment is hosted on infrastructure provided by Google LLC (Google Cloud Platform), engaged as a sub-processor under written terms incorporating the Standard Contractual Clauses set forth in Commission Implementing Decision (EU) 2021/914, the United Kingdom International Data Transfer Addendum issued under § 119A Data Protection Act 2018, and equivalent transfer instruments under the Swiss Federal Act on Data Protection (revFADP). Such terms are in addition to, and do not supersede, the transfer instruments described in Section 6.

Technical and organizational measures

The Operator implements technical and organizational measures appropriate to the risk pursuant to Article 32 GDPR, including controller-segmented logical isolation within the Joint Processing Environment, role-based access control, audit logging, encryption in transit (TLS 1.2 or higher) and at rest, and contractual restriction of re-identification attempts.

Data subject rights and Article 26(3) GDPR contact point

Pursuant to Article 26(3) GDPR, the data subject may exercise rights under Articles 15 through 22 GDPR, and the equivalent rights under applicable U.S. state regimes (including without limitation §§ 1798.100, 1798.105, 1798.106, 1798.110, 1798.115, 1798.120, 1798.121, and 1798.130 CCPA), against LBMGB or against any Affiliated Controller, irrespective of the JCA’s internal allocation of responsibility. A verifiable consumer request directed to LBMGB or to any Affiliated Controller will be propagated by the Operator across the Joint Processing Environment such that the data subject’s pseudonymized identifiers and derived behavioral aggregates are erased from each controller-segmented partition within thirty (30) calendar days of receipt of the verified request, subject only to the exceptions enumerated at Article 17(3) GDPR and § 1798.105(d) CCPA. Requests may be submitted to privacy@paragraph.wine.

Withdrawal of consent and opt-out of “sale” or “sharing”

The data subject may, at any time and without detriment, withdraw consent or exercise the right to opt out of “sale” or “sharing” of personal information within the meaning of § 1798.120(a) CCPA and analogous state-law provisions, with prospective effect as to the Joint Processing Environment, by means of the consent mechanism described in Section 4 or the “Do Not Sell or Share My Personal Information” link maintained in the Site footer pursuant to § 1798.135(a) CCPA.

6. International Data Transfers

LBMGB is established in the United States. By using the Site, you understand that your personal information may be processed in the United States and shared with Paragraph in Switzerland and Spain (as joint controllers), with the Operator and its sub-processors (including Google LLC), and with the Affiliated Controller Group and their respective service providers, in the United States and other countries.

Where required, transfers are governed by the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss FADP equivalent under our written DPA, JCA, and sub-processor terms.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, satisfy legal, tax, accounting, and reporting obligations (which can require retention for several years), resolve disputes, and enforce our agreements. Cookie consent records are retained in your browser for up to 13 months; analytics data retention in Google Analytics 4 is configured to 14 months. When personal information is no longer needed, we securely delete or de-identify it.

Pseudonymized identifiers and derived behavioral aggregates processed within the Joint Processing Environment described in Section 5A are retained for the duration of the data subject’s active marketing relationship with LBMGB or any Affiliated Controller, plus a residual period not to exceed the limitation periods applicable to advertising attribution and chargeback dispute resolution. Erasure following a verified request pursuant to Article 17 GDPR, § 1798.105 CCPA, or any analogous state-law provision is effected within thirty (30) calendar days, in accordance with Section 5A.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, or alteration. Payment card information is handled by PCI-DSS-compliant processors. No system is perfectly secure, and we cannot guarantee the security of any information you transmit to us.

9. Your Choices and Rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you.
Correct inaccurate personal information.
Delete personal information (subject to legal exceptions, including those enumerated at Article 17(3) GDPR and § 1798.105(d) CCPA).
Receive a portable copy of your personal information.
Opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising — use the “Do Not Sell or Share My Personal Information” link in the Site footer.
Withdraw cookie consent — use the same footer link to reopen the consent banner and change your choice.
Limit our use of sensitive personal information.
Withdraw consent for processing that relies on consent (without affecting the lawfulness of processing carried out prior to such withdrawal, and without affecting processing carried out under a separate lawful basis).
Appeal a denial of a privacy request.
Lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@paragraph.wine or write to us at the address in Section 13. We will verify your identity (typically by matching information you provide to information already in our records) before responding. We will not discriminate against you for exercising any of these rights.

If your privacy rights are governed by EU/UK/Swiss law because Paragraph (CH/ES) holds joint-controller responsibility, you may also exercise those rights directly with Paragraph at the contact details published on Paragraph’s primary website. Pursuant to Article 26(3) GDPR and the JCA described in Section 5A, you may also exercise those rights against any Affiliated Controller.

10. Email and SMS Marketing

You may opt out of email marketing at any time by clicking the “unsubscribe” link in any marketing email or by contacting us. Transactional messages (order confirmations, shipping notices, account notices, back-in-stock notifications you requested) will continue regardless of marketing preferences.

LBMGB does not currently send SMS marketing. If we begin SMS marketing in the future, we will obtain your prior express written consent in compliance with the Telephone Consumer Protection Act (TCPA). You will be able to opt out at any time by replying STOP and request help by replying HELP. Standard message and data rates may apply.

11. Children’s Privacy

The Site is not directed to and we do not knowingly collect personal information from individuals under 16 years of age. If we learn that we have collected personal information from someone under 16, we will delete it. If you believe a child under 16 has provided us with personal information, please contact us at the address in Section 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top reflects the most recent revision. Material changes will be notified through the Site or by email. Your continued use of the Site after changes take effect constitutes your acceptance of the revised Policy.

13. Contact

LBMGB LLC (dba A Route West / Avenor)

742 Ashview Drive
Winston-Salem, NC 27103

Privacy: privacy@paragraph.wine

Customer service: support@paragraph.wine

Store

Language