1. Information We Collect
1.1 Personally Identifiable Information (PII)
ShopMyExchange may collect personally identifiable information when you voluntarily provide it through forms, account registration, or direct communication. PII may include your name, email address, mailing address (including APO/FPO/DPO addresses), phone number, and DoD identification information necessary for verifying eligibility. We collect PII only when you actively submit it and only for the purposes described in this policy.
In accordance with DoD privacy regulations, we handle all PII with the highest level of care. Military-related PII — including service branch, installation assignment, and dependent status — is treated as sensitive information subject to additional safeguards. We do not collect Social Security numbers, financial account numbers, or classified information through this website.
1.2 Non-Personal Information
When you visit ShopMyExchange, our servers automatically collect non-personal information including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and date/time of access. This information is collected through standard web server logs and analytics tools and cannot, by itself, be used to identify you personally. We use this data to analyse site traffic patterns, improve site performance, and ensure the security of our systems.
1.3 Information from Third Parties
We may receive eligibility verification information from the Defense Enrollment Eligibility Reporting System (DEERS) and the Department of Veterans Affairs (VA) to confirm your authorised status for Exchange shopping benefits. This verification is conducted through secure, encrypted channels and is limited to the minimum information necessary to confirm eligibility. We do not receive or store your complete military service record, medical information, or VA disability rating through this process.
2. How We Use Your Information
2.1 Purpose of Collection
Information collected through ShopMyExchange is used for the following purposes: verifying your eligibility to access Exchange shopping benefits; processing and fulfilling orders; communicating with you about your account, orders, and customer service enquiries; improving our website functionality and user experience; sending promotional communications (only with your consent); preventing fraud and ensuring the security of our systems; and complying with applicable laws and DoD directives.
2.2 Legal Basis
Our collection and use of your information is authorised under 10 U.S.C. Section 2481, which establishes the military resale system, and DoD Directive 1330.21, which governs the operation of Armed Services Exchange activities. Additional authority derives from the Privacy Act of 1974 (5 U.S.C. 552a), which regulates the collection, maintenance, use, and dissemination of PII by federal agencies and their instrumentalities.
3. Cookies and Tracking Technologies
3.1 Types of Cookies
ShopMyExchange uses cookies and similar tracking technologies to enhance your browsing experience. We employ the following categories of cookies:
Essential Cookies: Required for basic site functionality including session management, authentication, and security. These cookies cannot be disabled without impairing site functionality. They do not store PII and expire when you close your browser or within 24 hours of inactivity.
Functional Cookies: Enable enhanced functionality such as remembering your preferences, language settings, and recently viewed products. These cookies improve your experience but are not strictly necessary. They persist for up to 365 days.
Analytics Cookies: Help us understand how visitors interact with ShopMyExchange by collecting anonymous usage data including page views, navigation paths, and time on site. This data is aggregated and cannot identify individual users. Analytics cookies persist for up to 26 months.
3.2 Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies, set preferences for specific websites, and receive notifications when cookies are set. Please note that blocking essential cookies may prevent you from accessing certain features of ShopMyExchange, including account login and checkout functionality. For information about managing cookies in your specific browser, consult your browser's help documentation.
3.3 Do Not Track
ShopMyExchange respects Do Not Track (DNT) signals sent by your browser. When we detect a DNT signal, we disable non-essential analytics and functional cookies for your session. Essential cookies required for site operation continue to function regardless of DNT settings.
4. Data Sharing and Disclosure
4.1 Third-Party Sharing
ShopMyExchange does not sell, rent, or trade your PII to third parties for marketing purposes. We may share your information with the following categories of recipients, solely for the purposes described in this policy:
DoD Systems: Eligibility verification with DEERS and VA databases through secure government channels.
Payment Processors: Secure transmission of payment information to process transactions. Payment processors are contractually bound to use your information only for transaction processing and are subject to PCI DSS compliance requirements.
Shipping Carriers: Name and address information necessary to deliver your orders, including USPS Military Postal Service for APO/FPO/DPO shipments.
Service Providers: Website hosting, analytics, and customer service providers who assist in operating ShopMyExchange. These providers are contractually prohibited from using your information for any purpose other than providing services to us.
4.2 Legal Requirements
We may disclose your information when required by law, subpoena, court order, or government investigation. We may also disclose information when necessary to protect the rights, property, or safety of ShopMyExchange, our users, or the public, or to enforce our terms of service.
5. Data Security
5.1 Security Measures
ShopMyExchange employs industry-standard security measures to protect your information from unauthorised access, alteration, disclosure, or destruction. These measures include Transport Layer Security (TLS) encryption for all data transmitted between your browser and our servers; encryption of PII at rest using AES-256 encryption; access controls limiting data access to authorised personnel on a need-to-know basis; regular security audits and vulnerability assessments; intrusion detection and prevention systems; and secure development practices following OWASP guidelines.
5.2 DoD Security Standards
As an activity associated with the Army & Air Force Exchange Service, ShopMyExchange adheres to DoD information security requirements including those outlined in DoD Instruction 8500.01 (Cybersecurity) and the Risk Management Framework (RMF). Our security posture is designed to meet or exceed the standards required for handling Controlled Unclassified Information (CUI) where applicable.
6. Data Retention
6.1 Retention Periods
ShopMyExchange retains your information only for as long as necessary to fulfil the purposes for which it was collected, as follows:
Account Information: Retained for the duration of your active account plus 3 years following account closure or last activity, consistent with federal record retention requirements.
Order and Transaction Records: Retained for 7 years from the date of transaction to comply with federal financial record-keeping requirements and to support warranty and return claims.
Customer Service Communications: Retained for 3 years from the date of the last communication in the thread.
Analytics Data: Aggregated analytics data is retained indefinitely in anonymised form. Raw analytics data containing IP addresses is retained for no more than 26 months before being anonymised or deleted.
Server Logs: Retained for 90 days for security monitoring purposes, then deleted.
6.2 Deletion Requests
You may request deletion of your PII by contacting us at support@shopmyexchange.co.com or through the Contact Us page. We will process deletion requests within 30 days, subject to legal and regulatory retention requirements. Some information may be retained in backup systems for a limited period after deletion from active systems. Information required to be retained under federal law or DoD directive cannot be deleted upon request but will be securely stored and restricted from active use.
7. Your Rights and Choices
7.1 Access and Correction
You have the right to access the PII we hold about you and to request correction of inaccurate information. You can review and update your account information by logging into your ShopMyExchange account and visiting the profile settings page. For information not accessible through your account dashboard, contact our privacy team at support@shopmyexchange.co.com.
7.2 Communication Preferences
You may opt out of promotional emails at any time by clicking the unsubscribe link in any promotional communication or by updating your notification preferences in your account settings. Opting out of promotional communications does not affect transactional communications (order confirmations, shipping notifications, account security alerts), which will continue as long as you maintain an active account.
7.3 California Residents
California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what PII is collected, the right to request deletion, and the right to opt out of the sale of PII. As stated above, ShopMyExchange does not sell PII. California residents may submit CCPA requests to support@shopmyexchange.co.com.
8. Children's Privacy
ShopMyExchange is not directed to children under 13 years of age. We do not knowingly collect PII from children under 13. If we become aware that a child under 13 has provided PII through our website, we will promptly delete that information. If you believe a child under 13 has submitted PII to ShopMyExchange, please contact us at support@shopmyexchange.co.com. Our practices comply with the Children's Online Privacy Protection Act (COPPA) as enforced by the Federal Trade Commission.
9. International Users
ShopMyExchange serves military families stationed worldwide, including in countries within the European Economic Area (EEA). If you access ShopMyExchange from outside the United States, your information will be transferred to and processed in the United States. By using ShopMyExchange, you consent to this transfer. For military members and families stationed overseas, data transfers are conducted under the authority of international agreements governing the status of U.S. forces and their activities in host nations (Status of Forces Agreements / SOFAs).
10. Third-Party Links
ShopMyExchange may contain links to external websites, including government resources such as the Department of Defense and the Federal Trade Commission. These external websites operate under their own privacy policies, and ShopMyExchange is not responsible for their privacy practices or content. We encourage you to review the privacy policy of any external website before providing PII.
11. Changes to This Policy
ShopMyExchange reserves the right to update this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify registered users via email. Your continued use of ShopMyExchange after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically to stay informed about how we protect your information.
12. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us through any of the following channels:
Email: support@shopmyexchange.co.com
Contact Page: ShopMyExchange Contact Us
Mailing Address: ShopMyExchange Privacy Office, P.O. Box 660202, Dallas, TX 75266-0202
For general questions about DoD privacy policies, visit the Department of Defense Privacy Programme. For information about your rights under federal consumer protection law, visit the Federal Trade Commission.
This Privacy Policy is effective as of March 29, 2026, and applies to all information collected through shopmyexchange.co.com from that date forward. Previous versions of this policy are available upon request.