Privacy policy
Effective date: July 5, 2026.
We use the information you give us to answer questions, verify fitment, process orders, send receipts, and send shipment updates. We do not sell customer contact information.
What we collect
When you order parts or contact us, we collect the details needed to help you: name, shipping and billing address, email, phone number, order details, payment status, the contents of contact or inquiry messages, and any photos you choose to attach to a message (for example, to show how an item arrived or the part on your vehicle).
If you use fitment tools such as My Vehicle, My Garage, or VIN decode, we also store the vehicle details or VIN you enter so we can show parts that match your vehicle.
Cookies
Viking uses first-party functional cookies for things you ask the site to remember. We do not use advertising cookies, retargeting pixels, or analytics trackers that follow you across other websites.
- .Viking.Cart remembers the part tags in your cart for 14 days.
- .Viking.Garage remembers saved vehicles in My Garage. It renews itself each time you visit and expires about 13 months after your last visit — the longest browsers allow — so a returning customer's garage is still there years later.
- .Viking.MyVehicle remembers your pinned vehicle for fitment filtering for 30 days, until you clear it.
- .Viking.FitOff remembers when you pause the vehicle filter and choose to show all parts for 30 days.
- .Viking.SkipAutoPin is a short-lived 5-minute helper that keeps a donor vehicle page from immediately re-selecting the vehicle after you click Clear.
- .Viking.Orders remembers orders placed from this device for 180 days so you can look them up or cancel without typing an order number.
- .Viking.Customer is the secure customer-account sign-in cookie. It keeps you signed in for up to 30 days and renews that period while you remain active.
- __Host-Viking.PaymentReceipt temporarily stores a protected payment receipt reference so the clean receipt URL can load after payment. It expires after 2 hours.
- __Host-Viking.Credential.verify / __Host-Viking.Credential.reset temporarily store protected activation or password-reset details after you follow an emailed link, keeping those secrets out of the clean page URL. They expire after 30 minutes and are removed when the flow completes.
- __Host-Viking.Action.cancel.* / __Host-Viking.Action.return.* temporarily store a protected, order-specific authorization after you follow an emailed cancellation or return link. They expire after 30 minutes and are removed when used.
- .AspNetCore.Antiforgery.* helps protect forms against forged requests during your session.
- ARRAffinity / ARRAffinitySameSite are set by our hosting platform (Microsoft Azure) to keep your visit routed to the same server. They last only for your browser session and contain no personal information.
We use cookieless site measurement to understand visits, referrers, top pages, and device types. It does not set cookies, use local storage, or fingerprint you.
Tracking texts
If you opt in at checkout, we use your mobile number only for that order's confirmation; initial or replacement tracking; delay, out-for-delivery, and delivery notices; and return-received updates. Message frequency varies by order and shipment. Messages come from our approved toll-free number, (888) 499-9936. Message and data rates may apply. Reply STOP to opt out or HELP for help.
Order records
Order, payment-status, and shipping records are retained so we can fulfill orders, handle returns, support warranty claims, and meet accounting requirements.
Service providers
We share only what is needed with providers that operate the store and fulfill orders:
- Payments: PayFabric/EVO hosts the payment page. Card numbers are entered on their page and never touch Viking servers.
- Shipping: ShipStation and shipping carriers receive the details needed to rate, buy, and deliver labels.
- SMS delivery: our texting provider (Twilio) delivers order status and tracking texts you opt in to.
- Cloud hosting and storage: Microsoft Azure hosts the website, database-backed services, and catalog media.
- VIN decoding: VINs you enter may be decoded through the free NHTSA vPIC API.
- California sales tax: ship-to address details may be sent to CDTFA's rate service to calculate the correct tax rate.
- Internal alerts: order and inquiry notifications may transit Telegram so our team can respond quickly.
- Cookieless analytics: Cloudflare Web Analytics counts basic site usage without cookies, local storage, or fingerprinting.
No sale or sharing
We do not sell personal information or share it for cross-site behavioral advertising. Because there is no sale or sharing to opt out of, Global Privacy Control signals do not change how the site behaves.
Contact
Questions about your information? Contact us or call (530) 353-6118.