1. Information We Collect.
We collect several types of information from and about users of the Site:
Personal Information You Provide:
When you create an account, place an order, subscribe to our newsletter, or contact us, we may collect personal details such as your name, billing and shipping address, email address, phone number, and payment information (credit card or other payment details, which are processed by our third-party payment providers). We may also collect profile information (username, password), and customer service communications.
Transactional and Usage Data:
We collect records of your purchases, order history, and interactions with our customer service. We may also collect technical data automatically from your device (e.g., IP address, device type, browser type, operating system) and usage data such as pages viewed, search queries, and links clicked.
Cookies and Tracking Technologies:
We use cookies and similar technologies to recognize your browser and capture certain information (see Section 3 below). Third-party analytics and advertising cookies (like Google Analytics and Facebook’s Meta Pixel) also collect usage and demographic information when you visit our Site. We do not use these tools to identify you personally, but to understand site usage and improve marketing (see Section 3).
2. How We Use Your Information.
Order Fulfillment:
To process and deliver your orders, communicate about your orders, and provide customer service. This includes billing, shipping, and tax calculation. Payment details are forwarded to our payment processors to charge your account.
Site Improvement and Analytics:
To operate and improve our Site, analyze user behavior, and customize user experience. For example, we use Google Analytics to measure site traffic and user interactions. Google Analytics “uses a set of cookies to collect information… and report site usage statistics… without personally identifying individual visitors”.
Marketing and Advertising:
To send you promotional emails or newsletters (if you opt in) and to display targeted ads. We use tools like Meta Pixel (Facebook) to measure the effectiveness of our ads; this pixel “collects data on how visitors interact with your site after seeing an ad—helping you optimize campaigns, refine messaging, and track conversions”. We will not send you marketing communications if you choose to opt out of such communications.
Legal and Safety Purposes:
To protect our rights, investigate fraud or abuse, and comply with legal obligations (such as tax, accounting, or government requests). We reserve the right to verify information you provide, and to cooperate with law enforcement if required by law.
3. Cookies and Tracking Tools.
We use cookies and similar tracking technologies to improve your experience on the Site. Cookies are small data files stored on your device that help us remember your preferences (such as language or shopping cart contents) and analyze how you navigate the Site. For example, Google Analytics places a cookie (‘_ga’) that “enables the service to distinguish one visitor from another”. We also use persistent cookies like Google’s _ga (lasting 2 years) to count unique visitors, and session cookies to maintain your login state. You may also encounter targeted advertising cookies (e.g. _gads or IDE) that support our marketing on Google or Facebook. The Google policies explain that these cookies “are used by advertisers to measure user activity and the performance of their ad campaigns”. Facebook’s Meta Pixel similarly uses cookies to track events on the Site for ad conversion purposes. You can control cookie preferences through your browser settings (to refuse or delete cookies), but note that disabling cookies may prevent some features of the Site from functioning properly.
4. Sharing Your Information.
We share personal information only as described below and with trusted third parties:
Payment Processors:
To complete transactions, we share payment information (such as billing address and order total) with our payment gateways (e.g., Stripe, PayPal, WooCommerce Payments). As WooCommerce notes, when using a payment gateway, “some of your – and your customers’ – data will be passed to the respective third party, including… information required to process or support the payment, such as the purchase total and your customer’s billing information” . We do not share your full credit card number with the Company; all card processing is handled on secure, PCI-compliant servers of the payment provider.
Shipping and Fulfillment:
We provide your shipping address, contact information, and order details to carriers (e.g., USPS, FedEx) and fulfillment centers so they can deliver your order.
Service Providers and Marketing Partners:
We use third-party services to operate our business (such as email service providers, customer support tools, and website hosting). We may share data (e.g., email address for newsletter sending, or usage data with analytics providers). We also share certain information with advertising partners like Google and Meta to show you personalized ads. For example, we may share non-sensitive user data with Meta for ad targeting via the Pixel. We do not sell your personal information to any unrelated third parties.
Legal Compliance:
We may disclose your data if required by law (e.g., court order, subpoena) or to protect our rights (for instance, to investigate fraud or enforce our Terms). In the event of a merger, sale, or acquisition, your information may be transferred to a successor entity, subject to this Privacy Policy.
5. Data Security and Storage.
We take reasonable measures to protect your personal data. Our systems use secure servers, firewalls, and encryption to prevent unauthorized access, disclosure, alteration, or destruction of your data. We limit access to personal information to those employees, contractors, or agents who need it to carry out their jobs, and they are bound by confidentiality obligations. As a privacy template advises, organizations should maintain “appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way”. However, no online method of data transmission is completely secure, so we cannot guarantee absolute security of your data.
We retain your personal data only for as long as necessary to fulfill the purposes it was collected for (such as completing your purchase, providing customer service, or for legal compliance). For example, we keep order records for tax and accounting purposes. According to GDPR guidelines, we will “only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including… legal, regulatory, tax, accounting or reporting requirements” . If you request deletion of your data and we are not legally required to retain it, we will erase it (unless there is a legitimate reason to keep it, such as pending disputes).
6. Your Rights (GDPR, CCPA, etc.).
European GDPR Rights:
If you are an EU resident, you have certain rights over your data, including the right to access the data we hold about you, correct inaccuracies, erase data, restrict or object to processing, and data portability. You may withdraw consent to non-essential processing (like marketing) at any time. These are the rights enumerated under GDPR, which include “access, rectify, erase, restrict processing, [and] object to data processing”.
California CCPA/CPRA Rights:
If you are a California resident, you have rights under the California Consumer Privacy Act. These include the right to request that we disclose the categories of personal data we have collected about you and how it is used, the right to delete personal data we have collected about you (with certain exceptions), and the right to opt out of the sale or sharing of your personal information. (Currently, we do not sell your personal information; however, you still have the right to direct us not to sell/share your data if that changes.) As the California Attorney General’s guidance notes, consumers have the “right to delete personal information” collected and to “opt-out” of sale or sharing of their personal information. The CPRA (2023) also grants Californians the right to correct inaccurate information and to limit the use of sensitive personal information.
Other Jurisdictions:
In many other jurisdictions, data protection laws grant rights similar to the above (such as the right to access your data, correct errors, or object to processing for direct marketing).
To exercise any of these rights, or to request a copy of your personal data, please contact us (see “Contact Us” below). We may need to verify your identity before granting such requests. We will respond to your request in accordance with applicable law. You will not be discriminated against for exercising any of these rights.
7. Third-Party Links and Privacy.
Our Site may include links to other websites (e.g., social media, search results, advertisements). These third-party sites have their own privacy policies, which may differ from ours. We do not control those sites and are not responsible for their practices. We encourage you to review the privacy policy of any site you visit after leaving shopehy.com. For example, clicking on a Facebook or Google ad will transfer some information (such as your IP or referrer) to those networks, which they manage under their own privacy rules.
8. Changes to this Privacy Policy.
We may update this Privacy Policy from time to time (for example, when we add new features or legal requirements change). Any changes will be posted on this page with a new “Last Updated” date. We encourage you to review this policy periodically. Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.
9. Contact Information.
If you have any questions about our Terms, Privacy Policy, or your data, or wish to exercise your privacy rights, please contact us at privacy@shopehy.com (or by mail at Mangat Tor Enterprises LLC, Attn: Privacy Compliance, [Address]). We will respond to reasonable requests and inquiries about our privacy practices as soon as practicable. For U.S. residents, you may also refer to your local consumer protection agencies or privacy regulators for additional guidance or to file a complaint.