Privacy Policy
1. Information We Collect
1.1 Directly Provided Data
– Order Information: Name, billing address, shipping address, email, phone number (for order confirmation and tracking).
– Payment Information: Credit card number, expiration date, security code (processed securely via third-party payment gateways; we do not store full payment details).
– Account Information: Username, password, date of birth (for age verification and personalized recommendations).
– User-Generated Content: Product reviews, photos, social media interactions (e.g., content submitted via Instagram hashtags like #MiraNails).
1.2 Automatically Collected Data
– Technical Data: IP address, browser type (e.g., Chrome/Safari), device information (e.g., iOS/Android), timestamps.
– Behavioral Data: Page clickstreams (e.g., heatmap analysis), cart abandonment duration, product browsing history (used for recommendation algorithms).
– Cookie Categories:
– Essential: Maintain shopping cart status and user login sessions.
– Analytical: Google Analytics 4 (anonymized data; disabling may limit traffic insights).
– Marketing: Facebook Pixel (for ad retargeting; users may block via browser extensions).
2. How We Use Your Information
2.1 Core Purposes
– Order Fulfillment: Share shipping details with logistics partners (e.g., DHL/USPS) to provide real-time tracking links.
– Customer Support: Process returns/exchanges via email (mirabaak6@gmail.com) or live chat tools (e.g., Zendesk).
2.2 Marketing & Personalization
– Email Campaigns: Welcome sequences, cart abandonment reminders, holiday promotions (managed via Klaviyo; opt-out available).
– Dynamic Ads: Display relevant press-on nail designs based on browsing history (e.g., Instagram ads).
2.3 Legal & Security
– Fraud Prevention: Validate high-risk orders using tools like Signifyd.
– Tax Compliance: Report transaction records to tax authorities (e.g., EU VAT).
3. Automated Data Collection
3.1 Cookie Management
– Consent Mechanism: Customizable cookie consent banner upon first visit (GDPR/ePrivacy compliant).
– Retention Periods: Session cookies (expire upon browser closure); persistent cookies (up to 12 months).
3.2 Third-Party Analytics
– Google Analytics 4: IP anonymization enabled; data sharing with Google Ads disabled.
– Hotjar: Tracks page scrolling/clicks (excludes input field capture)
4. Information Sharing
4.1 Service Providers
– Logistics Partners: ShipStation (Privacy Policy: [https://www.shipstation.com/privacy-policy/](https://www.shipstation.com/privacy-policy/)).
– Customer Support Platforms: Zendesk (data stored in AWS U.S. regions under GDPR Data Processing Agreements).
4.2 Legal Disclosures
– Court Orders: Disclosure of order records may occur in response to valid U.S. subpoenas.
– Intellectual Property: Collaborate with brand partners (e.g., designers) to address infringement claims.
5. Your Rights & Choices
5.1 Data Subject Rights
– Access: Request export of order data from the past 12 months (CSV format).
– Deletion: Permanent data deletion within 30 days of account closure (tax records retained for 7 years).
– Objection: Opt out of personalized ads via Your Online Choices or NAI platforms.
5.2 Mira Rewards Loyalty Program
– Points System: 1 point = $1; inactive accounts forfeit points after 12 months.
– Data Linkage: Rewards account tied to purchase history; disabling forfeits unredeemed benefits.
6. Data Transfers
– EU Users: Data transferred outside the EU adheres to GDPR Standard Contractual Clauses (SCCs).
– China Users: Data stored via Tencent Cloud Hong Kong servers to avoid cross-border transfers.
7. Children’s Privacy
– Age Verification: Birthdate required at registration; orders blocked for users under 13.
– Parental Controls: Full refunds and account termination for accidental minor purchases.
8. Security Measures
– Technical Safeguards: TLS 1.2 encryption, annual penetration testing, database anonymization.
– Internal Controls: Role-based access limited to “need-to-know” personnel under NDAs.
9. External Links
– Partner Brands: Clear disclaimer when redirecting to third-party sites (e.g., “You are now leaving Mira Online“).
– Social Media Plugins: Facebook “Like” buttons load only upon user interaction (reduces tracking).
10. Policy Updates
– Notification: Material changes (e.g., expanded data sharing) communicated via email 30 days in advance.
– Version Archive: Historical policies available upon request to mirabaak6@gmail.com.
Additional Notes:
– Returns: Account deletion does not affect completed return records (retained for 6 years post-transaction).
– Biometric Data: Explicitly states no collection of fingerprints, facial recognition, or similar data.