Hiranja ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. We comply with: • GDPR (General Data Protection Regulation) for EU users • CCPA (California Consumer Privacy Act) for California residents • PIPEDA (Personal Information Protection and Electronic Documents Act) for Canadian users • Other applicable international data protection laws By using our services, you consent to the data practices described in this policy.

We collect several types of information to provide and improve our services: Personal Information You Provide: • Name and contact information (email, phone, address) • Billing and shipping addresses • Payment information (processed securely through Stripe) • Account credentials (username, password) • Order history and preferences • Communications with us (emails, contact form submissions) Automatically Collected Information: • IP address and device information • Browser type and version • Operating system • Pages visited and time spent on site • Referring website addresses • Cookies and similar tracking technologies • Location data (approximate, based on IP address) Information from Third Parties: • Payment verification from Stripe • Shipping updates from Printful • Social media profile information (if you connect accounts) We do not collect sensitive personal information such as race, religion, health data, or biometric information.

We use your information for the following purposes: Order Processing and Fulfillment: • Process and complete your orders • Communicate order status and shipping updates • Handle returns, refunds, and customer service inquiries • Verify payment information Account Management: • Create and manage your account • Authenticate your identity • Provide personalized experiences • Save your preferences and order history Marketing and Communications: • Send promotional emails and newsletters (with your consent) • Notify you of new products and special offers • Conduct surveys and gather feedback • Send important service announcements Website Improvement: • Analyze usage patterns and trends • Improve website functionality and user experience • Develop new features and services • Conduct A/B testing and optimization Legal and Security: • Prevent fraud and unauthorized transactions • Comply with legal obligations • Enforce our Terms and Conditions • Protect our rights and property • Resolve disputes We will never sell your personal information to third parties.

For users in the European Union, we process your personal data based on: Contractual Necessity: • Processing orders and delivering products • Providing customer support • Managing your account Legitimate Interests: • Improving our services • Preventing fraud • Marketing to existing customers • Website analytics Legal Obligation: • Tax and accounting requirements • Responding to legal requests • Compliance with regulations Consent: • Marketing emails to new subscribers • Optional cookies and tracking • Sharing data with third parties (beyond service providers) You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

We use cookies and similar technologies to enhance your experience: Essential Cookies: • Required for website functionality • Shopping cart and checkout process • User authentication and security • Cannot be disabled Performance Cookies: • Analyze website usage and performance • Identify technical issues • Improve loading times Functionality Cookies: • Remember your preferences • Personalize content • Save language and region settings Marketing Cookies: • Track advertising effectiveness • Deliver relevant advertisements • Measure campaign performance You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality. Third-Party Cookies: • Stripe (payment processing) • Analytics providers • Social media platforms For more information about cookies, visit www.allaboutcookies.org.

We share your information only in the following circumstances: Service Providers: • Printful (product fulfillment and shipping) • Stripe (payment processing) • Brevo (email communications) • Hosting and infrastructure providers • Analytics services These providers are contractually obligated to protect your data and use it only for specified purposes. Business Transfers: • In the event of a merger, acquisition, or sale of assets • Your information may be transferred to the new entity • You will be notified of any such change Legal Requirements: • When required by law or legal process • To protect our rights and property • To prevent fraud or illegal activities • To protect the safety of users or the public With Your Consent: • When you explicitly authorize us to share information • For purposes not covered in this policy We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We implement robust security measures to protect your information: Technical Safeguards: • SSL/TLS encryption for data transmission • Secure servers and databases • Regular security audits and updates • Firewall protection • Access controls and authentication Organizational Measures: • Employee training on data protection • Limited access to personal information • Confidentiality agreements • Incident response procedures Payment Security: • PCI DSS compliant payment processing through Stripe • We do not store complete credit card information • Tokenization of payment data Despite our efforts, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your data. If you suspect unauthorized access to your account, contact us immediately at [email protected].

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy: Active Accounts: • Information retained while your account is active • Order history maintained for customer service and legal compliance Inactive Accounts: • Accounts inactive for 3+ years may be deleted • You will receive notice before deletion • You can request account reactivation Order Information: • Retained for 7 years for tax and accounting purposes • Required by law in many jurisdictions Marketing Data: • Retained until you unsubscribe • Deleted within 30 days of unsubscribe request Legal Holds: • Information may be retained longer if required for legal proceedings • Deleted once legal obligation ends You can request deletion of your data at any time, subject to legal retention requirements.

You have the following rights regarding your personal information: Access Rights: • Request a copy of your personal data • Receive information about how we process your data • Obtain data in a portable format Correction Rights: • Update inaccurate or incomplete information • Request correction of errors Deletion Rights ("Right to be Forgotten"): • Request deletion of your personal data • Subject to legal retention requirements Restriction Rights: • Limit how we use your data • Object to certain processing activities Objection Rights: • Opt out of marketing communications • Object to automated decision-making • Withdraw consent for data processing Portability Rights: • Receive your data in a machine-readable format • Transfer data to another service provider To exercise these rights, contact us at [email protected]. We will respond within 30 days. California Residents (CCPA): • Right to know what personal information is collected • Right to delete personal information • Right to opt-out of sale (we do not sell your data) • Right to non-discrimination for exercising rights EU Residents (GDPR): • Right to lodge a complaint with supervisory authority • Right to data portability • Right to object to processing

We may send you marketing communications if: • You have created an account with us • You have subscribed to our newsletter • You have made a purchase (for related products) • You have provided consent Types of Marketing: • Email newsletters • Product announcements • Special offers and promotions • Surveys and feedback requests Opting Out: • Click "unsubscribe" in any marketing email • Update preferences in your account settings • Contact us at [email protected] • We will process opt-out requests within 48 hours Note: You will still receive transactional emails (order confirmations, shipping updates, account notifications) even if you opt out of marketing.

Hiranja operates globally, and your information may be transferred to and processed in countries other than your own. Data Transfer Safeguards: • Standard Contractual Clauses (SCCs) for EU data transfers • Adequacy decisions where applicable • Privacy Shield principles (where relevant) • Contractual obligations with service providers Countries We Transfer Data To: • United States (hosting and services) • European Union (fulfillment centers) • Other countries where Printful operates We ensure that all international transfers comply with applicable data protection laws and provide adequate protection for your personal information. If you are in the EU, you have the right to obtain information about the safeguards we use for international transfers.

Our services are not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected information from a child without parental consent, we will: • Delete the information immediately • Terminate the account • Notify the parent or guardian Parents and guardians are responsible for monitoring their children's online activities.

Our website may contain links to third-party websites, including: • Social media platforms • Payment processors • Shipping carriers • Partner websites We are not responsible for the privacy practices of these third parties. Each third-party website has its own privacy policy, and we encourage you to review them. This Privacy Policy applies only to information collected by Hiranja. Third-Party Services We Use: • Stripe: https://stripe.com/privacy • Printful: https://www.printful.com/policies/privacy • Brevo: https://www.brevo.com/legal/privacypolicy/

We may use automated decision-making in limited circumstances: Fraud Detection: • Automated systems analyze transactions for fraud risk • Suspicious orders may be flagged or cancelled • You can contact us to review any automated decision Personalization: • Automated recommendations based on browsing history • Personalized product suggestions • Customized marketing content You have the right to: • Request human review of automated decisions • Express your point of view • Contest the decision We do not use automated decision-making for decisions that significantly affect you without human oversight.

In the event of a data breach that affects your personal information, we will: Immediate Actions: • Contain and investigate the breach • Assess the risk to your data • Take steps to prevent further unauthorized access Notification: • Notify affected users within 72 hours (GDPR requirement) • Provide details about the breach • Explain steps we are taking • Advise on protective measures you can take Regulatory Notification: • Report to relevant data protection authorities • Comply with all legal notification requirements We maintain an incident response plan and regularly test our breach notification procedures.

California residents have specific rights under the CCPA: Right to Know: • Categories of personal information collected • Sources of personal information • Business purpose for collecting information • Categories of third parties we share with Right to Delete: • Request deletion of personal information • Subject to certain exceptions Right to Opt-Out: • We do not sell personal information • No opt-out necessary Right to Non-Discrimination: • We will not discriminate for exercising CCPA rights • Same prices and services for all customers "Shine the Light" Law: • Request information about data shared with third parties for marketing • We do not share data for third-party marketing To exercise your rights, contact us at [email protected] or call our toll-free number. We will verify your identity before processing requests.

EU residents have additional rights under GDPR: Data Protection Officer: • Contact our DPO for privacy concerns • Email: [email protected] Supervisory Authority: • Right to lodge complaint with your local data protection authority • Contact information available at https://edpb.europa.eu/ Cross-Border Data Transfers: • We use Standard Contractual Clauses • Adequacy decisions where applicable Legal Basis: • We clearly identify legal basis for each processing activity • You can request information about legal basis Data Protection Impact Assessments: • We conduct DPIAs for high-risk processing • Available upon request We appoint EU representatives as required by GDPR Article 27.

We may update this Privacy Policy periodically to reflect: • Changes in our practices • New legal requirements • Feedback from users • New features or services When We Update: • "Last Updated" date will be revised • Material changes will be prominently posted • Email notification for significant changes • Continued use constitutes acceptance We encourage you to review this policy regularly to stay informed about how we protect your information. Previous versions of this policy are available upon request.

For questions, concerns, or requests regarding this Privacy Policy or your personal information: Email: [email protected] Privacy Email: [email protected] Response Time: • We respond to inquiries within 48 hours • Complex requests may take up to 30 days • We will keep you informed of progress Mailing Address: Hiranja Privacy Team [Your Business Address] Data Protection Officer: For GDPR-related inquiries, contact our DPO at [email protected] We take your privacy seriously and are committed to addressing your concerns promptly and thoroughly.

By using Hiranja's website and services, you acknowledge that: • You have read and understood this Privacy Policy • You consent to the collection, use, and disclosure of your information as described • You understand your rights and how to exercise them • You agree to receive necessary transactional communications For marketing communications, we will obtain separate explicit consent. You can withdraw consent at any time by: • Updating your account preferences • Contacting us at [email protected] • Following unsubscribe links in emails Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.