Hiranja ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. We comply with: • GDPR (General Data Protection Regulation) for EU users • CCPA (California Consumer Privacy Act) for California residents • PIPEDA for Canadian users • Other applicable international data protection laws By using our services, you consent to the data practices described in this policy.

We collect several types of information to provide and improve our services: Personal Information You Provide: • Name and contact information (email, phone, address) • Billing and shipping addresses • Payment information (processed securely through Stripe) • Account credentials • Order history and preferences • Communications with us Automatically Collected Information: • IP address and device information • Browser type and version • Pages visited and time spent on site • Cookies and similar tracking technologies • Location data (approximate, based on IP address) We do not collect sensitive personal information such as race, religion, health data, or biometric information.

We use your information for the following purposes: Order Processing and Fulfillment: • Process and complete your orders • Communicate order status and shipping updates • Handle returns, refunds, and customer service • Verify payment information Account Management: • Create and manage your account • Authenticate your identity • Save your preferences and order history Marketing and Communications: • Send promotional emails and newsletters (with your consent) • Notify you of new products and special offers We will never sell your personal information to third parties.

For users in the European Union, we process your personal data based on: Contractual Necessity: • Processing orders and delivering products • Providing customer support • Managing your account Legitimate Interests: • Improving our services • Preventing fraud • Website analytics Consent: • Marketing emails to new subscribers • Optional cookies and tracking You have the right to withdraw consent at any time.

We use cookies and similar technologies to enhance your experience: Essential Cookies: • Required for website functionality • Shopping cart and checkout process • User authentication and security Performance Cookies: • Analyze website usage and performance • Identify technical issues Marketing Cookies: • Track advertising effectiveness • Deliver relevant advertisements You can control cookies through your browser settings. Note that disabling certain cookies may limit website functionality.

We share your information only in the following circumstances: Service Providers: • Fulfillment partners (shipping) • Stripe (payment processing) • Brevo (email communications) • Hosting and infrastructure providers These providers are contractually obligated to protect your data. Legal Requirements: • When required by law or legal process • To protect our rights and property • To prevent fraud or illegal activities We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We implement robust security measures to protect your information: Technical Safeguards: • SSL/TLS encryption for data transmission • Secure servers and databases • Regular security audits and updates • Access controls and authentication Payment Security: • PCI DSS compliant payment processing through Stripe • We do not store complete credit card information • Tokenization of payment data Despite our efforts, no method of transmission over the internet is 100% secure. If you suspect unauthorized access to your account, contact us immediately.

We retain your personal information for as long as necessary: • Active Accounts: information retained while your account is active • Order Information: retained for 7 years for tax and accounting purposes • Marketing Data: retained until you unsubscribe • Inactive Accounts: accounts inactive for 3+ years may be deleted You can request deletion of your data at any time, subject to legal retention requirements.

You have the following rights regarding your personal information: • Access: request a copy of your personal data • Correction: update inaccurate or incomplete information • Deletion: request deletion of your personal data • Restriction: limit how we use your data • Objection: opt out of marketing communications • Portability: receive your data in a machine-readable format To exercise these rights, contact us at [email protected]. We will respond within 30 days. EU Residents (GDPR): • Right to lodge a complaint with supervisory authority • Right to data portability

We may send you marketing communications if: • You have created an account with us • You have subscribed to our newsletter • You have made a purchase • You have provided consent Opting Out: • Click "unsubscribe" in any marketing email • Update preferences in your account settings • Contact us at [email protected] Note: You will still receive transactional emails (order confirmations, shipping updates) even if you opt out of marketing.

Hiranja operates globally, and your information may be transferred to and processed in countries other than your own. Data Transfer Safeguards: • Standard Contractual Clauses (SCCs) for EU data transfers • Adequacy decisions where applicable • Contractual obligations with service providers We ensure that all international transfers comply with applicable data protection laws.

Our services are not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete it.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these third parties. Each third-party website has its own privacy policy. Third-Party Services We Use: • Stripe: https://stripe.com/privacy • Brevo: https://www.brevo.com/legal/privacypolicy/

We may use automated decision-making in limited circumstances: • Fraud Detection: automated systems analyze transactions for fraud risk • Personalization: automated recommendations based on browsing history You have the right to request human review of automated decisions and to contest them.

In the event of a data breach affecting your personal information, we will: • Contain and investigate the breach immediately • Notify affected users within 72 hours (GDPR requirement) • Provide details about the breach and steps we are taking • Report to relevant data protection authorities

California residents have specific rights: • Right to Know: categories of personal information collected • Right to Delete: request deletion of personal information • Right to Opt-Out: we do not sell personal information • Right to Non-Discrimination: same prices and services for all customers

EU residents have additional rights under GDPR: • Right to lodge complaint with your local data protection authority • Cross-Border Data Transfers: we use Standard Contractual Clauses • Legal Basis: we identify legal basis for each processing activity Contact: [email protected]

We may update this Privacy Policy periodically. When we update: • "Last Updated" date will be revised • Material changes will be prominently posted • Email notification for significant changes • Continued use constitutes acceptance We encourage you to review this policy regularly.

For questions, concerns, or requests regarding this Privacy Policy: Email: [email protected] Privacy Email: [email protected] Response Time: • We respond to inquiries within 48 hours • Complex requests may take up to 30 days We take your privacy seriously and are committed to addressing your concerns promptly.

By using Hiranja's website and services, you acknowledge that: • You have read and understood this Privacy Policy • You consent to the collection, use, and disclosure of your information as described • You understand your rights and how to exercise them You can withdraw consent at any time by contacting us at [email protected].