Privacy Policy

Last updated: March 26, 2026

At The Humiovi, we value your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, and safeguard your data when you visit our website or make a purchase.

1. Information We Collect

Personal Information

When you create an account, make a purchase, or contact us, we may collect the following personal information:

Name
Email address
Shipping and billing addresses
Phone number
Order history and preferences

Payment Information

Payment transactions are processed by our third-party payment processor. The Humiovi does not store, process, or have access to your full credit card number or payment account details. Our payment processor is PCI-DSS compliant and handles all payment data securely.

Browsing Data

We automatically collect certain information when you visit our website, including:

IP address
Browser type and version
Pages visited and time spent on each page
Referring website
Device type and operating system

2. Legal Basis for Processing (GDPR)

For visitors and customers in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

Contract Performance -- Processing necessary to fulfill your purchase order, deliver products, and provide customer support.
Legitimate Interest -- Processing necessary for fraud prevention, website security, analytics to improve our service, and direct marketing to existing customers (with opt-out).
Consent -- Processing for marketing emails to new subscribers, non-essential cookies, and analytics tracking. You may withdraw consent at any time.
Legal Obligation -- Processing required to comply with tax, customs, and regulatory requirements.

3. How We Use Your Information

We use the information we collect to:

Fulfill orders -- Process, ship, and deliver your purchases.
Communicate with you -- Send order confirmations, shipping updates, and respond to your inquiries.
Marketing -- With your consent, send newsletters and promotional offers. You may opt out at any time.
Fraud prevention -- Detect and prevent fraudulent transactions and unauthorized activity.
Improve our service -- Analyze browsing patterns to enhance the shopping experience and website functionality.

4. Data Processors

We work with the following third-party data processors to operate our business. Each processor has access only to the data necessary to perform their specific function:

Square -- Payment processing. Processes transaction data, billing information, and payment credentials under PCI-DSS compliance.
Shippo -- Shipping and logistics. Receives shipping addresses and order details to generate labels and track deliveries.
Supabase -- Database hosting and authentication. Stores account data, order history, and authentication credentials in encrypted databases.
Resend -- Email delivery. Processes email addresses and names to deliver transactional and marketing communications.
Vercel -- Website hosting and CDN. Processes IP addresses and browsing data for content delivery and edge caching.
Plausible Analytics -- Privacy-focused website analytics. Collects anonymized, aggregate usage data (page views, referrers, device type) without cookies or personal identifiers. No data is shared with third parties.
Sentry -- Error monitoring and performance. Receives anonymized error data, device information, and performance metrics to maintain site reliability.

5. Information Sharing

We do not sell your personal information to third parties. We may share your information only with service providers necessary for our operations:

Payment processors -- To securely process your transactions.
Shipping carriers -- To deliver your orders.
Email service providers -- To send transactional and, with your consent, marketing communications.
Analytics providers -- To help us understand website usage and improve our service.

We may also disclose information when required by law or to protect our rights, safety, or property.

6. International Data Transfers

The Humiovi is based in the United States. All data processors listed above are US-based companies. If you are accessing our website from outside the United States, please be aware that your personal data will be transferred to, stored, and processed in the United States.

For transfers of personal data from the EEA or UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, along with any additional safeguards required under applicable law. By using our website and providing your data, you acknowledge this transfer.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account data -- Retained while your account is active and for 3 years after account closure.
Order and transaction data -- Retained for 7 years to comply with tax and accounting obligations.
Marketing preferences -- Retained until you withdraw consent or unsubscribe.
Browsing and analytics data -- Retained for up to 26 months, then aggregated or deleted.
Customer support communications -- Retained for 3 years after the last interaction.

8. Cookies & Consent

Our website uses cookies to enhance your browsing experience. Cookies are small data files stored on your device. We use:

Essential cookies -- Required for the website to function properly, including maintaining your shopping cart and authentication session.
Analytics cookies -- Help us understand how visitors interact with our website so we can improve the experience. These are only loaded if you accept cookies via our consent banner.

When you first visit our website, a consent banner will ask for your preference. You can accept or decline non-essential cookies. Your preference is stored locally in your browser and can be changed at any time by clearing your browser data.

You can also manage cookie preferences through your browser settings. Please note that disabling essential cookies may affect website functionality.

9. Data Security

We implement industry-standard security measures to protect your personal information:

All data is transmitted over encrypted SSL/TLS connections.
Payment processing is handled by PCI-DSS compliant third-party processors.
Access to personal data is restricted to authorized personnel only.
We regularly review and update our security practices.

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) grants you the following rights regarding your personal data:

Right of Access -- You have the right to request a copy of the personal data we hold about you, including the purposes of processing, categories of data, and recipients.
Right to Rectification -- You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure-- Also known as the “right to be forgotten,” you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
Right to Restrict Processing -- You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability -- You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

How to Exercise Your GDPR Rights

To exercise any of your GDPR rights, please contact us at privacy@humiovisedona.com. Upon receiving your request:

We will verify your identity to protect your data from unauthorized access.
We will respond to your request within 30 days.
If we need additional time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.
If we are unable to fulfill your request (for example, due to a legal obligation to retain data), we will explain the reason.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

11. Your General Rights

Regardless of your location, you have the following rights regarding your personal data:

Access -- Request a copy of the personal information we hold about you.
Correction -- Request corrections to any inaccurate personal information.
Deletion -- Request deletion of your personal data, subject to legal retention requirements.
Opt-out of marketing -- Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us directly.

12. Children's Privacy

Our website is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy on this page with a revised “Last updated” date. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

14. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

Right to Know

You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom the information was shared.

Right to Delete

You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions (such as completing a transaction, detecting fraud, or complying with a legal obligation).

Right to Opt-Out of Sale

The Humiovi does not sell your personal information. We do not sell, rent, or trade personal information to third parties for monetary or other valuable consideration. Because we do not sell personal information, there is no need to opt out. However, if our practices change in the future, we will update this policy and provide a clear opt-out mechanism.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised your rights under the CCPA.

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@humiovisedona.com. We will verify your identity before fulfilling your request and respond within 45 days as required by law.

15. Do Not Track Signals

Our website respects Do Not Track (DNT) browser signals and the Global Privacy Control (GPC) standard. When we detect a DNT or GPC signal from your browser, we automatically disable non-essential analytics tracking. No additional action is required on your part.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: info@humiovisedona.com
Privacy requests: privacy@humiovisedona.com
Phone: (928) 282-1506
Address: 247 AZ-89A, Sedona, AZ 86336

Last updated: March 26, 2026

1. Information We Collect

Personal Information

When you create an account, make a purchase, or contact us, we may collect the following personal information:

Name
Email address
Shipping and billing addresses
Phone number
Order history and preferences

Payment Information

Browsing Data

We automatically collect certain information when you visit our website, including:

IP address
Browser type and version
Pages visited and time spent on each page
Referring website
Device type and operating system

2. Legal Basis for Processing (GDPR)

For visitors and customers in the European Economic Area (EEA) and United Kingdom, we process personal data under the following legal bases:

Contract Performance -- Processing necessary to fulfill your purchase order, deliver products, and provide customer support.
Legitimate Interest -- Processing necessary for fraud prevention, website security, analytics to improve our service, and direct marketing to existing customers (with opt-out).
Consent -- Processing for marketing emails to new subscribers, non-essential cookies, and analytics tracking. You may withdraw consent at any time.
Legal Obligation -- Processing required to comply with tax, customs, and regulatory requirements.

3. How We Use Your Information

We use the information we collect to:

Fulfill orders -- Process, ship, and deliver your purchases.
Communicate with you -- Send order confirmations, shipping updates, and respond to your inquiries.
Marketing -- With your consent, send newsletters and promotional offers. You may opt out at any time.
Fraud prevention -- Detect and prevent fraudulent transactions and unauthorized activity.
Improve our service -- Analyze browsing patterns to enhance the shopping experience and website functionality.

4. Data Processors

We work with the following third-party data processors to operate our business. Each processor has access only to the data necessary to perform their specific function:

Square -- Payment processing. Processes transaction data, billing information, and payment credentials under PCI-DSS compliance.
Shippo -- Shipping and logistics. Receives shipping addresses and order details to generate labels and track deliveries.
Supabase -- Database hosting and authentication. Stores account data, order history, and authentication credentials in encrypted databases.
Resend -- Email delivery. Processes email addresses and names to deliver transactional and marketing communications.
Vercel -- Website hosting and CDN. Processes IP addresses and browsing data for content delivery and edge caching.
Plausible Analytics -- Privacy-focused website analytics. Collects anonymized, aggregate usage data (page views, referrers, device type) without cookies or personal identifiers. No data is shared with third parties.
Sentry -- Error monitoring and performance. Receives anonymized error data, device information, and performance metrics to maintain site reliability.

5. Information Sharing

We do not sell your personal information to third parties. We may share your information only with service providers necessary for our operations:

Payment processors -- To securely process your transactions.
Shipping carriers -- To deliver your orders.
Email service providers -- To send transactional and, with your consent, marketing communications.
Analytics providers -- To help us understand website usage and improve our service.

We may also disclose information when required by law or to protect our rights, safety, or property.

6. International Data Transfers

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Account data -- Retained while your account is active and for 3 years after account closure.
Order and transaction data -- Retained for 7 years to comply with tax and accounting obligations.
Marketing preferences -- Retained until you withdraw consent or unsubscribe.
Browsing and analytics data -- Retained for up to 26 months, then aggregated or deleted.
Customer support communications -- Retained for 3 years after the last interaction.

8. Cookies & Consent

Our website uses cookies to enhance your browsing experience. Cookies are small data files stored on your device. We use:

Essential cookies -- Required for the website to function properly, including maintaining your shopping cart and authentication session.
Analytics cookies -- Help us understand how visitors interact with our website so we can improve the experience. These are only loaded if you accept cookies via our consent banner.

You can also manage cookie preferences through your browser settings. Please note that disabling essential cookies may affect website functionality.

9. Data Security

We implement industry-standard security measures to protect your personal information:

All data is transmitted over encrypted SSL/TLS connections.
Payment processing is handled by PCI-DSS compliant third-party processors.
Access to personal data is restricted to authorized personnel only.
We regularly review and update our security practices.

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) grants you the following rights regarding your personal data:

Right of Access -- You have the right to request a copy of the personal data we hold about you, including the purposes of processing, categories of data, and recipients.
Right to Rectification -- You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure-- Also known as the “right to be forgotten,” you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
Right to Restrict Processing -- You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability -- You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

How to Exercise Your GDPR Rights

To exercise any of your GDPR rights, please contact us at privacy@humiovisedona.com. Upon receiving your request:

We will verify your identity to protect your data from unauthorized access.
We will respond to your request within 30 days.
If we need additional time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.
If we are unable to fulfill your request (for example, due to a legal obligation to retain data), we will explain the reason.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

11. Your General Rights

Regardless of your location, you have the following rights regarding your personal data:

Access -- Request a copy of the personal information we hold about you.
Correction -- Request corrections to any inaccurate personal information.
Deletion -- Request deletion of your personal data, subject to legal retention requirements.
Opt-out of marketing -- Unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us directly.

12. Children's Privacy

13. Changes to This Policy

14. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

Right to Know

Right to Delete

Right to Opt-Out of Sale

Right to Non-Discrimination

How to Exercise Your Rights

To exercise any of these rights, please contact us at info@humiovisedona.com. We will verify your identity before fulfilling your request and respond within 45 days as required by law.

15. Do Not Track Signals

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: info@humiovisedona.com
Privacy requests: privacy@humiovisedona.com
Phone: (928) 282-1506
Address: 247 AZ-89A, Sedona, AZ 86336

1. Information We Collect

Personal Information

Payment Information

Browsing Data

2. Legal Basis for Processing (GDPR)

3. How We Use Your Information

4. Data Processors

5. Information Sharing

6. International Data Transfers

7. Data Retention

8. Cookies & Consent

9. Data Security

10. Your Rights Under GDPR

How to Exercise Your GDPR Rights

11. Your General Rights

12. Children's Privacy

13. Changes to This Policy

14. California Privacy Rights (CCPA)

Right to Know

Right to Delete

Right to Opt-Out of Sale

Right to Non-Discrimination

How to Exercise Your Rights

15. Do Not Track Signals

16. Contact Us

Privacy Policy

1. Information We Collect

Personal Information

Payment Information

Browsing Data

2. Legal Basis for Processing (GDPR)

3. How We Use Your Information

4. Data Processors

5. Information Sharing

6. International Data Transfers

7. Data Retention

8. Cookies & Consent

9. Data Security

10. Your Rights Under GDPR

How to Exercise Your GDPR Rights

11. Your General Rights

12. Children's Privacy

13. Changes to This Policy

14. California Privacy Rights (CCPA)

Right to Know

Right to Delete

Right to Opt-Out of Sale

Right to Non-Discrimination

How to Exercise Your Rights

15. Do Not Track Signals

16. Contact Us