Privacy policy

PRIVACY POLICY


Last Updated: January 27, 2026

1. INTRODUCTION

Maison Sumi ("we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.maisonsumi.com (the "Website") and use our services.

Please read this Privacy Policy carefully. By accessing or using our Website, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with this policy, please do not access or use our Website.

2. DATA CONTROLLER

The personal data collected through the Website is controlled by:

Maison Sumi
Casper, Wyoming 82609
United States of America
📧 Email: contact@maisonsumi.com
🌐 Website: www.maisonsumi.com

For any privacy-related inquiries, please contact us at the above email address.

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

  • Create an account
  • Place an order
  • Subscribe to our newsletter
  • Contact customer service
  • Participate in surveys or promotions
  • Leave reviews or testimonials

This information may include:

  • Identity Information: First name, last name, username
  • Contact Information: Email address, postal address, phone number
  • Account Information: Username, password (encrypted)
  • Order Information: Products purchased, order history, purchase amount, preferences
  • Payment Information: Billing address (credit card details are processed securely by our payment processor and are not stored by us)
  • Communication Information: Customer service inquiries, feedback, survey responses

3.2 Information Automatically Collected

When you visit our Website, certain information is automatically collected, including:

  • Device Information: IP address, browser type and version, device type, operating system
  • Usage Data: Pages visited, time spent on pages, links clicked, referring website, date and time of visits
  • Location Information: General geographic location based on IP address
  • Cookies and Similar Technologies: See Section 9 for details

3.3 Information From Third Parties

We may receive information about you from third-party sources, including:

  • Payment processors (transaction confirmation)
  • Shipping carriers (delivery status)
  • Social media platforms (if you interact with us on social media)
  • Marketing and analytics providers
  • Fraud prevention services

3.4 Sensitive Information

We do not intentionally collect sensitive personal information such as:

  • Social Security numbers
  • Health information
  • Financial account numbers (beyond what's necessary for payment processing)
  • Biometric data
  • Precise geolocation data

If you choose to provide such information, you consent to its processing in accordance with this Privacy Policy.

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

4.1 Order Processing and Fulfillment

  • Process and complete your orders
  • Arrange for product delivery
  • Send order confirmations and shipping notifications
  • Process payments and prevent fraud
  • Handle returns, refunds, and exchanges

4.2 Customer Service

  • Respond to your inquiries and requests
  • Provide customer support
  • Resolve disputes and troubleshoot problems
  • Send important notices about our services

4.3 Marketing and Communications (with your consent where required)

  • Send promotional emails and newsletters
  • Inform you about new products, special offers, and events
  • Conduct surveys and gather feedback
  • Personalize your shopping experience

4.4 Website Improvement and Analytics

  • Analyze website usage and trends
  • Improve our Website functionality and user experience
  • Develop new products and services
  • Conduct research and analytics

4.5 Legal and Security

  • Comply with legal obligations and regulations
  • Protect against fraud, unauthorized transactions, and illegal activities
  • Enforce our Terms of Service and other policies
  • Protect the rights, property, and safety of Maison Sumi, our customers, and others

4.6 Business Operations

  • Manage our business operations
  • Maintain records and accounting
  • Conduct internal audits and data analysis
  • Facilitate business transfers (mergers, acquisitions, etc.)

5. LEGAL BASIS FOR PROCESSING (For EU/EEA Residents)

If you are located in the European Union or European Economic Area, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contract with you (order processing, delivery)
  • Consent: You have given clear consent for specific processing activities (marketing emails, cookies)
  • Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, website improvement, customer service)
  • Legal Obligations: Processing required to comply with legal requirements (tax, accounting)

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6. HOW WE SHARE YOUR INFORMATION

We may share your personal information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment Processors: Stripe, PayPal, or similar (for secure payment processing)
  • Shipping Companies: USPS, FedEx, UPS, DHL (for order delivery)
  • E-commerce Platform: Shopify (website hosting and e-commerce functionality)
  • Email Service Providers: Klaviyo, Mailchimp, or similar (for email communications)
  • Analytics Providers: Google Analytics, Facebook Pixel (for website analytics)
  • Customer Service Tools: Zendesk, Gorgias, or similar
  • Marketing Platforms: Facebook, Instagram, Google Ads

These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

6.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Requests from government authorities or law enforcement
  • Protection of our legal rights and property
  • Investigation of fraud or security issues
  • Compliance with applicable laws and regulations

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the successor entity or buyer.

6.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

6.5 What We Do NOT Do

We DO NOT:

  • Sell your personal information to third parties for monetary consideration
  • Rent or lease your personal information
  • Share your information for third-party marketing purposes without your consent

7. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

  • Account Information: Until you request deletion or close your account, then up to 5 years after last activity
  • Order and Transaction Data: Up to 7 years for accounting, tax, and legal compliance purposes
  • Marketing Communications Data: Until you unsubscribe or withdraw consent
  • Website Usage Data: Up to 26 months (Google Analytics default)
  • Customer Service Records: Up to 3 years after last interaction
  • Cookies: According to cookie settings (see Cookie Policy)

After the retention period expires, we will securely delete or anonymize your personal information.

8. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: SSL/TLS encryption for data transmission
  • Secure Servers: Industry-standard security protocols
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Security Audits: Monitoring and testing of security systems
  • Employee Training: Staff training on data protection and security practices
  • Secure Payment Processing: PCI-DSS compliant payment processors

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

In the event of a data breach, we will notify affected individuals and relevant authorities as required by applicable law.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our Website. They help us recognize you, remember your preferences, and improve your user experience.

9.2 Types of Cookies We Use

Essential Cookies (Required)

  • Enable basic website functionality
  • Remember items in your shopping cart
  • Allow secure login to your account
  • Cannot be disabled

Performance and Analytics Cookies (Optional)

  • Google Analytics: Track website usage and traffic
  • Understand how visitors interact with our Website
  • Help us improve our services

Marketing and Advertising Cookies (Optional)

  • Facebook Pixel, Google Ads: Deliver relevant advertisements
  • Track ad campaign effectiveness
  • Retarget visitors who didn't complete a purchase

Preference Cookies (Optional)

  • Remember your settings and preferences
  • Customize your experience based on your location and language

9.3 Managing Cookies

Upon your first visit, a cookie banner allows you to accept or reject non-essential cookies.

You can manage cookie preferences at any time by:

Please note that disabling certain cookies may affect Website functionality.

9.4 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. Our Website does not currently respond to DNT signals, but we respect your right to control tracking through cookie settings.

10. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information:

10.1 Rights for All Users

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time

10.2 Additional Rights for California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom it's shared
  • Right to Delete: Request deletion of personal information (with certain exceptions)
  • Right to Opt-Out of Sale: We do not sell personal information, but you have the right to opt out if we ever do
  • Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment
  • Right to Limit Use of Sensitive Personal Information: If applicable
  • Right to Correct: Request correction of inaccurate information

To exercise your California rights, contact us at: contact@maisonsumi.com with "California Privacy Rights" in the subject line.

Verification: We may require verification of your identity before processing your request.

Authorized Agent: You may designate an authorized agent to make requests on your behalf by providing written authorization.

Response Time: We will respond within 45 days (extendable by an additional 45 days if necessary).

10.3 Additional Rights for EU/EEA Residents (GDPR)

Under the General Data Protection Regulation (GDPR), EU/EEA residents have the following rights:

  • Right of Access: Obtain confirmation of processing and a copy of your data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure ("Right to be Forgotten"): Request deletion in certain circumstances
  • Right to Restriction of Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise your EU/GDPR rights, contact us at: contact@maisonsumi.com

10.4 Other State Privacy Rights

Residents of Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), and other states with privacy laws may have similar rights. Contact us to exercise your rights.

10.5 How to Exercise Your Rights

Email: contact@maisonsumi.com
Subject Line: "Privacy Rights Request" or specific right (e.g., "Data Deletion Request")
Include:

  • Your full name
  • Email address associated with your account
  • Description of your request
  • Proof of identity (if required for verification)

We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

11. INTERNATIONAL DATA TRANSFERS

Maison Sumi LLC is based in the United States. If you are accessing our Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

11.1 Adequacy and Safeguards

When we transfer personal data from the European Union, European Economic Area, or other jurisdictions with data protection laws to countries that may not provide equivalent protection, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Privacy Shield Framework (where applicable)
  • Other legally recognized transfer mechanisms

11.2 Consent to Transfer

By using our Website and providing your information, you consent to the transfer of your information to the United States and other countries for processing in accordance with this Privacy Policy.

12. CHILDREN'S PRIVACY

12.1 Age Restriction

Our Website and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

12.2 Parental Notice

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at contact@maisonsumi.com, and we will delete such information from our systems.

12.3 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect information from children under 13.

13. THIRD-PARTY WEBSITES AND LINKS

Our Website may contain links to third-party websites, including:

  • Social media platforms (Facebook, Instagram, TikTok)
  • Payment processors
  • Shipping carriers
  • Partner websites

We are not responsible for the privacy practices or content of these third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

When you click on a third-party link, you leave our Website, and this Privacy Policy no longer applies.

14. MARKETING COMMUNICATIONS

14.1 Email Marketing

With your consent, we may send you marketing emails about:

  • New products and collections
  • Special offers and promotions
  • Beauty tips and hair care advice
  • Company news and updates

14.2 Opt-Out

You can opt out of marketing emails at any time by:

  • Clicking the "Unsubscribe" link at the bottom of any marketing email
  • Emailing us at contact@maisonsumi.com with "Unsubscribe" in the subject
  • Updating your preferences in your account settings

Note: Even if you opt out of marketing emails, we may still send you transactional emails related to your orders and account (order confirmations, shipping notifications, customer service responses).

14.3 SMS Marketing (if applicable)

If you opt in to receive SMS/text message marketing, you can opt out by:

Message and data rates may apply. Message frequency varies.

15. CALIFORNIA "SHINE THE LIGHT" LAW

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes without your consent. If you have questions, contact us at contact@maisonsumi.com.

16. CHANGES TO THIS PRIVACY POLICY

16.1 Right to Modify

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

16.2 Notice of Changes

When we make material changes, we will notify you by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending an email notification (for significant changes)
  • Displaying a notice on our Website

16.3 Effective Date

Changes become effective immediately upon posting unless otherwise specified. Your continued use of our Website after changes constitutes acceptance of the updated Privacy Policy.

16.4 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

17. DATA BREACH NOTIFICATION

In the event of a data breach that affects your personal information, we will:

  • Notify affected individuals without unreasonable delay
  • Report the breach to relevant authorities as required by law
  • Provide information about the nature of the breach, data affected, and steps being taken
  • Offer guidance on protective measures you can take

18. CALIFORNIA CONSUMER PRIVACY ACT (CCPA) - ADDITIONAL DISCLOSURES

18.1 Categories of Personal Information Collected (Last 12 Months)

Category Examples Collected? Business Purpose
Identifiers Name, email, address, phone, IP address YES Orders, accounts, communications
Commercial Information Purchase history, order details YES Order processing, analytics
Internet Activity Browsing data, cookies YES Website improvement, marketing
Geolocation Data General location from IP YES Shipping, fraud prevention
Inferences Preferences, interests YES Personalization, recommendations

18.2 Sources of Personal Information

  • Directly from you (account creation, orders, forms)
  • Automatically from Website usage (cookies, analytics)
  • From third parties (payment processors, shipping carriers)

18.3 Business Purposes for Collection

  • Order fulfillment and customer service
  • Website operation and improvement
  • Marketing and advertising
  • Fraud prevention and security
  • Legal compliance

18.4 Third Parties We Share With

  • Service providers (hosting, payment, shipping, email)
  • Analytics providers (Google Analytics, Facebook Pixel)
  • Advertising partners (Google Ads, Facebook Ads)

18.5 Sale of Personal Information

We DO NOT sell personal information to third parties for monetary or other valuable consideration.

We DO NOT sell the personal information of minors under 16 years of age.

19. CONTACT US

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Maison Sumi
Privacy Officer

Mailing Address:
Casper, Wyoming 82609
United States of America

Email: contact@maisonsumi.com (Subject: "Privacy Inquiry")
Website: www.maisonsumi.com
Response Time: We will respond within 30-45 days

20. ACKNOWLEDGMENT AND CONSENT

BY USING OUR WEBSITE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.

© 2026 Maison Sumi. All Rights Reserved.

Free shipping

Customer service 7 days a week

Customer satisfaction

Secure payment