Embedded Files
Privacy & Security Policy
Effective Date: [02/23/2025] (and last updated on this date).
This Privacy & Security Policy (“Privacy Policy”) explains how we collect, use, disclose, and protect personal information of users of our website and services. It applies to all visitors and customers, including international users, and is designed to comply with major privacy laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among others. By using our site, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please refrain from using the site or providing personal information.
We are committed to protecting your privacy and safeguarding any personal data we collect. E-commerce sites must have clear privacy policies showing what data is collected, how it’s stored, used, and shared, covering everything from personal info to purchase history and interactions. Below we outline these details for our site.
1. Information We Collect
We collect various types of information from and about users of our site, including:
Personal Identifiers: such as your name, email address, billing and shipping address, telephone number, and account username/password (if you create an account). This information is provided by you during account registration, checkout, or when you voluntarily submit it (for example, when signing up for newsletters or contacting support).
Transactional Information: when you make purchases, we collect information about the orders you place. This includes products ordered, order date and time, amounts charged, and transaction ID. Note: We do not collect or store full payment card numbers or bank account details on our servers when using third-party payment processors; those details are handled by the processor (though we may receive limited information such as a payment confirmation, last four digits of a card, or your PayPal email for record-keeping).
User-Generated Content: any comments, posts, reviews, or artwork submissions you provide on the site (which may include personal information or metadata you include in that content). For example, if you post on a forum, other users may see your username and whatever information you include in your post.
Device and Usage Information: like most websites, we automatically collect certain technical information when you use our site. This may include your IP address, browser type, device type, operating system, referring URLs, pages viewed, and the dates/times of access. We may use cookies or similar tracking technologies to collect this data (see Section 3 on Cookies & Tracking). This usage data helps us analyze how users interact with our site and can be considered “online identifiers” or internet activity under some laws.
Geolocation Data: We may infer your general location (e.g., country or city) from your IP address or shipping address. We do not collect precise GPS coordinates unless you explicitly provide them.
Commercial Information: records of products or services purchased, obtained, or considered, and your purchasing or consuming history or tendencies.
Preference Information: if you set preferences (like language or currency) or opt into marketing communications, we record that.
Sensitive Information: We do not intentionally collect any sensitive personal information such as social security numbers, government ID numbers, or precise biometric data, as these are not required for our services. Payment details are handled by third parties as noted. We also do not intentionally collect any information about your race, ethnicity, health, genetic data, or religious beliefs, etc., unless you volunteer such information in your content (we advise you not to post such sensitive info publicly).
We collect the above information either directly from you (e.g., when you fill out forms or place an order) or automatically through your interaction with the site (through cookies, server logs, and similar technologies). In some cases, we may receive information from third parties: for example, if you log in via a social media account or payment provider, we might receive your name or email from them as part of the authentication process.
We aim to collect only what is necessary for the purposes described in this Policy. Where required by law or for certain optional features, we will seek your consent for data collection. For instance, if GDPR applies, we will ensure we have a valid legal basis (consent, contract necessity, legitimate interests, etc.) for each type of processing
Categories of personal information collected (for CCPA compliance): In the past 12 months, we may have collected the following categories of personal information about consumers: identifiers (name, email, address, IP), customer records (billing/shipping info, transaction history), commercial information (purchase history), internet or other electronic network activity (browsing history on our site, interactions), and geolocation (general location). We do not collect protected classifications, biometric, or sensitive categories as defined under CCPA, except as may be incidentally contained in user-generated content. This listing is provided to comply with CCPA requirements to disclose categories of information collected
2. How We Use Information
We use the collected information for various legitimate business purposes, including:
To Provide and Maintain Services: We use personal information to process your orders, manage your account, provide customer support, and operate the core functionalities of the website. For example, your name and address are used to fulfill product shipments, and your login credentials to authenticate your access.
To Improve Our Website and Services: Usage data and feedback help us understand how our site is used so we can improve layout, content, and product offerings. We may analyze trends and preferences to enhance user experience and develop new features or products. (We rely on legitimate interests to process data for improvements, ensuring such interests are balanced with your rights
To Communicate with You: We use contact information (email, phone) to send you service-related communications such as order confirmations, shipping notifications, and account alerts. We may also send newsletters or promotional emails about new products or offers, but only if you have opted in to such marketing or if allowed by applicable law (and you can opt out at any time). We might respond to your inquiries or requests using your provided contact info.
For Marketing and Personalization: We may use your purchase history and browsing behavior to personalize product recommendations and marketing content (if you have consented to marketing). For example, we might show you suggestions for similar items you might like. We may also run advertising campaigns on third-party platforms (like social media or search engines) and use some of your data to target or measure those campaigns (where permitted, often using aggregated or hashed data). Any such activity will comply with consent requirements under GDPR and opt-out rights under CCPA as applicable.
For Compliance and Legal Obligations: We may use or disclose personal information as necessary to comply with legal obligations (for example, maintaining transaction records for tax and accounting purposes, or responding to lawful requests by public authorities). If required, we will use data to enforce our Terms of Service, to prevent fraud or abuse on our site, and to protect the rights and safety of our users, our company, or others.
For Security and Fraud Prevention: Information (especially device and network data) is used to monitor for and prevent fraud, hacking, or other malicious activity. For instance, we may use IP addresses and cookies to detect multiple failed login attempts or suspicious account behavior and take action to secure accounts.
In Connection with Business Transfers: If we undergo a business transaction such as a merger, acquisition, reorganization, or asset sale, personal information may be transferred as part of that deal. We would ensure the recipient honors similar privacy commitments.
With Your Consent: If we intend to use your information for a purpose that requires consent (such as posting a customer testimonial with your name), we will ask for your consent separately.
We will not use personal information for purposes materially different from the ones for which it was collected without notifying you and obtaining any required consent. We base our processing of personal data on various legal grounds: performance of a contract (e.g., processing orders), legitimate interests (e.g., improving services, securing our site, marketing to existing customers), consent (for optional uses like certain cookies or email marketing, which you can withdraw at any time), and legal obligations (e.g., record-keeping for compliance)
3. Cookies and Tracking Technologies
Our site uses “cookies” and similar tracking technologies to provide and enhance our services:
What Cookies Are: Cookies are small text files placed on your device when you visit a website. They allow the site to remember your actions or preferences over time. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until deleted).
Types of Cookies We Use:
Essential Cookies: These are necessary for the site’s operation (e.g., to maintain your login session or remember items in your shopping cart). Without these, certain features may not work.
Functional Cookies: These remember choices you make (such as language or region selection) to provide a more personalized experience.
Analytics Cookies: We use these to collect information about how users interact with our site (pages visited, time spent, errors encountered, etc.). This helps us improve the site’s performance and user experience. For example, we might use Google Analytics or a similar tool; such tools set their own cookies to track user interactions. The data collected is typically aggregated and not personally identifying.
Advertising Cookies: (If applicable) These cookies are used to deliver relevant ads to you and track the efficiency of ad campaigns. They may be set by us or third-party advertising partners. For instance, if we participate in remarketing, an advertising cookie from another site might enable us to show you ads on other websites based on your past visits to ours. Currently, we do not heavily use advertising cookies, but we may in the future if we begin marketing campaigns.
Managing Cookies: When you first visit, you may see a cookies banner (especially for EU users) allowing you to accept or adjust cookie settings. You can also manage cookies via your browser settings. Most browsers allow you to block or delete cookies, though this may affect site functionality. For example, blocking all cookies might log you out or prevent you from adding items to your cart. Our site honors cookie consent choices where required by law.
Do Not Track (DNT): Some browsers offer a “Do Not Track” signal that allows users to indicate a preference not to be tracked across websites. Currently, there is no universal standard for how to interpret DNT signals. As such, our site does not respond to Do Not Track signals at this time, and will treat visits as described in this Policy regardless of a DNT signal. We will update this Policy if a standard emerges and we change our practices.
Third-Party Tracking: We may integrate third-party services that also use cookies or similar technologies, such as analytics providers or social media widgets. These third parties may collect information about your online activities over time and across different websites when you use our site. For example, clicking a “Share” button for a social network might allow that network to track that you visited our site. We have no control over third-party cookies, but you can often opt out via mechanisms provided by those third parties (like Google’s opt-out for Analytics, or industry opt-outs for interest-based advertising). We disclose the use of third-party cookies or tracking in this Policy to be transparent.
4. How We Share or Disclose Information
We do not sell your personal information to third parties for profit. In other words, we do not provide personal data to outside companies for their own direct marketing purposes. (If this policy changes in the future, we will update this section and provide a “Do Not Sell My Personal Information” link in compliance with CCPA, but as of now, we have not sold any personal information in the past 12 months.) However, we do share certain information with third parties in the following contexts, as necessary to run our business or as required by law:
Service Providers: We share information with trusted service providers who perform services on our behalf. This includes payment processors (to handle transactions), shipping companies (to deliver your orders, we provide them your name and address and sometimes phone/email for delivery updates), email service providers (to send out emails on our behalf), cloud hosting platforms (to store data securely), and analytics or marketing service providers (to help us analyze data or run campaigns). These service providers are contractually obligated to use the information only to provide their service to us and to protect it. For example, our payment processor will use your payment data to process payments and is PCI-DSS compliant; our email provider will use your email address only to send emails we authorize.
Within Our Corporate Group: If our company has affiliates, parent, or subsidiary companies, we may share information within that family of companies for purposes consistent with this Policy (e.g., if we have a related app or service, your profile might be used across them). All such entities will honor the commitments in this Policy.
Legal Compliance and Protection: We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations (for example, responding to a subpoena, court order, or government request); to enforce our Terms of Service or other agreements; to detect, prevent, or address fraud or security issues; or to protect the rights, property, or safety of our company, our users, or the public. This may include exchanging information with other companies and organizations for fraud protection or credit risk reduction.
Business Transfers: As mentioned, if we are involved in a merger, acquisition, sale of assets, financing, bankruptcy, or reorganization, your information may be transferred to another entity as part of that transaction. The new entity would have the right to continue to use your personal information in line with this Policy (or give you notice of changes).
User-Initiated Sharing: If you use interactive features of the site, any information you voluntarily share (including personal data) can be viewed by others. For instance, when you post in a public forum, other users will see your content and any profile information you display. Similarly, if you take part in a contest or promotion that involves third parties, your information might be shared with those third parties with your consent. We will clarify at the time of such events.
Aggregated or De-Identified Data: We may share data that has been aggregated (combined with other data) or de-identified (stripped of personal identifiers) in such a way that it cannot reasonably be linked back to you individually. For example, we might publish trends about how many users from different regions visit our site, or share anonymized usage statistics with a business partner. This information in its anonymized form is not considered personal information and may be shared freely.
When we share data with third parties, we take steps to ensure they adhere to confidentiality and security standards appropriate to the sensitivity of the data. We do not allow our third-party service providers to use your personal information for their own marketing or unrelated purposes. If in the future we consider selling personal data or allowing third-party targeted advertising that qualifies as a “sale” or “share” under privacy laws, we will implement appropriate opt-out mechanisms and obtain any necessary consents.
5. International Data Transfers
We are based in the United States, and the information we collect is processed and stored on servers located in the U.S. or other jurisdictions. If you are accessing our site from outside the U.S., be aware that your information may be transferred to, stored, and processed in the United States or other countries which may not have equivalent privacy or data protection laws as your home jurisdiction. However, we take steps to ensure appropriate safeguards when we transfer data internationally. For example, for personal data collected from individuals in the European Economic Area (EEA), the UK, or Switzerland, we rely on legal transfer mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) or other approved measures, as needed, to ensure an adequate level of protection. By using our services or submitting your information, you consent to the transfer of your personal data to the U.S. and other jurisdictions as applicable. We will ensure such transfers are lawful and that your data remains protected under this Policy.
If you reside in the EEA/UK, note that we are the “data controller” of your personal information (meaning we determine the purposes and means of processing). Our contact information is provided below. We process data mainly in the U.S., but if we, for example, have an EU representative or establish an EU presence, we will provide that contact. We recognize the privacy rights of international users and strive to honor them regardless of where you live.
6. Your Rights and Choices
Depending on your location and the applicable privacy laws, you may have certain rights regarding your personal information. Privacy laws grant individuals various rights over their data, and we are committed to honoring those rights. These may include:
Access and Portability: You have the right to request a copy of the personal information we hold about you and to obtain it in a readily usable format. This is sometimes called a “Data Subject Access Request.” For example, under GDPR, you can ask us to confirm if we’re processing your personal data and provide you a copy of that data. Under CCPA, you can request to know the categories and specific pieces of personal info we have collected about you in the past 12 months
Rectification (Correction): You have the right to request that we correct or update any inaccurate or incomplete personal information. If you have an account, you can also log in and update certain information yourself (like your profile or contact details). We encourage you to keep your information current.
Deletion (Right to be Forgotten): You may request that we delete your personal information. We will honor such requests to the extent required by law. For example, GDPR gives you the right to deletion in certain cases, and CCPA allows California consumers to request deletion of personal info we have collected (with some exceptions – e.g., we may retain data needed for completing transactions or for legal compliance). Please note we might need to retain certain information for record-keeping purposes, to complete transactions you initiated, or to comply with legal obligations even if you request deletion.
Opt-Out of Sale or Sharing of Personal Information: As noted, we do not sell personal info. If in the future that changes, California residents (under CCPA/CPRA) have the right to opt out of the sale or sharing of their personal data. We would provide a clear method (like a “Do Not Sell or Share My Info” link) if that situation arises.
Opt-Out of Marketing Communications: Even outside formal legal rights, you can always choose to opt out of our email marketing or newsletters. Simply use the “unsubscribe” link in any promotional email or adjust your account settings if available. Note that you will still receive transactional emails (e.g., order confirmations, shipping notices) as those are not promotional.
Non-Discrimination: If you exercise any privacy rights (such as those under CCPA if applicable), we will not discriminate against you for doing so. This means we won’t deny you goods or services, charge you different prices, or provide a different level of quality just because you exercised your data rights, except as permitted by law (for instance, CCPA does allow offering a different price or service if that difference is reasonably related to the value of your data, or if you enroll in a legitimate loyalty program – but we currently do not do such things).
Withdrawal of Consent: If we rely on your consent to process any personal data (for example, for sending marketing emails or certain cookie usage), you have the right to withdraw that consent at any time. You can opt out of marketing as described above, or adjust cookie settings via our cookie preference tools or your browser. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
Restriction and Objection (GDPR-specific): Under GDPR, you may have the right to restrict our processing of your data in certain cases (for instance, while a complaint about data accuracy is being resolved). You also might have the right to object to processing of your data for certain purposes like direct marketing or when processing is based on legitimate interests. We will assess such objections and comply where required.
Automated Decision-Making: We do not typically use personal data to make automated decisions with legal or similarly significant effects on individuals (like credit profiling or e-commerce automated rejections without human involvement). If that changes, GDPR gives you rights related to such processing.
Data Portability: For data you provided to us and which we process by automated means on the legal basis of consent or contract performance, you have the right to request a copy in a portable format (this overlaps with the access right above).
To exercise your rights, you (or an authorized agent, where allowed) may contact us via the contact information in Section 10. Please specify which rights you seek to exercise and provide enough information for us to verify your identity (for example, we may ask you to verify via your account email or provide certain transaction details to ensure you are the correct person). For certain requests (like access or deletion under CCPA), we are required to verify the identity of the requester. The information provided in a request will only be used to fulfill and document your request, not for other purposes.
We will respond to privacy requests within the timeframe required by law – generally within 30 days for GDPR requests, and for CCPA, within 45 days (with a possible 45-day extension if necessary, which we would communicate to you). There is no fee for making a request, although repetitive or excessive requests may incur a reasonable fee as permitted by law.
If you are in the EEA/UK and are not satisfied with our response to your privacy request, you have the right to lodge a complaint with your local Data Protection Authority (DPA). For example, if you’re in the UK, that would be the Information Commissioner’s Office (ICO). If you’re in the EU, you can find your DPA’s contact information on the European Data Protection Board’s website. Similarly, California residents can contact the California Attorney General’s office if needed. We encourage you to contact us first, so we can address your concerns directly.
(Remember: your rights may vary based on your location. Depending on where you are, privacy law may afford you some of the above rights. We aim to be transparent and accommodating to the extent feasible.)
7. Data Security Measures
We take the security of your personal information seriously. We implement a variety of technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: Our website is secured via SSL/TLS encryption. This means that when you enter or transmit sensitive information (like personal details or login credentials) through our site, that data is encrypted in transit. You can usually see a lock icon in your browser address bar indicating an SSL-secured connection. For any stored sensitive data (if any), we also use encryption at rest where appropriate. For example, user passwords are stored in hashed form, not in plain text, to prevent misuse even if our database were compromised.
Access Controls: We limit access to personal information to employees, contractors, and service providers who need to know such data to perform their duties. They are subject to confidentiality obligations. Our databases and systems require authentication and are protected by firewalls. Administrative access is logged and monitored.
PCI Compliance: Although we do not store credit card information on our servers now (since we use third-party processors), if in the future we handle direct payments, we will comply with Payment Card Industry Data Security Standards (PCI-DSS) to protect payment card data. Our current payment partners are PCI-DSS compliant.
Monitoring and Testing: We monitor our systems for possible vulnerabilities and attacks. We may perform regular security assessments and penetration testing on our infrastructure. We also keep our software and platforms updated with the latest security patches to mitigate risks.
Data Minimization and Retention: We keep personal data no longer than necessary for the purposes for which it is processed, unless a longer retention is required or permitted by law (see next section on retention). By minimizing the amount of data we store and for how long, we reduce the risk associated with data breaches.
Training and Policies: Our team members are educated on the importance of privacy and security. We maintain internal policies and incident response plans to handle any potential security incidents swiftly and effectively.
Despite all these precautions, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee that our security measures will never be breached or that personal information cannot be accessed, altered, or lost. For example, hackers or cybercriminals might overcome our safeguards in a sophisticated attack. While we strive to protect your data, you share information with us at your own risk. In the event of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by applicable law. We also recommend that you use a strong, unique password for your account and keep it confidential, and that you notify us immediately if you suspect any unauthorized activity on your account.
8. Data Retention
We will retain your personal information for as long as necessary to fulfill the purposes for which we collected it, as outlined in this Policy, and for legitimate business or legal purposes. The criteria used to determine our retention periods include: the length of time we have an ongoing relationship with you (for example, as long as you have an account with us or keep using our services), the necessity to comply with legal obligations (such as retaining transaction records for tax and financial audits or compliance with consumer protection laws), any applicable statutes of limitation (to preserve records for potential legal claims), and the necessity to resolve disputes or enforce our agreements.
For instance:
Account information is kept as long as your account remains active. If you delete your account, we will remove or anonymize personal data associated with your account within a reasonable time, except for data we must keep for legal reasons.
Order records are typically kept for a number of years as required by law (e.g., financial records may be kept for 7 years for tax purposes in some jurisdictions).
If you subscribed to marketing emails and later opt out, we will retain your contact info on a suppression list indefinitely to ensure we respect your opt-out choice going forward.
Content you post publicly (comments, forum posts) might remain visible to others unless you delete it or request its deletion, and even after deletion, cached or archived versions might persist beyond our control.
Backup copies of data: our systems may maintain backup or archival copies of personal information for a period of time. If we delete your data from our main systems, it might not be immediately removed from backups (which are cyclical, so the data will be overwritten eventually as backups rotate). During that period, we maintain security and do not use the backed-up data except for restoration purposes in disaster recovery scenarios.
We regularly review our data retention practices to ensure we are not holding onto personal data longer than necessary. When personal information is no longer needed, we will dispose of it in a secure manner according to our data destruction policies (e.g., by permanently deleting electronic records or shredding physical documents).
9. Children’s Privacy
Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions where additional protections apply) without verifiable parental consent. If you are under 13, please do not register an account, make purchases, or submit personal information to us. If we learn that we have inadvertently collected personal data from a child under 13 without proper consent, we will take steps to delete that information as soon as possible.
Parents or guardians who believe that we might have any information from or about a child under 13 may contact us (see Section 10) to request deletion of the data. We will ask for proof of guardianship and then work to remove the child’s information from our records.
We recognize the importance of protecting children’s privacy, especially online. We comply with the U.S. Children’s Online Privacy Protection Act (COPPA) and similar laws. Teens older than 13 but under the age of majority should only use the site under the supervision of a parent or guardian. If we ever decide to offer services directed at children, we will do so in compliance with applicable youth privacy regulations and update this Policy accordingly.
10. Changes to This Privacy Policy
We may update or revise this Privacy & Security Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to how we handle your personal information, we will provide notice in a manner appropriate to the significance of the changes. For example, we might post a prominent notice on our website or send you an email notification if we have your contact information. The “last updated” date at the top of this Policy will always indicate when the latest changes were made.
We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of the site after any modifications to this Policy will constitute your acknowledgment of the changes and agreement to abide by the updated terms. If you do not agree with any changes to this Policy, you should stop using the site and may request that we remove your personal data (as per Section 6).
Historical versions of this Policy may be requested from us if you wish to see how it has evolved. We maintain transparency about our privacy practices as part of our commitment to your rights and trust.
11. Contact Information
If you have any questions, concerns, or requests regarding this Privacy & Security Policy or our data practices, please contact us at:
Email: fromhumtolumen@gmail.com
Attn: Privacy Officer/Data Protection Officer (if applicable)
We are responsible for the processing of your personal data. Reaching out to us is the best way to get answers about your privacy. If you contact us with a privacy-related request, please include your contact information and a detailed description of your concern or request. We will respond as soon as reasonably possible, and within any timeframe required by law.
For users in the EU/EEA: You may also contact our EU Representative or Data Protection Officer at [contact, if we designate one] for GDPR inquiries. For users in California: You can use the contact methods above to exercise your CCPA rights or ask any questions.
Conclusion: We value your trust and are committed to maintaining the privacy and security of your information. These policies – our Terms of Service and this Privacy & Security Policy – are designed to establish clear rules and protections for both you and us in the use of our website. We have crafted them to be comprehensive and compliant with relevant U.S. and international laws, while also allowing flexibility as our services evolve (such as potential introduction of digital goods or new features in the future). We will continue to review and update our policies to adapt to new legal requirements and business practices. Thank you for reading our policies; if you ever have any questions or feedback about them, please do not hesitate to contact us
Page updated
Google Sites
Report abuse