Privacy Policy

This policy explains what Misam Trading, Inc. (“Misam,” “we,” “us”) collects when you visit misam.co or place an order, how we use it, and the choices you have. By using the site you agree to this policy.

What we collect

• Order and contact details you give us: name, email, shipping and billing address, and the contents of your order.
• Account details, if you create an account: your email and a hashed password (we never see or store your password in plain text), plus saved addresses and order history.
• Payment information. Card payments are processed by Stripe. Your full card number is sent directly to Stripe and is never stored on our servers. We receive only a confirmation, the card brand, and the last four digits.
• Basic usage data: privacy-light, cookieless analytics (aggregate page views and referrers) via Cloudflare, so we know which products people look at. No cross-site tracking, no advertising profiles. See our Cookie Policy.

How we use it

• To process, ship, and confirm your order.
• To answer your emails and handle returns or issues.
• To send transactional messages (order confirmation, shipping updates, password resets). We do not add you to a marketing list without your consent.
• To prevent fraud and meet our legal and tax obligations.

Who we share it with

We share data only with the service providers that make an order possible, and only the minimum they need:

• Stripe — payment processing.
• Shipping carriers (e.g. USPS, UPS) — to deliver your package.
• Our email provider — to send order and account messages.
• Cloudflare — site delivery/security and aggregate, cookieless analytics.

Each of these acts as our service provider under written terms that prohibit using your information for their own purposes. We do not sell or rent your personal information, and we do not share it for third-party advertising.

Your rights

Wherever you live, you can email [email protected] to ask what we hold about you, to correct it, or to have it deleted (subject to records we must keep for tax and order history). We'll acknowledge your request within 10 business days and respond within 45 days (we may extend once if needed, and will tell you why). We may need to verify your identity before acting on a request.

Categories of personal information we collect: identifiers (name, email, shipping/billing address); commercial information (order history); internet/usage activity (aggregate page views); and financial information processed by our payment processor. We collect these from you directly and from your use of the site, for the purposes described above.

California residents (CCPA/CPRA): you have the right to know what personal information we collect, to delete it, to correct inaccurate information, and to opt out of any “sale” or “sharing” of personal information. You may use an authorized agent to submit a request on your behalf. We do not sell or share your personal information, so there is nothing to opt out of — but you may still exercise your other rights at the email above. We will not discriminate against you for exercising any of these rights.

Misam is a small business that does not currently meet the revenue or data-volume thresholds that trigger mandatory CCPA/CPRA compliance obligations. We honor these rights voluntarily anyway. We also do not sell or share your personal information in response to Global Privacy Control (GPC) browser signals — there is nothing for those signals to opt out of. If that ever changes, we will add a “Your Privacy Choices” control and honor GPC automatically.

Data retention & security

We retain order and tax records for as long as the law requires (generally several years), account data until you ask us to delete it, and analytics only in aggregate. After that we delete or anonymize. The site runs over HTTPS and payment data is handled by Stripe under PCI-DSS. No system is perfectly secure, but we limit what we collect precisely so there is little to lose. In the event of a data breach affecting your personal information, we will notify you as required by applicable state law.

Children

Misam is not directed to children under 13, and we do not knowingly collect their information. If we learn we have collected information from a child under 13, we will delete it promptly. A parent or guardian may contact [email protected] to request deletion.

Changes & contact

If this policy changes we will update the effective date above. Questions about your privacy? Email [email protected] — a person reads every message.