Privacy Policy
Effective Date: 18 June 2025
Last Updated: 18 June 2025
Applies To: All visitors, shoppers, and account holders on BebeHawaii.com (United States market)
1. Introduction
Welcome to BebeHawaii, where we craft premium, made-to-order Hawaiian shirts. Because trust is the fabric of every purchase, this Privacy Policy explains — in clear, plain language — what personal information we collect, why we collect it, how we use and protect it, and what choices & rights you have.
We follow all applicable U.S. privacy laws (e.g., CCPA/CPRA) and international best practices (GDPR) and meet the transparency standards required by Google Merchant Center and Google Shopping.
2. Scope & Purpose
This policy covers data collected through:
- BebeHawaii.com (desktop, mobile, checkout, and customer-account areas)
- Customer-service channels — email, phone, chat, social media DMs
- Marketing tools (newsletter sign-ups, size-restock alerts, promotions)
We do not knowingly offer products or shipping outside the United States; visitors from other regions may browse the site but cannot complete checkout.
3. Information We Collect & Why
| Category | Specific Data | Why We Need It |
|---|---|---|
| Order & Fulfillment | Full name, shipping & billing address, phone, email, chosen size, design variant, gift message | Process, produce (3 – 5 business days), and deliver your shirt (9 – 15 business days); send order & tracking updates |
| Payment | Encrypted card token (via Stripe) or PayPal transaction ID | Accept payment, issue refunds; BebeHawaii never stores full card numbers |
| Account | Login credentials, order history, saved addresses | Speedy checkout, easy reorders, returns, exchanges |
| Support Records | Emails, call recordings, chat transcripts, photos of defects | Resolve inquiries, honor 30-day return policy, prevent fraud |
| Device & Usage | IP address, browser type/version, pages viewed, referring URLs, cookies | Site security, performance analytics, personalize content |
| Marketing Preferences | Newsletter opt-in status, favorite sizes, purchase anniversaries | Send product launches, sale announcements, style tips (only with consent) |
Optional Data (e.g., birthday for promo coupons) is collected only if you voluntarily provide it and can be deleted at any time.
4. How We Use Your Information
- Fulfill & ship orders of Hawaiian shirts exclusively within the U.S.
- Communicate: order confirmation, shipping notice, delivery updates, and support responses (Mon – Sat, 9 AM – 5 PM EST).
- Customer care: size guidance, return/exchange processing, warranty questions.
- Marketing (opt-in only): newsletters, new print drops, VIP discount codes — with a one-click unsubscribe link in every email.
- Site performance & fraud prevention: monitor traffic patterns, block malicious activity.
- Legal & tax compliance: maintain purchase records for IRS and consumer-protection regulations.
- Sustainability analytics: study aggregated order data to reduce textile waste from overproduction.
5. Legal Bases for Processing (GDPR reference)
- Contractual necessity – to fulfill your purchase contract.
- Legitimate interests – fraud prevention, network security, product improvement.
- Consent – promotional emails, non-essential cookies.
- Legal obligation – bookkeeping, tax, and product-safety rules.
You can withdraw consent at any time without affecting the lawfulness of prior processing.
6. Sharing & Disclosure
We never sell or rent your personal information. We share only what is necessary with trusted service providers:
| Partner | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| PayPal | Secure payment processing | Encrypted tokens, transaction amount | PCI-DSS Level 1 |
| USPS & UPS | Printing shipping labels, delivery | Name, address, phone, email | Label data encrypted in transit |
| Google Analytics 4 | Aggregate site metrics | Anonymized IP, device details | IP-masking; no cross-site ad features |
| Klaviyo (email platform) | Newsletter delivery | Name, email, opt-in status | SOC 2 Type II; unsubscribe & delete tools |
| Zendesk (support tickets) | Manage emails/chats | Contact info, order ID | Data residency in U.S.; role-based access |
All partners sign Data-Processing Agreements and use data strictly for the listed purpose.
7. Cookies & Similar Technologies
| Type | Examples | Choice |
|---|---|---|
| Essential | cart_token, checkout_session | Cannot be disabled; needed for site to function |
| Performance | _ga (Google Analytics) | Disable via “Cookie Settings” banner |
| Marketing | _kly (Klaviyo), Facebook pixel (if opted-in) | Disabled by default until you click “Accept All” |
Our Cookie Banner appears on first visit, offering granular control and a link to adjust settings anytime.
8. Data Retention
| Data | Retention Period | Reason |
|---|---|---|
| Order & invoice records | 7 years | IRS & state tax compliance |
| Support communications | 24 months | Quality assurance, legal reference |
| Marketing opt-in | Until you unsubscribe or after 24 months of inactivity | Respect user preference |
| Abandoned carts | 30 days | Remind shoppers, then anonymize |
| Web analytics | 14 months | Trend analysis; then aggregated |
After the period ends, data is securely deleted or anonymized.
9. Security Measures
- SSL/TLS encryption site-wide; HSTS enforced
- AES-256-encrypted backups in AWS us-east-1
- Role-based access; staff trained annually on data-security best practices
- Automated vulnerability scans; manual penetration tests every 12 months
- Incident-response plan with 72-hour breach-notification window
10. Your Privacy Rights
| Region / Law | Rights | How to Exercise |
|---|---|---|
| CCPA/CPRA (California) | Know, access, delete, correct, opt-out of “sale”, limit sensitive info | Webform in “My Account” or email privacy@bebehawaii.com |
| GDPR (EU/EEA visitors) | Access, rectification, erasure, restriction, portability, objection | Email with order ID & ID verification |
| All users | Update personal info, unsubscribe from marketing | “My Account” dashboard or footer link |
We will confirm receipt within 10 days and respond within 45 days (90 days for complex cases).
11. Do-Not-Track & Global Privacy Control
BebeHawaii honors browser Do-Not-Track signals and Global Privacy Control headers by automatically disabling non-essential cookies and marketing tags when detected.
12. Children’s Privacy
Our products and site are marketed to adults. We do not knowingly collect data from children under 13. If you believe a minor has provided personal information, contact us and we will delete it promptly.
13. Policy Updates
We may update this Privacy Policy for operational, legal, or regulatory reasons. The “Last Updated” date at the top will change, and material changes will be emailed to registered customers 30 days in advance.
14. Contact Us
BebeHawaii Privacy Team
1798 Mansion Ave, Claymont, DE 19703, United States
Phone: +1 (707) 753-0726
Email: privacy@bebehawaii.com (or) support@bebehawaii.com
Hours: Mon – Sat, 9 AM – 5 PM EST
Your trust is our Aloha.
From the moment you browse to the moment your made-to-order Hawaiian shirt lands on your doorstep, BebeHawaii protects your privacy with the same care we put into every stitch. If you have any questions, reach out — we’re here to help.
Other policies: