Privacy Policy

Effective Date: 18 June 2025
Last Updated: 18 June 2025
Applies To: All visitors, shoppers, and account holders on BebeHawaii.com (United States market)


1. Introduction

Welcome to BebeHawaii, where we craft premium, made-to-order Hawaiian shirts. Because trust is the fabric of every purchase, this Privacy Policy explains — in clear, plain language — what personal information we collect, why we collect it, how we use and protect it, and what choices & rights you have.
We follow all applicable U.S. privacy laws (e.g., CCPA/CPRA) and international best practices (GDPR) and meet the transparency standards required by Google Merchant Center and Google Shopping.


2. Scope & Purpose

This policy covers data collected through:

  • BebeHawaii.com (desktop, mobile, checkout, and customer-account areas)
  • Customer-service channels — email, phone, chat, social media DMs
  • Marketing tools (newsletter sign-ups, size-restock alerts, promotions)

We do not knowingly offer products or shipping outside the United States; visitors from other regions may browse the site but cannot complete checkout.


3. Information We Collect & Why

CategorySpecific DataWhy We Need It
Order & FulfillmentFull name, shipping & billing address, phone, email, chosen size, design variant, gift messageProcess, produce (3 – 5 business days), and deliver your shirt (9 – 15 business days); send order & tracking updates
PaymentEncrypted card token (via Stripe) or PayPal transaction IDAccept payment, issue refunds; BebeHawaii never stores full card numbers
AccountLogin credentials, order history, saved addressesSpeedy checkout, easy reorders, returns, exchanges
Support RecordsEmails, call recordings, chat transcripts, photos of defectsResolve inquiries, honor 30-day return policy, prevent fraud
Device & UsageIP address, browser type/version, pages viewed, referring URLs, cookiesSite security, performance analytics, personalize content
Marketing PreferencesNewsletter opt-in status, favorite sizes, purchase anniversariesSend product launches, sale announcements, style tips (only with consent)

Optional Data (e.g., birthday for promo coupons) is collected only if you voluntarily provide it and can be deleted at any time.


4. How We Use Your Information

  1. Fulfill & ship orders of Hawaiian shirts exclusively within the U.S.
  2. Communicate: order confirmation, shipping notice, delivery updates, and support responses (Mon – Sat, 9 AM – 5 PM EST).
  3. Customer care: size guidance, return/exchange processing, warranty questions.
  4. Marketing (opt-in only): newsletters, new print drops, VIP discount codes — with a one-click unsubscribe link in every email.
  5. Site performance & fraud prevention: monitor traffic patterns, block malicious activity.
  6. Legal & tax compliance: maintain purchase records for IRS and consumer-protection regulations.
  7. Sustainability analytics: study aggregated order data to reduce textile waste from overproduction.

5. Legal Bases for Processing (GDPR reference)

  • Contractual necessity – to fulfill your purchase contract.
  • Legitimate interests – fraud prevention, network security, product improvement.
  • Consent – promotional emails, non-essential cookies.
  • Legal obligation – bookkeeping, tax, and product-safety rules.

You can withdraw consent at any time without affecting the lawfulness of prior processing.


6. Sharing & Disclosure

We never sell or rent your personal information. We share only what is necessary with trusted service providers:

PartnerPurposeData SharedSafeguards
PayPalSecure payment processingEncrypted tokens, transaction amountPCI-DSS Level 1
USPS & UPSPrinting shipping labels, deliveryName, address, phone, emailLabel data encrypted in transit
Google Analytics 4Aggregate site metricsAnonymized IP, device detailsIP-masking; no cross-site ad features
Klaviyo (email platform)Newsletter deliveryName, email, opt-in statusSOC 2 Type II; unsubscribe & delete tools
Zendesk (support tickets)Manage emails/chatsContact info, order IDData residency in U.S.; role-based access

All partners sign Data-Processing Agreements and use data strictly for the listed purpose.


7. Cookies & Similar Technologies

TypeExamplesChoice
Essentialcart_token, checkout_sessionCannot be disabled; needed for site to function
Performance_ga (Google Analytics)Disable via “Cookie Settings” banner
Marketing_kly (Klaviyo), Facebook pixel (if opted-in)Disabled by default until you click “Accept All”

Our Cookie Banner appears on first visit, offering granular control and a link to adjust settings anytime.


8. Data Retention

DataRetention PeriodReason
Order & invoice records7 yearsIRS & state tax compliance
Support communications24 monthsQuality assurance, legal reference
Marketing opt-inUntil you unsubscribe or after 24 months of inactivityRespect user preference
Abandoned carts30 daysRemind shoppers, then anonymize
Web analytics14 monthsTrend analysis; then aggregated

After the period ends, data is securely deleted or anonymized.


9. Security Measures

  • SSL/TLS encryption site-wide; HSTS enforced
  • AES-256-encrypted backups in AWS us-east-1
  • Role-based access; staff trained annually on data-security best practices
  • Automated vulnerability scans; manual penetration tests every 12 months
  • Incident-response plan with 72-hour breach-notification window

10. Your Privacy Rights

Region / LawRightsHow to Exercise
CCPA/CPRA (California)Know, access, delete, correct, opt-out of “sale”, limit sensitive infoWebform in “My Account” or email privacy@bebehawaii.com
GDPR (EU/EEA visitors)Access, rectification, erasure, restriction, portability, objectionEmail with order ID & ID verification
All usersUpdate personal info, unsubscribe from marketing“My Account” dashboard or footer link

We will confirm receipt within 10 days and respond within 45 days (90 days for complex cases).


11. Do-Not-Track & Global Privacy Control

BebeHawaii honors browser Do-Not-Track signals and Global Privacy Control headers by automatically disabling non-essential cookies and marketing tags when detected.


12. Children’s Privacy

Our products and site are marketed to adults. We do not knowingly collect data from children under 13. If you believe a minor has provided personal information, contact us and we will delete it promptly.


13. Policy Updates

We may update this Privacy Policy for operational, legal, or regulatory reasons. The “Last Updated” date at the top will change, and material changes will be emailed to registered customers 30 days in advance.


14. Contact Us

BebeHawaii Privacy Team
1798 Mansion Ave, Claymont, DE 19703, United States
Phone: +1 (707) 753-0726
Email: privacy@bebehawaii.com (or) support@bebehawaii.com
Hours: Mon – Sat, 9 AM – 5 PM EST


Your trust is our Aloha.

From the moment you browse to the moment your made-to-order Hawaiian shirt lands on your doorstep, BebeHawaii protects your privacy with the same care we put into every stitch. If you have any questions, reach out — we’re here to help.

Other policies: