Privacy policy

Last updated: April 12, 2026

MistHaven operates this store and the website, including all information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). MistHaven is supported by Shopify, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use and disclose your personal data when you visit, use, make a purchase or any other transaction through the Services, or when you communicate with us. In the event of a conflict between our Terms and Conditions of Service and this Privacy Policy, this Privacy Policy prevails with respect to the collection, processing and disclosure of your personal data.

Please read this Privacy Policy carefully. By using and accessing the Services you confirm that you have read this Privacy Policy and understand what is described regarding the collection, use and disclosure of your information.

The personal data we collect or process

When we use the term "personal data" we mean information that identifies or is reasonably linked to you or another person. Personal data does not include information collected anonymously or anonymized, such that it cannot identify you or be linked to you. We may collect or process the following categories of personal data, including inferences drawn from such personal data, based on your interaction with the Services, where you live and as permitted or required by applicable laws:

  • Contact details including name, address, billing address, shipping address, phone number and email address.
  • Financial data including credit card, debit card and financial account numbers, card payment details, financial account information, transaction details, payment method, payment confirmation and other payment details.
  • Account data including username, password, security questions, preferences and settings.
  • Transaction data including items you view, add to cart, add to your wishlist, or that you purchase, return, exchange or delete, and past transactions.
  • Communications with us including information you include in communications with us, for example if you submit a customer service dispute.
  • Device information including information about the device, browser or connection network, IP address and other unique identifiers.
  • Usage information including information about your interaction with the Services, as well as how and when you interact with or browse the Services.

Sources of personal data

We may collect personal data from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us or provide us with your personal data;
  • Automatically through the Services including through your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
  • From our service providers including when we engage them to implement a particular technology and when they collect or process your personal data on your behalf;
  • From our partners or third parties.

How we use your personal data

Based on how you interact with us or which Services you use, we may collect your personal data for the following purposes:

  • Providing, personalizing and improving the Services. We use your personal data to provide you with the Services, as well as to enforce our contract with you; process your payments; fulfill your orders; remember your preferences and items you are interested in; send you account-related notifications; process purchases, returns, exchanges or other transactions; create, maintain and manage your account; arrange shipping; facilitate returns and exchanges; allow you to post reviews and to create a personalized shopping experience, for example with product recommendations linked to your purchases. This may include using your personal data to personalize and improve the Services.
  • Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send you marketing, advertising and promotional communications via email, text message or mail, and to show you online ads for products and services within our Services or on other websites, also based on items you previously purchased or added to your cart and other activities within the Services.
  • Security and fraud prevention. We use your personal data to authenticate your account; provide a secure payment and shopping experience; identify, investigate or take action against any fraudulent, illegal, unsafe or harmful activity; protect public safety and our services. By choosing to use the Services and register an account you assume responsibility for protecting your credentials. We recommend that you do not share your username, password and other login data with anyone.
  • Communications with you. We use your personal data to provide you with customer service; provide you with answers; offer you effective services and maintain our business relationship with you.
  • Legal reasons. We use your personal data in compliance with applicable laws or in response to valid legal procedures, including requests from authorities or government agencies; to investigate or participate in testimonies, potential or ongoing lawsuits, or other legal procedures; to enforce or investigate potential violations of our terms or notices.

How we disclose personal data

In certain circumstances we may disclose your personal data to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors and other third parties who perform services on our behalf (for example, IT management, payment processing, data analysis, customer service, storage space, fulfillment and shipping).
  • With business and marketing partners to provide you with services and marketing ads. For example, we use Shopify to deliver personalized ads with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your data in accordance with their privacy notices. Depending on where you reside, you may have the right to ask us not to share your data to show you personalized and marketing ads based on your online activity with different merchants and websites. You can exercise the right to explicitly opt out of such uses here
  • When you ask or authorize us to disclose certain information to third parties, for example to ship your products, or when you use social media widgets or login integrations.
  • With our affiliates or within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy; in compliance with any legal obligations (including responding to subpoenas, search warrants and similar requests); to enforce terms and conditions of service or notices, and to protect or defend the Services, our rights and those of our users or other persons.

Relationship with Shopify

The Services are supported by Shopify, which collects and processes personal data related to your access to and use of the Services in order to deliver and improve the Services for you. In order to deliver and improve the Services for you, the data you submit to the Services will be transmitted and shared with Shopify and third parties who may reside in countries other than yours. In addition, to help you protect, grow and improve your business, we use certain advanced features of Shopify that incorporate data and information received from you through your interactions with our store, as well as with other merchants and with Shopify. To provide such advanced features, Shopify may use the personal data collected from your interactions with our store, as well as with other merchants and with Shopify itself. In such circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights related to the use of your personal data for such purposes. For more information about how Shopify uses your personal data and the rights you may have, you can consult Shopify's Consumer Privacy Notice. Depending on where you reside, you may exercise certain rights related to your personal data here Shopify Privacy Portal Link.

Third-party websites and links

The Services may include links to websites or other online platforms operated by third parties. If you open links to sites not affiliated with or controlled by us, you may have to accept their privacy and security notices and other terms and conditions. We do not guarantee nor are we responsible for the privacy and security of such sites, nor for the accuracy, truthfulness and reliability of the information contained therein. The information you provide in public or semi-public contexts, including what you share on third-party social platforms, may also be viewed by other users of the Services and/or by users of those third-party platforms, without restrictions on its use by us or by third parties. The fact that we include such links does not imply any endorsement by us of the content of those platforms or of their owners or operators, except as disclosed in the Services.

Children's data

The Services are not suitable for use by minors and we do not knowingly collect personal data from children below the age of majority in your jurisdiction. If you are a parent or guardian of a minor who has provided us with their personal data, you can contact us using the contact details below to request deletion. As of the effective date of this Privacy Policy, we are not aware of "sharing" or "selling" (as those terms are defined in applicable laws) the personal data of subjects under 16 years of age.

Data security and retention

Please note that no security measure is perfect or impenetrable, and we cannot guarantee "absolute security". Furthermore, the data you send us may not be secure during transmission. We recommend that you only use secure channels to communicate confidential or sensitive information to us.

The retention period for personal data depends on several factors, such as whether we need such data to maintain your account, to provide you with the Services, to fulfill legal obligations, to resolve disputes, or to enforce other contracts and notices.

Rights and choices available to you

Depending on where you reside, you may enjoy one or more rights related to personal data, among those listed below. However, such rights are not absolute and may apply only in certain circumstances, and we may decline your request to the extent permitted by law.

  • Right of access/knowledge. You may have the right to request access to your personal data in our possession.
  • Right to deletion. You may have the right to request deletion of your personal data in our possession.
  • Right to correction. You may have the right to request correction of your personal data in our possession.
  • Right to portability. You may have the right to receive a copy of your personal data in our possession and to ask us to transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to explicitly opt out of sale or sharing for targeted advertising. Depending on where you reside, you may have the right to explicitly opt out of the "sale" or "sharing" of your personal data or its processing for purposes that fall under "targeted advertising", as defined in applicable privacy laws. You can exercise the right to explicitly opt out of such uses here. Please note that if you visit our website with a Global Privacy Control opt-out preference enabled, we will automatically treat it as an opt-out request for the device and browser you are using to visit the website. If we are able to associate the device sending the signal with a Shopify account, we will apply the opt-out request to the account as well. For more information on Global Privacy Control you can visit https://globalprivacycontrol.org/. Apart from Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent by your browser or device.
  • Managing communication preferences. We may send you promotional emails and you can explicitly opt out of receiving them at any time by using the unsubscribe option in our emails. If you opt out, we may still send you non-promotional emails, such as those related to your account or orders you have placed.

If you reside in the United Kingdom or the European Economic Area, and subject to the restrictions and limits imposed by local laws, you may exercise the following rights in addition to those mentioned above:

  • Objection to processing and restriction of processing: You may have the right to ask us to stop or restrict the processing of personal data for certain purposes.
  • Withdrawal of consent: Where your consent is required to process your personal data, you have the right to withdraw it. If you withdraw such consent, this will not affect the lawfulness of processing based on your consent before the withdrawal.

You may exercise any of these rights as indicated in the Services or by contacting us through the contact details below. For more information about how Shopify uses your personal data and your possible rights, including those related to data processed by Shopify itself, you can visit https://privacy.shopify.com/en.

You will not suffer any discrimination for exercising these rights. Before processing your requests, we may need to verify your identity, within the limits permitted by applicable laws. In compliance with applicable laws, you may appoint an authorized agent to make requests on your behalf in order to exercise your rights. Before accepting a request from an agent, we will ask them to provide us with proof that they have been authorized by you and may ask you to verify your identity directly. We will respond to your request within the reasonable timeframes provided by applicable laws.

Complaints

In the event of complaints about how we process your personal data, contact us through the contact details below. Depending on where you reside, you may have the right to appeal our decision by contacting us through the contact details below, or to refer your complaint to the local authority responsible for data protection. For the EEA, you can find a list of supervisory data protection authorities here.

International transfers

Please note that we may transfer, store and process your personal data outside the country where you reside.

If your personal data is transferred outside the European Economic Area or the United Kingdom, we will rely on reliable transfer mechanisms, such as the European Commission's Standard Contractual Clauses, or equivalent contracts issued by the competent UK authorities, unless the data transfer is to a country deemed to provide an adequate level of protection.

Changes to this Privacy Policy

We will update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal or regulatory purposes. We will post the updated Privacy Policy on the website, change the "Last updated" date and issue a notice as required by applicable law.

Contact

If you have questions about our privacy practices or this Privacy Policy, or if you intend to exercise any rights to which you are entitled, send an email to founder@saaspipelinestudio.com.

For the purposes of applicable data protection laws, we are the data controller of your personal data.

Tracking technologies and cookies

Our website uses cookies and similar tracking technologies (pixels, tags, beacons) to improve your experience, analyze traffic and show you relevant advertising.

TikTok Pixel and Events API

We use the TikTok Pixel and TikTok Events API to measure the effectiveness of advertising campaigns, create custom audiences for remarketing and optimize ad delivery. The data shared may include: pages visited, products viewed, cart actions, completed purchases, IP address, user agent, email (in hashed form). Data sharing level: Maximum. TikTok Privacy Policy.

Meta Pixel (Facebook/Instagram)

We may use the Meta Pixel and the Conversions API for similar purposes. Meta Privacy Policy.

Legal basis for processing (GDPR)

If you reside in the European Economic Area (EEA), we process your data on the basis of: Performance of contract (art. 6.1.b GDPR) for orders and payments; Consent (art. 6.1.a GDPR) for marketing and profiling cookies, revocable at any time; Legitimate interest (art. 6.1.f GDPR) for security and fraud prevention.

Your rights (GDPR)

You have the right to: access your data, rectify it, delete it ("right to be forgotten"), restrict its processing, data portability, object to direct marketing, withdraw consent, file a complaint with the competent data protection authority. To exercise your rights: founder@saaspipelinestudio.com

Extra-EU data transfer

Your data may be transferred to providers outside the EU (Shopify in Canada, TikTok in Singapore/USA, Meta in USA) on the basis of Standard Contractual Clauses (SCC) approved by the European Commission.

Retention period

Order data: 10 years (tax obligations). Marketing data: until consent is withdrawn.