Privacy policy

PRIVACY POLICY

Company Name: Made and Co, Inc.
Jurisdiction: State of California, United States
Effective Date: 5th December 2025

1. Introduction and Scope

1.1 Purpose of this Policy. This Privacy Policy (“Policy”) explains how Made and Co, Inc. (“Made and Co,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you visit or use our website at www.madeandcodesigns.com, make a purchase from us, interact with our marketing, or otherwise engage with us (together, the “Services”).

1.2 Who this Policy Applies To. This Policy applies to individuals who access or use the Services worldwide, including customers and visitors located in the United States and internationally (“you” or “your”).

1.3 Separate Cookie Policy. We use cookies and similar technologies on our website. Details about those technologies and your options are described in our separate Cookie Policy, which should be read together with this Policy.

1.4 By Using the Services. By accessing or using the Services, you acknowledge that you have read and understand this Policy. If you do not agree, you must discontinue use of the Services.

1.5 U.S. Federal & State Privacy Frameworks.
Where applicable, we comply with United States privacy laws including, without limitation, the California Consumer Privacy Act (CCPA/CPRA), the California Online Privacy Protection Act (CalOPPA), the Children’s Online Privacy Protection Act (COPPA), the CAN-SPAM Act, and other federal and state laws governing marketing, consumer protection, and electronic communications. Additional region-specific rights are described in Sections 14–17 of this Policy.

2. Controller and Key Roles

2.1 Data Controller. For purposes of most data protection laws, Made and Co, Inc., established in California, United States, is the entity that determines the purposes and means of processing your personal information.

2.2 Service Providers and Processors. We engage third parties such as Shopify, payment processors, analytics providers, and shipping carriers to process personal information on our behalf in accordance with our instructions and this Policy.

2.3 Local Requirements. Depending on where you live, local privacy laws may grant you additional rights or impose additional obligations on us. Where such laws apply and cannot be limited, we will honor them.

3. Personal Information We Collect

3.1 Information You Provide Directly. We may collect the following categories of information when you place an order, create an account, contact us, or otherwise interact with us:

  • Identifiers and contact details (e.g., name, email address, phone number, billing and shipping address).
  • Order and transaction information (e.g., products purchased, order dates, payment method type, transaction totals).
  • Account information (e.g., username, password, order history, saved addresses).
  • Communications (e.g., messages you send via email, contact forms, or social media, including support inquiries).
  • Custom Product details (e.g., names, dates, wording or other content you request to be printed or included on Products).

3.2 Information Collected Automatically. When you access or use the Services, we may automatically collect:

  • Device and technical information (e.g., IP address, browser type and version, operating system, device identifiers).
  • Usage data (e.g., pages viewed, time and date of visits, referring URLs, clicks, scrolls, and interaction with content).
  • Approximate location data (e.g., city, country, region, based on IP address).

3.3 Information from Third Parties. We may receive personal information about you from:

  • Shopify and payment processors, related to orders and payments.
  • Carriers and logistics providers, related to shipment and delivery status.
  • Analytics and social media partners such as Google Analytics, Meta (Facebook) Pixel, and Pinterest Tag, in aggregated or pseudonymised form, where permitted by law and platform rules.

3.4 Sensitive Personal Information. We do not intentionally seek to collect sensitive personal information (such as health information, government identifiers, or precise geolocation). If you choose to provide such information (for example, in free text fields), you do so at your own discretion and we process it only as necessary for the relevant purpose or as required by law.

4. Sources of Personal Information

We may collect personal information from the following sources:

4.1 Directly from You. When you place orders, submit forms, create an account, or communicate with us.

4.2 Automatically from Your Devices. Through cookies and similar technologies, as described in our Cookie Policy.

4.3 From Service Providers and Partners. Including Shopify, payment processors, analytics providers, social media and marketing partners, and shipping carriers.

4.4 From Public or Shared Sources. In limited circumstances, such as when you tag us on social media or post public reviews that reference our Products.

5. How We Use Personal Information

We use personal information for the following purposes, to the extent permitted by applicable law:

5.1 To Provide and Fulfil Orders. Processing orders, payments, shipping Products, providing order updates, and communicating about your purchases.

5.2 To Operate and Improve the Services. Operating, maintaining, analyzing, and improving our website, Products, and user experience.

5.3 Customer Support. Responding to your questions, requests, complaints, and other communications, and providing after-sales support.

5.4 Marketing and Promotions. Sending you marketing communications (where permitted) about Products, offers, and events; personalising marketing content based on your interactions and preferences.

5.5 Analytics and Performance. Understanding how visitors use the Services, measuring the effectiveness of campaigns, and improving our content and design.

5.6 Security and Fraud Prevention. Detecting, investigating, and preventing fraudulent transactions, abuse, security incidents, and other harmful or unlawful activities.

5.7 Legal and Compliance. Complying with legal obligations, responding to lawful requests from public authorities, and establishing, exercising, or defending legal claims.

5.8 Other Purposes with Your Consent. Any additional purpose for which we expressly request and receive your consent.

5.9 CAN-SPAM Compliance. If we send you commercial emails, we do so in compliance with the United States CAN-SPAM Act, including providing accurate header information, a valid physical postal address, clear identification that a message is promotional in nature (where required), and an easy-to-use opt-out mechanism.

6. Legal Bases for Processing (EEA/UK and Similar Jurisdictions)

Where European, UK, or similar data protection laws apply, we process personal information under the following legal bases:

6.1 Performance of a Contract. To process and fulfill your orders, provide the Services, and perform our contract with you.

6.2 Legitimate Interests. To operate and improve our business, prevent fraud, secure our Services, understand how customers use our Products, and market to existing customers, where those interests are not overridden by your rights and interests.

6.3 Consent. Where required, for certain analytics, cookies, and marketing activities. You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

6.4 Legal Obligations. To comply with accounting, tax, and other legal requirements, and to respond to lawful requests from authorities.

7. Cookies and Similar Technologies

7.1 Use of Cookies. We use cookies, pixels, tags, and similar technologies on the Services to recognize your browser or device, remember your preferences, analyze traffic, and measure marketing effectiveness.

7.2 Types of Technologies. These may include:

  • Strictly necessary cookies for website operation and checkout.
  • Performance and analytics cookies to understand usage and improve the Services.
  • Advertising and social media cookies to measure campaigns and deliver relevant content.

7.3 More Information and Choices. Full details about our use of cookies and your options to manage them are set out in our Cookie Policy, which forms part of this Policy by reference.

8. Analytics, Pixels, and Social Media Tools

8.1 Google Analytics. We use Google Analytics to help us understand how visitors interact with the Services, such as which pages are visited and how often. Google Analytics may set cookies or read existing cookies to collect information in an anonymised or pseudonymised form.

8.2 Meta (Facebook) Pixel. We use the Facebook Pixel to measure the performance of our advertisements on Meta platforms and to better understand how users navigate between our ads and our website.

8.3 Pinterest Tag. We use the Pinterest Tag for analytics and to measure the effectiveness of our Pinterest marketing activities.

8.4 Platform Policies. These partners process personal information as independent or joint controllers in accordance with their own privacy policies. We encourage you to review their privacy and opt-out settings directly on their platforms.

8.5 Your Choices. Your ability to manage cookies, marketing consent, and certain tracking settings is described in our Cookie Policy and in Sections 16 and 17 of this Policy.

8.6 Cross-Context Behavioral Advertising (CPRA). Certain analytics and advertising tools may be considered “cross-context behavioral advertising” or “targeted advertising” under California or other U.S. state privacy laws. Your rights in relation to these activities, including opt-out options, are described in Section 14 and our Cookie Policy.

9. How We Share Personal Information

We may share personal information with the following categories of recipients, in each case only as reasonably necessary for the purposes described in this Policy:

9.1 Service Providers. Third-party vendors who perform services on our behalf, such as:

  • E-commerce and hosting provider (including Shopify).
  • Payment processors and financial institutions.
  • Logistics and shipping carriers.
  • IT, security, and infrastructure providers.
  • Email, marketing, and analytics providers.

9.2 Business Partners. Limited sharing with advertising and social media partners to measure and improve our marketing, where permitted by law and subject to your choices.

9.3 Legal and Compliance Recipients. Law enforcement, regulators, courts, or other third parties where required by law or reasonably necessary to protect our rights, property, or safety or the rights, property, or safety of others.

9.4 Corporate Transactions. In connection with a sale, merger, restructuring, reorganization, dissolution, or other corporate transaction in which personal information may be transferred as part of the business assets, subject to appropriate confidentiality protections.

9.5 With Your Consent. Where you have expressly consented to a particular disclosure.

We do not sell your personal information in the ordinary sense of the word. If applicable law deems certain uses of cookies or marketing data to be a “sale” or “sharing,” your rights are addressed in Section 14 and our Cookie Policy.

9.6 CPRA “Sharing” and “Selling” Clarification. Under the California Privacy Rights Act (CPRA), certain data uses—particularly those involving cookies or advertising identifiers—may be considered a “sale” or “sharing” of personal information, even when no money is exchanged. We do not sell personal information in the traditional sense. Where our activities constitute a “sale” or “sharing” under California law, you have the right to opt out as described in Section 14 and our Cookie Policy.

10. International Transfers

10.1 Global Access. Our Services may be accessed globally, and your personal information may be processed in countries other than the one in which you reside, including the United States.

10.2 Safeguards for International Transfers. Where required by law, we implement appropriate safeguards for international transfers, such as standard contractual clauses or comparable measures, to protect your personal information.

10.3 Local Rights. If you are located in a jurisdiction that restricts cross-border transfers, you may have additional rights or options. Please contact us using the details in Section 20 for further information.

11. Data Retention

11.1 Retention Principles. We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected and to satisfy legal, accounting, or reporting requirements.

11.2 Examples. For example, we may retain:

  • Order and transaction records for the period required by tax and accounting laws.
  • Customer service communications for a period necessary to address your inquiries and maintain business records.
  • Marketing preference information until you withdraw consent or opt out, and for a reasonable period thereafter to ensure your preferences are respected.

11.3 Anonymisation. We may anonymise or aggregate information so that it no longer identifies you and may retain such information for longer periods for business, analytical, or statistical purposes.

12. Security of Personal Information

12.1 Safeguards. We use reasonable technical, organizational, and administrative measures designed to protect personal information under our control against unauthorized access, destruction, loss, alteration, or misuse.

12.2 No Absolute Security. While we strive to protect your information, no system or transmission is completely secure. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect any unauthorized access or use.

12.3 CalOPPA Security Requirement.
In accordance with the California Online Privacy Protection Act (CalOPPA), we implement reasonable security measures to protect personal information that we collect from unauthorized access, disclosure, or destruction.

13. Children’s Privacy (COPPA Compliance)
13.1 COPPA Notice. We do not knowingly collect personal information from children under 13 years of age, and our Services are not directed to children under 13. We comply with the Children’s Online Privacy Protection Act (COPPA).

13.2 No Knowing Collection. If we discover that personal information has been collected from a child under 13 without verifiable parental consent, we will delete it as required by COPPA.

13.3 Parental Rights Under COPPA. Parents who believe their child may have provided personal information to us may contact us using the details in Section 20 to request review or deletion.

13.4 Use by Older Minors. Users aged 13–17 should access the Services only with permission and supervision from a parent or guardian.

14. Your Privacy Rights – California Residents

If you are a resident of California, you may have certain rights under California privacy laws (such as the California Consumer Privacy Act as amended):

14.1 Right to Know. You may have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share personal information, subject to certain limitations.

14.2 Right to Delete. You may have the right to request deletion of personal information we have collected about you, subject to certain exceptions (for example, where we need the information to complete a transaction, detect security incidents, comply with a legal obligation, or for other limited purposes permitted by law).

14.3 Right to Correct. You may have the right to request correction of inaccurate personal information that we maintain about you.

14.4 Right to Opt Out of Certain Uses of Data. Where applicable, you may have the right to opt out of certain uses of personal information that may be deemed a “sale” or “sharing” for cross-context behavioral advertising under California law. You can exercise these choices through the mechanisms described in our Cookie Policy and any “Do Not Sell or Share My Personal Information” link we may provide.

14.5 Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights under California law. However, we may offer different prices or benefits that are reasonably related to the value of your personal information, where permitted.

14.6 How to Exercise California Rights. You may exercise your rights by contacting us using the details in Section 20 and specifying that you are a California resident asserting your privacy rights. We may need to verify your identity before responding. You may also have the right to designate an authorized agent to make requests on your behalf, subject to verification.

14.7 Additional California Rights (CalOPPA).
Under the California Online Privacy Protection Act, California residents have the right to:

  • know how we respond to “Do Not Track” signals (see Section 17),
  • view the effective date of this Policy,
  • request updates to inaccurate information, and
  • know the categories of personal information we collect and third parties we share with, which are disclosed throughout this Policy.

14.8 California Shine the Light Law.
California residents may request information about categories of personal information we shared with third parties for their marketing purposes (if any). At this time, we do not share personal information with third parties for their independent direct marketing, as defined under the Shine the Light law.

15. Your Privacy Rights – EEA, UK, and Similar Jurisdictions

If you are located in the European Economic Area, the United Kingdom, or a jurisdiction with similar data protection laws, you may have the following rights, subject to conditions and limitations:

15.1 Right of Access. To obtain confirmation whether we process personal information about you and to receive a copy.

15.2 Right to Rectification. To correct inaccurate or incomplete personal information.

15.3 Right to Erasure. To request deletion of personal information in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected or you have withdrawn consent and there is no other legal basis.

15.4 Right to Restrict Processing. To request that we restrict our processing of your personal information under certain conditions.

15.5 Right to Data Portability. To receive personal information you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.

15.6 Right to Object. To object to certain processing activities, including where we rely on legitimate interests as the legal basis, and to opt out of direct marketing at any time.

15.7 Right to Withdraw Consent. Where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

15.8 Right to Lodge a Complaint. You may lodge a complaint with a supervisory authority in your place of residence, place of work, or place of alleged infringement.

16. Rights and Choices for Other Regions

In other jurisdictions, you may have rights similar to or in addition to those described above, depending on local law. We will respond to any privacy-related request in accordance with applicable legal requirements. If you wish to exercise a privacy right or inquire about which rights are available to you, please contact us using the details in Section 20.

17. Marketing Communications, Cookies, and Opt-Out Mechanisms

17.1 Email Marketing. Where permitted by law, we may send you marketing emails about Products, promotions, or events. You may unsubscribe at any time by using the “unsubscribe” link in our emails or by contacting us.

17.2 Cookie and Tracking Preferences. Your ability to manage cookies and similar technologies, including certain analytics and advertising tools, is described in our Cookie Policy and may include:

  • Browser settings to block or delete cookies.
  • Preference tools or banners on our website.
  • Platform-specific ad settings (e.g., Google, Meta, Pinterest).

17.3 Do Not Track and Global Privacy Controls. Some browsers allow you to send “Do Not Track” signals or similar settings. Our handling of such signals and any Global Privacy Controls is described in our Cookie Policy and will be implemented in accordance with applicable law.

17.4 California Do Not Track (CalOPPA).
We are required under CalOPPA to disclose how we respond to “Do Not Track” signals. Currently, there is no industry standard for responding to these signals, and we do not respond to all Do Not Track mechanisms. However, we provide alternative opt-out tools described in this Policy and our Cookie Policy.

17.5 Global Privacy Control (GPC).
Where required by California or other U.S. state laws, we honor valid Global Privacy Control signals as a method to opt out of the “sale” or “sharing” of personal information for targeted advertising.

18. Third-Party Websites, Plug-Ins, and Social Media

18.1 External Sites. The Services may contain links to websites or services operated by third parties. This Policy does not apply to such sites, and we are not responsible for their content, privacy practices, or security.

18.2 Social Media Features. Our Services may integrate social media features (such as “like” or “share” buttons) that are operated by third parties. These features may collect information such as your IP address and which page you are visiting, and may set cookies. Your interactions with these features are governed by the privacy policies of the third parties providing them.

19. Changes to This Privacy Policy

19.1 Updates. We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

19.2 Notification of Changes. When we make material changes, we will take appropriate steps to notify you, such as posting an updated Policy on our website with a new Effective Date and, where required by law, seeking your consent.

19.3 Continued Use. Your continued use of the Services after the Effective Date of an updated Policy signifies that you have read and understood the changes.

20. Contacting Us

If you have questions about this Policy, our privacy practices, or wish to exercise your privacy rights, you may contact us using the following details:

  • Email: hello@madeandcodesigns.com
  • Postal Address: 14747 Artesia Blvd 3A, La Mirada, CA 90638
    Made and Co, Inc.

California, United States

We will review and respond to your request or inquiry within a reasonable period and in accordance with applicable law.