Privacy Policy

Last updated: August 28, 2025

Heads up: Replace the placeholders in the Contact section with your legal entity name and mailing address. If you later add or remove pixels, analytics, or payment methods, update the names in the relevant sections below.

1) Scope

This Policy explains how Mystic Ink (“we,” “us,” “our”) collects, uses, shares, and protects information when you visit mysticink.shop, browse products, place orders for temporary tattoo items, create an account, subscribe to communications, interact with our content and ads, or contact support. It does not apply to third-party services we do not control.

2) Data We Collect

  • Identifiers & Contact: name, email, phone number, shipping and billing addresses.
  • Order & Payment: items purchased, amounts, currency, transaction status; payments are processed by payment processors (we do not store full card numbers).
  • Account & Support: hashed credentials, order/return history, messages with support.
  • Device & Usage: IP address, device/browser identifiers, pages viewed, clicks, dwell time, referrers, timestamps.
  • Marketing & Interactions: subscription preferences, email/ad engagement, reviews and ratings, images/videos you submit, and social handles you provide.
  • Cookies/Pixels: first- and third-party cookies and pixels that power cart/checkout, analytics, and advertising.
  • Inferences: reasonable inferences about interests and preferences derived from the above.

3) How We Use Your Data & Legal Bases

  • Fulfillment & Services: process orders, payments and refunds, arrange shipping, and provide support (Contract).
  • Operate & Improve: diagnostics, analytics, performance, and user experience (Legitimate Interests).
  • Communications: transactional notifications, service updates, and support (Contract/Legitimate Interests).
  • Marketing: send marketing communications with your consent or where permitted; you can opt out at any time (Consent/Legitimate Interests).
  • Security & Fraud Prevention: monitor abuse and suspicious activity, protect accounts and transactions (Legitimate Interests/Legal Obligation).
  • Compliance: meet tax, accounting, and legal requirements (Legal Obligation).

4) Cookies & Similar Technologies

We use cookies, pixels, and local storage to enable core features (e.g., cart/checkout), measure traffic and performance, and personalize content and ads. Where required, we obtain consent via a banner or preference center. You can manage cookies in your browser and opt out of interest-based advertising via tools such as optout.aboutads.info.

5) Advertising, Measurement & Personalization

We use analytics and advertising technologies (e.g., Google Analytics and any audience/remarketing features configured on the site). Some ad or form tools may collect device data and hashed identifiers (such as a hashed email) for audience matching and conversion measurement. We share the minimum necessary data with platforms to deliver and measure ads. You can limit personalized ads in platform settings or through our privacy preference tools.

For California residents, if certain analytics/advertising disclosures are deemed “sell” or “share,” you can exercise your rights via the mechanisms described in Privacy Choices (“Do Not Sell or Share My Personal Information”).

6) Sharing & Disclosure

We share information with service providers under contracts limiting their use of your data to the services they perform, including:

  • Payments & Checkout: store/checkout infrastructure (e.g., Shopify) and payment providers (e.g., PayPal, Sezzle, Afterpay, as applicable).
  • Fulfillment & Logistics: warehousing, pick/pack, carriers.
  • Analytics & Advertising: measurement, attribution, and audience tools (e.g., Google Analytics and configured ad platforms).
  • Fraud Prevention & Security: risk, identity, and traffic protection.
  • Professional Services: accounting, legal, audit.

We may disclose information to comply with law, enforce terms, or protect rights, property, and safety.

7) Payments & Security

Payment information is processed by compliant providers under PCI DSS and industry standards. Data in transit uses TLS. We retain payment-related data only as long as needed to complete payments, refunds, and disputes, unless a longer period is required by law. After that, we delete or anonymize it.

8) Data Retention

We retain information for as long as necessary to fulfill the purposes described in this Policy (e.g., for tax and accounting obligations). When no longer needed, we delete or anonymize it.

9) International Transfers

Your information may be processed outside your country. Where applicable (e.g., under GDPR/UK GDPR), we use appropriate safeguards—such as EU Standard Contractual Clauses—to protect personal data transferred internationally.

10) Your Rights (GDPR/UK & CCPA/CPRA)

  • GDPR/UK GDPR: rights to access, correct, delete, restrict or object to processing, data portability, and withdraw consent.
  • California CCPA/CPRA: rights to know, access, delete, correct, limit use of sensitive information, and to opt out of “selling/sharing” personal information for cross-context behavioral advertising.

We do not sell your personal information for money. Where law classifies certain analytics/advertising disclosures as “sell/share,” you can opt out via our mechanisms below. We will verify requests and respond within required timeframes. Authorized agents may submit requests where permitted.

Privacy Choices (Do Not Sell/Share & Cookie Preferences)

  • Use the site’s privacy preferences to manage non-essential cookies and personalized ads.
  • California residents may submit a “Do Not Sell or Share My Personal Information” request (where applicable).
  • You may also email us to exercise access/deletion and other data subject rights (see Contact).

11) Children’s Privacy

We do not knowingly collect personal information from children under the age required by applicable law. If you believe a child provided information to us, please contact us so we can take appropriate steps.

12) User-Generated Content (UGC) & License

If you submit reviews, images/videos, or social handles for display or campaigns, we will use them within the scope agreed at submission. You may withdraw permission at any time; this will not affect prior uses based on your consent or retention allowed by law (e.g., backups).

13) Contact

Email: privacy@mysticink.shop
Address: [Your Legal Entity Name], [Street], [City], [State/Province], [Postal Code], [Country]

14) Changes to This Policy

We may update this Policy from time to time. The “Last updated” date above reflects the most recent changes. Where required by law, we will provide additional notice of material changes.

15) Glossary (Brief)

  • Personal Information/Data: information that identifies or can reasonably be linked to an individual.
  • Processing: any operation on personal information, such as collection, storage, use, transfer, or deletion.
  • Sell/Share (CCPA/CPRA): “sale for monetary or other valuable consideration” and “sharing for cross-context behavioral advertising,” as defined by applicable law.