Tabeeze  is committed to protecting the privacy of our customers, users, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit [Website URL], create an account, or make a purchase.

By using our website, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our website.

2. Who We Are & How to Contact Us

Data Controller / Business Owner: TABEEZE INC

Mailing Address: 261 E COLORADO BLVD STE 215 PASADENA CA 91101

Privacy Inquiries: ASK@TABEEZE.COM

3. Personal Information We Collect

We collect the following categories of personal information:

3.1 Information You Provide Directly

• Account registration: name, email address, username, password (hashed)

• Purchase & billing: billing name and address, shipping address

• Payment information: credit/debit card numbers, bank account details (processed via PCI-DSS compliant third-party processors — we do not store raw card data)

• Communications: messages sent to customer support, reviews, survey responses

• Preferences: wish lists, saved items, marketing opt-in/out choices

3.2 Information Collected Automatically

• Device & browser: IP address, browser type/version, operating system, device identifiers

• Usage data: pages visited, links clicked, time on site, referring URL

• Cookies & tracking: see Section 7 (Cookies) for full details

• Location: general geographic location derived from IP address

3.3 Information from Third Parties

• Payment processors (e.g., Stripe, PayPal) — transaction confirmation and fraud signals

• Social login providers (e.g., Google, Facebook) — name, email, profile photo if you choose to sign in via these services

• Fraud prevention and identity verification services

• Advertising and analytics partners (aggregated/pseudonymous data)

4. Legal Bases for Processing (GDPR / UK GDPR)

For users in the EU and UK, we process personal data only where we have a valid legal basis:

• Contract performance — to fulfill your purchase orders, manage your account, process returns

• Legal obligation — to comply with applicable laws (tax, anti-money laundering, consumer protection)

• Legitimate interests — fraud prevention, security, improving our services, direct marketing to existing customers (you may opt out at any time)

• Consent — for non-essential cookies, certain marketing emails, and any other processing where we specifically ask for your consent

5. How We Use Your Personal Information

We use personal information for the following purposes:

5.1 Order Fulfillment & Account Management

• Process and ship your orders; send order confirmations and tracking updates

• Manage your account, password resets, and preferences

• Provide customer support and respond to inquiries

5.2 Payments & Fraud Prevention

• Authorize and process payments through our PCI-DSS certified payment processors

• Detect, investigate, and prevent fraudulent transactions and chargebacks

• Comply with financial regulations and anti-money-laundering requirements

5.3 Marketing & Personalization

• Send promotional emails, special offers, and product recommendations (opt-out available)

• Personalize your on-site experience and product suggestions

• Conduct customer satisfaction surveys

5.4 Legal & Compliance

• Comply with applicable laws, regulations, and legal process

• Enforce our Terms of Service and protect our rights

• Respond to lawful government and regulatory requests

5.5 Analytics & Improvement

• Analyze website traffic patterns and user behavior to improve our site

• Conduct A/B testing and product research

6. How We Share Your Personal Information

We do not sell your personal information. We share data only as described below:

• Service providers — hosting, payment processing, shipping carriers, email service providers, analytics providers; bound by data processing agreements

• Business transfers — in connection with a merger, acquisition, or sale of assets; you will be notified of any change in data controller

• Legal requirements — when required by law, court order, or to protect safety

• With your consent — for any sharing not described here, we will ask your permission first

7. Cookies & Tracking Technologies

We use cookies, pixel tags, and similar technologies. The categories below follow the IAB / ICO classification:

EU/UK visitors will be shown a cookie consent banner and may withdraw consent at any time via the Cookie Settings link in our website footer. Strictly necessary cookies do not require consent.

8. Data Retention

• Account data: retained for the lifetime of your account plus 3 years after closure (to resolve disputes and comply with legal obligations)

• Transaction / payment records: 7 years (tax and financial regulatory requirements in the US, Canada, UK, and EU)

• Marketing data: until you opt out or withdraw consent, or 3 years of inactivity

• Server logs / IP data: 90 days for security purposes

• Cookie data: per cookie lifetime as specified in our Cookie Policy

Upon expiry, data is securely deleted or anonymized. You may request earlier deletion subject to our legal retention obligations (see Section 9).

9. Your Privacy Rights

Depending on your location, you have the following rights:

To exercise any of these rights, contact us at [privacy@yourcompany.com] or use the privacy request form on our website. We will respond within the legally required timeframe and may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

10. International Data Transfers

We are headquartered in the United States. If you access our website from outside the US, your data may be transferred to, stored, and processed in the United States or other countries.

• EU/EEA & UK: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and the UK International Data Transfer Agreement (IDTA), as appropriate safeguards for international transfers.

• Canada: Transfers outside Canada comply with PIPEDA accountability principles; recipients are bound by contractual obligations providing equivalent protection.

You may request a copy of the applicable safeguards by contacting [dpo@yourcompany.com].

11. Security of Your Information

• We use TLS/SSL encryption for all data transmitted between your browser and our servers.

• Payment data is processed by PCI-DSS Level 1 certified processors. We do not store raw card numbers.

• Passwords are stored using industry-standard one-way hashing (bcrypt/Argon2).

• Access to personal data is restricted to authorized personnel on a need-to-know basis.

• We conduct regular security reviews and vulnerability assessments.

No system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify affected individuals and relevant regulators as required by applicable law (e.g., within 72 hours under GDPR; without unreasonable delay under PIPEDA and applicable US state laws).

12. Children's Privacy

Our website is not directed to children under the age of 16 (or such higher age as required by applicable law). We do not knowingly collect personal information from children:

• Under 13 (US — COPPA): We do not knowingly collect data from children under 13. If we become aware of such collection, we will delete it promptly.

• Under 16 (EU/UK — GDPR): Where we rely on consent, we require parental consent for users under 16.

• Under 14 (Canada — PIPEDA / Quebec Law 25): We apply heightened protections for minors.

If you believe we have inadvertently collected data from a child, please contact us at [privacy@yourcompany.com].

13. Additional Disclosures for California Residents (CCPA / CPRA)

13.1 Categories of Personal Information Collected

In the past 12 months we have collected: identifiers, customer records, commercial information, internet/network activity, geolocation data, and inferences drawn from the above.

13.2 Sensitive Personal Information

We collect payment card information as sensitive personal information. We use it only to process transactions and for fraud prevention. We do not use or disclose sensitive personal information for purposes beyond those permitted by CPRA without your explicit consent.

13.3 Opt-Out Rights

California residents may opt out of the "sharing" of personal information for cross-context behavioral advertising by clicking the "Do Not Sell or Share My Personal Information" link in the footer of our website or by contacting us at [privacy@yourcompany.com].

13.4 Shine the Light

California Civil Code § 1798.83 (Shine the Light) allows California residents to request information about third parties to whom we disclosed personal information for direct marketing in the prior calendar year. To submit such a request, contact us at [privacy@yourcompany.com].

14. Additional Disclosures for Canadian Residents (PIPEDA / Quebec Law 25)

• We maintain a designated Privacy Officer responsible for compliance with PIPEDA and Quebec Law 25.

• You may withdraw consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions, by contacting us at [privacy@yourcompany.com].

• Quebec residents have the right to request de-indexation of personal information published online and to be notified of any privacy incident likely to cause serious harm.

• We comply with Quebec Law 25 (Act to Modernize Privacy Legislation), including governance, privacy impact assessments, and mandatory breach reporting to the Commission d’accès à l’information.

15. Additional Disclosures for United Kingdom Residents (UK GDPR / DPA 2018)

• We comply with the UK General Data Protection Regulation and the Data Protection Act 2018.

• Our EU SCCs are supplemented by UK International Data Transfer Agreements (IDTAs) where applicable.

• You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

• If we make automated decisions with legal or significant effect, you have the right to request human review.

16. Additional Disclosures for EU / EEA Residents (GDPR)

• Our legal bases for processing are described in Section 4.

• You have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

• Where we transfer your data outside the EEA, we rely on Standard Contractual Clauses (Module 2 — Controller to Processor) as the transfer mechanism.

• We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

17. Do Not Track & Global Privacy Control

Some browsers transmit Do Not Track (DNT) signals. We currently do not respond to DNT signals in a standardized way as no uniform standard exists.

We do honor the Global Privacy Control (GPC) signal as an opt-out of sale/sharing of personal information for California residents, consistent with CPRA requirements. If your browser or extension transmits a GPC signal, we will treat it as a valid opt-out request.

18. Third-Party Links & Services

Our website may contain links to third-party websites, social media platforms, or embedded content. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you visit. We are not responsible for the privacy practices of third parties.

19. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in law, our practices, or our services. When we make material changes, we will:

• Update the “Effective Date” at the top of this policy

• Post a prominent notice on our website homepage for at least 30 days

• Send an email notification to registered account holders

Continued use of our website after such changes constitutes your acceptance of the updated policy.

20. Contact Us & Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

If you are unsatisfied with our response, you have the right to lodge a complaint with the applicable supervisory authority in your jurisdiction:

• EU/EEA: Your local Data Protection Authority (edpb.europa.eu)

• UK: Information Commissioner’s Office (ico.org.uk)

• Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)

• US: Your state Attorney General’s office

 

© 2026 TABEEZE. All rights reserved. | WWW.TABEEZE.COM