Privacy Policy for Kirin Covers

1. Introduction

Welcome to Kirin Covers ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.kirincovers.com (the "Site") and use our services to create custom AI-generated phone cases.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy.

2. Information We Collect

We collect personal information that you voluntarily provide to us when you register on the Site, express an interest in obtaining information about us or our products and services, when you place an order, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Site, the choices you make, and the products and features you use. The personal information we collect may include the following:

• Contact and Account Information: Your first and last name, email address, and potentially a username and password if you create an account.
• Order and Shipping Information: Your postal address (street, city, state, postal code, country) and phone number for order fulfillment and delivery purposes.
• Payment Information: We use third-party payment processors (e.g., Stripe) to handle payments. We do not directly collect or store your full credit card number or other sensitive payment details. The payment processor collects this information directly according to their own privacy policy. We may receive transaction confirmation details from the processor.
• Customization Information: Text prompts you provide for AI image generation and any images you may choose to upload (if this feature becomes available) to create your custom phone case design.

Information Automatically Collected

We aim to minimize automatic data collection. However, certain information is necessary for the site to function or is collected by essential third-party services we use:

• Log and Usage Data (Minimal): Our hosting provider and backend service (e.g., Supabase) may automatically log basic information necessary for operating and securing the service, which could include IP addresses, access times, and system activity. We do not actively use this data for tracking user behaviour across pages or for detailed analytics.
• Cookies (Essential): We use cookies necessary for the functioning of our Site. Specifically, if you log into an account, our authentication provider (e.g., Supabase) uses a session cookie (`session_id` or similar) to keep you logged in during your visit. This cookie is essential for providing secure access to your account and order information. We do not currently use cookies for tracking, advertising, or non-essential analytics. You can control cookies through your browser settings, but disabling essential cookies may prevent you from using certain features of our Site, such as logging in or placing orders.

We currently **do not** collect or process information about your specific browser type, operating system, detailed clickstream data, or use tracking technologies for advertising purposes.

3. How We Use Your Information

We use personal information collected via our Site for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent (where applicable), and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

• To Fulfill Orders and Provide Services: To process your payments, create your custom phone case based on your prompts/uploads, arrange for printing and shipping with our fulfillment partners, and manage your orders. (Legal Basis: Performance of a contract)
• To Manage Your Account: To create and manage your user account, if you choose to create one. (Legal Basis: Performance of a contract)
• To Communicate With You: To respond to your inquiries, provide customer support related to your orders or account, and send you important service-related notices (e.g., order confirmations, shipping updates, issues with an order). We will **not** send you marketing or promotional emails unless you explicitly opt-in in the future (we currently do not offer this). (Legal Basis: Performance of a contract; Legitimate interests for responding to inquiries)
• To Ensure Security and Prevent Fraud: To monitor for and prevent fraudulent transactions and other illegal activities, and protect the rights and property of Kirin Covers and others. (Legal Basis: Legitimate interests; Legal obligation)
• To Comply with Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests (e.g., tax reporting). (Legal Basis: Legal obligation)

4. Sharing Your Information

We only share information with third parties when necessary to provide our services, comply with the law, or protect our rights. We may share your information with the following categories of third parties:

• Payment Processors: Such as Stripe or similar providers, to securely process your payments. They receive your payment information directly.
• Fulfillment and Shipping Partners: Such as Printify or similar print-on-demand services and their shipping carriers. We provide them with your name, shipping address, phone number (often required by carriers), and the design specifics needed to print and ship your custom phone case.
• Backend and Cloud Service Providers: Such as Supabase or similar platforms that host our website, database (storing your account and order details), and handle authentication (like managing your login session).
• Legal Authorities: If required by law, regulation, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others, or to investigate fraud.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

5. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. This is particularly relevant as our service providers (like payment processors, fulfillment partners, and cloud hosting) may operate globally.

If you are located in the European Economic Area (EEA), UK, or Switzerland, this means your data may be transferred outside these regions. When we do transfer your data internationally, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as relying on Adequacy Decisions by the European Commission, using Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

6. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. We use HTTPS encryption for data transmitted to and from our Site. Access to your personal data within our systems is restricted to authorized personnel who need it to perform their job functions. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

7. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For order information (name, address, order details), we typically retain this for the period required by tax and commercial law. Account information is retained as long as your account remains active. Customization prompts may be retained for a period necessary to ensure order fulfillment and handle potential reprints or quality issues, after which they may be deleted or anonymized. You can request the deletion of your account and associated personal data, subject to our legal retention obligations.

8. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), UK, or Switzerland, you have certain data protection rights. Kirin Covers aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions (e.g., it's no longer necessary for the purpose it was collected, or you withdraw consent where consent was the basis).
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions (applies to data processed by automated means based on consent or contract).

If you wish to exercise any of these rights, please contact us at support@kirincovers.com. We may need to verify your identity before responding to such requests.

You also have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.

9. Children's Privacy

Our Site and services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@kirincovers.com