Privacy Policy

1. Introduction

This Privacy Policy describes how KawaiiCases ("we," "us," or "our") collects, uses, discloses, and safeguards the personal information of visitors and customers ("you") who access or use our website at kawaiicases.com (the "Site") or purchase our products and services (collectively, the "Services"). This policy applies to all users of our Services worldwide.

Please read this policy carefully. By accessing or using our Services, you acknowledge that you have read and understood the practices described herein. If you do not agree with this policy, please discontinue use of our Services.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

2. Information We Collect

a. Information You Provide Directly

We collect personal information you voluntarily provide, which may include:

Contact and identity information: Full name, email address, and phone number.
Transaction information: Shipping address, billing address, and order details.
Payment information: Payment card data submitted at checkout. Payment processing is handled entirely by our third-party payment processor, Stripe, Inc. We do not store, transmit, or have access to complete payment card numbers.
Custom design data: Design preferences, uploaded images, and configuration choices submitted through our custom case design tool.
Communications: Content of messages submitted through contact forms or customer support correspondence.

b. Information Collected Automatically

When you access our Site, we and our service providers may automatically collect certain technical information, including:

Device type, operating system, and browser type and version.
IP address (which may be anonymized or truncated in analytics contexts).
Pages visited, referring URLs, session duration, and navigation patterns.
General geographic region inferred from your IP address.

This information is collected using cookies and similar tracking technologies, as described in Section 6 below. We use Google Analytics with anonymization features enabled. We do not use this data to identify you personally; it is used solely to analyze aggregate usage patterns and improve the performance of our Site.

3. Lawful Basis for Processing (EEA, UK, and Switzerland)

If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland, we are required under applicable data protection law to identify the legal basis on which we rely when processing your personal information. We process your personal data on the following bases:

Processing Activity	Lawful Basis
Processing and fulfilling your order	Performance of a contract — processing is necessary to enter into or perform our contract with you.
Sending transactional communications (order confirmations, shipping notifications)	Performance of a contract — communications are necessary to fulfill your purchase.
Payment processing and fraud prevention	Legitimate interests — we have a legitimate interest in detecting and preventing fraud and unauthorized transactions, which does not override your fundamental rights.
Analytics and site improvement	Consent — we collect analytics data only where you have provided affirmative consent via our cookie consent banner.
Marketing communications	Consent — we send marketing emails only where you have opted in. You may withdraw consent at any time (see Section 8).
Compliance with legal obligations	Legal obligation — certain processing is required to comply with applicable law, including tax and accounting requirements.

Where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. How We Use Your Information

We process your personal information for the following purposes:

Order fulfillment: To process transactions, arrange shipping, produce custom orders, and manage returns or exchanges.
Communications: To send order confirmations, shipping notifications, and responses to your customer support inquiries. These are transactional communications required to complete your purchase.
Marketing communications: To send newsletters, promotional offers, and product announcements, where you have provided consent or where permitted by applicable law. You may opt out at any time (see Section 8).
Analytics and site improvement: To analyze aggregated, anonymized usage data for the purpose of improving user experience, diagnosing technical issues, and developing new features.
Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal or harmful activities.
Legal compliance: To satisfy our legal and regulatory obligations, including maintaining records required by applicable tax and accounting laws.

We will not use your personal information for any purpose materially different from those described above without first providing you notice and, where required, obtaining your consent.

5. Disclosure of Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

a. Service Providers

We engage third-party service providers who process personal information on our behalf to support our business operations. These providers are contractually obligated to use your information only as directed by us and in accordance with this policy. Such providers include:

Stripe, Inc.: Payment processing. Stripe's data practices are governed by the Stripe Privacy Policy.
Shipping carriers: To deliver your orders (e.g., your name, address, and contact information are shared with the applicable carrier).
Email service providers: To send transactional and marketing communications.
Website infrastructure providers: To host and operate our Site.
Analytics providers: To process anonymized, aggregated usage data (see Section 6).

Where we share personal data with service providers located outside your country of residence, we ensure appropriate safeguards are in place as described in Section 9 (International Data Transfers).

b. Legal Requirements and Protection of Rights

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a subpoena, court order, legal process, or other governmental request.
Enforce our Terms of Service or other agreements.
Protect the rights, property, or safety of KawaiiCases, our customers, or others.
Detect or prevent fraud or other illegal activity.

c. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your personal information may be transferred to the acquiring entity. We will provide notice prior to any such transfer becoming subject to a materially different privacy policy.

6. Payment Processing

All payment transactions are processed through Stripe, Inc., a PCI DSS-compliant payment processor. We do not receive, store, or have access to your complete payment card details at any point. Upon completing a transaction, Stripe returns only a non-sensitive token and the last four digits of your card number, which we store solely for order management purposes. You are encouraged to review Stripe's privacy policy at stripe.com/privacy.

7. Cookies and Tracking Technologies

We use cookies and similar technologies (collectively, "cookies") on our Site. A cookie is a small text file placed on your device by a website you visit.

Types of Cookies We Use

Strictly Necessary Cookies: Required for the Site to function. These include session cookies that maintain your shopping cart, authentication cookies that keep you logged in, and security cookies used in the payment flow. These cookies do not require your consent and cannot be disabled without significantly impairing Site functionality.

Analytics Cookies: We use Google Analytics to collect anonymized, aggregated information about how visitors use our Site, including page views, session duration, and navigation paths. We have enabled IP anonymization in our Google Analytics configuration so that your full IP address is never stored or processed by Google Analytics. This data is used solely to improve our Site and is not used to identify you personally. You may opt out of Google Analytics tracking at any time by installing the Google Analytics Opt-out Browser Add-on.

Functional Cookies: Used to remember your preferences, such as saved design configurations, so you do not need to re-enter information on repeat visits.

Cookie Consent

If you are accessing our Site from the EEA, the UK, or another jurisdiction that requires consent prior to the placement of non-essential cookies, we will present you with a cookie consent banner when you first visit our Site. We will not place analytics or functional cookies until you have provided your affirmative consent. You may withdraw or modify your cookie preferences at any time by accessing the cookie settings link available in the footer of our Site.

8. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption of data in transit using Transport Layer Security (TLS).
Payment processing through a PCI DSS-compliant third party (Stripe), with no storage of complete payment card data on our systems.
Access controls restricting employee access to personal data on a need-to-know basis.
Credentials stored using industry-standard one-way cryptographic hashing, such that no employee or system has access to plaintext passwords.

Please note: No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

9. International Data Transfers

KawaiiCases is based in the United States and sells to customers worldwide. When you provide personal information to us, that information may be transferred to, stored, and processed in the United States or in other countries where our service providers operate, which may have data protection laws that differ from those in your country of residence.

Transfers from the EEA, UK, and Switzerland

Where we transfer personal data originating from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of data protection (including the United States), we rely on appropriate safeguards to ensure the transfer is lawful, including:

Standard Contractual Clauses (SCCs): We utilize the European Commission's approved Standard Contractual Clauses in our agreements with relevant service providers. For transfers from the UK, we additionally rely on the UK's International Data Transfer Addendum where applicable.
Adequacy decisions: Where an adequacy decision issued by the European Commission or the UK Secretary of State applies to the recipient country, we rely on that decision as the transfer mechanism.

By using our Services, you acknowledge that your personal information may be processed in countries outside your own. We take all steps reasonably necessary to ensure your data is treated securely and in accordance with this policy.

10. Your Privacy Rights and Choices

Depending on your jurisdiction, you may have certain rights with respect to your personal information. Regardless of location, we honor the following requests:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information, subject to our legal retention obligations (see Section 11).
Opt-out of marketing: Unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any such email or by contacting us at privacy@kawaiicases.com.
Data portability: Request that we provide your personal data in a structured, commonly used, machine-readable format.
Objection: Object to certain types of processing, including direct marketing.

EEA and UK Residents (GDPR / UK GDPR)

If you are located in the EEA or the UK, you have additional rights under the General Data Protection Regulation ("GDPR") or the UK GDPR, as applicable, including:

Right to restriction of processing: You may request that we restrict the processing of your personal data in certain circumstances (e.g., while you contest its accuracy).
Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority. In the EU, a list of national supervisory authorities is available at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.

We will respond to all verified requests from EEA and UK residents within thirty (30) days, extendable by an additional sixty (60) days where necessary due to the complexity or volume of requests, with notice provided of any extension.

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:

The right to know what categories of personal information we collect and the purposes for which it is used.
The right to know whether your personal information is sold or disclosed, and to whom. We do not sell your personal information.
The right to opt out of the sale or sharing of personal information (not applicable, as we do not sell or share personal information for cross-context behavioral advertising).
The right to limit the use of sensitive personal information.
The right to non-discrimination for exercising your privacy rights.

To submit a verifiable consumer request under the CCPA/CPRA, please contact us at contact page.

11. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy or as required by applicable law:

Account and profile data: Retained for the duration of your active account relationship, and deleted upon a valid account closure request, subject to any outstanding legal obligations.
Order and transaction records: Retained for a minimum of seven (7) years to comply with applicable tax, accounting, and commercial record keeping requirements.
Marketing data: Retained until you withdraw consent or unsubscribe. Opt-out requests are processed promptly and no further marketing communications will be sent.
Anonymized analytics data: Retained for up to twenty-six (26) months, consistent with Google Analytics' default data retention configuration, after which it is automatically deleted. Because this data is anonymized and cannot reasonably be used to identify you, it is not subject to deletion requests.

12. Children's Privacy

Our Site and Services are not directed to children under the age of thirteen (13) in the United States, or under the applicable minimum age in other jurisdictions (16 in many EEA member states). We do not knowingly collect personal information from children below the applicable age threshold. If you are below that age, please do not submit any personal information through our Site.

If we become aware that we have inadvertently collected personal information from a child below the applicable age threshold, we will take prompt steps to delete such information from our records. If you believe we may have collected information from a child, please contact us using our contact page.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will provide notice by:

Updating the "Last Updated" date at the top of this policy.
Posting a prominent notice on our Site for a minimum of thirty (30) days following the change.
For registered users, sending an email notification to the address associated with your account.

Your continued use of our Services following the effective date of any changes constitutes your acceptance of the revised Privacy Policy. Where required by applicable law (including GDPR), material changes that affect processing based on consent will require you to provide fresh consent before the new practices take effect.

14. Contact Us and Data Controller Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries & General Support: please email us using the contact page.

For the purposes of the GDPR and UK GDPR, KawaiiCases acts as the data controller of your personal information. If you are located in the EEA or UK and have unresolved privacy concerns that we have not addressed to your satisfaction, you have the right to contact your local data protection supervisory authority (see Section 10).

1. Introduction

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

2. Information We Collect

a. Information You Provide Directly

We collect personal information you voluntarily provide, which may include:

Contact and identity information: Full name, email address, and phone number.
Transaction information: Shipping address, billing address, and order details.
Payment information: Payment card data submitted at checkout. Payment processing is handled entirely by our third-party payment processor, Stripe, Inc. We do not store, transmit, or have access to complete payment card numbers.
Custom design data: Design preferences, uploaded images, and configuration choices submitted through our custom case design tool.
Communications: Content of messages submitted through contact forms or customer support correspondence.

b. Information Collected Automatically

When you access our Site, we and our service providers may automatically collect certain technical information, including:

Device type, operating system, and browser type and version.
IP address (which may be anonymized or truncated in analytics contexts).
Pages visited, referring URLs, session duration, and navigation patterns.
General geographic region inferred from your IP address.

3. Lawful Basis for Processing (EEA, UK, and Switzerland)

Processing Activity	Lawful Basis
Processing and fulfilling your order	Performance of a contract — processing is necessary to enter into or perform our contract with you.
Sending transactional communications (order confirmations, shipping notifications)	Performance of a contract — communications are necessary to fulfill your purchase.
Payment processing and fraud prevention	Legitimate interests — we have a legitimate interest in detecting and preventing fraud and unauthorized transactions, which does not override your fundamental rights.
Analytics and site improvement	Consent — we collect analytics data only where you have provided affirmative consent via our cookie consent banner.
Marketing communications	Consent — we send marketing emails only where you have opted in. You may withdraw consent at any time (see Section 8).
Compliance with legal obligations	Legal obligation — certain processing is required to comply with applicable law, including tax and accounting requirements.

Where we rely on consent as our lawful basis, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. How We Use Your Information

We process your personal information for the following purposes:

Order fulfillment: To process transactions, arrange shipping, produce custom orders, and manage returns or exchanges.
Communications: To send order confirmations, shipping notifications, and responses to your customer support inquiries. These are transactional communications required to complete your purchase.
Marketing communications: To send newsletters, promotional offers, and product announcements, where you have provided consent or where permitted by applicable law. You may opt out at any time (see Section 8).
Analytics and site improvement: To analyze aggregated, anonymized usage data for the purpose of improving user experience, diagnosing technical issues, and developing new features.
Security and fraud prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal or harmful activities.
Legal compliance: To satisfy our legal and regulatory obligations, including maintaining records required by applicable tax and accounting laws.

We will not use your personal information for any purpose materially different from those described above without first providing you notice and, where required, obtaining your consent.

5. Disclosure of Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

a. Service Providers

Stripe, Inc.: Payment processing. Stripe's data practices are governed by the Stripe Privacy Policy.
Shipping carriers: To deliver your orders (e.g., your name, address, and contact information are shared with the applicable carrier).
Email service providers: To send transactional and marketing communications.
Website infrastructure providers: To host and operate our Site.
Analytics providers: To process anonymized, aggregated usage data (see Section 6).

Where we share personal data with service providers located outside your country of residence, we ensure appropriate safeguards are in place as described in Section 9 (International Data Transfers).

b. Legal Requirements and Protection of Rights

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with a subpoena, court order, legal process, or other governmental request.
Enforce our Terms of Service or other agreements.
Protect the rights, property, or safety of KawaiiCases, our customers, or others.
Detect or prevent fraud or other illegal activity.

c. Business Transfers

6. Payment Processing

7. Cookies and Tracking Technologies

We use cookies and similar technologies (collectively, "cookies") on our Site. A cookie is a small text file placed on your device by a website you visit.

Types of Cookies We Use

Functional Cookies: Used to remember your preferences, such as saved design configurations, so you do not need to re-enter information on repeat visits.

Cookie Consent

8. Data Security

Encryption of data in transit using Transport Layer Security (TLS).
Payment processing through a PCI DSS-compliant third party (Stripe), with no storage of complete payment card data on our systems.
Access controls restricting employee access to personal data on a need-to-know basis.
Credentials stored using industry-standard one-way cryptographic hashing, such that no employee or system has access to plaintext passwords.

9. International Data Transfers

Transfers from the EEA, UK, and Switzerland

Standard Contractual Clauses (SCCs): We utilize the European Commission's approved Standard Contractual Clauses in our agreements with relevant service providers. For transfers from the UK, we additionally rely on the UK's International Data Transfer Addendum where applicable.
Adequacy decisions: Where an adequacy decision issued by the European Commission or the UK Secretary of State applies to the recipient country, we rely on that decision as the transfer mechanism.

10. Your Privacy Rights and Choices

Depending on your jurisdiction, you may have certain rights with respect to your personal information. Regardless of location, we honor the following requests:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information, subject to our legal retention obligations (see Section 11).
Opt-out of marketing: Unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any such email or by contacting us at privacy@kawaiicases.com.
Data portability: Request that we provide your personal data in a structured, commonly used, machine-readable format.
Objection: Object to certain types of processing, including direct marketing.

EEA and UK Residents (GDPR / UK GDPR)

If you are located in the EEA or the UK, you have additional rights under the General Data Protection Regulation ("GDPR") or the UK GDPR, as applicable, including:

Right to restriction of processing: You may request that we restrict the processing of your personal data in certain circumstances (e.g., while you contest its accuracy).
Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority. In the EU, a list of national supervisory authorities is available at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:

The right to know what categories of personal information we collect and the purposes for which it is used.
The right to know whether your personal information is sold or disclosed, and to whom. We do not sell your personal information.
The right to opt out of the sale or sharing of personal information (not applicable, as we do not sell or share personal information for cross-context behavioral advertising).
The right to limit the use of sensitive personal information.
The right to non-discrimination for exercising your privacy rights.

To submit a verifiable consumer request under the CCPA/CPRA, please contact us at contact page.

11. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy or as required by applicable law:

Account and profile data: Retained for the duration of your active account relationship, and deleted upon a valid account closure request, subject to any outstanding legal obligations.
Order and transaction records: Retained for a minimum of seven (7) years to comply with applicable tax, accounting, and commercial record keeping requirements.
Marketing data: Retained until you withdraw consent or unsubscribe. Opt-out requests are processed promptly and no further marketing communications will be sent.
Anonymized analytics data: Retained for up to twenty-six (26) months, consistent with Google Analytics' default data retention configuration, after which it is automatically deleted. Because this data is anonymized and cannot reasonably be used to identify you, it is not subject to deletion requests.

12. Children's Privacy

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes, we will provide notice by:

Updating the "Last Updated" date at the top of this policy.
Posting a prominent notice on our Site for a minimum of thirty (30) days following the change.
For registered users, sending an email notification to the address associated with your account.

14. Contact Us and Data Controller Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries & General Support: please email us using the contact page.

Last updated · January 15, 2026

Privacy Policy

1. Introduction

2. Information We Collect

a. Information You Provide Directly

b. Information Collected Automatically

3. Lawful Basis for Processing (EEA, UK, and Switzerland)

4. How We Use Your Information

5. Disclosure of Your Information

a. Service Providers

b. Legal Requirements and Protection of Rights

c. Business Transfers

6. Payment Processing

7. Cookies and Tracking Technologies

Types of Cookies We Use

Cookie Consent

8. Data Security

9. International Data Transfers

Transfers from the EEA, UK, and Switzerland

10. Your Privacy Rights and Choices

EEA and UK Residents (GDPR / UK GDPR)

California Residents (CCPA / CPRA)

11. Data Retention

12. Children's Privacy

13. Changes to This Privacy Policy

14. Contact Us and Data Controller Information

Last updated · January 15, 2026

Privacy Policy

1. Introduction

2. Information We Collect

a. Information You Provide Directly

b. Information Collected Automatically

3. Lawful Basis for Processing (EEA, UK, and Switzerland)

4. How We Use Your Information

5. Disclosure of Your Information

a. Service Providers

b. Legal Requirements and Protection of Rights

c. Business Transfers

6. Payment Processing

7. Cookies and Tracking Technologies

Types of Cookies We Use

Cookie Consent

8. Data Security

9. International Data Transfers

Transfers from the EEA, UK, and Switzerland

10. Your Privacy Rights and Choices

EEA and UK Residents (GDPR / UK GDPR)

California Residents (CCPA / CPRA)

11. Data Retention

12. Children's Privacy

13. Changes to This Privacy Policy

14. Contact Us and Data Controller Information