PRIVACY POLICY

Last Updated: April 16, 2026
Company Name: HIIID VAPE
Website:  WWW,HIIIDVAPE ,COM
Contact:  sales@hiiidvape.com | [Physical Address]

This Privacy Policy explains how [Your Vape Brand Name] (“we,” “us,” “our”) collects, uses, stores, shares, and protects your personal information when you visit our website, create an account, place orders for disposable e‑cigarette/vape products, subscribe to marketing communications, or interact with our services. This policy complies with the General Data Protection Regulation (GDPR) (EU/EEA), California Consumer Privacy Act (CCPA/CPRA) (US), and other applicable global privacy laws.
By accessing or using our services, you confirm you are at least 21 years of age (or the legal purchasing age in your jurisdiction) and consent to the practices described in this policy.

1. INFORMATION WE COLLECT
We collect the following categories of personal information, directly from you or automatically when you use our website:
1.1 Personal Information You Provide Voluntarily
Account & Contact Data: Full name, email address, phone number, username, password (encrypted), shipping/billing address.
Order & Transaction Data: Payment details (processed securely via third‑party gateways; we do NOT store full credit/debit card numbers), order history, product preferences, delivery instructions.
Age Verification Data: Date of birth, government‑issued ID (if required for age verification, processed securely and deleted after verification).
Marketing & Support Data: Consent for marketing emails/SMS, feedback, support inquiries, survey responses.
1.2 Automatically Collected Data (Usage & Technical)
Device & Browsing Data: IP address, browser type/version, operating system, device ID, screen resolution, referral URL, pages visited, time/date of access, clickstream data.
Cookies & Tracking Technologies: We use cookies, web beacons, and similar tools to remember cart items, preferences, analyze traffic, and deliver targeted ads (see Section 5 for cookie details).
Location Data: General geographic location (derived from IP address; precise location only with your explicit consent).

2. HOW WE USE YOUR INFORMATION
We process your personal data only for the following legitimate purposes, based on legal bases under GDPR (consent, contract performance, legitimate interest, legal obligation) and CCPA requirements:
Fulfill Orders & Provide Services: Process payments, ship products, deliver orders, send order confirmations/tracking updates, manage returns/refunds.
Age Verification & Compliance: Verify you meet the legal age to purchase vape products; comply with tobacco/vape regulations (e.g., TPD, FDA rules) and prevent underage sales.
Account Management: Create/maintain your account, authenticate logins, reset passwords, update your profile.
Customer Support: Respond to inquiries, resolve issues, provide technical assistance.
Improve Our Website & Products: Analyze usage trends, optimize site performance, enhance product offerings, conduct A/B testing.
Marketing Communications (Opt‑In Only): Send newsletters, product updates, promotions, and exclusive offers only if you explicitly opt in; you may unsubscribe at any time via the link in emails or your account settings.
Security & Fraud Prevention: Detect/prevent fraud, unauthorized access, illegal activities, and protect our website/services and users.
Legal Obligations: Comply with tax, accounting, regulatory, and legal requirements; respond to valid legal requests (court orders, subpoenas).

3. DATA SHARING & DISCLOSURE
We share your personal data only with trusted third parties, as required by law, or with your explicit consent. We do NOT sell your personal data to third parties for commercial purposes (as defined under CCPA/CPRA).
3.1 Third‑Party Service Providers
We share data with vendors who perform services on our behalf, under data processing agreements (GDPR):
Payment Processors: Stripe, PayPal, Square (to process payments securely).
Shipping Carriers: USPS, DHL, UPS (to deliver orders).
Age Verification Services: Third‑party tools to verify legal purchasing age.
Analytics & Hosting: Google Analytics, Cloudflare, Shopify/WooCommerce (to host and analyze website traffic).
Email Marketing: Mailchimp, Klaviyo (to send opt‑in marketing communications).
Customer Support Tools: Zendesk, Intercom (to manage support inquiries).
3.2 Legal & Safety Disclosures
We may disclose your data if required by law, or in good faith to:
Comply with legal processes, regulations, or government requests.
Protect our rights, property, safety, or the safety of others.
Investigate or prevent fraud, illegal activities, or breaches of our Terms of Service.
3.3 Business Transfers
In the event of a merger, acquisition, asset sale, or bankruptcy, your data may be transferred to the successor entity, with notice provided to you.

4. DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
Account & Order Data: Retained for 7 years after your last order/account activity (to comply with tax/accounting laws).
Age Verification Data: Deleted immediately after successful verification (unless required by law to retain longer).
Marketing Data: Retained until you unsubscribe, then deleted within 30 days.
Usage/Technical Data: Retained for 12–24 months for analytics, then anonymized or deleted.

5. COOKIES & TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies to enhance your experience. You can manage cookie preferences via your browser settings or our cookie consent banner.
Types of Cookies We Use:
Necessary Cookies: Required for website functionality (cart, login, checkout); cannot be disabled.
Preference Cookies: Remember your settings (language, region, theme).
Analytics Cookies: Track website traffic and usage (e.g., Google Analytics).
Marketing Cookies: Deliver targeted ads (with your consent).
You may disable non‑necessary cookies, but this may limit website functionality (e.g., cart persistence).

6. YOUR PRIVACY RIGHTS
Depending on your location, you have the following rights under GDPR, CCPA/CPRA, and other applicable laws:
Right to Access: Request a copy of the personal data we hold about you.
Right to Correction: Request correction of inaccurate/incomplete data.
Right to Erasure (Right to be Forgotten): Request deletion of your data, where legally permissible.
Right to Restriction: Request restriction of data processing under certain conditions.
Right to Data Portability: Receive your data in a machine‑readable format (GDPR).
Right to Opt Out of Marketing: Unsubscribe from marketing communications at any time.
Right to Non‑Discrimination: We will not discriminate against you for exercising your privacy rights (CCPA).
Right to Withdraw Consent: Withdraw any consent you previously provided (e.g., for marketing).
How to Exercise Your Rights:
Submit a request via:
Email: privacy@yourdomain.com
Mail: [Physical Address, Attn: Privacy Team]
Website: Contact form at [yourdomain.com/contact]
We will respond to valid requests within 30 days (extendable by 2 months for complex requests) as required by law. We may verify your identity before fulfilling requests to protect your data.

7. DATA SECURITY
We implement industry‑standard technical and organizational measures to protect your personal data from unauthorized access, use, disclosure, alteration, or destruction:
SSL/TLS encryption for all data transmission (HTTPS).
Secure, encrypted servers and firewalls.
Restricted internal access to personal data (only authorized staff).
Regular security audits and updates to systems.
While we take all reasonable precautions, no data transmission or storage system is 100% secure; we cannot guarantee absolute security.

8. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed in countries outside your jurisdiction (e.g., the US, EU). We ensure transfers comply with GDPR (e.g., Standard Contractual Clauses, adequacy decisions) and other applicable laws to protect your data rights.

9. AGE LIMITATIONS
Our services are intended exclusively for individuals aged 21 or older (or the legal purchasing age in your jurisdiction). We do not knowingly collect personal data from individuals under the legal age. If we become aware of data from an underage user, we will delete it immediately.

10. CHANGES TO THIS POLICY
We may update this Privacy Policy periodically to reflect legal, operational, or service changes. We will post the revised policy on our website with an updated “Last Updated” date. Continued use of our services after changes constitutes acceptance of the revised policy.

11. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
Email: privacy@yourdomain.com
Phone: [Your Phone Number]
Address: [Full Physical Address]
✅ Critical Compliance Notes for Vape/E‑Cigarette Brands:
Age Verification: Explicitly state age checks and data handling for ID/DOB (delete after verification).
No Underage Data: Clear clause on not collecting data from minors.
Marketing Opt‑In: Strictly require explicit consent for vape marketing (many jurisdictions ban unsolicited vape ads).
Payment Data: Clearly state we do NOT store full card details (processed via secure gateways).
Legal Disclaimers: Add a line that this policy is for informational purposes only; consult a local attorney to tailor to your country/state regulations (e.g., FDA, TPD, UK vape laws).
Need me to tailor this policy to your specific brand name, domain, jurisdiction (US/CA/EU) and add your contact details for direct use on your WordPress site?