Privacy Policy

We collect information you give us directly (name, shipping address, email, phone, payment details processed via Stripe) and information collected automatically when you use the site (device type, browser, pages viewed, referring URL, approximate location from IP).

• Fulfill orders, process payments, ship products, and handle returns.
• Send order confirmations, shipping updates, and customer-service responses.
• Send marketing emails — only with your consent. Unsubscribe at any time.
• Improve the site, prevent fraud, and meet legal obligations.

EU/UK legal bases (GDPR Art. 6): contract (orders), legitimate interest (fraud prevention, analytics), consent (marketing emails, non-essential cookies), legal obligation (tax, accounting).

We share data with service providers who help us run the business — payment processors (Stripe), shipping carriers, email platforms (Klaviyo), analytics tools (Vercel Analytics) — under contracts that limit their use to providing services to us. We do not sell your personal information.

See Do Not Sell or Share My Personal Information for US state-law opt-out rights.

If you're in the EU, UK, or EEA, you have the right to:

• Access a copy of the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (the “right to be forgotten”) where applicable.
• Restrict or object to processing — including direct marketing.
• Port your data to another service in a machine-readable format.
• Withdraw consent at any time, where processing is based on consent.
• Lodge a complaint with your local Data Protection Authority (e.g. CNIL in France, ICO in the UK, BfDI in Germany).

To exercise these rights, email privacy@pumela.com. We respond within 30 days.

If you live in California, Colorado, Connecticut, Utah, Virginia, or other US states with comprehensive privacy laws, you may have the right to:

• Know what personal information we collect and how we use it.
• Access, correct, or delete your personal information.
• Opt out of the sale or sharing of your personal information (see Do Not Sell page).
• Opt out of targeted advertising and certain profiling.
• Appeal a denied request.
• Not be discriminated against for exercising these rights.

Submit requests at privacy@pumela.com or via the Do Not Sell or Share page.

Pumela is based in the United States. If you're in the EU, UK, or EEA, your data is transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) adopted by the European Commission (and the UK Addendum, where applicable) to ensure your data receives equivalent protection.

We use strictly necessary cookies for site functionality and, with your consent, analytics and marketing cookies. Manage preferences any time via the cookie banner or your browser settings. We honor the Global Privacy Control (GPC) signal as an opt-out for sale/sharing.

Pumela is not directed to children under 16 (EU) or under 13 (US). We do not knowingly collect personal information from children in those age groups. If you believe a child has provided us information, contact us so we can delete it.

Questions about this policy? Reach the privacy team at privacy@pumela.com.

EU representative (Art. 27 GDPR): appointed representative details will be listed here once finalized. Contact via privacy@pumela.com in the meantime.