Mahi Pasha Event Design (“we”, “us”, “our”) respects your privacy. This Privacy Policy describes what information we collect when you visit or use our website at mahipasha.com, how we use it, and the choices you have. By using our website, you agree to the practices described here.

1. Information we collect

Information you give us

Account information: name, email, phone, password (hashed), shipping and billing addresses, and marketing preferences.
Order information: items purchased, order total, shipping and billing addresses, order history, payment confirmation data.
Contact information: any name, email, phone, event type, event date, and message you send through our contact form.
Newsletter subscription: your email address and subscription status.
Blog comments: your name, email, and comment text.

Information we collect automatically

Usage data: page views, session identifiers, referring URLs, device type, and browser type, collected through our first-party analytics.
IP address and user agent: recorded with contact-form submissions and authentication events for security and fraud prevention.
Cookies: see “Cookies & similar technologies” below.

Information we do NOT collect

We never see or store your full credit-card number. All payment information is handled directly by Stripe, Inc. We only receive a transaction identifier and success/failure confirmation.

2. How we use your information

To process orders, ship products, and provide customer service
To create and authenticate your account
To send transactional emails (order confirmations, shipping, password resets, email verification)
To send marketing emails (only if you opt in — you can unsubscribe anytime)
To respond to your inquiries
To improve our site and services through aggregated usage analytics
To prevent fraud, secure our site, and comply with legal obligations

3. Who we share information with

We never sell your personal information. We share data only with:

Stripe, Inc. — payment processing (Stripe privacy policy)
Our email service provider — for transactional and newsletter emails
Shipping carriers — name and shipping address so they can deliver your order
Service providers who host our site and provide operational support under confidentiality obligations
Law enforcement or regulators if required by valid legal process or to protect our rights and safety
A successor entity if we are acquired, merged, or reorganized (you will be notified)

4. Cookies & similar technologies

We use the following categories of cookies:

Strictly necessary: authentication cookies (access_token, refresh_token), shopping cart session, security tokens. These cannot be disabled without breaking core site functionality.
Functional: preferences like selected product quantity or open cart. First-party only.
Analytics: a first-party session identifier to count unique visitors and page views. We do not use third-party advertising cookies.

You can decline non-essential cookies via our cookie banner or your browser settings. Declining analytics cookies will not affect your ability to shop or use your account.

5. Your privacy rights

For all users

Access: view your account data at any time from your profile page
Update: correct or update your account information from your profile
Delete: request account deletion by emailing mahi@mahipasha.com
Unsubscribe: stop marketing emails anytime by clicking the unsubscribe link or updating your profile
Data portability: request a copy of your personal data in a portable format

California residents (CCPA / CPRA)

You have the right to:

Know what personal information we collect, use, and disclose
Delete your personal information (subject to limited exceptions)
Correct inaccurate personal information
Opt out of the sale or sharing of personal information — we do not sell personal information
Limit the use of sensitive personal information
Not be discriminated against for exercising your rights

To exercise any of these rights, email us at mahi@mahipasha.com with “California Privacy Rights” in the subject line. We will verify your identity before responding and will respond within 45 days.

“Shine the Light” (Cal. Civ. Code §1798.83): California residents may request a notice describing what categories of personal information we share with third parties for their direct marketing purposes. We do not currently share personal information for third-party direct marketing.

European Economic Area, United Kingdom, Switzerland (GDPR)

Our legal bases for processing are: (a) performance of a contract with you, (b) your consent, (c) our legitimate interests in operating and securing our business, and (d) compliance with legal obligations. You have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to lodge a complaint with your national data-protection authority.

6. Data retention

We retain account data as long as the account is active, and order records for up to 7 years for tax and accounting compliance. Contact-form submissions are retained for up to 3 years unless you request earlier deletion. Marketing subscription records are retained while active plus 3 years for unsubscribe verification.

7. Security

We use industry-standard safeguards: HTTPS/TLS for all traffic, password hashing, encrypted database credentials, short-lived authentication tokens, and restricted administrative access. No system is perfectly secure — please use a strong, unique password and notify us immediately at mahi@mahipasha.com if you suspect your account has been compromised.

8. Children’s privacy

Our website is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have inadvertently collected such information, we will delete it promptly. Parents who believe their child has provided us with personal information may contact us to request deletion.

9. International users

Our servers are located in the United States. If you access our site from outside the US, your information will be transferred to and processed in the US, which may not provide the same level of data protection as your home country. By using our site, you consent to this transfer.

10. Links to third-party sites

Our site may contain links to third-party sites (social media, vendors, etc.). This Privacy Policy does not apply to those sites. We encourage you to read the privacy policies of any third-party sites you visit.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective” date at the top indicates when it was last revised. Material changes will be announced on our website or by email. Your continued use of the site after an update constitutes acceptance of the new policy.

12. Contact us

Questions or requests related to privacy? Contact us at:

Email: mahi@mahipasha.com
Phone: (949) 235-9118
Mail: Mahi Pasha Event Design, Laguna Niguel, California, USA