Privacy Policy

Last Updated: May 17, 2026

This "Privacy Policy" explains how MACH Evolved Creations, Inc., a Delaware corporation (together with its affiliates, if any "MACH," "we," "us," or "our"), collects, uses, discloses, and otherwise processes personal information about you when you visit our website at mani.co (the "Website"), purchase or consider purchasing our products, sign up for our waitlist, communicate with our customer service team, or otherwise interact with us (collectively, the "Services"). We are committed to handling your personal information with care, transparency, and respect. We limit the personal information we collect to what is reasonably necessary to provide our Services and fulfill the purposes described in this policy. Certain information may constitute "consumer health data" under applicable state privacy laws. Please review our Consumer Health Data Privacy Policy for additional disclosures and rights applicable to such data.

This policy does not address our privacy practices relating to job applicants, employees, contractors, or other employment-related individuals, nor information that is not subject to applicable privacy laws. Certain privacy laws distinguish between "controllers" and "processors" of personal information. A controller determines the purposes and means (the why and how) of processing personal information. A processor (sometimes called a "service provider") processes personal information on behalf of, and subject to the instructions of, a controller. This policy describes our practices where we act as the controller.

Legal Bases for Processing

As described in greater detail below, we process personal information based on one or more of the following legal bases: performance of a contract, compliance with legal obligations, legitimate interests, and where required, your consent.

If you have any questions about how we process your personal information, please contact us at legal@mani.co.

Personal Information We Process
Children's Personal Information
Purposes of Processing
Processing Methods
Recipients of Personal Information
Retention
Your Privacy Rights
Cookies and Tracking Technologies
Security
Visitors From Outside the United States
Changes to This Policy
Contact Us

1. Personal Information We Process

1.1 General Overview

The categories of personal information we process depend on how you interact with us. For California residents, California law requires that we provide these disclosures by reference to the enumerated categories of personal information set forth under California law. The table below maps the information we collect to those statutory categories.

Basic Identifying Information	First and last name, shipping and billing address, email address, phone number, account ID, customer identifiers, contact and communication preferences.
Commercial / Purchasing Information	Shopping cart contents, wishlist items, waitlist registrations, order details, purchase and return history, product preferences, customer service records, product reviews, and feedback.
Payment Information	Payment method, billing information, transaction details, and related payment confirmations. Full card numbers and financial account credentials are collected and processed by our third-party payment providers and are not retained by MACH (see Section 5.3.1).
Account Information	Username, password and other authentication credentials, security questions, account settings and preferences.
Communications With Us	The content of your emails, customer service inquiries, chat messages, and other communications with us, including any attachments or information you choose to share.
Internet or Other Network Activity	IP address, browser type and language, referring and exit pages, pages viewed, links clicked, time spent on pages, interactions with our emails (such as opens and clicks), and information collected through cookies and similar technologies.
Device Information	Device type, operating system, browser version, device identifiers, and network connection information.
General Geolocation	Approximate location inferred from your IP address (such as city, state, or region). We do not collect precise geolocation data without your consent.
Inferences	Inferences drawn from the above, such as predicted product interests, purchasing preferences, and engagement segments used to personalize your experience and communications.
Audio and Visual Information	Photographs, videos, or other content you voluntarily submit to us (for example, product reviews or tagged social media content).

1.2 Sensitive Personal Information

Certain personal information we process may be classified as "sensitive" under applicable privacy laws, including account credentials (such as your username in combination with your password or other authentication information).

We use and disclose sensitive personal information only where reasonably necessary and proportionate to provide you with the Services, secure your account, prevent fraud and illegal activity, and comply with our legal obligations. We do not use sensitive personal information to infer characteristics about you. We do not sell sensitive personal information, and we do not share or otherwise process sensitive personal information for purposes of targeted advertising.

Certain parts of the Services (such as customer service inquiries, product reviews, and feedback forms) allow you to submit information freely. We encourage you not to share sensitive personal information in those free-text fields to avoid unintended processing.

2. Children's Personal Information

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 years of age. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it.

We do not knowingly "sell" or "share" (as those terms are defined under applicable privacy laws) the personal information of consumers under 16 years of age without the affirmative authorization of the consumer (if between 13 and 16) or a parent or legal guardian (if under 13).

If you believe we have collected personal information from a child in a manner inconsistent with this policy, please contact us at legal@mani.co.

3. Purposes of Processing

3.1 Commercial Relationship

We process your personal information to establish and manage our commercial relationship with you.

This includes:

Creating and managing your MACH account, including sending you essential account notifications (for example, account confirmations, password resets, and security alerts).
Managing our waitlist, including notifying you when products become available, when pre-orders open, and when your order is ready.
Processing and fulfilling your orders, including processing payments, arranging shipping, handling returns and exchanges, and communicating order and shipping status updates.
Verifying transactions, preventing fraud, and managing payment security incidents.
Complying with tax, accounting, and other legal obligations related to your transactions.

3.2 Customer Service

We process your personal information to provide customer service and product support. This includes:

Responding to your inquiries and requests submitted through our Website, by email, or through other channels.
Managing product returns, exchanges, refunds, and warranty-related support.
Maintaining records of your interactions with our customer service team for quality assurance, training, and to improve our service.
Collecting and reviewing your feedback about our products and Services, including through post-purchase surveys.

3.3 Marketing and Communications

We process your personal information for marketing and promotional purposes, which at this time are conducted primarily through email and online advertising. This includes:

Sending you marketing emails about our products, offers, launches, content, and events, where you have opted in or where otherwise permitted by law. You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email you receive from us, or by updating your communication preferences in your account.
Managing our online advertising activities, including the use of custom audiences, lookalike audiences, interest-based advertising, and campaign measurement. In connection with these activities, we may share limited personal information with our advertising partners, such as Meta and Google (see Section 5.3.3).
Personalizing your experience on the Website and in our email communications, including product recommendations and curated content.
Maintaining a centralized customer database and performing analysis on your interactions with us to improve our products, Services, and marketing.
Managing our presence on social media platforms, including content moderation, responding to mentions and messages, and measuring engagement.

3.4 Security and Other Legitimate Purposes

We also process your personal information for the following purposes:

Securing and administering our IT systems, preventing fraud, and protecting the integrity of the Services.
Complying with applicable laws, regulations, court orders, legal process, and requests from government authorities.
Establishing, exercising, or defending legal claims and managing disputes.
Responding to and processing your requests to exercise your privacy rights.

Information that is required for us to provide the Services is typically marked as such at the point of collection. If you do not provide required information, we may not be able to fulfill your request or provide you with the Services.

4. Processing Methods

Your personal information is processed using automated tools, manual review, or a combination of both.

We may aggregate or de-identify personal information and use it in a form that does not identify you, for example, to analyze Website performance, measure marketing effectiveness, understand customer segments, and improve our products and Services.

We may also use personal information to train, evaluate, and refine machine learning models and automated tools that support functions such as product recommendations, customer segmentation, and fraud detection for internal purposes and not for training third-party models.

We do not use your personal information to make decisions that produce legal or similarly significant effects on you through solely automated processing.

5. Recipients of Personal Information

We do not sell your personal information in exchange for monetary consideration. However, certain advertising-related disclosures may be considered 'sharing' or 'selling' under applicable privacy laws.

We disclose certain categories of personal information to the recipients described below, subject to this policy and applicable law.

5.1 Affiliates

We may share personal information with our corporate affiliates for purposes consistent with this policy, including operational support, customer service, marketing, and fraud prevention. Any such 'sharing' is subject to appropriate confidentiality and data protection safeguards.

5.2 Service Providers

We disclose personal information to third parties that provide services on our behalf. These service providers are authorized to use personal information only as necessary to perform their services for us and are subject to contractual obligations that protect your information. Our service providers include:

E-commerce platform: Shopify, which hosts our Website and supports core store operations. See Section 5.4 for more about Shopify.
Email marketing and customer relationship management: Klaviyo, which supports our email marketing, customer segmentation, and lifecycle communications.
Analytics: Google Analytics / GA4, Shopify Analytics, which help us understand how the Website is used.
Shipping and logistics: UPS, USPS, FedEx, which deliver your orders.
Payment processing and fraud prevention: See Section 5.3.1.
Cloud infrastructure and IT services: providers of hosting, storage, cybersecurity, and related technical services.

5.3 Third Parties

We also disclose personal information to third parties who act as independent controllers. Their processing is governed by their own privacy policies, and you may exercise your rights directly with them.

5.3.1 Payment Processing

Payments on the Website are processed by Shopify Payments. When you pay on the Website, your full payment card number and related financial details are collected directly by those providers and are not retained by MACH. These providers use your information in accordance with their own privacy notices.

5.3.2 Shipping and Logistics

We provide your name, shipping address, and contact details to our shipping carriers (such as UPS, FedEx, USPS) to deliver your orders and provide delivery updates.

5.3.3 "Selling" and "Sharing" Information; Targeted Advertising

We do not sell personal information for monetary consideration. However, when we use online advertising and measurement services, including services provided by Meta (Facebook and Instagram) and Google, certain disclosures of personal information may qualify as 'selling,' 'sharing,' or processing for targeted advertising under certain privacy laws.

Specifically, when you interact with the Website and we have an appropriate legal basis (including your cookie preferences), we may share information such as your device identifiers, IP address, email address (in hashed form), and Website interactions with these partners so that we can:

Show you more relevant advertisements for MACH products on other websites, apps, and platforms you visit.
Build custom audiences and lookalike audiences to reach people likely to be interested in our products.
Measure the effectiveness of our advertising campaigns.

Depending on your state of residence, you may have the right to opt out of this activity. Please see Section 7 for how to exercise that right. You can also manage your cookie preferences through our cookie preference center, accessible via the "Cookie Preferences" link in the footer of the Website.

5.3.4 Legal and Regulatory Disclosures

We may disclose personal information to law enforcement, government authorities, regulators, courts, or other third parties where we believe it is necessary or appropriate to comply with applicable law or legal process; to enforce our terms of service or other agreements; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of MACH, our customers, or others.

5.3.5 Business Transactions

If MACH is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets, personal information may be transferred to the relevant counterparty or successor, subject to appropriate confidentiality and legal safeguards.

5.4 Our Relationship With Shopify

Our Website is hosted on Shopify's e-commerce platform. Information you submit through the Services is transmitted to and processed by Shopify in order to operate the Website and provide our Services to you. Shopify acts as our service provider for many of these activities. Shopify may also process certain personal information as an independent controller, for example, in connection with enhanced fraud prevention, personalized advertising, and other features that use data across Shopify's merchant ecosystem. To learn more about Shopify's practices and any rights you have with respect to Shopify's processing, please see the Shopify Consumer Privacy Policy and the Shopify Privacy Portal.

6. Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this policy, taking into account the type of information, the nature and duration of our relationship with you, and our legal and regulatory obligations. In general:

Account information	For as long as your account is active, plus 18 months of inactivity, after which we delete or anonymize the account.
Order and transaction records	Retained for 7 years to meet tax, accounting, and warranty obligations.
Waitlist and marketing contact data	Retained until you unsubscribe, plus up to 18 months to honor preferences and comply with legal obligations.
Customer service records	Retained for 3 years after the last interaction.
Website analytics and log data	Retained in identifiable form for the duration of the applicable cookie lifetime or 26 months, whichever is shorter.
Information retained to comply with legal obligations or to establish, exercise, or defend legal claims	Retained for the period required by the applicable legal or regulatory obligation or limitation period.

When personal information is no longer needed, we delete, destroy, or anonymize it in accordance with our data retention procedures.

7. Your Privacy Rights

7.1 U.S. State Privacy Rights

Depending on your state of residence, and subject to certain legal exceptions and limitations, you may have some or all of the following rights with respect to your personal information.

Nevada Residents

If you are a Nevada resident, you have the right to opt out of the sale of certain categories of your personal information. To submit a request, please contact us at legal@mani.co.

Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia

If you are a resident of any of the states listed above, you may have the following rights, subject to your state's law:

Right to Know / Access. The right to confirm whether we are processing personal information about you and to obtain details about that processing, including the categories of personal information we have collected, the categories of sources, the purposes of processing, and the categories of third parties with whom we share it. California and Oregon residents may also request the specific pieces of personal information we have collected about them. Oregon residents may also request a list of specific third parties to whom we have disclosed personal information.
Right to a Copy / Portability. The right to receive a copy of the personal information we have collected about you in a portable and, where technically feasible, readily usable format.
Right to Correct. The right to request correction of inaccurate personal information we maintain about you, taking into account the nature of the information and the purposes of the processing.
Right to Delete. The right to request deletion of personal information we have collected from or about you.
Right to Opt Out of Targeted Advertising. The right to direct us not to use or share your personal information for targeted advertising.
Right to Opt Out of Sale. The right to direct us not to sell your personal information to third parties. Under California's "Shine the Light" law, you also have the right to request certain disclosures about our disclosure of personal information to third parties for their direct marketing purposes.
Right to Limit Use of Sensitive Personal Information. Where applicable, the right to limit our use and disclosure of your sensitive personal information to certain permitted purposes.
Right to Opt Out of Profiling. Where applicable, the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
Right to Non-Discrimination. The right not to be discriminated against for exercising any of these rights. Please note that exercising your rights may affect the price, rate, or level of service we are able to provide to you where that difference is reasonably related to the impact of your request on our relationship with you or is otherwise permitted by law.

The rights listed above may not be available in every state, and some rights may apply only in specific circumstances. We will honor the rights available to you under the law of the state in which you reside.

7.2 Submitting a Privacy Rights Request

To exercise any of the rights described above, please submit a request by emailing legal@mani.co.

Before we can respond, we may need to verify your identity. Verification generally involves matching information you provide with information we already have in our records. We will only use the information you provide to verify your identity or authority to make the request. If we cannot verify your identity or confirm that the information relates to you, we may decline or limit your request as permitted by law.

You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide written, signed authorization from you, and we may ask you to verify your identity directly with us.

To opt out of cookies and related technologies used for targeted advertising or that may constitute a "sale" or "share" of personal information, please use the "Cookie Preferences" link in the footer of the Website. If you visit the Website with a Global Privacy Control (GPC) signal enabled, we will treat that signal as a valid opt-out request for the browser and device you are using, as required by applicable law.

7.3 Appeals

If we deny your privacy rights request and you are a resident of a state that provides an appeal right (including Colorado, Connecticut, Delaware, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, and Virginia), you may appeal our decision by replying to our written decision within the time period specified in that decision, or by emailing legal@mani.co with the subject line "Privacy Rights Appeal." We will respond to your appeal within the time period required by applicable law. If your appeal is denied, you may contact your state attorney general if you have concerns about our response.

8. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, software development kits (SDKs), and similar technologies (collectively, "cookies") to operate the Website, remember your preferences, analyze how you use the Services, measure the effectiveness of our marketing, and deliver personalized advertising.

Cookies we use fall into the following general categories:

Strictly necessary cookies — required for the Website to function (for example, shopping cart, checkout, and account login).
Functional cookies — remember your preferences and settings to improve your experience.
Analytics cookies — help us understand how visitors use the Website so we can improve it.
Advertising cookies — used by us and our advertising partners (such as Meta and Google) to deliver and measure ads that may be of interest to you.

You can manage your cookie preferences at any time through the "Cookie Preferences" link in the footer of the Website, or through your browser settings. Other than the Global Privacy Control, we do not currently respond to "Do Not Track" signals. For more detail on the specific cookies we use, please see our Cookie Policy.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, disclosure, alteration, or destruction. For example, we use encryption in transit (such as TLS/SSL) for information submitted through the Website.

No security measure is perfect or impenetrable, and no transmission of data over the internet or any storage system can be guaranteed to be 100% secure. You are responsible for keeping your account credentials confidential and for promptly notifying us of any unauthorized use of your account. In the event of a data breach, we will notify affected individuals and regulators as required by applicable law.

10. Visitors From Outside the United States

MACH is based in the United States. If you access the Services from outside the United States, your personal information may be transferred to, stored in, and processed in the United States and in other countries where we or our service providers operate. These countries may have data protection laws that differ from the laws of your country.

By using the Services, you acknowledge that your personal information may be transferred to and processed in the United States. Where required by applicable law, we will implement appropriate safeguards for such transfers, including by implementing standard contractual safeguards or relying on other legally recognized transfer mechanisms, where applicable.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where required by law, provide additional notice (for example, by email or through a notice on the Website). We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this policy or our privacy practices, please contact us at:

Email: legal@mani.co