Privacy Policy

This Privacy Policy explains how MulinBox Labs LLC ("MulinBox", "we", "us") collects, uses and shares information about you when you visit our websites, create an account, or purchase and use our products and services (the "Services").

1. Information we collect

2. How we use information

3. Payment processing

Payments are processed by Stripe, Inc. Stripe acts as an independent controller of the payment data it collects, and its use of your information is governed by the Stripe Privacy Policy. We use information received from Stripe only for order fulfillment, accounting, fraud prevention and legal compliance.

4. How we share information

We do not sell your personal information. We share information only with:

5. Cookies

We use strictly necessary cookies to make the Services work (for example, keeping you signed in) and, where enabled, privacy-respecting analytics cookies to understand aggregate usage. You can control cookies through your browser settings; disabling necessary cookies may affect functionality.

6. Data retention

We keep personal information only as long as needed for the purposes described above: account data for the life of the account; order and tax records for as long as required by law; support correspondence for up to two years. We then delete or anonymize the data.

7. Security

We use reasonable technical and organizational measures to protect personal information, including encryption in transit (HTTPS), access controls and the use of reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. This includes rights under the EU/UK GDPR and the California Consumer Privacy Act (CCPA). We do not "sell" or "share" personal information as defined by the CCPA. To exercise any right, email [email protected]; we will respond within the timeframe required by applicable law. You may also lodge a complaint with your local data-protection authority.

9. International transfers

We are based in the United States, and information we collect is processed in the United States and in other countries where our service providers operate. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

10. Children

The Services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. If a change is material, we will provide reasonable advance notice. The "Effective date" above reflects the latest revision.

12. Contact us

Privacy questions or requests? Email us at [email protected].