MildMate
0
EN/TH

Privacy Policy

Last updated: May 2026

1. Introduction

MildMate ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website or make a purchase. This policy is effective as of May 2026.

2. Data We Collect

We may collect the following types of information:

  • Contact information: Name, email address, phone number, shipping address
  • Order details: Product specifications, dimensions, fabric choices
  • Payment information: Processed securely by Stripe — we do not store full card numbers
  • Usage data: IP address, browser type, pages visited (via Google Analytics 4)
  • Communication: Emails, messages, and support inquiries
  • Device information: Screen size, operating system (for website optimization)

3. How We Use Your Data

We use your personal data to:

  • Process and fulfill your orders
  • Communicate about your order status
  • Provide customer support
  • Send promotional emails (with your consent — see Section 3A below)
  • Analyze website traffic and improve user experience
  • Measure advertising effectiveness (Facebook Pixel)
  • Comply with legal obligations

3A. Marketing & Communications

With your consent, we may send you promotional emails about new products, special offers, and bedding tips. Every marketing email includes an unsubscribe link in the footer that takes you to mildmate.com/unsubscribe/. You can also email contact@mildmate.com with the subject "Unsubscribe" and we will remove you within 48 hours.

Order confirmation and shipping notification emails are considered transactional and cannot be opted out of, as they are necessary to fulfill your purchase.

4. Third-Party Services

We share limited data with trusted third parties necessary to operate our business:

  • Stripe: Payment processing — card details are tokenized; we never see full card numbers
  • MailChannels (via Cloudflare): Transactional and marketing email delivery
  • Shipping carriers (Thailand Post, DHL, FedEx): Delivery address printed on shipping labels only; no API data sharing
  • Cloudflare: Website security, DDoS protection, and hosting
  • Google Analytics 4: Anonymous website usage statistics
  • Meta (Facebook Pixel): Conversion tracking for advertising effectiveness

5. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve our website. When you first visit, a cookie consent banner allows you to choose which categories to accept. You can update your preferences at any time by clearing your browser cookies — the banner will reappear on your next visit.

Category Purpose Provider Duration
Essential Shopping cart, language preference, session MildMate (first-party) Session — 30 days
Analytics Page views, visitor behavior, traffic sources Google Analytics 4 Up to 14 months
Advertising Conversion tracking, ad performance measurement Meta (Facebook Pixel) Up to 180 days

You can control cookies through your browser settings. For more information, visit AboutCookies.org.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, or as required by law:

  • Order records: 7 years for tax and warranty purposes
  • Email subscribers: Until you unsubscribe or request deletion
  • Analytics data: 14 months (Google Analytics default)
  • Abandoned cart data: 30 days, then automatically deleted

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data (see Section 11)
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Withdraw consent: Unsubscribe from marketing at any time

To exercise these rights, email contact@mildmate.com with the subject "Privacy Request." We will respond within 30 days.

7A. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you
  • Know whether your personal information is sold or shared (we do not sell personal information)
  • Request deletion of your personal information
  • Non-discrimination for exercising your privacy rights

To submit a CCPA request, email contact@mildmate.com with the subject "CCPA Request."

8. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data is encrypted in transit (HTTPS/TLS 1.3)
  • Payment data is handled by Stripe — PCI DSS compliant
  • Database access is restricted to authorized personnel only
  • Regular security reviews of our Cloudflare Workers and D1 database

9. Children's Privacy

Our website is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately at contact@mildmate.com and we will delete it promptly.

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify affected users by email within 72 hours of discovery
  • Post a notice on our website homepage
  • Report to relevant authorities as required by law (e.g., Thailand PDPC, EU supervisory authorities)
  • Take immediate steps to contain the breach and prevent recurrence

11. Account Deletion

When My Account becomes available (Phase 5), registered users may delete their account at any time through the Account Settings page. Upon deletion:

  • Your account profile and saved addresses are permanently removed
  • Order history is anonymized (retained for 7 years for tax/legal requirements, but stripped of personal identifiers)
  • Email subscription is automatically cancelled

Until My Account is available, you may request deletion by emailing contact@mildmate.com with the subject "Account Deletion."

12. International Data Transfers

MildMate is based in Thailand. When you place an order or browse our site, your data may be processed in:

  • Thailand: Primary business operations and order fulfillment
  • United States: Cloudflare hosting, Stripe payment processing, Google Analytics, MailChannels email
  • European Union: Your shipping address appears on customs declarations for EU deliveries

All international transfers use appropriate safeguards, including standard contractual clauses (where applicable) and encryption in transit.

13. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. For significant changes, we will notify you by email or through a prominent notice on our website.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: