Effective Date: 24.02.26
Privacy Policy
Last Updated: 24/02/26
1. Introduction
This Privacy Policy explains how Mythical Box Ltd ("we," "us," or "Hazumu") collects, uses, and protects your personal information when you use our e-commerce platform at hazumu.com.
Data Controller: Mythical Box Ltd 91D Grosvenor Road London, Pimlico SW1V 3LD United Kingdom Company Number: 15934210
Contact: admin@mythicalbox.co
2. Information We Collect
2.1 Information You Provide
When you create and manage your Hazumu store, we collect:
Full name and email address
Business name and details
Product listings and descriptions
Product photographs and images
Stripe account connection details
2.2 Order and Transaction Data
When customers purchase from your store, we collect:
Customer names and email addresses
Delivery addresses associated with orders
Transaction details processed through Stripe
2.3 Automatically Collected Information
Currently, we do not use analytics or tracking technologies beyond those essential for platform functionality.
3. How We Use Your Information
We use your personal information to:
Create and maintain your Hazumu store
Process transactions and facilitate payments through Stripe
Send transactional emails (order confirmations, account notifications)
Provide customer support
Comply with legal obligations
Improve and maintain our platform
4. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
Contract Performance: To provide our platform services to you
Legitimate Interests: To improve our services and prevent fraud
Legal Obligation: To comply with applicable laws and regulations
Consent: Where explicitly provided for specific purposes
5. Third-Party Service Providers
We share your information with trusted third-party service providers who help us operate Hazumu:
Stripe: Payment processing (view their privacy policy at stripe.com/privacy)
Supabase: Data hosting and storage (Europe West 2 region)
Supabase acts as a data processor on our behalf for the personal data we store and process through the platform.
Resend: Transactional email delivery
These providers are contractually obligated to protect your data and use it only for the services they provide to us.
6. Data Storage and Security
Your data is stored securely in data centres located in Europe,
We implement appropriate technical and organisational measures to protect your personal information
Access to personal data is restricted to authorised personnel only
While we strive to protect your data, no method of transmission over the internet is 100% secure
7. Data Retention
Active Accounts: We retain your data for as long as your account remains active
Closed Accounts: After you close your account, we retain your data for 30 days before permanent deletion
Legal Requirements: Some data may be retained longer if required by law (e.g., tax or accounting purposes)
8. Your Rights Under GDPR
As a user in the UK/EU, you have the following rights:
Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data
Right to Restrict Processing: Limit how we use your data
Right to Data Portability: Currently not available at launch, but planned for future releases
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Where processing is based on consent
To exercise any of these rights, contact us at admin@mythicalbox.co
9. Customer Data You Collect
When you use Hazumu to sell products, you act as a data controller for your customers' personal information. You are responsible for:
Providing your customers with appropriate privacy information
Obtaining the necessary consents for processing their data
Handling customer data requests (access, deletion, etc.)
Complying with applicable data protection laws
Hazumu acts as a data processor for this customer data and processes it according to your instructions through use of the platform.
10. International Data Transfers
Your data is stored within the European Economic Area (EEA). If we need to transfer data outside the EEA in the future, we will ensure appropriate safeguards are in place.
11. Children's Privacy
Hazumu is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our platform. Continued use of Hazumu after changes constitutes acceptance of the updated policy.
13. Cookies
We currently only use essential cookies necessary for platform functionality (such as maintaining your logged-in session). We do not use analytics or advertising cookies.
14. Your California Privacy Rights
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Contact us for more information about these rights.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: admin@mythicalbox.co
Address: Mythical Box Ltd 91D Grosvenor Road London, Pimlico, SW1V 3LD United Kingdom