Privacy Policy

Pretty Mas By Neish LLC ("Pretty Mas," "we," "us") respects your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the rights you have. It applies to visitors to prettymasxn.com and to anyone who inquires, books a consultation, purchases from us, or otherwise interacts with us.

1. Who we are & contact

The data controller is Pretty Mas By Neish LLC, a Delaware limited liability company with foreign-entity registration in the Commonwealth of Pennsylvania. For privacy questions or to exercise your rights:

Email: GetPretty@PrettyMasXN.com
Mailing address: Pretty Mas By Neish LLC, [Registered address — to be added].

2. Information we collect

2.1 Information you provide

• Contact details — name, email, and phone number (if you share it).
• Consultation details — event date and location, consultation type, size or measurement preferences, references or images you send us, notes about your vision.
• Messages — the content of emails, messages, and forms you submit.
• Order and payment information (if and when we offer online purchases) — shipping and billing address, items ordered, and limited payment metadata. Card numbers are handled by our payment processor (for example, Stripe); we do not see or store full card numbers.

2.2 Information collected automatically

• Usage & device data — IP address, browser type, pages viewed, referring URL, and timestamps, collected through standard server logs and privacy-respecting analytics.
• Cookies — see §6 and our Cookie Policy.

2.3 Information from others

If you reach out via Instagram, TikTok, or email, we receive whatever information that platform shares by default (your handle, display name, and the message content).

3. How we use information

• Respond to your inquiry and schedule your consultation.
• Design, construct, fit, and deliver your piece.
• Process orders and payments, and fulfill shipping (when applicable).
• Send transactional messages — booking confirmations, appointment reminders, order updates, shipping notifications.
• Send marketing messages only if you opt in (and you can unsubscribe any time).
• Operate, secure, and improve the site.
• Comply with law, prevent fraud, and enforce our Terms.

4. Legal bases for processing (GDPR)

Where the EU/UK General Data Protection Regulation applies, we rely on:

• Contract — to respond to your inquiry and deliver services you request.
• Legitimate interests — to operate and secure the site, prevent fraud, and run our business, balanced against your rights.
• Consent — for optional analytics, marketing cookies, and marketing messages. You can withdraw consent any time.
• Legal obligation — to comply with tax, accounting, and other laws.

5. How we share information

We don't sell your personal information. We share it only as needed:

• Service providers — hosting (Vercel), form handling (Formspree), analytics (Plausible), email delivery, and — when we launch online sales — a payment processor (Stripe) and shipping carriers. These providers are contractually limited to serving us.
• Professional advisors — accountants, lawyers, and insurers, under confidentiality.
• Legal & safety — when required by law, subpoena, or to protect rights and safety.
• Business transfers — if Pretty Mas is acquired or merges, information may transfer, subject to this Policy.

6. Cookies & analytics

We use a small number of cookies and similar technologies. "Necessary" cookies are always on — they keep the site working. "Analytics" and "Marketing" cookies are off by default and only load if you consent via our cookie banner. Our default analytics tool (Plausible) is cookie-less and aggregates data without tracking individuals. Full list at the Cookie Policy.

7. Retention

• Consultation & order records — kept for the duration of the relationship, plus up to seven (7) years for tax, accounting, and legal purposes.
• Marketing list — kept until you unsubscribe, after which we retain a suppression record to honor your choice.
• Server logs — rotated by our hosting provider, typically within 30 days.

8. Security

We use HTTPS, strong passwords, principle-of-least-privilege access controls, and reputable processors with enterprise-grade security. No system is perfectly secure, and we commit to notify affected individuals and authorities as required if a breach occurs — in Pennsylvania, consistent with 73 P.S. §§ 2301–2330 (Breach of Personal Information Notification Act), and elsewhere consistent with applicable law (including GDPR Article 33 where applicable).

9. Your rights

Depending on where you live, you may have the right to:

• Access — request a copy of your personal information.
• Correct — have inaccurate information fixed.
• Delete — have your information erased, subject to legal exceptions.
• Restrict or object — to certain processing.
• Portability — receive your information in a portable format.
• Withdraw consent — at any time, without affecting prior processing.
• Complain — to your data-protection authority (for EU/UK residents, the lead supervisory authority).

To exercise a right, email GetPretty@PrettyMasXN.com with the subject line "Privacy Request." We'll verify your identity and respond within the time required by law — generally 30 days under GDPR and 45 days under CCPA.

10. CCPA & US state disclosures

If you're a California resident (CCPA/CPRA) or a resident of another US state with similar privacy laws (including Delaware's Personal Data Privacy Act and Pennsylvania law as they apply), you have the rights listed in §9, plus:

• Right to know the specific pieces and categories of personal information we collect, use, disclose, and sell/share.
• Right to opt out of the "sale" or "sharing" of your personal information. We do not sell your personal information and do not share it for cross-context behavioral advertising.
• Right to limit use of sensitive personal information.
• Right to non-discrimination for exercising a privacy right.

Categories of personal information collected in the past 12 months: identifiers (name, email, IP), commercial information (inquiry/order details), internet activity (site usage), geolocation (city-level from IP), and information you voluntarily provide (references, measurements, messages). Purposes: providing services, communications, security, and legal compliance. Disclosures for a business purpose: only to the service providers listed in §5.

Under the Delaware Online Privacy and Protection Act (DOPPA), we honor requests from Delaware residents and post this Policy prominently.

11. International transfers

We operate from the United States. If you access the site from outside the US, your information will be transferred to and processed in the US. When we transfer personal information from the EU/UK to the US or to other countries, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

12. Children's privacy

Our services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

13. Do Not Track & Global Privacy Control

We treat a Global Privacy Control (GPC) signal as a valid opt-out of sale/share and of targeted advertising.

14. Changes to this Policy

We may update this Policy. If we make material changes, we'll update the "Last updated" date and, where appropriate, provide additional notice (for example, by email or an on-site banner).

15. How to reach us

Email GetPretty@PrettyMasXN.com or write to Pretty Mas By Neish LLC, [Registered address — to be added].