Privacy Policy

PLACEHOLDER — This is sample content for layout purposes only. Consult a qualified legal professional before publishing.

Last updated: 25 February 2026

This Privacy Policy describes how [Company Name] ("we", "us", or "our") collects, uses, and shares your personal information when you visit or make a purchase from our website.

1. Information We Collect

We collect several types of information from and about users of our website:

Personal Information You Provide

• Account information: name, email address, phone number, shipping and billing address

• Payment information: credit/debit card details (processed securely by Stripe — we never store full card numbers)

• Order information: products purchased, order history, delivery preferences

• Communication data: messages sent via contact forms, customer support enquiries, newsletter sign-ups

Information Collected Automatically

• Device and browser data: IP address, browser type and version, operating system, device type, screen resolution

• Usage data: pages visited, time spent on pages, click patterns, referral source

• Cookies and tracking technologies: see our Cookie Policy for full details

2. How We Use Your Information

We use the information we collect for the following purposes:

• To process and fulfil your orders, including shipping and payment processing via Stripe

• To communicate with you about your orders, account, and customer support enquiries

• To send marketing communications (only with your explicit consent)

• To improve our website, products, and services through analytics (Google Analytics 4, Microsoft Clarity)

• To detect and prevent fraud or other illegal activities

• To comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

• Contract performance: processing necessary to fulfil your orders and provide our services

• Consent: marketing communications, non-essential cookies, and analytics tracking

• Legitimate interest: fraud prevention, website security, and improving our services

• Legal obligation: tax records, regulatory compliance

4. Third-Party Services

We share your information with the following trusted third parties:

• Stripe — payment processing. Stripe is PCI-DSS Level 1 certified. See Stripe's Privacy Policy

• Google (Analytics 4 & Tag Manager) — website analytics and tag management. See Google's Privacy Policy

• Microsoft Clarity — behaviour analytics and session recordings. See Microsoft's Privacy Statement

• Shipping carriers — to deliver your orders (name, address, phone number shared as needed)

5. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

• Order data: retained for 7 years for tax and accounting purposes

• Account data: retained for the duration of your account plus 30 days after deletion

• Analytics data: retained for 14 months (GA4 default) or as configured in our analytics tools

• Marketing preferences: retained until you withdraw consent

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you

• Right to rectification — request correction of inaccurate or incomplete data

• Right to erasure — request deletion of your personal data ("right to be forgotten")

• Right to data portability — receive your data in a structured, machine-readable format

• Right to object — object to processing based on legitimate interest or for direct marketing

• Right to restrict processing — request that we limit the processing of your data in certain circumstances

To exercise any of these rights, please contact us at our contact page or email us at hello@milio.io. We will respond within 30 days.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States (for Stripe and Google services). We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission where applicable.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including SSL/TLS encryption, secure payment processing through Stripe, regular security assessments, and restricted access controls. However, no method of transmission over the internet is 100% secure.

9. Children's Privacy

Our website is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: hello@milio.io

• Contact page: /contact-us