Privacy policy
VINMESA LLC
PRIVACY POLICY
Last Modified: June 30, 2026
INTRODUCTION
VINMESA LLC (“Company,” “we,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.
This Privacy Policy describes the types of information we collect from and about users of our Platform at www.VINMESA.com, our practices for collecting, using, maintaining, protecting, and disclosing that information, and your rights with respect to your personal information.
By accessing or using the Platform, you agree to the terms of this Privacy Policy. If you do not agree, you must discontinue use of the Platform immediately.
This Privacy Policy may be updated from time to time. We will notify you of material changes by email to the address associated with your account and through an account notification on the Platform. Your continued use of the Platform after we make changes constitutes acceptance of those changes.
PLATFORM AUDIENCE, GEOGRAPHIC SCOPE, AND CHILDREN
The Platform is available exclusively to users physically located within the United States (including the contiguous 48 states, Hawaii, and Alaska), Canada, and Mexico. Users who access the Platform from outside these authorized jurisdictions do so without authorization and in violation of our Terms of Use. Geographic access controls are enforced through IP address verification.
The Platform is designed for users who are at least twenty-one (21) years of age. The Platform is not directed at individuals under 21. Account applications are reviewed and approved by the Company prior to access being granted, which serves as a manual eligibility check. We do not employ automated age-verification technology at this time; this section will be updated if such technology is implemented.
The Platform is not directed at children under 13. We do not knowingly collect personal information from individuals under 13 years of age. If we learn that we have collected personal information from a child under 13 without appropriate authorization, we will delete that information promptly. If you believe we may have any information from or about a child under 13, please contact us at info@VINMESA.com.
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
Categories of Personal Information We Collect
We collect the following categories of personal information from users of the Platform:
-
Full name
-
Mailing address (street, city, state or province, ZIP or postal code, and country)
-
Email address
-
Phone number
-
Payment information (credit card and ACH bank transfer data, processed and secured by our third-prarty payment processors, Stripe and Shopify; we do not directly store full credit card numbers or full bank account numbers)
-
Account credentials (username and hashed password), including credentials associated with any social media account used to register or log in
-
Order history and purchase records
-
Product reviews, comments, and photos you post on the Platform
-
Approximate location data derived from your IP address, used to enforce geographic access controls
-
Device and technical data, including IP address, browser type, operating system, mobile device identifiers, and navigation patterns within the Platform
We do not collect Social Security numbers, government-issued identification numbers, health data, biometric data, or sensitive financial information beyond what is necessary to process your payment transactions.
Information You Provide Directly
We collect information you voluntarily provide, including:
-
Registration and account information submitted when creating and completing your account application
-
Social media account credentials, if you choose to register or log in using a social media account (such as Google or Facebook)
-
Payment and billing information submitted at the time of purchase
-
Shipping address and order details submitted when placing an order
-
Reviews, comments, and photos you post on the Platform
-
Communications you send to us (e.g., support requests, inquiries)
-
Responses to forms, surveys, or questionnaires we make available on the Platform
Information We Collect Automatically
When you access and use the Platform, we may automatically collect certain technical information, including:
-
Browser type and version
-
Operating system and device information
-
IP address (used to process requests and enforce geographic access controls; we do not retain IP addresses beyond what is necessary for these purposes)
-
Approximate location data derived from your IP address
-
Referring URL and navigation patterns within the Platform
-
Date and time of access
Cookies and Tracking Technologies
The Platform uses cookies and similar tracking technologies, including:
-
Browser cookies to support Platform functionality, session management, and user authentication
-
Google Analytics, which collects aggregate usage and behavioral data to help us understand how users interact with the Platform
-
Facebook Pixel, which collects behavioral data used to measure the effectiveness of our advertising and to support marketing analytics
You may configure your browser to refuse cookies; however, doing so may prevent certain features of the Platform from functioning properly. You may also opt out of Google Analytics data collection by using the Google Analytics Opt-out Browser Add-on (available at tools.google.com/dlpage/gaoptout). You may opt out of Facebook Pixel tracking through your Facebook account ad preferences or by using the Digital Advertising Alliance opt-out tools at optout.aboutads.info.
Do Not Track
The Platform honors Do Not Track (DNT) browser signals. When a Do Not Track signal is detected, we will not use tracking technologies to collect behavioral data about your browsing activities across third-party websites.
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
-
To create, manage, and approve your user account, including processing social media login credentials where applicable
-
To verify your identity, age, and eligibility to use the Platform
-
To process and fulfill product orders, including arranging shipping and delivery
-
To process payments through our payment processors, Stripe and Shopify
-
To provide customer service and respond to support requests
-
To communicate with you regarding your account, orders, and updates to these policies
-
To display and moderate user reviews, comments, and photos
-
To improve our processes, products, and Platform to enhance customer satisfaction
-
To collect aggregate analytics and measure Platform performance
-
To send marketing and promotional communications where you have opted in or where permitted by applicable law; note that targeted advertising and marketing communications are not active at launch and will not be introduced without prior notice to users and the opportunity to opt out before such programs begin
-
To detect and prevent fraud, abuse, unauthorized account use, and security incidents
-
To enforce geographic access restrictions
-
To maintain records for legal and business purposes
-
To comply with applicable law
We do not engage in automated decision-making or profiling based on user data. We collect only the personal information that is necessary for the purposes described in this Privacy Policy (data minimization principle).
DISCLOSURE OF YOUR INFORMATION
We will not sell, rent, or trade your personal information to any third party.
We do not share your personal information with third parties for their independent use except in the following limited circumstances:
-
Service providers: We share information with third-party service providers who support our operations, including Stripe and Shopify (payment processing), Google Cloud Platform (cloud hosting and data storage), Google Analytics and Facebook (analytics and marketing), and social media platforms through which users may register or log in. These providers are required under data processing agreements to protect your information and use it only for the purposes for which it was disclosed.
-
Manufacturing and fulfillment partners: We share order-related information (such as shipping addresses and product specifications) with our manufacturing and fulfillment partners as necessary to produce and deliver your orders. Such sharing is limited to what is necessary for order fulfillment.
-
Legal compliance: We may disclose personal information when required by law, court order, or lawful governmental request, including requests from U.S., Canadian, or Mexican authorities.
-
Business transfers: In the event of a merger, acquisition, or sale of Company assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.
-
Safety: We may disclose information if we believe disclosure is necessary to prevent harm or protect the rights, property, or safety of the Company, our users, or the public.
We do not currently participate in advertising networks or affiliate marketing programs. If we introduce such programs in the future, we will provide prior notice and an opportunity to opt out before any such program begins, and we will update this Privacy Policy accordingly.
THIRD-PARTY SERVICE PROVIDERS
The Platform relies on the following key third-party service providers:
Google Cloud Platform: Cloud hosting and data storage. All user data is stored domestically on Google Cloud Platform infrastructure. While Google Cloud maintains industry-leading security infrastructure, no cloud hosting environment is immune from cyberattacks or system failures. We acknowledge this limitation and disclose it to our users accordingly.
Stripe: Payment processing for credit card and ACH transactions. Stripe collects and processes payment information directly. The Company does not store full credit card or bank account numbers. Stripe’s privacy practices are governed by Stripe’s own privacy policy.
Shopify: E-commerce platform and payment processing. Shopify is Level 1 PCI DSS compliant and employs encryption to protect payment and transaction data. Shopify’s privacy practices are governed by Shopify’s own privacy policy.
Google Analytics: Web analytics service that collects aggregate usage data. Google’s privacy practices are governed by Google’s own privacy policy. Users may opt out of Google Analytics data collection using the Google Analytics Opt-out Browser Add-on.
Facebook (Meta): Facebook Pixel is used to measure the effectiveness of our marketing and to support advertising analytics. Facebook’s privacy practices are governed by Meta’s own privacy policy. Users may opt out through their Facebook account ad preferences or through the Digital Advertising Alliance opt-out tools.
Social Media Login Providers (Google, Facebook): If you choose to register or log in to the Platform using a social media account, the relevant platform will share certain account information with us (such as your name and email address) in accordance with its own privacy policy and your account settings. We recommend reviewing the privacy policies of any social media platform you use to log in.
All third-party service providers are contractually required under data processing agreements to implement appropriate security measures and use personal information only as directed by the Company.
SOCIAL MEDIA LOGINS AND THIRD-PARTY INTEGRATIONS
The Platform offers the option to register or log in using social media account credentials (such as Google or Facebook). If you choose to use a social media login, the relevant social media platform may share certain account information with us in accordance with its own privacy policy and your account settings. We recommend reviewing the privacy policies of any social media platform you use to log in to the Platform.
The Platform embeds third-party tools including Google Analytics and Facebook Pixel. These tools may independently collect data about your interactions with the Platform in accordance with their own privacy policies. Please refer to the Cookies and Tracking Technologies section above for information on how to opt out of these tools.
DATA SECURITY
We take reasonable technical and administrative steps to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including:
-
Storage of all user data on Google Cloud Platform infrastructure, protected by industry-standard firewall and access controls
-
SSL/TLS encryption for all data transmissions between users and the Platform
-
Level 1 PCI DSS compliance and encryption through our payment processor, Shopify, for all payment transactions
-
Access controls limiting internal access to user data on a need-to-know basis
Despite these measures, no security system is impenetrable and no internet transmission is completely secure. We cannot guarantee the absolute security of your personal information. Any transmission of personal information to the Platform is at your own risk.
DATA RETENTION
We retain user account and order data in accordance with our operational and legal obligations. Our data retention practices include the following:
-
Account and order data is generally retained for two (2) years following account deactivation or termination
-
Customer-specific personal information may be deleted earlier upon a verified and lawful deletion request, subject to applicable legal retention requirements
-
Abandoned cart data is retained for thirty (30) days
We may retain certain records for longer periods as required by applicable law or for legitimate business purposes such as fraud prevention or dispute resolution. Users may request access to or correction of their personal information at any time (see Your Privacy Rights below). Deletion requests will be honored subject to applicable legal retention requirements.
DATA BREACH NOTIFICATION
In the event of a data security incident, the Company will assess the nature and scope of the breach and respond in a manner appropriate to the specific circumstances, in coordination with our service providers and applicable legal counsel.
Where required by applicable U.S. state, federal, Canadian, or Mexican law, we will notify affected individuals and regulatory authorities within legally required timeframes. Notifications will describe the nature of the incident, the categories of information involved, and steps users can take to protect themselves.
To report a potential security issue or vulnerability, please contact us at info@VINMESA.com.
YOUR PRIVACY RIGHTS
Access, Correction, and Deletion
You may access and update your personal information by logging into your account and visiting your profile settings. You may also contact us at info@VINMESA.com to request access to, correction of, or deletion of your personal information. We cannot accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Deletion requests will be honored subject to applicable legal retention requirements. We will respond to all verified privacy requests within thirty (30) days, with an extension of up to sixty (60) additional days for complex requests.
Marketing Communications
You may opt out of marketing and promotional communications at any time by using the unsubscribe link in any marketing email, by adjusting your account notification preferences, or by contacting us at info@VINMESA.com. We will honor all opt-out requests promptly.
Cookies and Tracking Opt-Out
You may configure your browser settings to decline cookies and may opt out of specific tracking technologies as described in the Cookies and Tracking Technologies section above. Note that declining cookies or opting out of tracking may impair certain Platform features.
YOUR STATE AND PROVINCIAL PRIVACY RIGHTS
State and provincial consumer privacy laws may provide residents of certain jurisdictions with additional rights regarding our use of their personal information.
California Residents
California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
-
Right to Know: Request disclosure of personal information collected, the sources from which it was collected, the purposes for which it is used, and the third parties with whom it is shared
-
Right to Delete: Request deletion of personal information we have collected (subject to applicable legal retention requirements)
-
Right to Correct: Request correction of inaccurate personal information
-
Right to Opt-Out of Sale or Sharing: We do not sell or share personal information as defined by California law
-
Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information (which may include payment account data), we use and disclose it only as necessary to provide the Platform and fulfill orders, consistent with CPRA limitations
-
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise your California privacy rights, please contact us at info@VINMESA.com or write to us at: Privacy Department, VINMESA LLC, PO Box #2029, Centennial, CO 80161
California’s “Shine the Light” law (Civil Code § 1798.83) permits California residents to request information about disclosures of personal information to third parties for direct marketing purposes. We do not currently disclose personal information to third parties for their direct marketing purposes.
Nevada Residents
Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law. To submit a request, contact us at info@VINMESA.com with the subject line “Nevada Do Not Sell Request.”
Virginia, Colorado, Connecticut, and Utah Residents
Residents of Virginia, Colorado, Connecticut, and Utah have rights under their respective state privacy laws, including the right to access, delete, and correct personal information, and the right to opt out of targeted advertising, the sale of personal information, and profiling. We do not sell personal information or conduct profiling as defined by these state laws. To exercise these rights, please contact us at info@VINMESA.com.
Canadian Users
Canadian users may have rights under applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws (including the Personal Information Protection Act (PIPA) in Alberta and British Columbia, and Law 25 in Québec). These rights may include the right to access, correct, and request deletion of your personal information and to withdraw consent to certain uses of your data.
The Company collects, uses, and discloses personal information from Canadian users only for the purposes identified in this Privacy Policy, with your knowledge and consent (express or implied), and only to the extent necessary for those purposes, consistent with PIPEDA’s data minimization principle. You may withdraw consent to certain uses of your personal information at any time, subject to legal or contractual restrictions, by contacting our Privacy Officer at info@VINMESA.com.
Canadian users may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca with privacy-related complaints.
Mexican Users
Mexican users have rights under Mexico’s Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its regulations, including the right to access (Acceso), rectification (Rectificación), cancellation (Cancelación), and objection (Oposición) — collectively known as ARCO rights. To exercise your ARCO rights, please submit a written request to our Privacy Officer at info@VINMESA.com. We will respond within the timeframes required by applicable Mexican law.
This Privacy Policy serves as VINMESA’s Aviso de Privacidad (Privacy Notice) for purposes of the LFPDPPP. If a separate Aviso de Privacidad in Spanish is required for specific processing activities directed at Mexican users, the Company will provide it at the relevant point of data collection.
European Union and United Kingdom
The Platform is available exclusively to users located in the United States, Canada, and Mexico, and is not directed at users in the European Union or United Kingdom. We do not intentionally collect personal information from EU or UK residents. If a user in the EU or UK circumvents our geographic access controls and accesses the Platform, they do so without authorization and in violation of our Terms of Use. If the Company’s geographic scope changes in the future, this Privacy Policy will be updated to address applicable GDPR and UK GDPR requirements.
LEGAL BASIS FOR PROCESSING
We process your personal information based on the following grounds:
-
Contractual necessity: To fulfill our obligations in connection with your orders and account, including account management, service delivery, and payment processing
-
Legitimate business interests: To operate, maintain, and improve the Platform, to improve our processes and customer satisfaction, and to detect and prevent fraud or security threats, provided such interests are not overridden by your rights and interests
-
Legal compliance: To meet applicable legal obligations, including U.S. state breach notification laws, Canadian PIPEDA requirements, Mexican LFPDPPP requirements, and applicable consumer privacy laws
-
Consent: Where we rely on your consent (e.g., for marketing communications, optional tracking technologies, or social media login), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal
THIRD-PARTY TECHNOLOGIES AND INTEGRATIONS
The Platform supports social media login integrations. Registration and login may be completed using your existing Google or Facebook credentials. Please review the privacy policies of the applicable social media platforms for information about their data practices, including what information they share with us and how they use data collected through their login services.
The Platform embeds Google Analytics and Facebook Pixel. These tools collect data about your interactions with the Platform. Users may opt out of these tools as described in the Cookies and Tracking Technologies section above.
Each third-party service provider is subject to its own terms and privacy policy, and we recommend reviewing those policies where applicable. We maintain data processing agreements with all third-party providers that receive personal information.
CHANGES TO OUR PRIVACY POLICY
It is our policy to post any changes we make to this Privacy Policy on this page. We will notify you of material changes by email to the address associated with your account and through an account notification on the Platform. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically reviewing this Privacy Policy for any changes. Your continued use of the Platform after changes are posted constitutes your acceptance of those changes.
CONTACT INFORMATION
For privacy-related inquiries, data access or correction requests, ARCO rights requests, or to report a security concern, please contact our designated Privacy Officer at:
VINMESA LLC
Privacy Officer
PO Box #2029
Centennial, CO 80161
Email: info@VINMESA.com
We will acknowledge privacy inquiries within 48 business hours and work to resolve them within 30 days. Requests for data access, correction, or deletion will be processed within 30 days, with an extension of up to 60 days for complex requests.
You also have the right to lodge complaints with applicable state attorney general offices or the Federal Trade Commission (FTC) for matters related to U.S. privacy law. Canadian users may contact the Office of the Privacy Commissioner of Canada. Mexican users may contact the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI).