Privacy Policy

Effective Date: January 1, 2020
Last Updated: July 21, 2025

ZEHN Wipes (“ZEHN,” “we,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website or purchase our sanitizing wipes and related services (collectively, the “Services”). It also describes your rights and choices regarding your personal information, including how you can access, update, or delete your data and opt in or out of certain uses. We aim to fully comply with U.S. laws (including the California Consumer Privacy Act as amended by the CPRA, the Utah Consumer Privacy Act, and other state privacy laws) as well as international standards like the EU General Data Protection Regulation (GDPR). We want to be transparent about our data practices and give you control over your personal data.

By using our website or Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the site or provide us with your information.

1. Information We Collect

We collect personal information that you provide to us directly, information automatically collected from your use of our site, and information from third parties (as needed). The types of information we may collect include:

1.1 Information You Provide Directly:

  • Account and Contact Information: When you create an account or make a purchase, we collect information such as your name, email address, billing and shipping address, phone number, and login credentials (username and password).

  • Order and Transaction Information: When you place an order, we collect details related to your purchase, such as the products ordered, quantity, date and time of purchase, special instructions, and any communications or inquiries you send to us about your order. We also collect payment-related information (see Payment Information below).

  • Payment Information: We use third-party payment processors to handle payment transactions (e.g., credit card numbers) securely. When you provide payment details (credit card number, expiration date, CVV, billing address), that information is sent directly to our payment processor (for example, Stripe or PayPal) and is not stored on our servers. We may store limited payment-related information, such as the last four digits of your card or the payment method type, for record-keeping and receipts.

  • Communications with Us: If you contact us with a question, request, or customer support issue (via email, phone, or contact forms), we will collect the information you choose to provide in your message (which may include personal data like your name, email, and the contents of your communication). We will also keep records of our correspondence.

  • Marketing and Preferences: If you subscribe to our newsletter, SMS alerts, or other marketing communications, we collect your contact details (email, phone number) and your preferences (such as your marketing and communication preferences). We may also collect information when you participate in promotions, surveys, contests, or provide feedback (such as testimonials or reviews). Participation in these is voluntary, and you will know what information you provide because you will be actively entering it.

  • Business Client Information: If you represent a business or organization that is a customer (B2B customer), we may collect your professional contact details (name, business email, phone, company name, title, etc.) and any information related to your business orders or inquiries.

1.2 Information We Collect Automatically:
When you use our website, we (and our service providers) use cookies and similar tracking technologies to automatically collect certain technical and usage information. This may include:

  • Device and Browsing Information: IP address, browser type and version, device type (desktop, mobile, tablet), operating system, unique device identifiers, and region or language settings.

  • Usage Data: Information about how you navigate and use our site, such as pages or products viewed, links clicked, time spent on pages, the page that referred you to our site, and search queries entered on our site. We may also log the dates and times of your visits. This data helps us understand which parts of our site are most interesting or useful to users and if there are any usability issues.

  • Cookies and Similar Technologies: We use cookies (small text files stored on your device) and similar technologies (like web beacons, pixels, and local storage) to remember your preferences and recognize you when you return to our site. For example, we use cookies to keep you logged in to your account, to maintain your shopping cart between visits, and to gather analytics data. Some cookies are essential for site functionality (e.g., for the cart and checkout process), while others are optional (e.g., analytics or advertising cookies). See Section 4 below for more on cookies and your choices.

  • Analytics Data: We use third-party analytics services (such as Google Analytics) to collect information about site usage and user interactions. These services may set cookies or similar identifiers to collect usage data and report website trends. Google Analytics may collect information like your IP address, but it provides reports to us in aggregate form (not identifying individual users). You can learn more about how Google uses data from our site and how to opt out in Section 4.

1.3 Information from Third Parties:
We may receive information about you from third-party sources in certain situations, such as:

  • Third-Party Accounts: If you use a third-party login (if we enable “Sign in with Google/Facebook” or similar), those services may send us your profile information (like name, email) to simplify account creation. We will ask your permission before doing so.

  • Marketing Partners: We might receive leads or contact lists from marketing partners or referrals from other customers (for example, if someone uses a “refer a friend” promotion). We will only use such information for the purposes for which it was provided to us (e.g., to send an invite or one-time message, or as otherwise consented to).

  • Service Providers: Our service providers that help with processing orders, payments, or shipping may share information with us as needed for service (for instance, our shipping providers might provide updated delivery status or address corrections, or our payment fraud screening service might provide fraud analysis results).

  • Public Databases & Social Media: If you interact with us on social media (e.g., commenting on our posts or messaging us), we may receive your username and any other information you choose to share. Also, for business contacts, we may obtain business contact information from public sources like LinkedIn or industry directories.

  • Compliance and Safety: In some cases, we may receive information from third parties to assist with identity verification, compliance, and fraud prevention (such as verification services or fraud-detection agencies).

We treat the information obtained from third parties according to this Privacy Policy, plus any additional restrictions imposed by the source of the information. These third-party sources may have their own privacy policies governing their use of your data.

1.4 Sensitive Personal Information:
We do not actively seek to collect any sensitive personal information (such as social security numbers, driver’s license numbers, financial account passwords, or health/biometric data) through our website. Payment card information is handled only by our PCI-compliant payment processors. Please do not send or upload sensitive personal information to us unless it is necessary (e.g., we would only collect health information if you reported an adverse reaction to our product, and then we’d use it only for complying with reporting requirements). If you do provide or we inadvertently receive any sensitive information, we will apply special precautions to protect it and will only retain it as long as necessary for the purpose it was provided.

2. How We Use Your Information

We use personal information for the following purposes, and we always strive to have a valid legal basis (under laws like GDPR) for each use. Generally, the legal bases are: (a) to perform a contract or provide the service you requested; (b) with your consent; (c) to comply with a legal obligation; or (d) for our legitimate interests (where not overridden by your data protection rights). Specifically, we use personal information to:

  • Process and Fulfill Orders: We use your information to process transactions and provide you with the Products or services you have requested. This includes taking payments, shipping orders via our fulfillment partners, sending order confirmations and receipts, and managing any recurring subscriptions. (Legal basis: contract performance).

  • Provide Customer Support: We use your contact and order information to communicate with you about your orders and to respond to your inquiries, requests, or complaints. For example, if you reach out about an issue with a delivery or a product, we will use your info to resolve it. (Legal basis: contract performance or legitimate interests in ensuring customer satisfaction).

  • Operate and Improve Our Website: We use usage and analytics data to maintain and optimize the functionality of our website, to personalize user experience, and to develop new features or Products. For example, we might use your browsing behavior to remember your cart contents or preferences, or to troubleshoot technical issues. (Legal basis: legitimate interests in improving our services and user experience).

  • Marketing and Promotional Communications: We may use your email or phone number to send you newsletters, promotions, or special offers, but only if you have opted in to such communications or if you have made a purchase and such communications are related to similar products (and you haven’t opted out). This may include information about new products, special deals, or informational content about sanitizing and cleaning (since you expressed interest by purchasing our wipes). We might also use information like your past purchases or browsing to tailor the marketing messages we send (for example, highlighting products similar to what you bought or viewed). (Legal basis: consent, or legitimate interests for existing customers, subject to your opt-out rights.)

    • SMS/Text Messages: If you explicitly consent to receive marketing text messages (SMS) on your phone, we will use your phone number to send periodic promotional texts. Messages and frequency will be disclosed at sign-up. Standard messaging/data rates apply. You can opt out at any time by replying “STOP” or as instructed in the message. We will only send texts with your affirmative consent, in compliance with laws like the Telephone Consumer Protection Act.

  • Transactional and Service Communications: Even if you opt out of marketing, we will still send necessary service emails and messages, such as order confirmations, shipping notifications, updates to terms or policies, or important safety notices (if any). (Legal basis: contract performance or legal obligations).

  • Manage Your Account: We use personal information so that you can log in and manage your account, such as remembering your login credentials (if you choose to save them), allowing you to view order history, and update your settings. (Legal basis: contract performance).

  • Personalization: We may use cookies and collected data to personalize content on our site for you. For example, remembering items in your cart, showing you product recommendations, or greeting you by name. Personalization helps create a smoother shopping experience. (Legal basis: legitimate interests in providing a relevant experience, or consent where required by law for certain cookies).

  • Advertising and Retargeting: We currently do not display third-party ads on our site, but we may engage in limited advertising for our own products on third-party platforms (like Google or Facebook). We might use cookies or pixels from those platforms to measure the effectiveness of our ads and to show ads to relevant audiences. For instance, if you visit our site and accept marketing cookies, a Facebook Pixel might record that visit so that we could later show you an ad on Facebook for a product you viewed. Any such activities will be done in compliance with applicable law (for example, obtaining consent for placing non-essential cookies, and honoring opt-out requests for targeted advertising). (Legal basis: consent, where required, or legitimate interest in promoting our business to interested customers).

  • Analytics and Aggregation: We use analytics tools (like Google Analytics) to understand how users engage with our site. This helps us analyze trends, track aggregate usage, and gather demographic information about our user base as a whole. For example, we might see that a certain percentage of users are from a specific state or that certain pages have high drop-off rates. This information is generally in aggregate form and does not directly identify individuals. We may also create aggregated or de-identified data from personal information by excluding details (like your name) that make the data personally identifiable to you. We use this aggregated data for internal purposes (for example, to analyze overall trends or benchmark our performance) and possibly to share with others (such as in business performance reports), but it will not identify you personally. (Legal basis: legitimate interests).

  • Fraud Prevention and Security: We may use personal information (such as device information, IP addresses, and transaction history) to detect and prevent fraudulent transactions or other illegal activities. For example, we might use an automated system to flag orders that have characteristics of credit card fraud, or we may verify your identity to prevent unauthorized access to accounts. We also use this data to secure our website, network, and systems. (Legal basis: legitimate interests in protecting our business and customers; legal obligations in some cases to prevent fraud).

  • Compliance with Legal Obligations: We will use or disclose your information as necessary to comply with applicable laws, regulations, court orders, or other legal processes. For example, retaining transaction records for tax and accounting purposes, or responding to a lawful request by public authorities (like a subpoena or investigative demand). We may also process your data to enforce our Terms and Conditions or other agreements, or to defend against legal claims. (Legal basis: legal obligation or legitimate interests in protecting our rights).

  • Corporate Transactions: In the event of a business transition such as a merger, acquisition, reorganization, or sale of all or part of our assets, your information may be among the assets transferred. We will ensure the confidentiality of any personal information involved in such transactions and provide notice before your personal information is transferred and becomes subject to a different privacy policy.

We will not use your personal information for purposes that are materially different, unrelated, or incompatible with those described in this policy without notifying you and obtaining your consent when necessary.

3. How We Share and Disclose Information

We understand the importance of keeping your personal information private, and we do not sell your personal information to third parties for money. However, in the normal course of running our business, we share personal data with certain categories of recipients for the purposes outlined below. Whenever we share data, we ensure that the recipients are bound to protect your personal information through contractual or legal means.

3.1 Service Providers (“Processors”):
We share personal information with third-party service providers who perform functions on our behalf and under our instructions. These include:

  • Payment Processors: As mentioned, we use third-party payment gateways (e.g., Stripe, PayPal) to process payments securely. These entities process your payment information subject to their own privacy policies. We share the necessary financial details with them to charge your card or account for purchases (and refunds).

  • Fulfillment and Shipping Partners: We partner with fulfillment centers and logistics providers to store inventory, pick and pack orders, and ship products to you. For example, we use platforms like ShipHero and Packiyo to manage warehouse operations and order fulfillment. We share with these partners the information needed to fulfill your orders: typically your name, shipping address, items ordered, and in some cases your phone/email to provide shipping updates. These partners are contractually obligated to use the data solely for fulfilling orders and related logistics.

  • Delivery Carriers: We share your shipping address and sometimes phone/email with carriers (e.g., USPS, FedEx, UPS or local couriers) that deliver the package, so they can transport and deliver your order, and contact you if needed regarding delivery.

  • Website Hosting and IT Providers: Our website runs on platforms (such as WordPress/WooCommerce) which may be hosted on third-party servers. We also use IT vendors for maintaining our site, databases, and backups. These providers may process data incidentally in the course of performing maintenance or addressing technical issues.

  • Customer Support Tools: We may use third-party customer support software or CRM systems (like a helpdesk platform) to manage customer inquiries and communications. The data you provide in support requests (contact info and issue details) will be stored in these systems for record-keeping and follow-up.

  • Marketing and Communications Services: We utilize a Customer Relationship Management and marketing automation platform called GoHighLevel to manage our email lists, send newsletters or promotional emails, and sometimes to send SMS messages to customers who have opted in. We share your contact information (email, phone) and certain marketing preference data with GoHighLevel to execute these communications. For example, if you sign up for our newsletter, your email and name are stored in GoHighLevel so we can send you newsletters. GoHighLevel may process some data (like email open rates or link clicks) to provide us with analytics about our campaigns. They operate under their privacy and security policies and are contractually forbidden from using your data for any purpose other than providing services to us.

  • Analytics and Advertising Partners: We use analytics services like Google Analytics (as described in Section 1.2). These services may receive certain data about your device and browsing (e.g., through the placement of cookies or tags on our site) to provide us with aggregated insights. If we use advertising partners (like Facebook Custom Audiences or Google Ads), we may provide a hashed version of your email or phone to those platforms to identify if you are a user on those platforms so we can show you relevant ads. Alternatively, those platforms may collect data from our site via cookies/pixels if you have given consent. These partners are not allowed to use the data we share for their own independent purposes; they act on our instructions to assist with our specified analytics or advertising tasks.

We ensure that service providers are contractually bound to protect your data (through Data Processing Agreements as needed) and to only use it for the specific purpose we’ve engaged them for. We do not permit them to use your data for their own marketing or other purposes.

3.2 Within Our Corporate Group:
If ZEHN is part of a larger corporate group (subsidiaries, affiliates, parent company), we may share your information within that group as necessary to provide services and operate our business. For example, if a parent entity provides centralized IT or financial services for its subsidiaries, or if we maintain customer data across a group CRM. Any intra-group sharing of personal data will follow an internal privacy policy and, if international, will be subject to appropriate safeguards (like standard contractual clauses or intra-group data agreements) to ensure continuity of protection.

3.3 Business Transfers:
As mentioned under Use of Information, if we engage in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such a transaction. For instance, if another company acquires our business or product line, customer information would typically be one of the transferred assets so that the service can continue. In such cases, we would require the new owner to continue to honor the terms of this Privacy Policy or provide notice and obtain consent if they want to use the data in ways materially different. You will be notified via email and/or a prominent notice on our site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

3.4 Legal Compliance and Protection of Rights:
We may disclose personal information to courts, law enforcement, governmental or public authorities, or authorized third parties, if and to the extent required or permitted by law or if such disclosure is reasonably necessary to:

  • Comply with a legal obligation, process, or request, such as a subpoena, court order, or government demand. For example, if the law requires us to retain records of purchases or to report certain transactions.

  • Enforce our Terms and Conditions or other agreements, including investigation of potential violations.

  • Detect, prevent, or address security or technical issues, fraud, or illegal activities. For example, exchanging information with other companies and organizations for fraud protection and credit risk reduction.

  • Protect our rights, property, or safety, and that of our users, customers, employees, or others. For instance, we might share information with law enforcement if someone is suspected of committing fraud or a cybercrime against us or our users, or if someone’s actions threaten the safety of people.

Such disclosures may occur with or without notice to you, to the extent permitted by law. We will not release more information than necessary for the specific purpose (for example, if responding to a specific inquiry, we will provide the relevant data rather than all data).

3.5 Your Sharing via Social Media or Public Forums:
If our site offers any publicly accessible blogs, reviews, or forums, any information you provide in those areas (such as a review or comment) may be read, collected, and used by anyone with access. If you choose to connect or engage with us on social media (by posting on our page or tagging us, etc.), your posts or profile may become visible to others according to your privacy settings on that platform. We encourage you to be mindful of your own privacy needs when choosing to share information in these public or community areas.

3.6 No Sale of Personal Information:
We do not sell your personal information for monetary consideration. In other words, we haven’t sold personal data to data brokers or third parties for their independent use (such as for advertising to you) in the last 12 months, and we have no plans to do so. We also do not share your personal information for cross-context behavioral advertising in a manner that is considered a “sale” or “sharing” under California law, except as described for our own advertising purposes which are managed within the bounds of service provider agreements or where you have opted in. If this practice changes in the future, we will update this policy and provide required notices and opt-out mechanisms.

4. Cookies and Tracking Technologies

We use cookies and similar technologies on our website to ensure it functions properly, to analyze our traffic, to understand the effectiveness of our marketing, and to personalize content. This section explains these technologies and your choices regarding them.

4.1 What Are Cookies?
Cookies are small text files that websites store on your device (computer, smartphone, etc.) when you visit them. Cookies can be “first-party” (set by our site) or “third-party” (set by others, like analytics or advertising partners). Cookies have various purposes:

  • Necessary Cookies: These are essential for the website to perform basic functions (e.g., remembering what’s in your shopping cart, logging you in securely, or keeping the site secure). Without these cookies, certain services or features cannot be provided.

  • Preferences Cookies: These remember your preferences, such as language or region selection, so you get a customized experience (for instance, staying on your chosen language on subsequent visits).

  • Analytics Cookies: These collect information about how visitors use the site (pages visited, time spent, any errors encountered). The data is usually aggregated and helps us improve website performance and user experience.

  • Advertising/Marketing Cookies: These cookies are used to deliver advertisements relevant to you and measure their effectiveness. They may be set by advertising networks with our permission. For example, if you visit our site and then see an ad for our products on another site, a marketing cookie likely facilitated that. They track your browsing habits across sites to show you ads that are more likely to interest you (this is sometimes called cross-context behavioral advertising).

4.2 Cookies and Tracking We Use:
We may use the following types of cookies and similar technologies:

  • WooCommerce Cookies: Our e-commerce platform (WooCommerce) uses cookies to enable cart and checkout functionality. For example, woocommerce_cart_hash and woocommerce_items_in_cart help WooCommerce know when cart data changes, and session cookies allow the cart to persist as you browse. These are necessary for e-commerce to work properly.

  • Session and Authentication Cookies: When you log in to an account, cookies like wordpress_logged_in are set to keep you logged in as you navigate pages, and to verify your identity. These expire after the session or a set time for security.

  • Preferences: Cookies may remember things like your selected language or if you dismissed a popup (so it doesn’t show every time).

  • Analytics: We use Google Analytics, which sets cookies such as _ga and _gid to collect anonymized statistics about site usage (e.g., number of visitors, referrer, most visited pages). Google’s cookies may track information like your IP address and device info, but we have configured Google Analytics to anonymize IP addresses where applicable. The data from these cookies is used in aggregate form. Google Analytics also provides an opt-out browser add-on if you wish to prevent data collection (see Your Choices below).

  • Marketing Pixels: We might use marketing pixels (small invisible images or code) from platforms like Facebook or Google Ads. These pixels may set cookies or use existing cookies to record that you visited our site or took a certain action (like adding to cart). This helps us later on with measuring conversions or retargeting advertising. For example, the Facebook Pixel may trigger a cookie to note that you visited a product page, which could enable us to show you an ad for that product on Facebook. These operate only with your consent where required, and you can control them via our cookie consent tool.

  • Email Tracking: Our marketing emails may contain a tiny image or tracking link that tells us if you opened the email or clicked on links. This helps us understand engagement and refine our emails. You can disable images in your email client if you don’t wish to share that data, or simply unsubscribe from our emails if you prefer not to be tracked in that way.

  • Do Not Track Signals: “Do Not Track” (DNT) is a setting available in some browsers that allows you to express a preference not to be tracked across websites. Currently, there is no universal standard for companies to interpret DNT signals. Therefore, our website does not respond to Do Not Track signals in a standardized manner. However, we treat Global Privacy Control (GPC) signals—where recognized by our site or third-party tools—as a valid opt-out of sale/sharing under applicable state laws. (Global Privacy Control is a browser setting or extension that notifies websites of a user’s privacy preferences, specifically for CCPA/CPRA opt-outs.) If we detect a GPC signal from your browser, we will endeavor to treat it as if you had clicked a “Do Not Sell or Share My Personal Information” opt-out, applying to cookies or other tracking on our site that qualify as a “sale” or “sharing” of personal information.

4.3 Your Choices for Cookies:
Upon your first visit to our site (and periodically thereafter, as required), we will present you with a cookie consent banner or pop-up, especially if you are accessing from a jurisdiction where consent is required for certain cookies (like the EU). You have the right to choose which optional cookies we use.

  • Accepting/Rejecting Cookies: You can opt in or out of different categories of cookies (except strictly necessary ones) via the cookie banner settings. If you choose to reject or not consent to certain cookies, those will not be placed.

  • Browser Controls: Most web browsers let you control cookies through their settings preferences. You can typically set browsers to block or delete cookies – either all cookies or cookies from specific sites. However, please note that if you disable all cookies, our website might not function properly (for example, you wouldn’t be able to add items to the cart or proceed through checkout, as those rely on cookies). Here are links on how to manage cookies in common browsers: Google Chrome, Mozilla Firefox, Safari, Microsoft Edge, Internet Explorer.

  • Analytics Opt-Out: For Google Analytics, Google provides an opt-out mechanism via a browser add-on: Google Analytics Opt-out Browser Add-on. Installing this add-on stops Google Analytics from collecting information on that browser for any site.

  • Advertising Choices: If we use Google Ads or Facebook, you can use their own opt-out or ad preference settings: Google allows you to adjust ad personalization in your Google account, and Facebook allows ad settings adjustments in your profile. Additionally, industry groups provide mechanisms to opt out of interest-based advertising broadly: for example, the Digital Advertising Alliance or Network Advertising Initiative let you opt out of many participating ad networks. Keep in mind, opting out of ad cookies doesn’t mean you won’t see any ads, just that they will be less tailored to your interests.

  • Global Privacy Control: If you enable a Global Privacy Control signal in your browser (via an extension or built-in feature), our site will attempt to honor it by opting you out of any sale or sharing of your data as described above. Note that GPC is relatively new and our implementation will evolve with the standards and regulations.

We will periodically reassess our cookie and tracking practices to ensure compliance with evolving privacy laws (such as requirements in California, Colorado, etc., for opt-outs of targeted advertising cookies) and will update this policy accordingly. If you have questions about our use of cookies or want to change your preferences, you can contact us (see Contact Information below).

5. Data Retention and Security

5.1 Data Retention:
We retain your personal information for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Generally:

  • Account information (like your name, email, addresses, order history) is kept for as long as you have an account with us. If you request account deletion, we will delete or anonymize your personal data associated with the account, except for data we are required or permitted to retain by law (for tax, fraud prevention, etc.).

  • Order records and transactional data are retained for the duration needed to process the transaction and then for a period as required for financial record-keeping. For example, we might retain invoice and payment records for at least 7 years to comply with tax and accounting laws.

  • Customer service communications may be retained until the issue is resolved and for a time after (to help us identify patterns or in case of follow-up issues).

  • Marketing data (like email subscription info) is kept until you unsubscribe or request deletion. If you unsubscribe from marketing, we will keep minimal information (like your email) on a suppression list to ensure we respect your opt-out.

  • Web analytics data is typically stored in aggregate or anonymized form. Raw event-level data from analytics tools might be automatically deleted or anonymized after a set period (e.g., Google Analytics retains data for a certain number of months as configured by us).

  • If you apply for a job with us through the site (if applicable), we would retain that application data per our HR data retention policies (often for a year or two, unless required longer).

When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely dispose of it or anonymize it. We also periodically review the data we have and delete or de-identify records that are no longer needed.

5.2 Data Security:
We implement a variety of technical, administrative, and physical security measures to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include:

  • Encryption: We use SSL/TLS encryption on our website for all pages where personal information is transmitted (you can usually see a lock icon in your browser indicating the connection is secure). This means that when you enter sensitive information (like login credentials or payment data) on our site, the data is encrypted in transit. Our payment processors also use encryption and tokenization to protect payment data.

  • Access Controls: We limit access to personal data to those employees, contractors, and service providers who need to know that information to perform their job duties. They are subject to confidentiality obligations and are trained on data protection. Our databases and systems require authenticated, authorized access, and we use mechanisms like firewalls and access logs to prevent and detect unauthorized access.

  • Secure Hosting: Our website and databases are hosted with reputable providers that employ strong security practices. We keep our website software (like WordPress/WooCommerce and related plugins) up to date to patch security vulnerabilities.

  • Monitoring and Testing: We monitor for potential security breaches and have intrusion detection measures. We may also do periodic security assessments or audits, and our service providers are often vetted for their security stance.

  • Backups: We perform regular backups of critical data to ensure we can restore it in case of accidental deletion or a security incident. Backups are stored securely and accessible only to authorized personnel.

  • PCI Compliance: For payment processing, while we do not store credit card details, we ensure that our payment gateway partners are PCI-DSS compliant (Payment Card Industry Data Security Standard). We also follow best practices when handling any payment-related info (like never emailing credit card numbers, etc.).

  • Anonymization: Where possible and appropriate, we anonymize or pseudonymize personal data, especially when using it for analytics, testing, or improvement purposes, to reduce any risk to your privacy.

Despite all these precautions, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. We strive to protect your personal information, but we cannot guarantee absolute security. It’s important for you as well to take steps to protect your information – for example, choose a strong, unique password for our site and do not share it, and notify us immediately if you suspect any unauthorized access to your account.

In the unfortunate event that a data breach occurs affecting your personal information, we will notify you and the relevant authorities as required by law. We have a breach response plan in place to quickly mitigate and investigate any security incidents.

6. International Data Transfers

ZEHN is based in the United States, and our website and services are primarily targeted at customers in the U.S. However, because the internet is global, personal information that we collect may be transferred to or stored in the United States or other countries outside of your country of residence. This section explains how we handle international data transfers, particularly with regard to the GDPR and other international frameworks.

6.1 Transfer to the United States:
If you are accessing our Services from outside the United States (for example, from the European Union, the United Kingdom, or other regions with data protection laws), please be aware that your personal information will likely be transferred to and processed in the United States. The data protection and privacy laws of the U.S. may not be considered as protective as those in your region (for instance, the EU has GDPR which has strict rules, whereas the U.S. does not currently have a single comprehensive federal privacy law).

However, we will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. For example:

  • Contractual Safeguards: If we transfer personal data from the European Economic Area (EEA), UK, or Switzerland to the U.S. or another country not deemed by authorities to have adequate protections, we will do so under appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs), or equivalent mechanisms under applicable law. These are contractual commitments between companies transferring personal data, binding them to protect the data and honor privacy rights according to EU standards.

  • Privacy Frameworks: We monitor developments in international data transfer frameworks. For example, as of the date of this Policy, a new EU-U.S. Data Privacy Framework has been adopted. We will consider participating in recognized frameworks or certifications that may facilitate compliant data transfers if applicable for our business. (Our service provider GoHighLevel has stated compliance with the EU Data Privacy Framework, which helps when data is processed by them internationally.)

  • Service Providers Obligations: We ensure that service providers that handle international data (like our CRM or analytics providers) commit to necessary compliance measures. Many of our key service providers (such as payment processors, CRM, etc.) have international transfer mechanisms in place (SCCs or are certified under frameworks like the DPF or Swiss-U.S. Privacy Shield successor frameworks) to lawfully transfer EU/UK personal data to the U.S.

6.2 For EEA/UK/Swiss Individuals:
If you are in the EEA, UK, or Switzerland, we want to ensure you are aware that when we transfer your personal data out of your region:

  • We may rely on your explicit consent in some cases. For example, if you sign up knowing your data will be processed in the U.S., that might be considered consent (though we primarily rely on other mechanisms, since consent can be withdrawn).

  • We may rely on the fact that the transfer is necessary for the performance of a contract between you and us (for instance, when you order from our U.S.-based store, the transfer of your address to a U.S. shipping system is necessary to fulfill your order).

  • We also ensure adequate safeguards as noted (like SCCs) are in place for routine transfers like storage on servers or use of U.S.-based service providers.

You have the right to inquire about the safeguards we use to export your data and, if applicable, a copy of the relevant contractual clauses (which we can provide without sensitive commercial terms).

6.3 A Note for Other Regions:
If you reside in other countries with data localization or transfer laws (for example, some countries require local storage of certain personal data), we will comply with those requirements when applicable. As our business grows, we may establish regional data centers or representatives to better comply with local laws.

In summary, no matter where we process your data, we will do so in accordance with this Privacy Policy and ensure a level of protection of your personal information that is consistent with the laws of your jurisdiction and this policy.

7. Your Rights and Choices

You have certain rights regarding your personal information, which may vary depending on your location and the laws that apply to you. We strive to honor these rights for all our customers to the extent possible. Below, we outline various privacy rights, including those under the California Consumer Privacy Act (CCPA) and its amendments, the Utah Consumer Privacy Act (UCPA), the GDPR for EU residents, and other applicable U.S. state laws (such as Virginia’s CDPA, Colorado’s CPA, etc.).

7.1 General Rights for Individuals (GDPR and similar laws):
If you are in the European Economic Area (EEA), United Kingdom, or other jurisdictions with analogous rights (and we also extend many of these rights to all users where feasible), you have the following rights with respect to your personal data:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal information, and if so, to request a copy of the personal data we hold about you. This allows you to receive a copy of the data we have and certain supplementary information (similar to what is provided in this Privacy Policy).

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information about you. If you have an account, you can also log in and update certain information directly.

  • Right to Erasure (Right to Delete): You have the right to request deletion of your personal information. We will honor such requests and delete your information, except to the extent we are permitted or required to retain it (for example, to complete transactions you’ve requested, for legitimate business or legal purposes such as recordkeeping obligations, or for exercising or defending legal claims).

  • Right to Restrict Processing: You can ask us to suspend the processing of certain of your personal information if you contest its accuracy, if the processing is unlawful (but you do not want it erased), or if you have objected to processing (pending verification of that objection).

  • Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, machine-readable format so that you can transmit it to another service provider. Where technically feasible, you can also request that we transmit such data directly to another controller. This typically applies to data you provided to us (not to data we derived).

  • Right to Object: You have the right to object to our processing of your personal information in certain circumstances. For example, if we are processing your data based on legitimate interests, you can object to that processing and we will consider your request. If you object to direct marketing, we will honor that absolutely (see the marketing opt-out below). If you object to processing for analytics or personalization, we will evaluate if there is a compelling interest to continue or if we should stop.

  • Right to Withdraw Consent: If we rely on consent to process your personal information, you have the right to withdraw that consent at any time. For example, you can withdraw consent for marketing emails by unsubscribing, or for cookies by adjusting your preferences. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

  • Right Not to be Subject to Automated Decision-Making: We do not currently make any decisions that have legal or similarly significant effects solely by automated means (without human involvement). If we ever do, you would have the right to not be subject to such decisions without your consent, and to seek human review.

  • Right to Complaint: If you are in the EU/EEA or UK, you have the right to lodge a complaint with a supervisory authority in your country of residence or where an issue occurred if you believe our processing of your personal data violates the law. We would, however, appreciate the chance to address your concerns first, so we invite you to contact us with any complaint and we will do our best to resolve it.

7.2 Privacy Rights Under U.S. State Laws (California, Utah, etc.):
For residents of certain U.S. states, you have specific rights under state laws like the California Consumer Privacy Act (CCPA/CPRA), Virginia’s CDPA, Colorado Privacy Act, Utah’s UCPA, and similar laws. These rights often overlap with those above, but we summarize them here:

  • Right to Know (Access): California residents, for example, have the right to request that we disclose what personal information we have collected, used, disclosed, or sold about you in the past 12 months. This includes the categories of personal information, the categories of sources, the business or commercial purpose, the categories of third parties with whom we share it, and the specific pieces of personal info we have about you. Other states provide similar access rights.

  • Right to Delete: Similar to above, you can request deletion of personal information we have collected from you and retained, subject to certain exceptions.

  • Right to Correct: CPRA (California’s update) and some other states give you the right to request correction of inaccurate personal information we maintain about you.

  • Right to Data Portability: Some state laws include the right to obtain a copy of your personal data in a portable format (which parallels the GDPR right to data portability described).

  • Right to Opt-Out of “Sale” or “Sharing” of Personal Information: CCPA gives consumers the right to opt out of the sale of their personal information. “Sale” is broadly defined to include certain sharing for advertising. We do not sell personal information for money, and as noted, we do not share data for behavioral advertising in a way that would trigger opt-out rights without providing that ability. If we have any third-party cookies or trackers that constitute a “sale”/“sharing”, you can opt out by using our cookie preferences or broadcasting a GPC signal. We also provide a “Do Not Sell or Share My Personal Information” link on our website footer for California residents to opt out, which will disable such trackers. (Because we limit such activity, opting out may simply confirm that we already don’t sell data, but we provide the option nonetheless in compliance with law.)

  • Right to Opt-Out of Targeted Advertising or Profiling (Virginia/Colorado etc.): Similar to California’s sharing opt-out, other states allow opt-out of processing of personal data for targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects. We treat any opt-out of sale/sharing or use of our cookie settings as an opt-out of targeted advertising. We do not engage in profiling that produces legal or significant effects without consent.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. For instance, we will not deny you goods or services, charge you different prices, or provide a different quality of service just because you exercised your rights (as per CCPA). However, note that if you ask us to delete data that is necessary to provide you with a service (e.g., an account), we may not be able to continue providing that service.

  • Right to Appeal (for some states like Virginia): If we decline to take action on a request you make (for example, if we deny a deletion request as allowed by law), you have the right to appeal our decision. We will provide instructions if we deny a request. Typically, you can contact us to initiate an appeal, and we will have a set time (e.g., 45-60 days) to review and respond. If the appeal is denied, certain states allow you to contact the state Attorney General or similar authority to submit a complaint.

7.3 Exercising Your Rights:
To exercise any of the above rights, please contact us using the information provided in the Contact Information section at the end of this Privacy Policy. For example, you can email us with the subject “Privacy Rights Request” and specify your request (access, deletion, etc.). You may also have the option to fill out a web form on our site dedicated to privacy requests (if available), or call a provided toll-free number (California requires a toll-free number for certain businesses – if we meet that threshold, we will provide one; otherwise, email is fine).

Verification: For certain requests, especially those involving sensitive data (access or deletion of personal info), we will need to verify your identity to ensure we’re providing data to the correct person. We may ask you to provide additional information to match against our records (like confirming certain details of your last transaction, or using a verification link through your email on file). Any information you provide for verification will only be used for that purpose.

If you are making a request through an authorized agent (permitted under CCPA and some laws), we will require proof of the agent’s authority to act on your behalf. For example, the agent must present a signed permission from you, and we may still verify with you directly or require you to verify your identity.

We aim to respond to privacy requests within the timeframes required by law – generally within 45 days, with the possibility of an extension (we will inform you if we need more time). These services are provided free of charge, unless a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on it (we will explain why in such case).

7.4 Specific Disclosures for California Residents:
In addition to the rights above, California law requires us to provide some additional information in a specific format:

  • Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information (as defined by CCPA) – Identifiers (like name, email, IP address); Customer Records (address, phone, payment info); Commercial Information (purchase history); Internet or other electronic network activity (browsing on our site); Geolocation data (approximate, from IP); and in some cases Professional or Employment information (if B2B contacts). We do not collect sensitive personal info like social security numbers, driver’s license, etc., nor do we collect biometric information.

  • Categories of Sources: We collect this information directly from you (e.g., when you provide it), automatically (e.g., via cookies), and from service providers or partners (as detailed in Section 1.3).

  • Business/Commercial Purposes for Collection: These are outlined in Section 2 above (e.g., fulfill orders, marketing, improve site, etc.). Each category of data we collect is used for one or more of those purposes.

  • Categories of Third Parties Shared With: We have disclosed these categories of personal information to service providers or contractors for business purposes in the last 12 months: Identifiers (to our email service, shipping providers, etc.), Customer Records (to payment and fulfillment processors), Commercial info (to analytics and fraud prevention tools), Internet activity (to analytics and advertising partners), etc. We do not sell personal information for money, and as per earlier statements, we have not “sold” personal info as defined by CCPA.

  • “Shine the Light” (California Civil Code §1798.83): Separate from CCPA, California’s “Shine the Light” law allows customers to request certain details about if we share personal information with third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing use without your consent (for example, we won’t give your email to some other company so they can market their products to you). If that ever changes, we would provide the requisite opt-in or opt-out. California users may request information about our compliance with this law by contacting us; we may require proof of residence to process such requests.

7.5 Opting Out of Marketing Communications:
As touched on earlier, you can always opt out of receiving promotional emails or newsletters from us by clicking the “unsubscribe” link in any such email, or by contacting us with your request. Please note you may continue to receive transactional or account-related communications (e.g., emails about your orders, updates to terms, etc.). For SMS messages, you can opt out by replying “STOP” to any promotional text or following the instructions provided. If you encounter any issues with opting out, reach out to us and we will manually ensure you are removed from the marketing lists.

7.6 Limitations:
Your rights to your data are important, but they are not absolute. In certain cases, we may lawfully refuse a request (for instance, if fulfilling it would violate another law or interfere with legal obligations, or if we cannot verify your identity). We might also decline requests that jeopardize the privacy of others (like providing you data that contains others’ personal information). If we refuse a request, we will explain the reasons (unless restricted by law).

We will not usually charge a fee for fulfilling legitimate requests, but repetitive, excessive, or manifestly unfounded requests may be subject to a fee or denial as mentioned.

8. Children’s Privacy

Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years of age. In fact, as stated in our Terms, individuals under 18 must only use the site with appropriate consent and supervision, and cannot make purchases unless through an adult. We abide by the U.S. Children’s Online Privacy Protection Act (COPPA) which imposes requirements on websites that knowingly collect data from children.

If you are under 13, please do not attempt to register an account or send any personal information about yourself to us. If we learn that we have inadvertently collected personal information from a child under 13 (or under the age of 16 in certain jurisdictions, where parental consent may be required), we will take steps to delete that information promptly.

For parents or guardians: If you believe that we might have any information from or about a child under the relevant minimum age, please contact us immediately (see Contact Information below). We will investigate and, if appropriate, delete the information from our records.

For minors between 13 and 18: If our site permits posting of content (like reviews or comments), and if you are a registered user under 18, you may request removal of content or information you have publicly posted by contacting us. We will make reasonable efforts to remove the content, or anonymize it such that you cannot be individually identified, as required by applicable law. Note that removal does not ensure complete or comprehensive erasure (for example, if a third party has re-posted your content, we can’t remove it from their site).

9. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we do, we will post the revised policy on this page with a new “Last Updated” date at the top. If the changes are significant, we may also notify you by additional means, such as sending an email notification or providing a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the website or our Services after any update to this Privacy Policy will signify your acceptance of the changes, to the extent permitted by law.

If we were to use your personal information in a manner materially different from what was stated at the time of collection, we would obtain your consent or give you a meaningful opportunity to opt out before the new use.

10. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: info@zehnwipes.com (Please put “Privacy Inquiry” in the subject line)

Phone: (801) 810-9473

We will do our best to respond promptly and thoroughly to address your questions or concerns. If you need to access this policy in an alternative format due to a disability or for any other reason, let us know and we will provide it.

Thank you for trusting ZEHN Wipes with your personal information. We are committed to safeguarding your privacy and providing a safe and secure user experience.