Customer Support

Privacy Policy

Effective Date: Jul 17th, 2025

Last Updated: Sep 14th, 2025

This Privacy Policy explains how VividCozy (“we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information when you visit our website, create an account, place an order, or otherwise interact with our services.

1) Scope

This Policy applies to personal information collected online through our website and related services. Additional notices may apply where required by law (e.g., California “Notice at Collection”).

2) Categories of Personal Information We Collect (Notice at Collection)

We may collect the following categories of personal information, from the sources indicated, for the purposes shown below. We also indicate whether we “sell” or “share” such information for cross-context behavioral advertising under California law, and how long we retain it (or the criteria used to decide).

advertising under California law, and how long we retain it (or the criteria used to decide).

Notice at Collection — Categories of Personal Information We Collect
Category (examples)	Sources	Primary Purposes	Sold?	Shared for Ads?	Typical Retention / Criteria
Identifiers (name, email, phone, IP address, or account alias)	Directly from you; automatically via your device; service providers For account registration we collect an account name or alias (instead of full first/last name).	Account creation, customer support, order processing, security/fraud prevention, legal compliance. Used for order confirmation, shipping notifications, and customer support. Marketing communications only with consent.	No	Only if you consent; GPC honored	Account data until deletion; order/support records per legal obligations (e.g., up to 7 years)
Commercial information (orders, preferences, sample requests)	Directly from you; service providers	Fulfillment, returns/warranty, customer support, analytics & service improvement	No	No	Order records per tax/accounting laws (generally up to 7 years)
Payment information (billing details; tokenized payment IDs)	Directly from you; payment processors (we do not store full card numbers)	Payment processing, refunds, fraud prevention	No	No	Per processor’s requirements and legal obligations
Internet/Network activity (pages viewed, device/browser data, cookies)	Automatically via your device; analytics/ads providers	Site operation, analytics, performance, security; where enabled, Microsoft Clarity session replay/heatmaps for UX improvement and advertising measurement (with consent).	No	Only with consent; GPC honored	Per cookie/banner settings; anonymized or aggregated analytics retained as needed
Geolocation (approximate; no precise tracking)	Automatically via IP. We use MaxMind GeoLite2 database for approximate geolocation (country/city level) to help detect fraud, apply tax rules, and localize services.”	Localization (currency/language), fraud prevention	No	No	As part of logs/analytics per above
User-generated content (reviews, images, design files)	Provided by you	Display with consent, customer showcase, custom manufacturing	No	No	Until withdrawn or as required for contract/warranty
Design Submission Data (floor plans, renovation requirements, custom design files)	Provided by you	To process sample kit requests, custom orders, and design consultation services	No	No	Retained for order fulfillment and warranty support; typically deleted 1 year after project completion unless you request earlier deletion
Inferences & personalization	From your interactions/choices	To offer personalized products/services and recommendations (with consent)	No	No	Until preference changes or account deletion
Sensitive Personal Information (SPI)	—	We do not collect SPI such as precise geolocation, government IDs, or complete financial account numbers with security codes. We do not use or disclose SPI in a manner requiring a “Right to Limit.”	No	No	—

We do not sell personal information for monetary consideration. If we use advertising/retargeting cookies, that activity may be deemed “sharing” under California law; you can opt out of sale/sharing at any time via our cookie banner, the Do Not Sell or Share My Personal Information link, or by sending a Global Privacy Control (GPC) signal from your browser.

3) Google Account Information (OAuth Sign-In)

If you sign in with Google, we receive your email address, public profile information (name, profile image), and Google user ID solely for authentication/account creation. We do not access Gmail, contacts, or calendar. You can revoke access in your Google Account settings. We do not use OAuth data for marketing or sell/share it for advertising.

4) How We Use Personal Information

Orders & Support: To process orders, payments, returns, and deliveries; provide customer support; respond to inquiries via phone, email, or web forms.
Accounts: To provide account registration, login, and order history access.
Communications: To send transactional updates related to your purchases; to send newsletters and promotional communications with consent (unsubscribe at any time).
- For SMS or telemarketing, we obtain prior express consent where required by law (e.g., TCPA).
Personalization: To offer personalized products, recommendations, and services when you allow it.
Analytics & Improvement: To compile and analyze statistics to improve website performance and services.
Security & Fraud: To operate and secure our website, detect and prevent fraud, and enforce policies.
Legal Compliance: To comply with legal obligations, including tax, accounting, consumer protection, and warranty laws.

5) Cookies, Targeted Advertising & Your Choices

We use cookies and similar technologies for essential site functions, analytics, and (with your consent) personalization and advertising.

Cookies are categorized as follows:

(a) Strictly Necessary Cookies

These cookies are essential for the functioning of our website and online store (e.g., WordPress/WooCommerce session cookies, shopping cart, checkout, payment security, and cookie banner preferences).

Examples: woocommerce_cart_hash, wp_woocommerce_session_*, cmplz_cookie_data, __stripe_mid, __stripe_sid
These are always active and do not require consent.

(b) Functional / Preference Cookies

These cookies remember your choices (such as wishlist, recently viewed products, display settings, or region selection) to enhance your experience.

Examples: woodmart_wishlist_count, woodmart_recently_viewed_products
You can disable them in your browser, but some features may not function properly.

(c) Analytics Cookies

These cookies help us understand how visitors interact with our site, so we can improve functionality and content.

Examples: Google Analytics (ga, ga*), Sourcebuster (sbjs*), Jetpack/WooCommerce telemetry (tk_ai, tk_qs), Microsoft Clarity (_clck, _clsk; and, where enabled, Microsoft domain cookies such as CLID, ANONCHK, MR, MUID, SM).
Analytics cookies are only set with your consent via our cookie banner.
We only share anonymized or aggregated analytics data where possible.
Where enabled, Microsoft Clarity collects behavioral metrics, privacy-protected session replays, and heatmaps to improve UX, performance, security/fraud detection, and advertising measurement.

(d) Marketing / Advertising Cookies

These cookies are used for cross-context behavioral advertising and retargeting, such as Google Ads.

Examples: _gcl_au, _gcl_ls, google_adsense_settings
These cookies are disabled by default and will only be set if you consent.

Consent and Cookie Management

We use a cookie management platform (Complianz) to provide you with clear choices.
When you first visit our site, you will see a cookie banner. You can:
- Accept all cookies
- Reject non-essential cookies
- Customize your preferences (e.g., allow Analytics but block Marketing)
You can also update your preferences anytime via the “Do Not Sell or Share My Personal Information | Opt-Out Preferences” link in our footer.

(e) Microsoft Clarity — Session Replay & Heatmaps

We partner with Microsoft Clarity and Microsoft Advertising to understand how visitors use and interact with our website. When enabled, Clarity collects behavioral metrics (such as page views, clicks, scrolls), heatmaps, and privacy-protected session replays. Website usage data is captured using first- and third-party cookies and similar technologies and is used to improve site performance and content, detect bugs and fraud/security issues, and measure and market our products/services.

Clarity is configured to avoid collecting sensitive information: we mask keystrokes and the contents of fields that may contain personal or payment information, and we do not use Clarity on payment processing pages. You can control whether Clarity is active for you via our cookie banner and the “Do Not Sell or Opt-Out Preferences” link in our footer, and we honor Global Privacy Control (GPC) signals. For more about how Microsoft collects and uses data, see the Microsoft Privacy Statement.

Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals as a valid opt-out of “sale” or “sharing” under U.S. state privacy laws.

If your browser or extension sends a GPC signal, our cookie and consent system will automatically treat this as an opt-out of Analytics and Marketing cookies.
This means that, even if you do not interact with our cookie banner, your GPC setting will be respected.
Learn more at: https://globalprivacycontrol.org
A GPC signal will also prevent Microsoft Clarity and other analytics/marketing tools from being set.

Browser Settings

You may also control cookies at the browser level by adjusting your preferences (e.g., clearing cookies, blocking third-party cookies). However, disabling certain cookies may impact site features (e.g., shopping cart, checkout)

6) How We Disclose Personal Information

We disclose personal information to service providers/contractors under written contracts that restrict use to our business purposes, including:

Payment processors (Stripe, PayPal). Payment information is processed directly by our payment processors (e.g., Stripe, PayPal); we do not store complete payment card numbers.
Hosting, cloud, and CDN providers
Email/SMS and marketing platforms (e.g., Klaviyo, newsletters, transactional messages)
Analytics/Tag management/Consent platforms
- We only share anonymized or aggregated analytics data where possible.
- Analytics tools (e.g., Google Analytics via GTM4WP) are configured to avoid sending personally identifiable information such as email addresses or order IDs.
- Microsoft Clarity and Microsoft Advertising (analytics, session replay/heatmaps, and advertising measurement; data used only to provide services to us under our instructions).
Logistics and carriers to deliver your order
Customer support/form tools
Third-party installers (for service delivery, prohibited from using your information for their own marketing)
Accredited labs or certification bodies solely to validate product compliance (e.g., materials or environmental standards).

We may also disclose information: (i) to comply with law or lawful requests; (ii) to protect rights, safety, and security; (iii) in connection with corporate transactions.

We do not sell personal information and do not share it for cross-context behavioral advertising unless you have allowed marketing/advertising cookies; you may opt out at any time.

7) Data Retention

We retain personal information only for as long as needed for the purposes described, including to meet legal, accounting, or reporting requirements. Typical periods:

Orders, invoices, tax/financial records: up to 7 years
Account/profile data: until you delete your account or request deletion
Marketing subscriptions: until you unsubscribe or the campaign ends
Support tickets/design files (non-custom): up to 2 years after resolution
Custom design submission data: retained for warranty/after-sales and typically deleted 1 year after project completion unless you request earlier deletion

We may anonymize or aggregate data for analytics.

Where a fixed retention period is not specified, we retain information only as long as reasonably necessary for the disclosed purposes, or as required by law.

8) Your Privacy Rights

Depending on your U.S. state of residence (including but not limited to CA, CO, CT, VA, UT, TX, OR, DE, NJ, MT, NE, IA, NH), you may have certain privacy rights as described below.

California (CPRA) & other U.S. State Laws may grant you the right to:

Know/Access the personal information we hold about you
Correct inaccurate personal information
Delete personal information (subject to legal/contractual exceptions)
Opt-out of sale and sharing for targeted advertising (via cookie banner, Do Not Sell or Share link, or GPC)
Limit use/disclosure of Sensitive Personal Information (not applicable as we do not use SPI in a manner triggering this right)
Object to/opt-out of profiling in furtherance of decisions with legal or similarly significant effects (we do not engage in such automated decision-making)
Appeal a decision if we deny your request (CO/CT/VA/TX): see “How to Exercise Your Rights”

Non-Discrimination. We will not deny goods or services, charge different prices, or provide a different level or quality of service because you exercised your privacy rights.

Nevada (NRS 603A): We do not sell covered information as defined by Nevada law; if this changes, we will provide a sale opt-out.

9) How to Exercise Your Rights (and Appeals)

Submit requests by email to [email protected] or via our Contact Us form. Please indicate the right you wish to exercise and provide sufficient information for verification.

We will respond within 45 days (and may extend by 45 days where reasonably necessary, with notice).
Authorized Agents (California): If you submit a request through an authorized agent, we may require a signed permission from you, proof of agent authorization, and verification of your identity. We may deny requests submitted by an agent if requirements are not met.
Appeals (CO/CT/VA/TX): If we deny your request, you may appeal within 45 days by replying to our decision email with “Privacy Appeal.” We will respond within 45 days explaining our final decision and your options to contact the Attorney General if you remain unsatisfied.

10) Children’s Privacy

Our services and products are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such data, we will promptly delete it. For California and other U.S. state residents aged 13–16, we do not sell or share personal information unless we receive affirmative authorization (opt-in).

11) International Transfers

We operate and process data primarily in the United States and Hong Kong (and through service providers in other countries).

Our primary data centers are located in the United States and Hong Kong.

For users in the EEA/UK, we rely on the EU Standard Contractual Clauses (2021) and the UK Addendum/IDTA (as applicable) to safeguard international transfers, alongside additional measures where required.

12) Security

We implement appropriate technical and organizational safeguards, including TLS/SSL encryption in transit, access controls, and security monitoring. No method of transmission or storage is 100% secure.

13) Google OAuth (Re-stated)

OAuth data (name, email, profile image, user ID) is used only for authentication/account creation, transmitted via OAuth 2.0, and not used for marketing. You can revoke access at any time in your Google Account settings.

14) Financial Incentives (if any)

If we offer discounts, loyalty benefits, or other incentives in exchange for personal information (e.g., newsletter sign-up), we will disclose program terms, the categories of personal information involved, and how to opt in or withdraw. Currently, we do not offer financial incentives.

If such incentives are offered, we will explain how the value of your data is reasonably related to the incentive provided.

15) Records of Consent

We provide visitors with a cookie banner and preference center to accept, deny, or withdraw consent for cookies and tracking.

Although we do not maintain an automated database of each individual’s consent record, your choices are always respected in real time. You may change or withdraw your consent at any time by adjusting your cookie settings via our Opt-Out Preferences page.

Note: We also honor Global Privacy Control (GPC) signals. If your browser sends a GPC signal, it will be automatically recognized as an opt-out of sale/sharing.

16) Data Subject Rights & Requests

To exercise your privacy rights under GDPR, CPRA, or other applicable laws (including the right to access, correct, delete, or port your personal data), you may contact us directly at:

📧 [email protected]

We will verify and respond to valid requests within the legally required timeframe. No automated form submission is required — your rights can be exercised fully via email.

17) Global Privacy Control (GPC) and Do Not Track

We honor Global Privacy Control (GPC) signals as an opt-out of sale/sharing of personal information. If your browser sends a GPC signal, it will be treated as a valid opt-out request.

We do not respond to the older “Do Not Track” (DNT) signal, but all users may manage preferences through our cookie banner or the Cookie Policy Page for Opt-Out Preferences.

18) Changes to This Policy

We may update this Policy from time to time. The “Last Updated” date will reflect the most recent changes. Material changes will be notified via the website and, where required, through additional notices.

19) Contact Us

Email: [email protected]
Phone: +852-2110-3153
Mailing Address: UNIT 917B, 9/F, TOWER A, NEW MANDARIN PLAZA, 14 Science Museum Road, Tsim Sha Tsui, Kowloon, Hong Kong
Online Form: see our Contact Us page

Do Not Sell or Share My Personal Information | Opt-Out Preferences (manage cookies & targeted adver)

Black Friday: 20% Off — Use Code VIVIDCOZY20