MACHALLY ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase from us. This policy applies to users in the United States, European Union, and all other jurisdictions where we operate.

1. Information We Collect

1.1 Personal Information You Provide

When you visit our website or conduct business with us, we may collect the following personal information:

• Account Information: Name, email address, username, password
• Contact Information: Phone number, business address, shipping and billing addresses
• Business Information: Company name, job title, industry, business registration details
• Order Information: Products purchased, payment information, order history, shipping preferences
• Communication: Messages sent through contact forms, customer service inquiries, feedback
• Technical Specifications: Machine tool requirements, precision specifications, custom tool requests

1.2 Information Automatically Collected

When you visit our website, we automatically collect certain information:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on site, click-through rates, search queries
• Cookies and Tracking: Session data, preferences, shopping cart contents
• Location Data: General geographic location based on IP address

1.3 Third-Party Information

We may receive information about you from third parties, including business partners, payment processors, shipping companies, and public databases for verification and fraud prevention purposes.

2. How We Use Your Information

We use your personal information for the following purposes:

• Order Processing: Fulfill orders, process payments, arrange shipping, provide customer support
• Account Management: Create and maintain your account, verify identity, manage preferences
• Business Operations: B2B relationship management, credit assessment, approval workflows
• Communication: Send order confirmations, shipping updates, product information, promotional materials
• Product Development: Understand customer needs, develop new machining tools, improve existing products
• Marketing: Personalized recommendations, targeted advertising, industry newsletters
• Legal Compliance: Comply with applicable laws, prevent fraud, protect our rights
• Analytics: Improve website performance, analyze user behavior, optimize user experience

2.1 Analytics and User Behavior Data with Enhanced Privacy Protection

We use PostHog, a privacy-focused analytics platform, to understand how users interact with our website and improve your experience. Whether we use PostHog Cloud or self-hosted PostHog services, both implementations follow the same strict privacy protection principles and security measures outlined below.

Your Privacy Controls

You maintain full control over your privacy and can opt-out of analytics tracking through multiple methods:

• GDPR Consent Controls: EU/EEA users can manage consent through our privacy banner
• Browser Settings: Enable "Do Not Track" in your browser preferences
• Direct Contact: Contact us to disable tracking for your specific account
• Browser Extensions: Use privacy-focused browser extensions that block analytics scripts
• Account Settings: Manage privacy preferences through your account dashboard

Compliance Certifications

Our privacy protection system meets the highest international standards:

• GDPR (General Data Protection Regulation): Full compliance with European privacy laws and user rights
• PCI DSS (Payment Card Industry): Complete payment information security standards compliance
• CCPA (California Consumer Privacy Act): California privacy rights protection and transparency
• SOC 2 Type II: Security, availability, and confidentiality controls verified by independent auditors
• ISO 27001: International information security management standards implementation

3. Legal Basis for Processing (EU Users)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our contractual obligations when you make a purchase
• Legitimate Interest: For business operations, fraud prevention, and improving our services
• Consent: For marketing communications and non-essential cookies (where required)
• Legal Obligation: To comply with applicable laws and regulations

4. How We Share Your Information

We may share your personal information in the following circumstances:

• Service Providers: Payment processors, shipping companies, cloud hosting providers (including Amazon Web Services), analytics services (PostHog for privacy-compliant user behavior analysis)
• Business Partners: Authorized distributors, manufacturing partners (for custom orders)
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• Consent: With your explicit consent for specific purposes

We do not sell, rent, or lease your personal information to third parties for their marketing purposes.

5. International Data Transfers

MACHALLY is a manufacturer-rooted brand headquartered in China, with warehouses in China and the United States. While we currently operate these two fulfillment centers, we are continuously expanding our global logistics network to better serve international customers.

Our website and backend systems are hosted on Amazon Web Services (AWS) servers located in the United States. By using our Site and services, you acknowledge and agree that your personal information will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may differ from those in your country of residence.

For residents of the European Economic Area (EEA), we ensure that such transfers are lawful by relying on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to protect your data.

6. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: SSL/TLS encryption for data transmission, encrypted storage for sensitive data
• Access Controls: Role-based access, multi-factor authentication, regular access reviews
• Infrastructure: Secure hosting environments on AWS, firewalls, intrusion detection systems
• Monitoring: Regular security audits, vulnerability assessments, incident response procedures
• Staff Training: Regular privacy and security training for all employees

7. Your Privacy Rights

7.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal obligations)
• Portability: Request your data in a portable format
• Objection: Object to processing based on legitimate interests
• Restriction: Request limitation of processing in certain circumstances

7.2 EU-Specific Rights (GDPR)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority
• Right to receive information about automated decision-making (if applicable)

7.3 California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience:

• Essential Cookies: Required for website functionality, shopping cart, login sessions
• Performance Cookies: Analytics to understand how you use our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Deliver personalized advertising and track campaign effectiveness

You can control cookies through your browser settings. However, disabling certain cookies may limit website functionality.

9. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Until account deletion or after extended inactivity
• Order Information: 7 years for tax and accounting purposes
• Communication Records: 3 years for customer service purposes
• Marketing Data: Until you unsubscribe or object to processing
• Legal Requirements: As required by applicable laws and regulations

10. Children's Privacy

Our services are designed for businesses and professional machinists. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting a notice on our website
• Sending an email notification to registered users
• Updating the "Last Updated" date at the top of this policy

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

EU Data Protection Officer: For EU-related privacy matters, you may contact our Data Protection Officer at [email protected].

13. Governing Law

This Privacy Policy and any disputes related to it are governed by the laws of the State of Delaware, USA, without regard to conflict of law principles.