Privacy policy

Privacy Policy
Last updated: March 28, 2026

Vagmafia Inc. ("Vagmafia," "we," "us," or "our") values your privacy and is committed to protecting the Personal Data of all users of our websites and services.

This Privacy Policy explains how we collect, use, disclose, and safeguard your Personal Data when you visit or use our platform available at vagmafia.com, app.vagmafia.com, and related subdomains.

By using our Services, you agree to the practices described in this Privacy Policy.

1. PERSONAL DATA WE COLLECT

We collect and process the following types of Personal Data:

1.1 Account and Order Information

When you create an account, request a quotation, or place an order, we collect:

  • Name and surname

  • Business name

  • Email address and phone number

  • Billing and shipping addresses

  • Payment information (via third-party processors such as Stripe or PayPal)

  • Product designs, brand logos, packaging specifications, and content you upload

  • Order and invoice history

1.2 Communication Data

When you contact our team or Customer Support, we collect:

  • Your contact details

  • Message contents and attachments

  • Support ticket history

1.3 Automatically Collected Data

When you use our websites or platform, we may collect:

  • IP address, device ID, browser type, and operating system

  • Pages visited, time spent, and referring URLs

  • Cookie and analytics identifiers (on vagmafia.com, managed via cookie consent banner)

Anonymized usage events such as sign-up, login, and purchase activity contain no personally identifiable information and are automatically deleted after 90 days.

You may manage or disable cookies at any time via your browser settings or our Cookie Policy.

2. PURPOSE OF PROCESSING

We process your Personal Data for the following purposes:

  • To register and manage your account

  • To produce, package, and fulfill your custom leather orders

  • To process payments and manage invoices

  • To communicate regarding orders and customer support

  • To improve our products, logistics, and digital platforms

  • To comply with applicable legal and regulatory obligations

  • To send marketing communications (only with your consent or legitimate interest)

We may also create anonymized data for research, analytics, or service improvement.

3. HOW WE SHARE YOUR PERSONAL DATA

We do not sell or rent your Personal Data. We may share it only as follows:

3.1 Service Providers

We share limited Personal Data with trusted third parties who perform functions on our behalf, such as:

  • Payment processors (Stripe, PayPal, Adyen)

  • Cloud storage & hosting (Amazon Web Services, Supabase)

  • 3D printing and fulfillment partners (for custom logo stamps, embossing, and manufacturing)

  • Shipping carriers (for global delivery)

  • Marketing providers (e.g., HubSpot, Meta Ads) and analytics tools on vagmafia.com (e.g., Google Analytics)

Each provider is bound by strict confidentiality agreements and GDPR-compliant Data Processing Agreements.

3.2 Business Transfers

In the event of a merger, acquisition, or asset sale, your Personal Data may be transferred to the acquiring entity, subject to the same privacy obligations.

3.3 Legal and Compliance Disclosures

We may disclose your information if required by law, subpoena, court order, or to protect the rights, property, or safety of Vagmafia, our users, or the public.

3.4 International Transfers

Your Personal Data may be transferred to and processed in the United States, Morocco, and the European Union. We ensure that such transfers comply with applicable privacy laws through:

  • Standard Contractual Clauses (SCCs)

  • EU–US Data Privacy Framework (for certified partners)

  • Signed Data Processing Agreements

4. SECURITY OF YOUR DATA

We employ appropriate technical and organizational measures to protect your data, including:

  • SSL/TLS encryption for data transmission

  • Encrypted password storage

  • Role-based internal access

  • Regular security audits and backup systems

No system is completely secure; however, we take all reasonable precautions to prevent unauthorized access or misuse.

5. DATA RETENTION

We retain your Personal Data only for as long as necessary to:

  • Fulfill the purposes for which it was collected

  • Comply with legal and tax obligations

  • Resolve disputes or enforce agreements

After this period, data is securely deleted or anonymized.

6. YOUR RIGHTS

Depending on your jurisdiction, you have the right to:

  • Access and obtain a copy of your Personal Data

  • Request correction or deletion of inaccurate or outdated information

  • Withdraw consent or restrict processing

  • Object to marketing communications

  • Request data portability

To exercise your rights, contact us at privacy@vagmafia.com. We will respond within the legally required timeframe.

7. MARKETING COMMUNICATIONS

As an active business client, Vagmafia may send you communications about new products, offers, or updates relevant to your account. You can unsubscribe anytime through your account settings or by clicking the "Unsubscribe" link in our emails.

Administrative or transactional messages (such as order confirmations and invoices) will still be sent.

8. COOKIE POLICY

On vagmafia.com, we use cookies and similar technologies for analytics, marketing, and personalization. You can manage your cookie preferences through the consent banner displayed on the site or via your browser settings.

On app.vagmafia.com, we use only essential cookies required for authentication and platform functionality. No third-party tracking cookies are used, and no cookie consent banner is required.

For details, refer to our Cookie Policy available on vagmafia.com.

9. DATA PROCESSING AGREEMENT (DPA)

9.1 Applicability

This DPA applies when Vagmafia processes Personal Data on behalf of a business customer (e.g., a brand or retailer using our white-label platform).

In these cases:

  • The Customer is the Data Controller

  • Vagmafia Inc. acts as the Data Processor

9.2 Processor Obligations

Vagmafia agrees to:

  • Process Personal Data only in accordance with the Customer's documented instructions

  • Implement appropriate technical and organizational measures to ensure data security

  • Ensure that all personnel authorized to process data are bound by confidentiality

  • Assist the Customer in fulfilling their data subject requests and compliance obligations

  • Notify the Customer without undue delay in the event of a data breach

  • Upon termination of services, delete or return all Personal Data unless required by law to retain it

  • Maintain records of processing activities as required by GDPR Article 30

9.3 Sub-Processors

Vagmafia may engage sub-processors (e.g., payment, cloud, or logistics providers). A current list of sub-processors is available upon request at privacy@vagmafia.com. Vagmafia remains fully responsible for the performance of each sub-processor.

9.4 Data Transfer Mechanisms

Vagmafia ensures that international data transfers are conducted under:

  • Standard Contractual Clauses (EU Commission)

  • Data Privacy Framework certifications (where applicable)

  • Signed sub-processor agreements ensuring equivalent data protection

9.5 Audit Rights

The Customer may audit Vagmafia's data processing compliance upon reasonable notice, limited to once per year, and under strict confidentiality.

10. CHANGES TO THIS PRIVACY POLICY

Vagmafia reserves the right to update this Privacy Policy at any time. If changes are material, we will notify you via email or a notice on our website at least 30 days prior to the change taking effect. The updated version will be posted with a revised "Last Updated" date.