Privacy policy
Effective Date: July 6, 2026
1. Introduction
This Privacy Policy (βPolicyβ) describes how MM Home Innovations LIMITED (βCompany,β βwe,β βus,β or βourβ) collects, uses, discloses, and processes personal information when you access or use https://www.heberug.com (the βSiteβ), including any related services, communications, advertising activities, and customer support systems.
This Policy is intended to comply with applicable United States privacy laws, including the California Consumer Privacy Act (βCCPAβ), as amended by the California Privacy Rights Act (βCPRAβ), and similar state privacy laws including Colorado, Virginia, Connecticut, Utah, Texas, and Nevada privacy statutes.
2. Company Information
| Legal Entity | MM Home Innovations LIMITED |
| Brand | Heberug |
| Website | https://www.heberug.com |
| Address | 7424 S UNIVERSITY BLVD STE E, CENTENNIAL CO 80122 |
| Phone | +1 (407) 373-5493 |
| Support Email | support@heberug.com |
3. Definitions
For purposes of this Policy:
- Personal Information means information that identifies, relates to, describes, or could reasonably be linked to a consumer or household.
- Sensitive Personal Information includes data such as account credentials, precise geolocation, or financial identifiers.
- Processing means any operation performed on personal information including collection, storage, use, disclosure, or deletion.
- Service Provider means a third party that processes information on our behalf under written contractual restrictions.
- Third Party means entities that may receive personal information for advertising, analytics, or independent use.
4. Categories of Personal Information We Collect
4.1 Identifiers
- Name
- Email address
- Phone number
- IP address
- Device identifiers
4.2 Commercial Information
- Products purchased
- Shopping cart activity
- Transaction history
- Order fulfillment details
4.3 Internet or Network Activity
- Browsing history on our Site
- Pages viewed
- Clicks and navigation behavior
- Interaction with ads and emails
4.4 Device Information
- Browser type
- Operating system
- Device model
- Language settings
5. Sources of Personal Information
- Directly from you (checkout, forms, account creation)
- Automatically via cookies and tracking technologies
- Advertising networks
- Analytics providers
- Fraud prevention systems
6. Automatically Collected Information
We automatically collect technical and behavioral data when you access or interact with the Site.
- IP address and approximate location
- Session activity and clickstream data
- Device and browser configuration
- Referral source and exit behavior
- Error logs and performance metrics
7. Cookies and Tracking Technologies
We use cookies, pixels, tags, SDKs, and similar technologies for functionality, analytics, personalization, and advertising purposes.
| Cookie Type | Purpose |
|---|---|
| Essential Cookies | Enable checkout, cart, and account functionality |
| Analytics Cookies | Measure user behavior and site performance |
| Functional Cookies | Store preferences and settings |
| Advertising Cookies | Enable retargeting and personalized ads |
8. Advertising Technologies
We engage third-party advertising platforms that may collect or receive information about your interaction with the Site and other websites.
| Technology | Provider | Purpose | Data Collected |
|---|---|---|---|
| Meta Pixel | Meta Platforms, Inc. | Ad measurement, retargeting, conversion tracking | IP address, cookie ID, browsing behavior, purchase events |
| Meta Conversions API | Meta Platforms, Inc. | Server-side event matching and attribution | Hashed identifiers, purchase value, timestamps |
| Google Ads | Google LLC | Advertising optimization and remarketing | Click IDs, cookies, conversion data |
| Google Analytics 4 | Google LLC | Traffic analysis and behavioral measurement | Device data, session events, IP-based signals |
| TikTok Pixel | TikTok Inc. | Ad targeting and performance measurement | Device identifiers, browsing activity |
9. Use of Personal Information
- Order processing and fulfillment
- Customer service operations
- Marketing and advertising personalization
- Fraud prevention and security
- Analytics and business optimization
- Legal compliance
10. Shopify Platform Disclosure
Our Site is hosted by Shopify Inc. Shopify processes personal information on our behalf to provide e-commerce infrastructure, checkout functionality, analytics, and fraud prevention services.
Shopify may also process certain data independently as a separate service provider under its own privacy policy.
11. Payment Processing
We do not store full payment card numbers or sensitive payment authentication data on our servers. All payment transactions are processed by PCI-DSS compliant third-party payment processors that securely encrypt and transmit payment data.
Depending on the selected payment method, your information may be processed by the following providers:
| Payment Method | Provider | Role | Data Processed |
|---|---|---|---|
| Shop Pay | Shopify Inc. | Accelerated checkout system | Name, email, shipping address, encrypted payment tokens |
| PayPal | PayPal Holdings, Inc. | Independent payment processor | Transaction ID, billing information, payment status |
| Apple Pay | Apple Inc. | Digital wallet provider | Device token, authorization data |
| Google Pay | Google LLC | Digital wallet provider | Payment token, device authentication signals |
12. Account, Order, and Transaction Data
We collect and maintain records related to your purchases and account activity to fulfill orders and provide customer service.
- Order history and transaction records
- Shipping and billing information
- Order status updates and tracking data
- Account login credentials (if applicable)
- Saved preferences and user settings
13. Customer Support Communications
We collect and store communications exchanged with our customer service team for operational and quality assurance purposes.
- Email communications
- Support tickets
- Chat conversations
- Complaint and dispute records
14. Marketing Communications (Email & SMS)
We may send marketing communications via email and SMS using third-party providers such as Klaviyo or similar platforms.
These communications may include promotional offers, product updates, and personalized recommendations.
You may opt out at any time via unsubscribe links or direct request to our support team.
15. Abandoned Cart Communications
We may send automated reminders when you add products to your cart but do not complete checkout. These communications are based on legitimate business interests or consent where required.
16. Transactional Communications
We may send non-marketing communications necessary for order fulfillment, including:
- Order confirmations
- Shipping notifications
- Delivery updates
- Return and refund confirmations
- Account security alerts
17. Sharing of Personal Information
We may share personal information with third parties for business purposes, including order fulfillment, analytics, marketing, and fraud prevention.
Certain disclosures may constitute βsharingβ under the California Privacy Rights Act (CPRA), particularly for cross-context behavioral advertising.
- Service providers (Shopify, Klaviyo, Cloudflare)
- Payment processors
- Advertising partners
- Analytics providers
- Logistics and shipping carriers
- Fraud prevention systems
18. Service Providers
We engage service providers that process personal information strictly on our behalf under written contractual obligations.
| Provider | Category | Function |
|---|---|---|
| Shopify | E-commerce platform | Hosting, checkout, order management |
| Klaviyo | Email marketing | Email automation and segmentation |
| Cloudflare | Security/CDN | DDoS protection and performance optimization |
| Microsoft Clarity | Analytics | Session replay and behavior tracking |
| Hotjar | Behavior analytics | Heatmaps and user interaction analysis |
| AfterShip / Loop Returns | Logistics | Order tracking and returns management |
| reCAPTCHA | Security | Bot detection and fraud prevention |
19. Advertising Partners and Cross-Context Behavioral Advertising
We may share or make available certain identifiers and behavioral data to advertising partners for purposes of cross-context behavioral advertising, retargeting, and campaign measurement.
Under the CPRA, such activities may constitute βsharingβ of personal information.
| Advertising Partner | Purpose | Data Usage |
|---|---|---|
| Meta Platforms | Retargeting and conversion optimization | Pixel events, hashed identifiers, engagement data |
| Google Ads | Search and display advertising | Cookies, click IDs, conversion events |
| TikTok Ads | Social advertising optimization | Device data, browsing behavior |
| Pinterest Ads | Visual ad targeting | Page views, product interactions |
| Microsoft Ads | Search advertising | Cookies, IP signals, conversions |
20. Data Combination and Enrichment
We may combine personal information collected from different sources, including Shopify, advertising platforms, and analytics providers, to improve personalization, marketing efficiency, and operational performance.
21. Aggregated and De-Identified Data
We may aggregate or de-identify personal information such that it can no longer reasonably be linked to an individual. Such data may be used for analytics, reporting, and business optimization without restriction.
22. Automated Decision-Making
We may use automated systems for fraud detection, risk analysis, and advertising optimization. These systems analyze behavioral signals, transaction history, and device-related data.
These systems are used to prevent fraudulent activity, enhance platform security, and improve marketing performance.
23. Retargeting and Behavioral Advertising
We and our advertising partners may use cookies and tracking technologies to display ads based on your prior interactions with our Site and other websites.
- Abandoned cart advertising
- Product retargeting campaigns
- Lookalike audience modeling
- Cross-device behavioral targeting
24. Data Use Legal Basis (U.S. Context)
We process personal information based on:
- Performance of contractual obligations
- Legitimate business interests
- Fraud prevention and security purposes
- Compliance with legal obligations
- Consent where required
25. βDo Not Sell or Share My Personal Informationβ Rights (CPRA)
Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have the right to opt out of the βsaleβ or βsharingβ of their personal information.
We may use certain advertising technologies and data sharing practices that may be considered a βsaleβ or βsharingβ of personal information under CPRA when such data is used for cross-context behavioral advertising.
You may exercise your right to opt out by:
- Clicking βDo Not Sell or Share My Personal Informationβ link (if displayed on our Site)
- Contacting us at support@heberug.com
- Adjusting browser or device advertising settings
26. California Consumer Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights:
| Right | Description |
|---|---|
| Right to Know | Request disclosure of categories and specific pieces of personal information collected |
| Right to Delete | Request deletion of personal information subject to legal exceptions |
| Right to Correct | Request correction of inaccurate personal information |
| Right to Opt-Out | Opt out of sale or sharing of personal information |
| Right to Limit Use of Sensitive Personal Information | Restrict use of sensitive personal information where applicable |
| Right to Non-Discrimination | We will not discriminate against you for exercising your rights |
27. U.S. State Privacy Rights
Residents of certain U.S. states may have additional privacy rights under applicable laws.
| State | Applicable Law | Key Rights |
|---|---|---|
| Colorado | Colorado Privacy Act (CPA) | Access, delete, opt-out of targeted advertising |
| Virginia | Virginia CDPA | Access, correction, deletion, opt-out of profiling |
| Connecticut | CTDPA | Access, delete, opt-out of targeted advertising |
| Utah | Utah UCPA | Opt-out of targeted advertising and sale |
| Texas | TDPSA | Access, correction, deletion, opt-out rights |
| Nevada | Nevada Privacy Law | Opt-out of sale of personal information |
28. Exercising Your Privacy Rights
To exercise your privacy rights, you may contact us using the information provided in the βContact Usβ section.
We may need to verify your identity before processing your request to protect your personal information.
29. Data Retention
We retain personal information only for as long as necessary for the purposes described in this Policy, including:
- Order fulfillment and transaction records
- Legal, tax, and accounting obligations
- Fraud prevention and dispute resolution
- Business analytics and performance improvement
Retention periods vary depending on the nature of the data and applicable legal requirements.
30. Data Security Measures
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information.
- Encryption in transit (TLS/SSL)
- Access control restrictions
- Secure cloud infrastructure via Shopify
- Fraud detection and monitoring systems
- Regular security reviews and updates
However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
31. Fraud Prevention and Risk Monitoring
We use automated and manual systems to detect and prevent fraud, abuse, and unauthorized activity.
These systems may evaluate:
- Device and IP risk signals
- Transaction behavior patterns
- Order velocity and anomalies
- Payment verification signals
Such processing is necessary for security, fraud prevention, and operational integrity.
32. Automated Processing and Profiling
We may use automated processing to analyze user behavior for purposes including advertising optimization, fraud prevention, and personalization.
This may include segmentation of users based on browsing activity, purchase behavior, and engagement with marketing communications.
33. Security Incident Response
In the event of a data security incident, we may take actions including system isolation, access restriction, and notification to affected users as required by applicable law.
34. Third-Party Advertising Transparency
Third-party advertising partners may collect information about your activity on our Site and other websites over time to provide targeted advertising.
These partners operate under their own privacy policies, and we do not control their data practices.
35. De-Identified and Aggregated Data Use
We may use aggregated or de-identified data for analytics, marketing insights, and business intelligence. Such data cannot reasonably identify any individual user.
36. No Discrimination Policy
We will not discriminate against you for exercising any of your privacy rights, including denying goods or services, charging different prices, or providing a different level of service.
37. California βShine the Lightβ Disclosure
California residents may request, once per calendar year, information regarding the disclosure of certain categories of personal information to third parties for their direct marketing purposes, if applicable.
To submit such a request, please contact us using the information provided in the βContact Informationβ section.
38. Policy Updates and Changes
We reserve the right to modify, update, or replace this Privacy Policy at any time in order to reflect changes in our business practices, legal obligations, or regulatory requirements.
When material changes are made, we will update the βEffective Dateβ at the top of this Policy. In certain cases, we may also provide additional notice through the Site, email communications, or other appropriate channels.
Your continued use of the Site after the updated Policy becomes effective constitutes acceptance of the revised terms.
39. Verification of Consumer Requests
To protect your privacy and security, we may need to verify your identity before processing privacy-related requests such as access, deletion, or correction.
Verification may require matching information you provide with information already maintained in our systems, such as:
- Email address
- Order history information
- Shipping or billing details
We may deny requests where we cannot reasonably verify identity or authority to act on behalf of another consumer.
40. Authorized Agent Requests
You may designate an authorized agent to submit privacy requests on your behalf. We may require proof of authorization and identity verification before processing such requests.
41. Accessibility
We are committed to ensuring that this Privacy Policy is accessible to all users, including individuals with disabilities.
If you require this Policy in an alternative format, you may contact us using the contact details provided below.
42. Entire Agreement
This Privacy Policy constitutes the entire understanding between you and MM Home Innovations LIMITED regarding the collection, use, and disclosure of personal information through the Site, and supersedes any prior versions or communications related to privacy practices.
43. Severability
If any provision of this Privacy Policy is found to be unlawful, void, or unenforceable, such provision shall be deemed severable and shall not affect the validity and enforceability of the remaining provisions.
44. No Waiver
Failure by us to enforce any right or provision under this Privacy Policy shall not constitute a waiver of such right or provision.
45. Legal Compliance Statement
We comply with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Colorado Privacy Act, Virginia CDPA, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, and Nevada Privacy Law.
46. Contact Information
| Contact Type | Details |
|---|---|
| Company | MM Home Innovations LIMITED |
| Brand | Heberug |
| Website | https://www.heberug.com |
| Support Email | support@heberug.com |
| Business Email | contact@heberug.com |
| Phone | +1 (407) 373-5493 |
| Address | 7424 S UNIVERSITY BLVD STE E, CENTENNIAL CO 80122, United States |
47. Effective Date
This Privacy Policy is effective as of July 6, 2026 and remains in effect until amended or replaced.