Free shipping on orders $100+ · Made in Missouri · Powered by renewable energy
Legal

Privacy policy.

Last updated May 14, 2026

This policy describes how Mahalo Brands (“we,” “us,” “our”) collects, uses, and shares information about you when you visit mahalobrands.com, place an order, or interact with our services.

What we collect

We collect only the information we need to run the business, and never sell it.

  • Order information — name, email, shipping and billing address, phone number (optional), and the items you purchase. Payment card details are handled by Shopify and never touch our servers.
  • Account information — if you sign in to the customer portal, we use Shopify's Customer Account API to look up your orders and subscriptions on your behalf.
  • Wholesale applications — business name, contact name, email, phone, license number, and shipping address when you apply for a wholesale account.
  • Reviews and damage claims — the name, email, rating, and text you submit, plus any photos you attach (damaged-box photos are stored privately).
  • Usage analytics — a first-party session cookie, the pages you visit, referring site, UTM parameters, device type, browser, and approximate country/region. We do not store your IP address.
  • Email interactions — delivery and bounce status for transactional email we send via Resend. We do not track email opens by default.

How we use it

  • To fulfill and ship your order, process refunds, and support you after a purchase.
  • To show approved reviews on product pages.
  • To send transactional email (order updates, review requests, wholesale status).
  • To understand which products, pages, and referrers drive sales so we can improve the site.
  • To comply with legal obligations (tax, accounting, fraud prevention).

Cookies and similar technologies

We use a small set of first-party cookies: a session ID for analytics, an authentication cookie when you sign in to your account, and a short-lived cookie to remember your cart. We do not use third-party advertising cookies and we do not participate in cross-site advertising networks.

One exception: when you place an order, Google may place and read cookies, web beacons, or similar technologies on your browser in connection with the Google Customer Reviews program (see below). These are used solely to invite you — with your consent — to rate your shopping experience after delivery, and to display the resulting seller ratings on Google. They are not used for advertising on our behalf.

Managing cookies. You can review and adjust your cookie settings at any time through your browser's privacy controls — Chrome, Safari, Firefox, and Edge all expose options to block third-party cookies or clear stored cookies under their Privacy or Security settings. You can also manage Google-specific tracking through your Google account's Data & privacy page and through Google Ads Settings. Disabling cookies will not prevent you from shopping on our site but may affect features that remember state between page loads (like your cart).

Google Customer Reviews

We participate in the Google Customer Reviews program so customers can rate their shopping experience with us. When you complete a purchase, we share certain order information with Google — your order number, email address, the country your order is shipping to, and the products you purchased — so Google can email you (only if you consent at checkout) approximately seven days after delivery inviting you to rate your experience. Your responses generate the seller-rating star scores that may appear next to our listings in Google Shopping and Google Search.

Google's use of this information is governed by the Google Privacy Policy. You can decline to participate by saying no to the consent prompt at checkout, or unsubscribe from the survey email itself at any time. Declining has no effect on your order.

Service providers

We share the minimum data necessary with service providers who help us run the site — for example, a payments and fulfillment platform, a database provider, a hosting provider, a transactional email service, a spam-prevention service, and a mapping service. Each is contractually required to protect your data and use it only on our behalf. We do not sell your personal information and we do not share it for cross-context behavioral advertising. If you'd like a list of the specific providers we currently use, contact us at the address below.

Data retention

Order records are kept for seven years to meet tax and accounting requirements. Analytics events are retained for up to 18 months. Review content stays live as long as the product is sold unless you ask us to remove it. We delete accounts and associated personal data within 30 days of a verified request.

Your rights

Depending on where you live, you may have the right to access, correct, or delete your personal information, or to opt out of its sale (we don't sell it). To exercise any of these rights, use our contact form from the address on your account, or reach us by email (), and we'll respond within 30 days.

Children

The site is not directed at children under 16, and we do not knowingly collect their data.

Changes

If we update this policy, we'll change the “last updated” date at the top. Material changes are announced by email to account holders.

Contact

Questions? Use our contact form or email us ().