Free shipping on orders over $60 · Plastic-free packaging
Legal

Privacy policy.

Last updated April 23, 2026

This policy describes how Mahalo Brands (“we,” “us,” “our”) collects, uses, and shares information about you when you visit mahalobrands.com, place an order, or interact with our services.

What we collect

We collect only the information we need to run the business, and never sell it.

  • Order information — name, email, shipping and billing address, phone number (optional), and the items you purchase. Payment card details are handled by Shopify and never touch our servers.
  • Account information — if you sign in to the customer portal, we use Shopify's Customer Account API to look up your orders and subscriptions on your behalf.
  • Wholesale applications — business name, contact name, email, phone, license number, and shipping address when you apply for a wholesale account.
  • Reviews and damage claims — the name, email, rating, and text you submit, plus any photos you attach (damaged-box photos are stored privately).
  • Usage analytics — a first-party session cookie, the pages you visit, referring site, UTM parameters, device type, browser, and approximate country/region. We do not store your IP address.
  • Email interactions — delivery and bounce status for transactional email we send via Resend. We do not track email opens by default.

How we use it

  • To fulfill and ship your order, process refunds, and support you after a purchase.
  • To show approved reviews on product pages.
  • To send transactional email (order updates, review requests, wholesale status).
  • To understand which products, pages, and referrers drive sales so we can improve the site.
  • To comply with legal obligations (tax, accounting, fraud prevention).

Cookies

We use a small set of first-party cookies: a session ID for analytics, an authentication cookie when you sign in to your account, and a short-lived cookie to remember your cart. We do not use third-party advertising cookies, and we do not participate in cross-site tracking networks.

Service providers

We share the minimum data necessary with service providers who help us run the site — for example, a payments and fulfillment platform, a database provider, a hosting provider, a transactional email service, a spam-prevention service, and a mapping service. Each is contractually required to protect your data and use it only on our behalf. We do not sell your personal information and we do not share it for cross-context behavioral advertising. If you'd like a list of the specific providers we currently use, contact us at the address below.

Data retention

Order records are kept for seven years to meet tax and accounting requirements. Analytics events are retained for up to 18 months. Review content stays live as long as the product is sold unless you ask us to remove it. We delete accounts and associated personal data within 30 days of a verified request.

Your rights

Depending on where you live, you may have the right to access, correct, or delete your personal information, or to opt out of its sale (we don't sell it). To exercise any of these rights, use our contact form from the address on your account, or reach us by email (), and we'll respond within 30 days.

Children

The site is not directed at children under 16, and we do not knowingly collect their data.

Changes

If we update this policy, we'll change the “last updated” date at the top. Material changes are announced by email to account holders.

Contact

Questions? Use our contact form or email us ().