Privacy Policy

01.Who We Are

COMEX Design is a retailer of ready-to-install kitchen cabinets, serving customers throughout the United States. For purposes of this Privacy Policy, COMEX Design is the controller of the personal information we collect about you.

You may contact us at any time about this Privacy Policy or your personal information using the contact details provided at the end of this document.

02.Information We Collect

We collect personal information that you provide directly to us, that we obtain automatically when you use our website, and that we receive from third parties such as payment processors, identity providers, and shipping carriers. The categories of personal information we collect include:

03.How We Use Your Information

We use the personal information described above for the following purposes:

• To process, fulfill, ship, and deliver your orders, including communicating with you about order status and exceptions.
• To establish and maintain your account, authenticate you, and enable you to access your order history and saved preferences.
• To determine eligibility for, and apply, the appropriate customer tier (individual, dealer, or VIP dealer) and associated pricing.
• To provide customer support, respond to inquiries, and resolve complaints, returns, and warranty claims.
• To detect, investigate, and prevent fraud, security incidents, and abuse, and to enforce our Terms of Service and other legal rights.
• To comply with legal, tax, accounting, and regulatory obligations, including the retention of transaction records as required by federal and state law.
• To operate, evaluate, debug, and improve our website, products, and services, including measuring performance and aggregate usage trends.
• To send you transactional communications such as order confirmations, shipping notifications, and account-related notices, and, where you have opted in, marketing communications about our products and promotions.

04.Lawful Purposes for Processing

Where state law requires that we identify a lawful purpose for processing personal information, we rely on the following: performance of a contract with you (for example, fulfilling your order); compliance with our legal obligations (for example, tax recordkeeping); our legitimate interests (for example, securing our website, preventing fraud, and improving our services), provided those interests are not overridden by your rights; and your consent, where required by law, which you may withdraw at any time.

05.How We Share and Disclose Information

We do not sell your personal information for monetary consideration, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA").

We disclose personal information only to the categories of recipients described below, and only as necessary for the purposes identified in this Privacy Policy:

• Payment processor: Stripe, Inc., to authorize and capture payments, process refunds, and prevent payment fraud.
• Shipping carriers: the freight, parcel, and white-glove carriers we engage to deliver your order, who receive the information necessary to complete delivery.
• Hosting and infrastructure: Vercel, Inc., which hosts our website and provides aggregated, privacy-preserving analytics, and Supabase, Inc., which provides our managed PostgreSQL database.
• Professional advisors: our attorneys, accountants, auditors, and insurers, where reasonably necessary for the conduct of our business.
• Business successors: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, in which case personal information may be transferred subject to the protections of this Privacy Policy.
• Government and law enforcement: when we believe in good faith that disclosure is required by law or legal process, or is necessary to protect the rights, property, or safety of COMEX Design, our customers, or the public.

06.Cookies, Local Storage, and Tracking Technologies

We use a small number of cookies and browser-storage mechanisms strictly necessary to operate our website. These include a session cookie issued by our authentication system when you sign in, a language-preference cookie that records whether you have selected English or Spanish, and a non-personally-identifying anonymous shopping cart stored in your browser's local storage. We do not use third-party advertising cookies and we do not allow third parties to track you across our website for advertising purposes.

Most browsers allow you to control cookies through their settings. Disabling strictly-necessary cookies may impair the functioning of our website.

07.Do Not Track and Global Privacy Control

Our website does not respond to "Do Not Track" signals because no common industry standard for those signals has been adopted. However, where required by law, we treat a Global Privacy Control ("GPC") signal received through your browser as a valid request to opt out of any sale or sharing of your personal information for cross-context behavioral advertising. Because we do not engage in such sales or sharing, the practical effect of a GPC signal on our processing is limited to confirming our existing practice.

08.Your Rights Under California Law

If you are a California resident, the CCPA gives you the following rights with respect to your personal information:

• The right to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom we have disclosed it.
• The right to request deletion of personal information we have collected from you, subject to legal exceptions (for example, where retention is necessary to complete a transaction, comply with a legal obligation, or detect fraud).
• The right to request correction of inaccurate personal information we maintain about you.
• The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. As stated above, we do not sell or share personal information for these purposes.
• The right to limit the use and disclosure of any sensitive personal information we collect, to the extent applicable.
• The right not to receive discriminatory treatment for exercising your rights under the CCPA.

09.Your Rights Under Other State Laws

If you are a resident of a state with a comprehensive consumer privacy law — including without limitation Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Jersey, New Hampshire, Kentucky, Minnesota, Maryland, and Rhode Island — you may have some or all of the following rights, subject to the conditions and exceptions of the law that applies to you:

• The right to confirm whether we are processing your personal information and to access that information.
• The right to obtain a copy of your personal information in a portable, readily usable format.
• The right to correct inaccurate personal information.
• The right to delete personal information we have collected about you.
• The right to opt out of targeted advertising, the sale of personal information, and certain forms of profiling that produce legal or similarly significant effects.
• The right not to receive discriminatory treatment for exercising your rights.

10.How to Exercise Your Rights

To exercise any of the rights described above, please contact us by email at the address listed at the end of this Privacy Policy, or by mail at our headquarters address. Please include enough information for us to verify your identity and locate your records, such as your full name, the email address associated with your account, and a description of your request.

We will respond to verifiable consumer requests within forty-five (45) days of receipt. Where reasonably necessary, we may extend the response period by an additional forty-five (45) days, in which case we will notify you of the extension and the reason for it. There is no fee to submit a request, although we may charge a reasonable fee or decline to act on requests that are manifestly unfounded, excessive, or repetitive, as permitted by law.

11.Children's Privacy

Our website and services are not directed to children. Consistent with the Children's Online Privacy Protection Act ("COPPA"), we do not knowingly collect personal information from children under the age of thirteen (13). In addition, our services are intended for adults, and we do not knowingly collect personal information from individuals under the age of eighteen (18). If you believe we have collected personal information from a minor, please contact us and we will promptly delete it.

12.Data Retention

We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, including legal, tax, accounting, and reporting obligations. Order and transaction records are typically retained for at least seven (7) years to satisfy applicable Internal Revenue Service and state tax requirements. Account information is retained for as long as your account is active and for a reasonable period thereafter, unless you request deletion. Server logs and security records are retained for shorter operational periods consistent with industry practice. When personal information is no longer needed, we delete or anonymize it in a secure manner.

13.Information Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption of personal information in transit using industry-standard Transport Layer Security (TLS), the storage of account passwords in salted, hashed form, the delegation of payment-card processing to a PCI-DSS-compliant service provider (Stripe), restricted internal access to personal information on a need-to-know basis, and regular review of our security practices.

No method of transmission over the internet or electronic storage is one hundred percent secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorized access.

14.Users Outside the United States

Our services are intended for residents of the United States, and personal information is collected, stored, and processed in the United States. We do not knowingly market to or accept orders from individuals located outside the United States. If you access our website from another jurisdiction, you do so on your own initiative and are responsible for compliance with local laws.

15.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the "Last Updated" date at the top of this Privacy Policy and, where appropriate, provide additional notice (such as by email or by posting a prominent notice on our website). Your continued use of our website or services after any update constitutes your acknowledgment of the revised Privacy Policy.

16.Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the details provided in the section that follows.