Privacy policy

Effective Date: May 15, 2026
Last Updated: May 15, 2026

This Privacy Policy explains how Ishh ("Ishh," "we," "us," or "our") collects, uses, discloses, stores, and protects personal information when you visit or use our website, purchase our products, create an account, sign up for marketing, contact us, participate in promotions, submit reviews or content, or otherwise interact with us.

Ishh is an Ontario, Canada-based online women’s clothing brand. We currently sell and ship within Canada, excluding Quebec. We do not operate a physical retail store. We also do not currently sell or ship products to Quebec, the United States, or other jurisdictions outside Canada. If we begin selling or shipping to Quebec, the United States, or other jurisdictions in the future, we may update this Privacy Policy and add jurisdiction-specific notices before or at the time those sales begin.

This Privacy Policy is intended to comply with applicable Canadian private-sector privacy requirements, including the Personal Information Protection and Electronic Documents Act, Canada’s Anti-Spam Legislation, and other applicable privacy, consumer, ecommerce, marketing, and recordkeeping requirements.

This Privacy Policy should be read together with our Terms of Service, Shipping Policy, Returns and Exchanges Policy, Cookie Notice, and any other policies posted on our website.

 

 

1. Summary of Key Privacy Practices

To make our privacy practices easier to understand, here is a summary of the key points:

  • We collect personal information needed to operate an online clothing store, including contact details, shipping details, order details, payment-related information, account information, customer service communications, website usage information, and marketing preferences.

  • We use personal information to process orders, ship products, manage returns and exchanges, provide customer support, prevent fraud, improve our website, send marketing where permitted, run promotions, and comply with legal obligations.

  • We currently sell and ship within Canada, excluding Quebec.

  • We do not sell customer personal information for money.

  • We may use advertising and analytics technologies that involve limited disclosure of website activity, device information, cookie identifiers, or shopping activity to advertising and analytics partners. If any applicable law treats these activities as a “sale,” “sharing,” or targeted advertising, and if that law applies to Ishh, we will provide any required notices and choices.

  • We may share personal information with service providers that help us operate our business, such as website hosting, ecommerce platform, payment processing, shipping, email and SMS marketing, analytics, advertising, fraud prevention, customer service, and professional advisors.

  • We may use cookies and similar technologies for website functionality, analytics, personalization, advertising, and fraud prevention.

  • You may contact us to request access to, correction of, deletion of, or information about your personal information, subject to legal and operational limits.

  • You may unsubscribe from marketing emails or SMS messages at any time.

  • We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

  • We use reasonable safeguards appropriate to the sensitivity of the information we hold, but no website, system, or transmission method is completely secure.

 

 

2. What Personal Information We Collect

The personal information we collect depends on how you interact with Ishh.

2.1 Information You Provide Directly

We may collect the following information when you place an order, create an account, contact us, sign up for marketing, participate in a promotion, submit a review, or otherwise provide information to us:

  • Identity information: first name, last name, account username, and similar identifiers.

  • Contact information: email address, phone number, billing address, shipping address, and other contact details.

  • Order information: products purchased, size, color, quantity, price, discounts, gift card usage, order notes, delivery instructions, return or exchange requests, and order history.

  • Account information: login credentials, account preferences, saved addresses, wishlist items, and account activity.

  • Payment-related information: payment method, billing details, transaction confirmation, fraud screening results, partial card details such as last four digits, and payment status. Full payment card numbers are processed by our payment providers and are not intended to be stored by Ishh on our own systems.

  • Customer service information: messages you send us, information needed to resolve issues, return and exchange details, photos or documentation you provide, and notes from customer service interactions.

  • Marketing information: newsletter sign-up details, SMS opt-in details, consent records, unsubscribe preferences, promotional code usage, referral details, contest or giveaway entries, and communication preferences.

  • User-generated content: product reviews, photos, comments, social media handles, or other content you choose to submit or tag us in.

  • Survey and feedback information: responses to surveys, sizing feedback, product preferences, style preferences, and other feedback you voluntarily provide.

2.2 Information Collected Automatically

When you visit or use our website, we and our service providers may automatically collect certain technical and usage information, including:

  • IP address.

  • Device type, browser type, operating system, and device identifiers.

  • Referring website or source.

  • Pages viewed, products viewed, search terms, clicks, scroll activity, time spent on pages, and shopping cart activity.

  • Approximate location derived from IP address.

  • Cookie identifiers and similar tracking identifiers.

  • Website performance, error, security, and fraud prevention information.

2.3 Information From Third Parties

We may receive information about you from third parties where permitted by law, such as:

  • Ecommerce platforms, payment processors, and fraud prevention providers.

  • Shipping carriers and fulfillment partners.

  • Email, SMS, and marketing service providers.

  • Analytics and advertising platforms.

  • Social media platforms if you interact with Ishh through those platforms.

  • Referral partners, contest platforms, or promotion partners.

  • Publicly available sources, where relevant and permitted.

2.4 Sensitive Personal Information

Ishh is a women’s clothing brand and does not intend to collect sensitive personal information such as government identification numbers, health information, biometric information, precise geolocation, religious beliefs, political opinions, or similar sensitive information.

Please do not provide sensitive personal information to us unless we specifically request it and explain why it is needed. If you choose to provide sensitive personal information, we may delete it if it is not necessary for our business purposes, or we may use it only as needed to address your request, comply with law, protect rights, or maintain security.

 

 

3. How We Use Personal Information

We collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances, including the following:

3.1 To Operate Our Online Store

We use personal information to:

  • Process, confirm, and fulfill orders.

  • Accept and verify payment.

  • Arrange shipping and delivery.

  • Provide order updates and delivery notifications.

  • Manage returns, exchanges, refunds, store credits, and customer service issues.

  • Create and manage customer accounts.

  • Maintain order history and customer records.

  • Provide website functionality, such as shopping carts, checkout, wishlists, and account login.

3.2 To Communicate With You

We use personal information to:

  • Send transactional messages about orders, shipping, delivery, returns, refunds, account activity, policy updates, security notices, and customer service responses.

  • Respond to questions, requests, complaints, and feedback.

  • Provide information about products, sizing, availability, care instructions, promotions, or brand updates.

Transactional messages are not marketing messages and may be sent even if you opt out of marketing, where needed to provide products or services you requested.

3.3 For Marketing, Promotions, and Loyalty Activities

Where permitted by law and based on consent where required, we may use personal information to:

  • Send newsletters, product launches, promotions, restock alerts, event updates, and other marketing communications.

  • Send abandoned cart emails, promotional emails, SMS messages, product launch announcements, discount offers, restock alerts, and similar commercial electronic messages only where permitted by law and with consent where required.

  • Offer discounts, promotional codes, loyalty rewards, referral offers, first-time customer offers, or similar incentives.

  • Personalize marketing content based on your preferences, shopping activity, website activity, and interactions with Ishh.

  • Run contests, giveaways, surveys, or promotional campaigns.

  • Measure the effectiveness of marketing campaigns.

You may unsubscribe from marketing emails by using the unsubscribe link in our emails. You may unsubscribe from SMS marketing by following the instructions in the message, such as replying STOP, where available. We may keep limited information to record and respect your unsubscribe choice.

3.4 To Improve Our Products, Website, and Customer Experience

We use personal information to:

  • Understand how customers use our website.

  • Improve website design, functionality, navigation, checkout, and performance.

  • Understand customer preferences, sizing needs, product demand, and inventory planning.

  • Develop new products, collections, and customer experiences.

  • Analyze sales, returns, abandoned carts, conversion rates, and marketing performance.

  • Troubleshoot technical issues and maintain website security.

3.5 For Advertising and Analytics

We may use cookies, pixels, tags, and similar technologies to:

  • Measure website traffic and customer interactions.

  • Understand the performance of paid and organic marketing channels.

  • Show relevant advertising on third-party platforms.

  • Build or use audience segments for advertising, where permitted.

  • Limit repetitive ads and measure ad effectiveness.

Depending on the technology used, advertising and analytics partners may collect information about your interaction with our website and other websites. Please see the Cookies and Similar Technologies section below.

3.6 For Security, Fraud Prevention, and Legal Protection

We use personal information to:

  • Detect, prevent, and investigate fraud, abuse, chargebacks, unauthorized transactions, account misuse, and security incidents.

  • Verify identity where needed.

  • Protect our website, systems, customers, employees, service providers, and business.

  • Enforce our Terms of Service and policies.

  • Establish, exercise, or defend legal claims.

  • Comply with applicable laws, regulations, court orders, audits, tax, accounting, and recordkeeping obligations.

3.7 Business Transfers

If Ishh is involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction, personal information may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality protections and applicable law.

 

 

4. Consent

We collect, use, and disclose personal information with your consent, except where otherwise permitted or required by law. Consent may be express or implied depending on the circumstances and the sensitivity of the information.

For example, when you place an order, we rely on your implied consent to use your name, contact information, shipping address, payment-related information, and order details to process and deliver your purchase. For optional activities such as marketing emails, SMS marketing, certain cookies, advertising pixels, contests, or promotional communications, we will obtain express consent where required by law.

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw consent for information that is necessary to provide a product or service, we may not be able to provide that product or service, complete a transaction, process a return, maintain your account, or respond to certain requests.

 

 

5. When We Share Personal Information

We do not disclose personal information except as described in this Privacy Policy, with your consent, or as required or permitted by law.

We may share personal information with the following categories of recipients:

5.1 Ecommerce, Website, and Technology Providers

We use Shopify as our ecommerce platform. We may share information with Shopify and other providers that host, operate, secure, support, or improve our website and ecommerce functions, including checkout, account management, inventory, product pages, order management, and website analytics.

5.2 Payment and Fraud Prevention Providers

We share payment-related and transaction information with payment processors, banks, card networks, payment gateways, fraud prevention services, and chargeback management providers as needed to process payments, prevent fraud, and resolve transaction disputes. Current or expected payment processors, payment services, card networks, and payment methods may include Stripe, PayPal, Apple Pay, Visa, Mastercard, and American Express.

5.3 Shipping, Fulfillment, and Logistics Providers

We share shipping and order information with carriers, fulfillment providers, customs brokers if applicable in the future, delivery partners, and related logistics providers as needed to fulfill, ship, track, return, or exchange products.

5.4 Marketing and Communication Providers

We may share contact details, marketing preferences, order activity, and website activity with providers that help us send emails, SMS messages, push notifications if applicable, newsletters, abandoned cart reminders, promotions, surveys, product reviews, and customer communications. Current or possible marketing providers may include, but are not limited to, Klaviyo, Mailchimp, Shopify Email, and a selected SMS marketing provider if Ishh uses SMS marketing.

5.5 Analytics and Advertising Partners

We may share or make available limited website usage, device, cookie, and shopping activity information with analytics and advertising partners to help us understand performance, personalize experiences, and deliver relevant advertising. Current or expected analytics and advertising tools may include, but are not limited to, Meta Pixel, Google Analytics, and TikTok Pixel.

5.6 Customer Support and Operations Providers

We may share information with customer service platforms, returns management providers, review platforms, CRM tools, helpdesk systems, and other operational providers that help us respond to customers and manage the business.

5.7 Professional Advisors and Legal Authorities

We may disclose information to lawyers, accountants, auditors, insurers, consultants, law enforcement, regulators, courts, government authorities, or other parties where required or permitted by law, or where necessary to protect our rights, customers, business, or others.

5.8 Business Transaction Parties

We may disclose personal information to parties involved in an actual or potential business transaction, such as a merger, acquisition, financing, sale of assets, restructuring, or similar transaction, subject to appropriate protections.

 

 

6. Cookies and Similar Technologies

Our website may use cookies, pixels, tags, software development kits, local storage, and similar technologies. These technologies help us operate the website, remember your preferences, keep items in your cart, understand website performance, personalize content, prevent fraud, and support analytics and advertising.

6.1 Types of Cookies We May Use

  • Strictly necessary cookies: needed for website operation, checkout, security, account login, cart functionality, and fraud prevention.

  • Functional cookies: remember preferences such as region, currency, language, account settings, and product preferences.

  • Analytics cookies: help us understand traffic, performance, product interest, and customer behaviour on our website. Ishh may use tools such as Google Analytics and Shopify analytics.

  • Advertising cookies and pixels: help us measure ads, build audiences, retarget visitors, and show relevant ads on third-party platforms. Ishh may use tools such as Meta Pixel and TikTok Pixel.

6.2 Profiling, Analytics, and Advertising Technologies

Some cookies, pixels, and similar technologies may allow us or our service providers to recognize your device, understand your website activity, estimate your interests, measure advertising performance, or personalize marketing. This may include using information about your product views, purchases, cart activity, interests, or browsing behaviour to understand preferences or show more relevant content or advertising.

Where required by applicable law, we will provide notice and obtain consent before using non-essential analytics, advertising, or profiling technologies. Where available, we will provide a way to manage or withdraw consent for non-essential cookies and similar technologies.

6.3 Your Cookie Choices

You may be able to control cookies through your browser settings, device settings, website cookie banner, consent tool, or third-party opt-out tools where available. If you block or delete cookies, some parts of our website may not function properly, including cart, checkout, account login, personalization, and fraud prevention features.

If we use technologies that require consent under applicable law, we will request consent as required.

 

 

7. Marketing Communications

We send marketing communications only where permitted by applicable law. This may include newsletters, launch updates, promotional offers, discount codes, restock alerts, product recommendations, event updates, abandoned cart messages, and similar messages.

For Canadian recipients, we will comply with Canada’s Anti-Spam Legislation, including consent, identification, and unsubscribe requirements for commercial electronic messages.

Abandoned cart emails, promotional emails, SMS messages, product launch announcements, discount offers, restock alerts, and similar messages may be considered commercial electronic messages. We will send these messages only where permitted by law and with consent where required.

Each marketing email will include an unsubscribe mechanism. SMS marketing messages, where offered, will include opt-out instructions such as replying STOP or using another available unsubscribe method. We will process unsubscribe requests as required by law.

Even after you unsubscribe from marketing, we may still send transactional or service-related messages, such as order confirmations, shipping updates, return updates, account notices, security notices, or messages required by law.

 

 

8. How Long We Keep Personal Information

We keep personal information only as long as reasonably necessary for the purposes for which it was collected or as otherwise required or permitted by law.

Retention periods may depend on the type of information and the reason it is held, including:

  • Order, payment, tax, accounting, and business records may be retained for legally required recordkeeping periods.

  • Customer account information may be retained while the account is active and for a reasonable period afterward.

  • Customer service records may be retained to resolve issues, improve service, and protect legal rights.

  • Marketing consent and unsubscribe records may be retained to prove consent and respect opt-out choices.

  • Fraud prevention, security, chargeback, and legal records may be retained as needed to protect Ishh, customers, and others.

  • Website analytics data may be retained in identifiable, pseudonymous, aggregated, or anonymized form according to our provider settings and business needs.

As a general guide, we may retain order, transaction, tax, accounting, and payment-related records for at least six years from the end of the last tax year to which they relate, or longer if required by law, audit, dispute, chargeback, fraud prevention, or legal claim requirements. Marketing consent and unsubscribe records may be retained as long as needed to prove consent and respect opt-out choices. Customer service records may be retained for a reasonable period to resolve issues, improve service, and protect legal rights.

When personal information is no longer required, we will delete, destroy, anonymize, or de-identify it, subject to technical, legal, and business limitations.

 

 

9. Security Safeguards

We use reasonable physical, organizational, contractual, and technical safeguards appropriate to the sensitivity of the personal information we hold. These safeguards may include access controls, authentication, encryption or secure transmission where appropriate, vendor due diligence, employee access limitations, contractual confidentiality obligations, monitoring, and security procedures.

However, no website, internet transmission, ecommerce platform, payment system, email system, or storage technology can be guaranteed to be completely secure. You are responsible for keeping your account login credentials confidential and for using secure devices and networks when accessing our website.

If we become aware of a privacy breach that creates a real risk of significant harm, we will assess, contain, record, report, and notify affected individuals and regulators as required by applicable law.

 

 

10. Cross-Border Storage and Transfers

Ishh is based in Ontario, Canada. We may use service providers located in Canada, the United States, and other jurisdictions where our service providers operate. As a result, personal information may be stored, processed, or accessed outside your province, territory, state, or country of residence.

When personal information is transferred or processed outside your jurisdiction, it may be subject to the laws of that jurisdiction, including lawful access by courts, law enforcement, regulators, or government authorities.

We take reasonable steps to require service providers to protect personal information and use it only for authorized purposes. Where required by applicable law, we will assess cross-border transfers and use contractual protections designed to protect personal information.

 

 

11. Your Privacy Rights and Choices

Subject to applicable law and certain exceptions, you may have the right to:

  • Request access to personal information we hold about you.

  • Request correction of inaccurate or incomplete personal information.

  • Request deletion of personal information.

  • Withdraw consent to certain uses of personal information.

  • Ask how your personal information has been used or disclosed.

  • Challenge our compliance with this Privacy Policy.

  • Opt out of marketing communications.

  • Manage cookie preferences where tools are available.

We may need to verify your identity before responding to a privacy request. We may deny or limit a request where permitted or required by law, including where information must be retained for legal, tax, accounting, fraud prevention, security, transactional, customer service, or legal claim purposes.

For Canadian privacy access requests, we aim to respond within the time required by applicable law. Under federal Canadian private-sector privacy law, access requests generally must be responded to within 30 calendar days, subject to permitted extensions and exceptions.

To make a privacy request, contact us using the contact details below.

You may contact our Privacy Officer to ask questions, make a privacy request, or submit a complaint about our privacy practices. We will review and respond to privacy complaints within a reasonable time and in accordance with applicable law. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada or the applicable provincial privacy regulator.

 

 

12. Quebec Residents and Future Quebec Sales

Ishh does not currently sell or ship products to Quebec. We also do not currently target Quebec customers for online sales.

If Ishh begins selling or shipping to Quebec in the future, we will review and update our website, customer-facing policies, privacy notices, language practices, and customer communication processes as required by applicable Quebec law.

If you are located in Quebec and interact with our website, you may still contact us with privacy questions or requests at shopishh31@gmail.com. We will respond in accordance with applicable privacy law.

 

 

13. Children and Minors

Ishh’s website and products are intended for adults and are not directed to children.

We do not knowingly collect personal information from children under 13 years of age. If you believe that a child has provided personal information to us without appropriate consent, please contact us. If we determine that we collected such information in a way that does not comply with applicable law, we will delete it or take other appropriate steps.

 

 

14. U.S. Residents and Future U.S. Sales

Ishh currently sells and ships within Canada, excluding Quebec, and does not currently target U.S. consumers for online sales. If we later begin selling into the United States, we may update this Privacy Policy and add additional U.S. state privacy notices where required.

Certain U.S. privacy laws may provide residents of specific states with rights such as access, deletion, correction, portability, opt-out of sale or sharing, opt-out of targeted advertising, limitation of sensitive information use, appeal rights, and non-discrimination rights. These laws often apply only if a business meets specific legal thresholds, such as revenue, number of consumers, or data-sharing activity.

If Ishh becomes subject to any U.S. state privacy law, we will provide the required notices, rights, and request methods. Until then, U.S. visitors may still contact us with privacy questions or requests, and we will respond reasonably and in accordance with applicable law.

For U.S. commercial emails, if and when we market to U.S. recipients, we will comply with applicable U.S. email marketing requirements, including providing a clear opt-out mechanism for commercial emails.

 

 

15. International Visitors

Ishh currently operates for the Canadian market, excluding Quebec. Our website may be accessible from other countries, but we do not currently target sales to customers outside Canada.

If you access our website from outside Canada, you understand that your information may be collected, used, processed, and stored in Canada and other jurisdictions where our service providers operate. Those jurisdictions may have privacy laws that differ from the laws in your location.

If we actively expand into other jurisdictions, we will review and update our privacy practices and this Privacy Policy as required.

 

 

16. Third-Party Websites and Social Media

Our website may contain links to third-party websites, apps, payment pages, shipping portals, social media platforms, or other services that we do not own or control. This Privacy Policy does not apply to third-party websites or services.

If you interact with Ishh on social media, the relevant social media platform may collect and process your information according to its own privacy policy. We encourage you to review the privacy policies and settings of any third-party services you use.

 

 

17. Reviews, Photos, and Public Content

If you submit a product review, photo, testimonial, comment, social media tag, or other content to Ishh, that content may be visible to other customers or the public, depending on the feature and your settings.

Do not submit personal information or content that you do not want to be public. We may moderate, remove, or reuse submitted content in accordance with our Terms of Service, applicable law, and any permissions you provide.

 

 

18. Automated Decision-Making

Ishh does not intend to make decisions about customers based exclusively on automated processing that produce legal or similarly significant effects.

We may use automated tools for ordinary ecommerce operations, such as fraud screening, payment authorization, abandoned cart reminders, product recommendations, website personalization, advertising audiences, and analytics. These tools support business operations but do not replace customer service review where a meaningful issue is raised.

If we introduce automated decision-making that triggers specific legal notice obligations, we will update this Privacy Policy and provide required information.

 

 

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, website, service providers, legal requirements, or privacy practices.

The updated version will be posted on our website with a revised “Last Updated” date. If we make material changes, we may provide additional notice where required, such as by email, website notice, checkout notice, or consent request.

Your continued use of our website after an updated Privacy Policy is posted means you acknowledge the updated Privacy Policy, subject to any consent requirements under applicable law.

 

 

20. Contact Us

If you have questions, concerns, complaints, or requests about this Privacy Policy or Ishh’s privacy practices, contact our Privacy Officer:

Privacy Officer: Ishh Privacy Officer
Business Legal Name: Ishh
Operating Name: Ishh
Mailing Address: 5 Mabelle Avenue, Apartment 234, Etobicoke, Ontario, M9A 0C8, Canada
Email: shopishh31@gmail.com
Customer Support Email: shopishh31@gmail.com

We may ask for information to verify your identity before responding to privacy requests. If you are not satisfied with our response, you may have the right to contact the Office of the Privacy Commissioner of Canada or the applicable provincial privacy regulator.