Privacy Policy

Last updated: October 19, 2025

At Henape, protecting your privacy is integral to the purchasing experience. This policy lays out, in clear and straightforward language, the types of data gathered, how we utilize that data, with whom we share it, and the security measures applied when you browse or make a purchase at https://henape.com. This notice applies to customers located in the United States, United Kingdom, France, Germany, Australia, Spain, Canada, Italy, Belgium, and Portugal.

1. Data Gathers and Obtains

Data You Provide Directly

When completing a transaction for our handcrafted wooden puzzles or setting up a user account, Henape obtains your full name, email address, physical shipping and billing locations, telephone number, and comprehensive transaction records (including purchased items, pricing, order identifiers, and tracking status). Henape ensures the highest payment security by never retaining full credit card numbers or security codes (CVVs)—all financial processing is delegated to trusted external gateways like Stripe or PayPal. When you communicate with our support team, Henape utilizes the content of those messages, live chats, and any supporting documents you submit. If you establish a registered account, Henape stores your login email, a secure encrypted password, and personal configurations like saved addresses.

Data Collected Automatically

When you navigate our digital storefront, Henape records your IP address, browser and device specifications, operating system, the previous website you visited (referring URL), general geographical area (city/region), pages you viewed, duration of visit, click pathways, items added to your basket, and your product interests. This tracking is facilitated through the use of cookies, tracking pixels, and analytics tools necessary for the website’s proper operation and continuous enhancement.

Data from Trusted Third Parties (When Applicable)

If your visit originates from an advertisement or social media promotion, Henape might receive limited campaign metrics (e.g., which specific advertisement was clicked) to help assess content effectiveness. Henape strictly prohibits the acquisition of personal data from data brokers.

Information Pertaining to Minors

Henape does not knowingly compile personal information from children under the age of 13 (or the required minimum age in your jurisdiction). If you suspect a child has provided personal details, please notify us at [email protected] immediately so Henape can promptly remove that data.

2. Utilization of Data

Fulfilling Orders and Providing Services

Henape uses your data to confirm purchases, execute financial transactions, coordinate logistics and shipping, issue transit notifications, and manage any returns, exchanges, or warranty claims related to your wooden puzzles.

Customer Support and Service

Henape relies on your information to accurately respond to inquiries, investigate reported issues, and continuously improve the overall quality of our customer assistance.

Personalization and Platform Enhancement

Henape keeps track of your preferences and analyzes how our puzzles and site features perform over time. This helps us resolve technical problems, design superior future features, and offer relevant product recommendations that align with your interests.

Marketing Communications (Subject to Consent)

Henape will distribute marketing newsletters or promotional offers only if you have explicitly chosen to receive them. You retain the right to opt out at any point using the unsubscribe link found in every email or by contacting [email protected].

Security and Legal Compliance

Henape utilizes information to safeguard against fraudulent activities, maintain the security of the website, enforce our stated policies, and fulfill any necessary legal or financial reporting obligations.

Data Retention Schedule

Transaction and invoicing records are maintained for a period of up to six years (to comply with accounting, tax, and warranty mandates). Support correspondence may be retained for up to two years. Marketing consent remains active until you request to unsubscribe. Analytical data is typically kept for 14–26 months (depending on the tool used). Data may be kept longer if mandated by law or necessary to resolve legal disputes; otherwise, it is securely deleted or rendered anonymous.

Legal Grounds for Processing (EU/UK)

Henape processes personal data based on the necessity to execute a contract (your order), for our legitimate business interests (operating, enhancing, and protecting our services—while balancing this against your rights), with your explicit consent (for marketing and non-essential cookies), and to meet legal requirements. Henape does not employ purely automated decision-making processes that result in legal or similarly significant effects on you.

3. Disclosure of Information

Henape never sells or rents personal data to third parties. Data is shared strictly with reliable external entities who are obligated to maintain security and confidentiality, using the data solely to execute services on behalf of Henape:

• Financial Gateways (e.g., Stripe, PayPal)

• Logistics and Delivery Carriers (e.g., UPS, FedEx, DHL, and various local couriers)

• Operational Service Providers (for secure web hosting, cloud storage, customer email delivery, traffic analytics like Google Analytics, and targeted advertising tools such as Meta Pixel where you have given consent)

• Advisers and Consultants (for necessary accounting or legal counsel)

Regulatory and Safety Requirements

Should regulatory mandates require it—or if disclosure is essential to safeguard the rights, security, or prevent fraud—Henape may furnish information to appropriate authorities.

Corporate Restructuring

In the event Henape undergoes an acquisition, merger, or asset sale, your personal information may be transferred to the new owner under the same strict privacy protections detailed here.

4. Data Protection Protocols

Henape secures your information using industry-standard protocols, including TLS/SSL encryption, secure server infrastructure and strict access controls, regular security evaluations, and limiting staff access to only those who have completed privacy training. While we enforce powerful safeguards, it is important to understand that no system connected to the internet can guarantee 100% security.

5. Your Rights as a Data Subject

All individuals may request a copy of their held data, seek correction of inaccurate details, ask for erasure where legally permitted, limit or object to specific uses, and revoke consent to marketing at any point (you will still receive essential service emails related to your order/shipping). To exercise these rights, please contact [email protected]. Henape may request identity verification and aims to respond promptly, typically within 30 days. These requests are provided without charge unless they are clearly excessive or repetitive, in which case a reasonable fee might apply.

United States (CCPA/CPRA – California)

You maintain the right to know what data is gathered, request its deletion or correction, and opt out of any “sale” or “sharing” used for cross-context behavioral advertising. Henape currently does not sell or share personal data in this manner. Should this practice change, a visible “Do Not Sell or Share My Personal Information” link will be implemented. Where required by law, Henape respects a valid Global Privacy Control signal as an official opt-out. If a request is denied, you have the right to appeal using the instructions provided in our response.

European Union & United Kingdom (GDPR/UK GDPR)

You possess rights of access, correction, deletion, data portability, restriction of processing, and objection. You may also direct any complaints to your local Data Protection Authority.

Canada (PIPEDA)

You may access and rectify your personal details and withdraw consent, provided there are no conflicting legal or contractual limitations.

Australia (APPs)

You are entitled to access and correct personal data and may submit a complaint to the OAIC if concerns regarding our handling of data are not adequately addressed.

6. Cookie Usage

Cookies assist the site in functioning reliably (handling the shopping cart, checkout, login features), recalling your preferred settings, analyzing website performance, and—where required by law, with your permission—displaying more relevant advertisements. You have the ability to manage cookies through your web browser settings (blocking, deleting, or limiting them). Be aware that blocking certain essential cookies may impair website functionalities, such as the shopping cart. In jurisdictions where legally mandated, Henape uses a prominent cookie banner to allow you to accept or reject non-essential cookies and modify your choices later.

7. Global Data Transfers

Your data may be securely stored or processed on servers located in the United States. For customers residing in the EU, UK, Canada, and Australia, this involves transferring data outside of your country of residence. Henape ensures these transfers are protected using approved safeguarding mechanisms, such as Standard Contractual Clauses (SCCs) or other region-specific compliant tools.

8. Additional Details for Transparency

User-Generated Content

If you submit product evaluations or upload accompanying images, that content may become publicly visible on the website. We advise against posting sensitive personal information in public areas.

Third-Party Site Links

Our website may feature links directing to external sites. These sites operate under their own independent privacy practices; please ensure you review their respective policies.

Handling Sensitive Data

Henape does not utilize highly specific geolocation, biometric identifiers, or other sensitive data categories to make inferences about your characteristics, nor do we employ sensitive personal information for purposes that would necessitate an opt-out under the CPRA.

Notice at Collection (California)

Over the past 12 months, Henape has gathered identifying information (name, email, address, phone), commercial records (order history), internet and network activity (pages viewed, interactions), and approximate geolocation (city/region). Data sources include information provided by you and your devices (via analytics/cookies), and promotional platforms for tracking campaign effectiveness. The purposes and retention periods are comprehensively described above; Henape confirms it does not sell or share this data as defined by California law.

9. Policy Amendments

Henape may revise this policy to adapt to changes in our services or legal requirements. When updates occur, the “Last updated” date at the top of this document will be changed. If the revisions are substantial, Henape may also notify you via email (where allowed) or by displaying a prominent notice on the website.

10. Contact Information

If you have inquiries regarding this Privacy Policy or the handling of your personal data, please reach out to Henape:

Address: 1720 S. Amphlett Boulevard, San Mateo, CA, 94402

Phone: +1 (310) 489-1121

Email: [email protected]

Support Time: Mon–Sun: 8:00 AM-5:00 PM PST