Free shipping on orders over $75 USD
KIREI

Privacy Policy

Last updated: 9 April 2026

Kirei ("we", "us", "our") is operated by Kirei Co., based in Australia. We sell aesthetic gaming peripherals worldwide via www.kireico.com. This policy explains what personal information we collect, why we collect it, how we use and protect it, and the rights you have over it. We comply with the Australian Privacy Act 1988 (including the Australian Privacy Principles), the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA / CPRA).

1. Information we collect

We only collect what we need to run the store and serve your order.

  • Account & identity: name, email address, and (if you sign in with Google or Microsoft) the basic profile data those providers share with us via Clerk, our authentication provider.
  • Order & shipping: billing name, shipping address, phone number (if you provide one), the items in your order, and the amount paid.
  • Payment: we never see or store your full card details. Payments are processed by Stripe, who tokenises your card and returns only a payment confirmation to us.
  • Site usage: pages visited, products viewed, items added to cart, and other interaction events. This is stored in our database to help us improve the store.
  • Device & technical: IP address, browser type, device type, referring URL, and approximate location (city level), collected via standard server logs.
  • Cookies & local storage: see Section 6 below.

2. How we use your information

  • To process and fulfil your orders, including shipping and refunds.
  • To send you transactional emails (order confirmation, shipping updates, refund notices).
  • To provide customer support if you contact us.
  • To detect and prevent fraud, abuse, and security incidents.
  • To improve the store experience based on aggregate, anonymised usage patterns.
  • With your separate, opt-in consent: to send occasional marketing emails about new products and offers. You can unsubscribe at any time using the link in any marketing email.
  • To comply with our legal and tax obligations.

3. Legal bases (GDPR / UK GDPR)

If you are in the EU or UK, we rely on the following legal bases:

  • Contract: processing your order, providing the account you signed up for, and supporting it.
  • Legitimate interest: running the store securely, improving it, and preventing fraud.
  • Consent: non-essential cookies and marketing emails. You can withdraw consent at any time.
  • Legal obligation: tax records, accounting, responding to lawful requests from authorities.

4. Who we share information with

We never sell your personal information. We share it only with the service providers we need to run the store:

  • Stripe — payment processing.
  • Clerk — sign-in and account authentication.
  • Supabase — database and storage hosting.
  • Vercel — site hosting and analytics.
  • Resend — transactional email delivery.
  • Shipping carriers — to deliver your order.
  • Authorities, when legally required (e.g. court orders, subpoenas, or to comply with tax law).

Each of these providers is contractually obligated to handle your data securely and only for the purpose we instruct.

5. International data transfers

Our hosting and services are provided by companies based primarily in the United States and the European Union. By using Kirei, you understand that your information may be transferred to and processed in countries outside your country of residence. Where personal data of EU/UK residents is transferred outside the EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Cookies & tracking

We use a small number of cookies and browser storage technologies:

  • Strictly necessary — for sign-in (Clerk session), shopping cart, and checkout. The store does not work without these and they do not require consent.
  • Analytics — anonymised usage events that help us understand which products and pages perform well. These are set only if you accept the cookie banner.
  • Marketing — used only if you opt in via the cookie banner.

When you first visit Kirei you will see a cookie banner. You can accept, reject, or fine-tune your choices at any time by clearing your browser storage for kireico.com, which will re-prompt you on next visit.

7. How long we keep your information

  • Account data: for as long as your account is active. If you delete your account, we delete or anonymise it within 30 days.
  • Order records: retained for 7 years to meet Australian tax and consumer law requirements.
  • Analytics events: retained for 24 months in identifiable form, then aggregated.
  • Support emails: retained for 24 months unless you ask us to delete them sooner.

8. Your rights

Wherever you are, you have the right to:

  • Access the personal information we hold about you.
  • Correct anything that is inaccurate or out of date.
  • Ask us to delete your account and associated data (subject to legal retention obligations).
  • Export your data in a portable format.
  • Object to or restrict certain types of processing.
  • Withdraw consent for marketing emails or non-essential cookies at any time.
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC), or your local data protection authority if you are in the EU/UK.

To exercise any of these rights, email privacy@kireico.com. We will respond within 30 days.

9. California residents (CCPA / CPRA)

If you are a California resident you have the additional rights to know what personal information we collect, sell, or share; to delete your personal information; to correct inaccurate information; and to opt out of the sale or sharing of your personal information. We do not sell personal information. To exercise these rights, email privacy@kireico.com.

10. Children

Kirei is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please email privacy@kireico.com and we will delete it.

11. Security

We take security seriously. Our site runs over HTTPS, payment data is tokenised by Stripe and never touches our servers, our database is hosted by Supabase with row-level security, and only a small number of authorised admins can access customer records. No system is perfectly secure, so if you ever notice anything suspicious about your Kirei account, email security@kireico.com right away.

12. Changes to this policy

We may update this policy occasionally to reflect changes in our practices or in the law. The "Last updated" date at the top of this page shows when it was last revised. Material changes will be announced via a site banner and (if you have an account) by email.

13. Contact

Privacy questions: privacy@kireico.com
General support: hello@kireico.com