Privacy Policy

Última actualización: June 25, 2026

This Privacy Policy describes how Emporium Plus Inc. ("Emporium," "we," "us," or "our"), a corporation organized under the laws of the State of Illinois, United States, collects, uses, discloses, and protects your personal information when you visit or make a purchase through our online store at https://emporiumplusinc.com (the "Site" or the "Services").

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.


Summary of Key Points

This summary highlights the main points of our Privacy Policy. You can find more detail in the corresponding sections below.

  • What we collect. We collect the information you provide directly to us (such as your name, contact details, account credentials, and, for business customers, a tax identification number) and information collected automatically when you use the Site (such as IP address, device data, and approximate location).
  • Sensitive information. We do not collect sensitive personal information.
  • Card numbers. We do not store your debit or credit card numbers. Card payments are processed by Stripe.
  • How we use it. We use your information to operate the Site, fulfill and manage your orders, comply with our legal obligations, improve the Services, and communicate with you about your account and orders.
  • Disclosure. We disclose information only to the service providers that help us run the business. We do not sell your personal information, and we do not share it for cross-context behavioral (targeted) advertising.
  • Your rights. Depending on where you live, you may have rights to access, correct, delete, or otherwise control your personal information. See "Your U.S. State Privacy Rights" below.
  • Contact. You can reach us at empoinc.25@gmail.com or by mail at 5366 N Northwest Hwy, Chicago, IL 60630.

1. Who We Are

The Services are operated by Emporium Plus Inc., a single seller of consumer goods to both retail businesses (B2B) and individual customers (B2C). We are not a multi-vendor marketplace. The Services are hosted in the United States.

You must be at least 18 years old to use the Services. See "Children's Privacy" below.


2. What Information We Collect

2.1 Information You Provide Directly to Us

When you create an account, place an order, or otherwise interact with the Services, we may collect:

  • Identity and contact data: names, email addresses, phone numbers, and mailing addresses.
  • Account and authentication data: passwords and other credentials used to create and secure your account.
  • Business customer data: for business (B2B) customers, a tax identification number (RIF). We treat this as an identifier and commercial information.
  • Payment-related data: when you pay by Zelle or check, you upload a payment proof image. When you pay by card, your card information is collected and processed by Stripe — we never receive or store your full card number (see Section 4).

2.2 Sensitive Information

We do not collect sensitive personal information.

2.3 Information Collected Automatically (Derivative Data)

When you access the Services, certain information is collected automatically. This information does not by itself reveal your specific identity but may include:

  • Log and usage data: IP address, browser type, and your activity on the Site (for example, pages viewed and actions taken).
  • Device data: information about the device you use to access the Site.
  • Approximate location data: a city- or country-level location derived from your IP address. We do not collect precise (GPS) location.

We collect this information using cookies and similar technologies. See Section 6 and our Cookie Policy.

2.4 Information from Other Sources

We do not collect personal information about you from third-party sources.


3. How We Use Your Information

We use the personal information we collect for the following business purposes:

  • To comply with our legal obligations, including accounting and tax requirements.
  • To deliver and facilitate delivery of the Services to you.
  • To fulfill and manage your orders, payments, and related transactions.
  • To evaluate and improve the Services, our products, our marketing, and the user experience.
  • To identify usage trends and understand how the Services are used.
  • To protect the Services, including for security, fraud prevention, and to enforce our terms.
  • To respond to your inquiries and provide customer support.
  • To send you administrative information, such as order confirmations, order status updates, and notices about your account or changes to our terms and policies.

We process your personal information only when we have a valid reason to do so.


4. Google API Services

We offer "Sign in with Google" (Google OAuth) so you can log in to your account using your Google credentials. When you use this feature, we access basic profile information (such as your name and email address) that Google provides to us with your authorization.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We use this information only to authenticate you and operate your account; we do not use it for advertising and do not sell it.


5. When and With Whom We Disclose Your Information

We disclose personal information only to the service providers (processors) that perform functions on our behalf, and only as needed for the business purposes described in this policy. We require these providers to protect your information and to use it only for the services they provide to us.

| Service provider | Purpose | What it receives | |---|---|---| | Stripe | Payment processing | Card payment details (handled by Stripe; not stored by us) and transaction data | | Supabase | Database, authentication, and file storage (primary processor) | Account, order, and uploaded file data | | Resend | Transactional email delivery | Email address and message content | | PostHog | Product analytics | For identified users: email, user role, and B2B credit status; plus usage data | | Sentry | Error monitoring | Diagnostic/error data, configured to not send PII (email and IP are scrubbed) | | Cloudflare (Turnstile) | Anti-bot / CAPTCHA protection | Technical signals needed to verify you are not a bot | | Vercel | Website hosting / edge delivery | Technical request data needed to serve the Site | | Google | "Sign in with Google" (OAuth) login | Authentication data you authorize |

We do not sell your personal information, and we do not share it for cross-context behavioral advertising (targeted advertising). We do not disclose your personal information to affiliates or business partners for their own purposes.

We may also disclose your information if required to do so by law, or in connection with a legal process, a government request, or to protect the rights, property, or safety of Emporium, our users, or others.


6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Site, keep you logged in, and understand how the Site is used. For details about the specific cookies we use and how to control them, please see our Cookie Policy.

We do not use Google Analytics, and we do not use advertising or targeting cookies.


7. Data Retention

We retain your personal information for as long as you maintain an account with us. After your account is closed, we keep your information only as long as necessary to comply with our legal, accounting, and tax obligations — generally up to 7 years after the account is closed.

Internet and usage activity data and approximate location data are retained for about 1 year.

When we no longer have a legitimate need to process your information, we will delete it or anonymize it.


8. Data Security

We use appropriate technical and organizational measures designed to protect your personal information, including:

  • HTTPS/TLS encryption with HSTS for data in transit;
  • passwords that are hashed and managed by our authentication provider (Supabase);
  • database row-level security;
  • input validation and other safeguards.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You access and use the Services at your own risk.


9. Children's Privacy

The Services are intended for users who are at least 18 years old. The Services are not directed to children under 18 (and certainly not to children under 13), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at empoinc.25@gmail.com so we can delete it.


10. Your U.S. State Privacy Rights

This section applies to residents of U.S. states that have enacted comprehensive consumer privacy laws (including California, Virginia, Colorado, Connecticut, Utah, and others), and we intend it to cover both currently-enacted and future U.S. state privacy laws. We honor the rights described below where the law of your jurisdiction grants them to you.

10.1 Your Rights

Depending on where you live, you may have the right to:

  • Know / Access — request confirmation of whether we process your personal information and obtain a copy of it. We honor access requests where your jurisdiction grants the right.
  • Correct — request that we correct inaccurate personal information.
  • Delete — request that we delete personal information we have collected from you.
  • Opt out — opt out of the sale of your personal information, of sharing for targeted advertising, and of certain profiling. As described below, we do not sell or share your personal information, and we do not create consumer profiles, so there is nothing to opt out of in this respect.
  • Non-discrimination — not be discriminated against for exercising your rights.

You can also update your information at any time from your account profile, and you can request deletion of your account by contacting us.

10.2 What We Collect, Disclose, and Do Not Do

In the past 12 months, we have collected and disclosed to our service providers (for the business purposes described above) the following categories of personal information:

  • Identifiers (e.g., name, email address, phone number, account identifiers, IP address).
  • California Customer Records (e.g., name, address, telephone number, and financial information such as account/credit balances and payment proofs — not card numbers).
  • Commercial information (e.g., purchase history and purchasing tendencies).
  • Internet or other electronic network activity (e.g., browsing/usage activity on the Site).
  • Geolocation data (approximate, IP-based; not precise).

We have not collected the following categories: sensitive personal information, biometric information, sensory information (audio/visual), education records, or professional or employment-related information.

We further confirm that we:

  • do not sell your personal information and do not share it for cross-context behavioral advertising;
  • do not use or process sensitive personal information;
  • do not make automated decisions about you, and do not create consumer profiles from inferences;
  • do not process the personal information of 10 million or more California residents;
  • do not offer any financial incentive in exchange for your personal information.

10.3 California "Shine the Light"

California Civil Code Section 1798.83 (the "Shine the Light" law) permits California residents to request, once per year and free of charge, information about the personal information (if any) we disclosed to third parties for their own direct marketing purposes during the preceding calendar year. We do not disclose personal information to third parties for their own direct marketing purposes. If you are a California resident and would like to make such a request, please contact us using the details in Section 13.

10.4 Global Privacy Control (GPC)

We do not currently recognize or respond to Global Privacy Control (GPC) signals or other "Do Not Track" browser signals. Because we do not sell or share your personal information for targeted advertising, there is no related opt-out to apply.


11. How to Exercise Your Rights

You may submit a privacy request using either of the following two methods:

  1. By email: empoinc.25@gmail.com
  2. By mail: Emporium Plus Inc., 5366 N Northwest Hwy, Chicago, IL 60630

To protect your information, we may need to verify your identity before acting on your request. You may also designate an authorized agent to submit a request on your behalf, where the law permits.


12. Data Protection Officer

We have not appointed a Data Protection Officer (DPO). You can direct any privacy questions or requests to us using the contact details below.


13. Contact Us

If you have questions or comments about this Privacy Policy or our privacy practices, please contact us:

  • Email: empoinc.25@gmail.com
  • Mail: Emporium Plus Inc., 5366 N Northwest Hwy, Chicago, IL 60630

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this policy and post the updated version on the Site. Material changes will be made clear through the updated date and, where appropriate, additional notice. We encourage you to review this policy periodically.


15. Related Policies


This Privacy Policy is a draft prepared for the State of Illinois, USA. It is provided for general informational purposes and is not legal advice. It should be reviewed by a licensed attorney before publication.