Privacy

Privacy policy.

How we collect, use, and protect your information. Written in plain English. If you have a question this page doesn't answer, email mira@middaydrip.com.

Effective: May 12, 2026.

— No. 01

The short version.

We collect the information you give us when you sign up for emails, place an order, or send us a note — your name, email, shipping address, and payment details (which we never see; Shopify handles them). We use it to ship your coffee, send you the emails you asked for, and improve the site. We don't sell your data to anyone. You can delete your account or opt out of marketing at any time by emailing mira@middaydrip.com.

— No. 02

What we collect.

Information you give us directly: your name, email address, shipping address, billing address, phone number (only if you give it), and any notes you send us. Information collected automatically when you visit the site: IP address, browser type, pages visited, referring URL, and basic analytics events. Payment information is collected by Shopify Payments and never stored on our servers — we receive only the last four digits of your card for your order confirmation.

— No. 03

Why we collect it.

To fulfill your orders. To send you the emails you signed up for. To answer your questions. To improve the site and figure out what coffees people actually want. To comply with tax and accounting laws. To protect against fraud. That's it. We don't do anything with your data that you wouldn't expect from a small coffee company.

— No. 04

Who we share it with.

We use a small group of trusted vendors to run the business. Each one has access to the minimum data they need to do their job, and each is bound by their own privacy obligations:

• Shopify (e-commerce platform, payment processing, order management)
• Klaviyo (email marketing, signup forms, welcome series)
• Dripshipper (coffee roasting and fulfillment)
• Old Chicago Coffee Co (the Apothecary mushroom-blend line)
• Printful (the Wares line — mugs, tumblers, drinkware)
• Vercel (website hosting and basic analytics)
• Resend (transactional emails like order confirmations and wholesale inquiries)
• Google Workspace (the email address mira@middaydrip.com runs on)
• Pinterest (the Pinterest tag, if you click through from a pin)

We do not sell your personal information to third parties. We do not share your data with advertisers beyond the standard retargeting cookies you've consented to via the platforms above.

— No. 05

Cookies and tracking.

The site uses cookies and similar technologies to remember you between visits, run the cart, capture analytics, and (if you've engaged with one of our pins) attribute traffic back to Pinterest. The active tools are: Klaviyo (for the email popup and cart-abandonment tracking), Pinterest Tag (for ad attribution), and Vercel Analytics (privacy-friendly, no cookies). You can decline non-essential cookies via your browser settings. Essential cookies (cart, login, fraud prevention) cannot be disabled or the site won't work.

— No. 06

Your rights.

Wherever you live, you can email mira@middaydrip.com to:

• Access the data we hold on you
• Correct anything that's wrong
• Delete your account and the data tied to it
• Opt out of marketing emails (or use the unsubscribe link in any email)
• Export your data in a portable format
• Withdraw consent you've previously given

If you're in California, you have additional rights under CCPA and CPRA, including the right to know what categories of personal information we've collected and the right to direct us not to sell or share your personal information. We don't sell personal information, but we honor opt-out requests anyway. If you're in the EU, UK, or another jurisdiction with similar rights (GDPR, UK GDPR), the same applies. We respond to verifiable requests within 30 days.

— No. 07

Data security.

We use industry-standard security: HTTPS everywhere (TLS 1.3), encrypted-at-rest databases (handled by our vendors above), two-factor authentication on every staff account, and a no-passwords-in-code policy. Payment data is tokenized by Shopify and never touches our systems. That said, no online business is 100% secure — if a breach ever affected you, we'd notify you by email within 72 hours of discovery, in line with state and federal breach-notification laws.

— No. 08

Retention.

We keep your data only as long as needed for the purpose we collected it for. Order records are kept for 7 years to comply with US tax law. Email subscribers stay on our list until they unsubscribe (which deletes the marketing record but not the order history). Closed accounts: order data retained for tax purposes, all other personal data deleted within 30 days of account closure unless we're required to keep it longer.

— No. 09

Children.

Midday Drip is not directed to children under 16. We do not knowingly collect personal information from anyone under 16. If you believe we've collected data from a minor, email mira@middaydrip.com and we'll delete it.

— No. 10

International visitors.

Midday Drip currently ships only within the United States. If you're visiting the site from outside the US, your data is transferred to and stored on US-based servers (Vercel, Shopify, Klaviyo, Google Workspace). We rely on standard contractual clauses with each vendor for international transfers where required.

— No. 11

Updates to this policy.

We update this policy when our practices change. Material changes are announced at the top of this page and emailed to subscribers at least 14 days before they take effect. Continuing to use the site after a change means you accept the new policy. The current effective date is at the top of the page.

— No. 12

Contact.

All privacy questions, requests, and complaints go to mira@middaydrip.com. We read every email; we usually reply same day, no later than within 5 business days.

Have a privacy question?

Email mira@middaydrip.com. A real person reads every message, usually same day.