Privacy Policy
# INO — Privacy Policy (US)
**Last updated: June 15, 2026**
This Privacy Policy explains how INO ("INO," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our U.S. website https://www.weareino.com (the "Site"). The Site is an **informational ("brochure") website** for our U.S. audience.
INO sells foldable (folding) yoga mats and yoga accessories. Our products are manufactured by third parties in China; INO acts as an intermediary and reseller and is not the manufacturer.
> **Current stage of our U.S. operation — please read.** Our U.S. Site is purely **informational**. It does **not** sell products, does **not** offer accounts, and does **not** collect any personal information you submit — there is **no** email signup, **no** mailing list, and **no** contact form on the Site. The **only** data processed is what the **Shopify** platform sets automatically: **strictly-necessary (essential) cookies** that make the Site work and stay secure (including a cart/session cookie only if a cart is ever present), and **basic first-party website analytics** provided by Shopify (for example, aggregate page views and general traffic information). We do **not** use third-party advertising pixels, and we do **not** sell or "share" your personal information (see Section 6). Sections of this Policy that describe purchases, payment, orders, shipping, returns, transaction data, and any future mailing list are **forward-looking** and will apply **only if and when** those features become available on the U.S. Site. We will update this Policy and the "Last updated" date before any such change goes live.
> **This Site is for U.S. users.** Our Site is intended for users in the United States. It is not directed to, or intended for, individuals in the European Union / European Economic Area (EU/EEA) or the United Kingdom.
---
## 1. Who we are (business contact)
- **Business:** INO
- **Operating party:** operated by Yair Ohayon (sole proprietor), 1 Nir St., Be'er Tuvia Industrial Zone, Israel
- **Primary U.S. contact email (privacy questions and requests):** weareino.usa@gmail.com
- **U.S. customer-service phone:** ____________
If you believe your privacy has been harmed, or you have any privacy question, contact us at **weareino.usa@gmail.com**.
---
## 2. The personal information we collect
We group the information we process into the categories below. We also map each to the statutory categories used under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), so you can see exactly what is involved.
> **What we process today, in plain terms.** Right now the Site collects **no personal information that you submit** — there is no email signup, no account, and no order. The **only** data processed is what the **Shopify** platform sets automatically: (1) **strictly-necessary (essential) cookies** that operate and secure the Site (including a cart/session cookie only if a cart is ever present); and (2) **basic first-party website analytics** provided by **Shopify** (for example, aggregate page views and general traffic information). We do **not** use third-party advertising pixels (such as Meta/Facebook, Google Ads, TikTok, Taboola, or Outbrain), and we do **not** sell or "share" personal information for cross-context behavioral advertising.
> **No "notice at collection" form on the Site today.** Because the Site does not have any form through which you submit personal information, there is no signup or order point that triggers a separate at-collection notice today. **If INO later adds a form** (for example, a mailing-list signup or, in the future, checkout), we will provide a short, layered **notice at collection** — listing the categories of personal information collected and the purposes for which they are used — at or before the point where you give us that information.
### 2a. Information you actively provide — NONE collected TODAY
The Site has **no** form that collects personal information you submit. We do **not** collect your name, email address, phone number, or address through the Site today.
- **In the future (only if a mailing list is added):** if INO later starts a mailing list, the email address (and any name) you choose to submit would be collected at that time.
- **In the future (only when shopping is available):** your full name, phone number, shipping/home address, and email address, provided when you create an account or place an order.
*CCPA/CPRA categories (forward-looking only):* identifiers; personal information under Cal. Civ. Code §1798.80 (name, contact details); (in the future) commercial information.
### 2b. Automatic platform data — essential cookies and basic analytics — processed TODAY
When you visit the Site, the **Shopify** platform automatically sets **strictly-necessary (essential) cookies** needed to operate and secure the Site (including a cart/session cookie only if a cart is ever present), and provides us with **basic first-party analytics** about Site usage — for example, aggregate page views, general traffic patterns, and standard technical information (such as device or browser type and IP address) that the hosting platform records to operate and secure the Site. This is **first-party** data provided by our hosting platform; we do **not** layer third-party advertising pixels on top of it.
*CCPA/CPRA categories:* identifiers; internet or other electronic network activity information.
### 2c. Transaction information — FORWARD-LOOKING (only when purchasing becomes available)
When purchasing becomes available, we will collect: products purchased, order and purchase dates, and customer-service records relating to your orders. **Payment will be processed by an external, third-party payment processor. INO does not collect or store full payment-card details.**
*CCPA/CPRA categories:* commercial information.
### 2d. Order-related information — FORWARD-LOOKING
When purchasing becomes available, we will also process: order history, returns and exchanges, discounts and credits, support communications, and partial/abandoned-cart information.
*CCPA/CPRA categories:* commercial information; customer-records information.
**Sensitive personal information.** We do **not** intentionally collect "sensitive personal information" as defined by the CCPA/CPRA (such as government IDs, precise geolocation, account log-in credentials, racial or ethnic origin, religious beliefs, health, or sexual-orientation data).
---
## 3. Where the information comes from (sources)
- **Automatically from the hosting platform** as you use the Site (essential cookies, basic first-party analytics, and server logs provided by **Shopify**). This is the **only** source of data today.
- **Directly from you** — **not applicable today** (the Site has no form). This would apply only in the future, if a mailing list is added or, later, when account creation and orders become available.
- **From the service providers we use to operate the Site** — today, our website/hosting platform (**Shopify**).
We do **not** receive personal information from third-party advertising or social-sign-in platforms, because we do not use advertising pixels or social-login on the Site.
---
## 4. Why we use your information (business and commercial purposes)
We use the limited information described above to:
- **Provide, operate, and secure the Site**, including serving pages reliably and protecting against fraud, abuse, and technical problems (this is what the essential cookies are for).
- **Run and improve our business**, including understanding basic Site usage through first-party analytics and developing new features.
- **Meet contractual and legal obligations**, including establishing, exercising, or defending legal claims, and complying with applicable law.
The following are **forward-looking** and apply only if and when those features go live:
- **Communicate with interested people and customers** — *if INO later starts a mailing list*, send newsletters, updates, and marketing about our products to people who choose to join it (with the ability to unsubscribe at any time).
- **Process orders** — when shopping is available, process orders, payments, shipping, returns, and customer support.
We will use **sensitive personal information**, if any is ever collected, only for the limited purposes permitted by law.
---
## 5. How we disclose information (categories of third parties)
We disclose information to the following categories of recipients:
- **Service providers / processors** who act on our behalf under confidentiality and data-protection obligations — today, our website/hosting platform (**Shopify**). *Forward-looking:* if a mailing list is added, an email-marketing platform; and when purchasing becomes available, a third-party payment processor and shipping/fulfillment providers.
- **Our owner and authorized personnel**, on a need-to-know basis and under confidentiality.
- **Authorities and other parties when legally required** — in response to a valid subpoena, court order, or other lawful request; to enforce our policies; to prevent imminent and serious harm; or to address fraud, abuse, or security and technical issues. We aim to limit any such disclosure to what is necessary.
- **In a corporate transaction** — in connection with a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred to the successor entity.
We do **not** disclose personal information to third-party advertising or analytics partners for cross-context behavioral advertising, because we do not use third-party advertising pixels.
These disclosure exceptions do **not** apply to aggregated or de-identified information that can no longer reasonably be associated with you.
---
## 6. Do we "sell" or "share" personal information?
Under the CCPA/CPRA, **"sale"** means disclosing personal information for monetary or other valuable consideration, and **"sharing"** means disclosing personal information for **cross-context behavioral advertising** (targeting ads to you based on your activity across different sites and apps), whether or not money changes hands.
- We do **not** sell your personal information for money or other valuable consideration.
- We do **not** "share" your personal information for cross-context behavioral advertising. The Site uses **no third-party advertising pixels** — Meta/Facebook, Google Ads, TikTok, Taboola, and Outbrain are **not** connected. We collect **no** personal information you submit; the only data processed is Shopify's automatic essential cookies plus basic first-party website analytics.
- We do **not** "share" or sell **sensitive personal information**, and we do not use sensitive personal information for cross-context behavioral advertising.
**Forward-looking note.** Because we do not sell or share personal information and do not use advertising pixels, we are **not** required to — and do **not** — present a "Do Not Sell or Share My Personal Information" link or honor a Global Privacy Control (GPC) opt-out signal as a current obligation. **If INO later enables third-party advertising pixels** or otherwise begins activity that qualifies as a "sale" or "share," we will **update this Policy, add a clear "Do Not Sell or Share My Personal Information" (or "Your Privacy Choices") link, and begin honoring GPC signals** at that time, before that activity goes live.
---
## 7. Your U.S. privacy rights
This section describes the rights available under U.S. state privacy laws. The exact rights you have, and whether they are legally required of us, depend on your state of residence and on whether we meet that state's coverage thresholds (see Section 12 for our general threshold assessment). **Note:** because the Site collects no personal information you submit and processes only Shopify's automatic essential cookies and basic first-party analytics, the practical scope of any request today is limited to that automatic data.
### 7a. California residents (CCPA/CPRA)
Subject to verification and legal exceptions, California residents have the right to:
1. **Know / Access** — request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties to whom we disclose it.
2. **Delete** — request deletion of personal information we collected from you.
3. **Correct** — request correction of inaccurate personal information.
4. **Opt out of sale/sharing** — direct us to stop selling or sharing your personal information for cross-context behavioral advertising. *(We do not sell or share personal information, so there is nothing to opt out of today; see Section 6.)*
5. **Limit the use of sensitive personal information** — direct us to limit the use of sensitive personal information to permitted purposes. *(We do not collect sensitive personal information, so this generally does not apply.)*
6. **Non-discrimination** — we will **not** deny you goods or services, charge you a different price, or provide a different level or quality of service because you exercised your privacy rights.
7. **Use an authorized agent** — you may designate an authorized agent to submit requests on your behalf; we may require the agent's written authorization and may ask you to verify your own identity directly.
### 7b. Residents of other U.S. states (combined state privacy rights)
If you are a resident of a U.S. state with a comprehensive consumer-privacy law — including **California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, and Arkansas** — you may, subject to that state's law and our coverage under it, have the right to:
- **Access / confirm** whether we process your personal data and obtain a copy;
- **Correct** inaccuracies;
- **Delete** your personal data;
- **Portability** — obtain your data in a portable, machine-readable format;
- **Opt out** of (a) the **sale** of personal data, (b) **targeted advertising**, and (c) certain **profiling**; and
- **Appeal** a denial of a request, where your state provides an appeal right.
**The specific rights vary by state.** Not every state listed provides every right above — for example, **Iowa and Utah do not provide a right to correct**, and **appeal rights are not available in every state** (e.g., Utah). You will have only the rights that your state's law actually grants and only to the extent we are covered by that law. **Note:** because we do not sell personal data, engage in targeted advertising, or conduct profiling, the opt-out rights in this list do not currently apply to anything we do (see Section 6).
Where required, **processing of "sensitive data" is based on your opt-in consent**, and we do not sell sensitive data.
### 7c. How to exercise your rights and our response time
- **Submit a request** by emailing **weareino.usa@gmail.com** with the subject line "Privacy Request."
- **Verification.** To protect your information, we will take reasonable steps to **verify your identity** before acting on a request. We use verification information only to verify you and do not keep it longer than needed.
- **Our timeline.** We will **acknowledge** your request within **10 business days** and **substantively respond within 45 calendar days, extendable by an additional 45 calendar days (90 days total)**. If we need the additional time, we will tell you why within the first 45 days.
---
## 8. Your choices
- **No sale or sharing today.** Because we do not sell or share your personal information and do not use third-party advertising pixels, there is no "Do Not Sell or Share My Personal Information" opt-out to exercise at this time. If that ever changes, we will add an opt-out link and begin honoring Global Privacy Control (GPC) browser signals, and we will update this Policy first (see Section 6).
- **Browser cookie controls.** The Site uses only **strictly-necessary (essential) cookies** set by our hosting platform and basic first-party analytics — there are no third-party ad-targeting cookies. You can still manage or block cookies through your browser settings at any time; note that blocking essential cookies may prevent parts of the Site from working.
- **Marketing emails (forward-looking).** The Site has **no** mailing list today, and we do **not** send marketing emails. **If INO later starts a mailing list**, you will be able to unsubscribe at any time using the "unsubscribe" link in any marketing email, or by emailing weareino.usa@gmail.com. Consistent with the federal CAN-SPAM Act, every marketing email would include a working unsubscribe mechanism and our valid physical postal mailing address.
---
## 9. How long we keep your information (retention)
We keep information only for as long as needed for the purposes described in this Policy, unless a longer period is required or permitted by law (for example, to meet legal, accounting, or dispute-resolution obligations).
| Category | Intended retention |
|---|---|
| Essential cookies & basic website analytics (first-party, via Shopify) | Per the Shopify platform's cookie and analytics retention settings |
| Email-signup data (email address, name) *(forward-looking — N/A today; no mailing list)* | If a mailing list is ever added: until you unsubscribe or ask us to delete it, plus a short period for our records |
| Customer-service communications *(forward-looking)* | 24 months from your last contact, unless a dispute or legal requirement extends it |
| Transaction/order data *(forward-looking)* | As required by tax/accounting law (often several years); otherwise no longer than 24 months after the order |
Where it is not possible to state an exact period, we use criteria such as the nature of the data, the purpose of processing, and applicable legal requirements to determine how long to keep it.
---
## 10. How we protect your information (data security)
We use reasonable administrative and technical safeguards designed to protect information. Because our U.S. operation currently runs as a small, informational-only Site, **most of these safeguards are provided by the established platform we rely on rather than maintained by INO directly:**
- **Hosting and Site security (Shopify).** Our Site is hosted on **Shopify**, and pages are served over **SSL/TLS encryption**. Shopify operates the underlying infrastructure security for the Site, including network protections and platform-level monitoring.
- **Email-marketing data security (forward-looking).** *If INO later starts a mailing list*, the email-marketing and contact data would be processed by an email-marketing platform that provides the security controls for that platform.
- **Payment security (forward-looking).** When purchasing becomes available, payments will be handled by an external third-party payment processor that maintains a secure, encrypted payment process to the applicable required standard. **INO does not collect or store full payment-card details.**
- **Our own measures.** On our side, we use account-access controls and passwords, limit access to information to authorized personnel on a need-to-know basis, and rely on the security features made available to us by Shopify.
We have described above the safeguards that are actually in place today. As our operation grows, we expect to add further measures appropriate to our size and the data we handle.
No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security, and any transmission is at your own risk.
---
## 11. International data transfers
INO is affiliated with operations in Israel, and our service provider may process data in the United States and other countries. **Your information may be transferred to, stored in, and processed in the United States, Israel, and other jurisdictions** that may have data-protection laws different from those of your state. By using the Site, you understand that your information may be transferred and processed in these locations. Our Site is intended for U.S. users and is not directed to the EU/EEA or the UK.
---
## 12. Are we required to comply with the CCPA/CPRA right now? (threshold assessment)
We want to be transparent about our legal status. A business is generally subject to the **CCPA/CPRA** only if it meets at least one of these 2026 thresholds: (a) annual gross revenue over **$26,625,000**; (b) buying, selling, or sharing the personal information of **100,000 or more** California consumers or households per year; or (c) deriving **50% or more** of annual revenue from selling or sharing personal information.
At our current **informational-only, pre-sales stage, INO almost certainly does not meet any of these thresholds** — our revenue is far below $26,625,000, we are highly unlikely to reach 100,000 California consumers/households, and we do not sell or share personal information at all. **Other comprehensive state laws use their own coverage triggers, which vary by state** — many use resident-count thresholds (often 35,000–100,000 residents) with no minimum-revenue floor, while some also turn on the share of revenue from selling personal data. This Section is a general assessment, not a state-by-state determination; **we do not believe we currently meet any of these triggers.**
We nonetheless choose to **follow these privacy practices voluntarily** because it is good practice, protects you, and prepares us for growth. If and when we cross an applicable threshold, the corresponding obligations will apply in full.
---
## 13. Children's privacy
The Site is intended for adults and is not directed to children. The Site does not knowingly collect personal information from children. The Site has no signup, account, or form through which anyone (including a child) can submit personal information today. If you believe a child has provided us personal information, contact us at **weareino.usa@gmail.com** and we will take steps to delete it.
---
## 14. Third-party links
The Site may contain links to third-party websites or platforms. We are not responsible for the privacy practices of those third parties, and we encourage you to read their privacy policies.
---
## 15. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Material changes — including before we add any mailing list, begin selling on the U.S. Site, or ever enable advertising pixels — will be reflected here.
---
## 16. Governing law
This Privacy Policy is governed by applicable United States law. We do not currently designate a specific U.S. state's law or court for disputes relating to this Policy. Nothing in this Policy removes the protection of any mandatory privacy or consumer-protection law of the U.S. state in which you reside.
---
## 17. How to contact us
- **Primary U.S. privacy/contact email:** weareino.usa@gmail.com
- **U.S. phone:** ____________
- **Mailing address:** 1 Nir St., Be'er Tuvia Industrial Zone, Israel