Skip to content

Privacy Policy

Effective Date: February 24, 2026
Last Updated: February 24, 2026

Susan Bloom Mandalas (“we,” “our,” or “us”) operates susanbloomgallery.com (the “Site”).

This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our Site, contact us, subscribe to our emails, or make a purchase.

By using the Site, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We may collect the following types of information:

A. Information You Provide to Us

When you use our Site, you may provide information such as:

  • Name

  • Email address

  • Phone number (if provided)

  • Billing address

  • Shipping address

  • Payment-related information (processed by third-party payment processors)

  • Order details (products purchased, order history)

  • Messages submitted through contact forms or email

  • Any other information you choose to provide

B. Information Collected Automatically

When you visit the Site, certain information may be collected automatically, such as:

  • IP address

  • Browser type and version

  • Device type

  • Operating system

  • Referring website

  • Pages viewed

  • Time spent on pages

  • Date/time of visits

  • Clicks and interactions on the Site

  • Cookies and similar tracking technologies (see Section 6)

C. Information from Third Parties

We may receive information from third parties that help us operate the Site and our business, such as:

  • Payment processors

  • Shipping providers

  • Analytics providers

  • Advertising platforms

  • Email marketing providers

  • Website platform/plugins and security tools

2. How We Use Your Information

We may use your information to:

  • Process and fulfill orders

  • Communicate with you about orders, shipping, returns, and customer support

  • Respond to inquiries and messages

  • Send marketing emails (if you opt in, where required)

  • Improve our Site, products, and user experience

  • Analyze traffic and performance

  • Detect, prevent, and address fraud, misuse, or security issues

  • Comply with legal obligations

  • Enforce our terms and policies

3. Legal Bases for Processing (EEA/UK Visitors)

If you are located in the European Economic Area (EEA) or United Kingdom, we may process your personal data on one or more of the following legal bases:

  • Performance of a contract (e.g., to process your order)

  • Consent (e.g., for marketing emails or certain cookies, where required)

  • Legitimate interests (e.g., improving our Site, preventing fraud, customer service)

  • Legal obligation (e.g., tax, accounting, or compliance requirements)

4. How We Share Information

We do not sell your personal information for money.

We may share information with trusted third parties only as needed to operate our business and Site, including:

  • Payment processors (to process payments)

  • Shipping carriers / fulfillment providers (to deliver orders)

  • Website hosting and platform providers (to run the Site)

  • Analytics providers (to understand site usage)

  • Advertising/marketing platforms (to measure ad performance and support advertising, if used)

  • Email service providers (to send newsletters and updates, if used)

  • Security and fraud-prevention tools

  • Professional advisors (lawyers, accountants, insurers)

  • Authorities or legal entities when required by law or to protect rights, safety, or property

We may also share information in connection with a business transfer (e.g., merger, sale, or asset transfer), if applicable.

5. Payment Processing

Payments on the Site may be processed by third-party payment processors, including:

  • WooPayments

  • PayPal

We do not generally store full payment card numbers on our servers. Payment information is processed by these third-party providers according to their own privacy policies and security practices.

6. Cookies and Tracking Technologies

We may use cookies, pixels, tags, and similar technologies to:

  • Keep the Site functioning properly

  • Remember preferences

  • Analyze traffic and user behavior

  • Improve performance

  • Measure advertising results

  • Support marketing/retargeting (if enabled)

Types of Cookies We May Use

  • Essential cookies (required for site functionality)

  • Performance/analytics cookies

  • Functional cookies

  • Advertising/marketing cookies

Tools We Use for Analytics and Tracking

We may use the following tools and technologies on the Site:

  • Google Analytics (including implementation via MonsterInsights)

  • Meta Pixel

These tools may collect information about your activity on the Site and, in some cases, across other websites and services.

You can usually control cookies through your browser settings. If we use a cookie consent banner/tool, you may be able to manage your preferences there.

7. Email Marketing and Communications

If you subscribe to our newsletter or marketing emails, we may send you updates about:

  • New artwork releases

  • Print availability

  • Promotions or special offers

  • Brand/news updates

We use Klaviyo (or similar email marketing tools) to manage and send marketing communications.

You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us at the email listed below.

We may still send transactional emails related to orders, payments, shipping, or customer service.

8. Data Retention

We retain personal information only for as long as necessary to:

  • Fulfill the purposes described in this Privacy Policy

  • Provide products and services

  • Maintain business and financial records

  • Comply with legal, tax, and accounting obligations

  • Resolve disputes and enforce agreements

Retention periods may vary depending on the type of information and legal requirements.

9. Your Privacy Rights

Depending on where you live, you may have certain privacy rights.

A. EEA/UK Rights (GDPR)

If applicable, you may have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion of your data

  • Restrict or object to certain processing

  • Data portability

  • Withdraw consent (where processing is based on consent)

  • Lodge a complaint with a supervisory authority

B. California Privacy Rights (CCPA/CPRA, if applicable)

If you are a California resident and the law applies to our business, you may have rights to request:

  • Know/access the personal information we collect, use, disclose, sell, or share

  • Delete certain personal information

  • Correct inaccurate personal information

  • Opt out of sale or sharing of personal information (if applicable)

  • Limit use/disclosure of sensitive personal information (if applicable)

  • Non-discrimination for exercising your privacy rights

To exercise applicable rights, contact us using the information in Section 13.

If required by law and technically enabled, we may honor browser-based opt-out preference signals (such as Global Privacy Control).

10. Do Not Track / Global Privacy Control

Some browsers offer “Do Not Track” (DNT) signals. Because there is no universal standard for DNT responses, our Site may not respond to DNT signals.

Where required by applicable law, we may recognize and process valid opt-out preference signals (such as Global Privacy Control) for applicable data processing activities.

11. Security

We use reasonable administrative, technical, and organizational measures to help protect personal information.

We may also use security and anti-spam tools such as:

  • Wordfence

  • Google reCAPTCHA (or other reCAPTCHA services)

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Children’s Privacy

Our Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If you believe a child has provided personal information to us, please contact us and we will take appropriate steps to delete it.

13. Contact Us

If you have questions about this Privacy Policy or want to make a privacy-related request, contact us at:

Susan Bloom Gallery
Email: hijikimoon@gmail.com
Website: susanbloomgallery.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.

When we make changes, we will update the “Last Updated” date at the top of this page. Your continued use of the Site after changes are posted means you accept the updated Privacy Policy.

15. Third-Party Services and Tools We Use

We currently use the following third-party services/tools (as applicable):

  • E-commerce platform/plugin: WordPress + WooCommerce

  • Payment processors: WooPayments, PayPal

  • Analytics: Google Analytics, MonsterInsights

  • Advertising pixels/tags: Meta Pixel

  • Email marketing: Klaviyo

  • Spam/security tools: reCAPTCHA, Wordfence

  • Embedded content: Facebook, Instagram, YouTube

These services may collect information directly from your browser/device and may use cookies or similar technologies under their own privacy policies.

16. Embedded Content and Social Media Features

Pages on our Site may include embedded content and social media features (such as Facebook, Instagram, and YouTube embeds). Embedded content from other websites may behave in the same way as if you visited those websites directly.

These third parties may collect data about you, use cookies, embed additional tracking, and monitor your interaction with that embedded content (including if you have an account and are logged in to those services).

17. U.S. State Privacy Requests

Residents of certain U.S. states may have privacy rights under applicable law. We will evaluate and respond to requests in accordance with applicable law based on your state of residence and the nature of our processing activities.

To submit a request, email us at hijikimoon@gmail.com with the subject line: Privacy Request.