Privacy Policy

Mill Standard ("Mill Standard," "we," "us," or "our") provides an online storefront and design tools for kitchen cabinets and hardware. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using our website (the "Service"), you agree to the practices described here.

Information you provide

• Account details: name, email address, and password (or, for Google sign-in, profile information returned by Google — see below).
• Order details: billing and shipping addresses, items purchased, and order history.
• Payment information: processed directly by our payment provider (Stripe). We do not store full card numbers on our servers.
• Design submissions and projects: sketches, photos, and project details you upload to use our AI Kitchen Builder, planner, or sketch-to-3D rendering tools.
• Communications: messages you send us through contact forms, email, or support channels.

Information from Google sign-in

If you choose to sign in with Google, Google shares with us your name, email address, profile picture, and Google account identifier so we can create or authenticate your Mill Standard account. We do not access your Gmail, Drive, Calendar, or any other Google service.

Information collected automatically

• Session cookies set by our authentication provider (Supabase) to keep you signed in.
• Device and log data such as IP address, browser type, pages visited, and timestamps, used for security, debugging, and basic analytics.

• To create and maintain your account.
• To process orders, payments, shipping, and returns.
• To run our design tools, including generating quotes, 3D renders, and AI-assisted kitchen layouts based on inputs you provide.
• To send transactional emails (order confirmations, shipping updates, account notifications).
• To respond to support requests and communicate with you about your account.
• To detect, investigate, and prevent fraud, abuse, and security incidents.
• To comply with legal obligations and enforce our terms.

We do not sell your personal information. We share it only with the third parties listed below, and only as needed to operate the Service:

• Supabase — authentication, database, and file storage for accounts, orders, and design submissions.
• Stripe — payment processing. Your payment details are submitted directly to Stripe and governed by Stripe's Privacy Policy.
• Google — only if you choose Google sign-in. Governed by Google's Privacy Policy.
• Resend — sends our transactional emails (order confirmations, account notifications).
• AI processors — when you use our design tools, the inputs you provide (text prompts, sketches, photos) are sent to OpenAI, Google Gemini, and/or Tripo3D to generate kitchen layouts and 3D renders. We pass only the content you submit, not your account credentials.
• Service providers — hosting, analytics, and operational tools that need access to operate the Service on our behalf.
• Legal and safety — when required by law, subpoena, or to protect the rights, property, or safety of Mill Standard, our users, or others.
• Business transfers — if Mill Standard is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

We use first-party cookies set by our authentication provider to keep you signed in and to remember your cart and preferences. We do not currently use third-party advertising cookies. You can disable cookies in your browser, but parts of the Service (sign-in, checkout) will not function without them.

Do Not Track: Most modern browsers no longer send standardized "Do Not Track" signals. We do not currently respond to DNT signals. However, as noted in Section 7, we do not sell or share your personal information for cross-context behavioral advertising.

We keep account and order information for as long as your account is active and as needed to comply with tax, accounting, and legal obligations (typically 7 years for order records). Design submissions are retained while your account is active and deleted on request. Server logs are retained for a limited period for security and debugging.

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, email us at the address below. We will respond within the timeframes required by applicable law.

• You can update profile details at any time from your account settings.
• You can request account deletion by contacting us.
• You can opt out of non-essential emails using the unsubscribe link in any such email.

California and other U.S. state residents

Depending on your state of residence, you may have additional rights under laws such as the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, and similar laws in other U.S. states. These rights may include:

• The right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
• The right to delete personal information we have collected from you, subject to certain exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. Mill Standard does not sell your personal information and does not share it for cross-context behavioral advertising.
• The right to limit the use of sensitive personal information. We do not knowingly collect sensitive personal information for purposes that would require this option.
• The right not to be discriminated against for exercising any of these rights.

To exercise these rights, email info@millstandard.com from the address associated with your account, or write to us at the postal address in Section 12. We will verify your identity before responding. You may also designate an authorized agent to make a request on your behalf.

California "Shine the Light" (Cal. Civ. Code § 1798.83): California residents may request information about whether we have shared personal information with third parties for their direct-marketing purposes. We do not share personal information with third parties for their own direct-marketing purposes.

We use industry-standard safeguards including encrypted connections (TLS), password hashing, scoped database access controls, and trusted payment and authentication providers. No system is completely secure; if we become aware of a breach affecting your information, we will notify you as required by law.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to delete it.

Mill Standard is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in countries with different data-protection laws than your own.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above. Significant changes will be communicated through the Service or by email.

Questions or requests about this Privacy Policy can be sent to info@millstandard.com or by mail to 4300 Biscayne Blvd, Suite 203, Miami, FL 33137, United States.