🌿 Free same-day delivery in Tbilisi

Legal

Privacy Policy

Last updated: 29 April 2026

Data Controller

Business entity: αƒ˜αƒœαƒ“αƒ˜αƒ•αƒ˜αƒ“αƒ£αƒαƒšαƒ£αƒ αƒ˜ მეწარმე αƒ‘αƒαƒšαƒαƒ›αƒ” αƒœαƒ˜αƒ™αƒαƒšαƒ”αƒ˜αƒ¨αƒ•αƒ˜αƒšαƒ˜
Identification code: 01024039267
Privacy contact: privacy@mauaconcept.com
Phone: +995 599 912 237

1. Information We Collect

When you use our website and place orders, we may collect the following information:

  • Account information: name, email address, phone number (when you register or sign in with Google)
  • Order information: delivery address, recipient name, recipient phone number, card messages, order history
  • Payment information: payment card details are processed securely by our payment provider (Flitt / TBC) and are never stored on our servers. We only store payment references and tokenized card identifiers for recurring subscription payments.
  • Technical data: IP address, browser type, device information, pages visited β€” collected automatically for website functionality

2. How We Use Your Information

We use your personal information to:

  • Process and deliver your orders
  • Manage your account and subscriptions
  • Communicate with you about your orders, deliveries, and account
  • Process payments and refunds
  • Improve our website and services
  • Comply with legal obligations
  • Send marketing messages β€” only with your separate, explicit consent

3. Data Sharing & Third Parties

We do not sell your personal data. We use the following trusted service providers, who access only the data needed to deliver our service:

  • Flitt / TBC (payments, Georgia) β€” secure payment processing
  • Delivery couriers (Georgia) β€” recipient name, phone, and address
  • Vercel (hosting, EU/US) β€” operating the website
  • Supabase (database/auth, EU) β€” storing account and order data
  • Google ("Sign in with Google") β€” authentication; we receive only your name and email
  • Resend (email) β€” sending transactional emails (confirmations)
  • Google Gemini (AI preview) β€” generating a bouquet preview image from your selected flowers (see section 9)

4. Where Your Data Is Stored

Your account and order data is stored in Supabase in the European Union (EU) region. The website is operated by Vercel, which runs servers in the EU and the US. Where data is transferred outside the EU / Georgia (e.g. to the US), this is done under appropriate legal safeguards such as Standard Contractual Clauses (SCCs).

5. Cookies

Our website uses only essential cookies to maintain your session, language preference, and shopping cart. We do not use tracking or advertising cookies. For details see our Cookie Policy.

6. Data Retention

  • Order records are kept for 6 years for accounting and legal purposes (as required by the Georgian Tax Code).
  • Gift card messages are deleted 90 days after delivery.
  • The marketing email list is kept until you unsubscribe.
  • After you cancel a subscription, your tokenized card reference is kept for 13 months to handle any potential refunds, then deleted.

7. If Someone Sends You a Gift Through Maua

When someone sends you flowers, we receive your name, phone, and address solely to complete that delivery. You have the same rights as any user β€” you can ask what data we hold about you, and request its correction or deletion. Contact us at privacy@mauaconcept.com. We keep this data for no more than 90 days after delivery (apart from the order record kept for accounting).

8. AI Feature (Bouquet Preview)

The "Build a bouquet" page uses AI (Google Gemini) to generate a preview image from your selected flowers. Your selection is sent to the AI service only to create the image and is not used to train the AI model. The generated preview is saved to your account if you are signed in.

9. Your Rights & How to Exercise Them

Under Georgian data protection law and the GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for data processing
  • Ask us to stop processing your data
  • Lodge a complaint with the Personal Data Protection Service of Georgia

To exercise any of these rights, use our data request form, or email privacy@mauaconcept.com. We respond within 30 days, as required by law.

10. Security

We take reasonable technical and organizational measures to protect your personal data. Payment processing is handled by PCI-compliant providers, and all data is transmitted over encrypted (HTTPS) connections.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

12. Contact

For privacy-related inquiries:
Email: privacy@mauaconcept.com
Phone: +995 599 912 237
Address: Zandukeli St, Old Town, Tbilisi, Georgia