Legal & Compliance Documentation

Governing policies for the Mill & Hide transactional routing infrastructure. Last updated: March 2026.

Contents

1. Entity & Infrastructure Operator

This infrastructure is operated by Mill & Hide, acting as the primary data controller and routing entity for internal e-commerce, lifestyle retail, and logistics operations.

  • Authorized Representative: Kate Lenehan, Director of Digital Operations
  • Physical Headquarters: 125 Comur Street, Yass, NSW 2582, Australia
  • System Domain: millandhide.com

2. Acceptable Use Policy (AUP)

The Mill & Hide infrastructure is strictly provisioned for System Alerts, Webhooks, and Transactional e-commerce messaging. Access to our routing APIs is heavily restricted and monitored to ensure 100% compliance with ISP Postmaster guidelines.

2.1 Allowed Use Cases

  • Order Management System (OMS): Receipts, Tax Invoices, Order Confirmations, and Refund validations.
  • Logistics Pipeline: Courier dispatches, tracking updates, and delivery confirmations.
  • Identity & Security: Two-Factor Authentication (2FA) tokens, password resets, and account verification limits.

2.2 Strictly Prohibited Activities

Our platform enforces a Zero-Tolerance Policy against the following:

  • Sending Unsolicited Commercial Email (UCE) or "Spam".
  • Purchasing, renting, or utilizing third-party mailing lists (e.g., scraped data, co-registration lists).
  • Routing affiliate marketing traffic, multi-level marketing (MLM) promotions, or lead-generation blasts.
  • Attempting to bypass our bounce/complaint suppression lists.

3. Anti-Spam & Delivery Compliance

To maintain Tier 1 deliverability and fulfill our Service Level Agreements (SLA) with our customers, we mandate rigorous data validation protocols aligned with CAN-SPAM, GDPR, and the Australian Spam Act 2003.

3.1 Consent & Opt-In Architecture

We do not send any communication without explicit, verifiable consent:

  • Double Opt-In (DOI): Any non-essential system subscription requires a confirmed double opt-in loop. Accounts remain in a `pending` state until the unique cryptographic link is clicked.
  • No Pre-checked Boxes: Our checkout flows ensure that consent for any secondary communication is unticked by default. Email addresses collected during checkout are isolated strictly for fulfilling the immediate transaction.

3.2 Authentication & Headers

All outbound mail is cryptographically signed. We enforce strict SPF, DKIM, and DMARC alignment. Feedback Loops (FBLs) are automatically processed by our system to immediately suppress any complaining addresses.

4. Privacy Policy & Data Collection Vectors

Mill & Hide collects "Zero-Party" data strictly to execute our operational mandates. We do not sell or broker customer data to third parties.

4.1 Offline Point of Sale (POS) Collection

Data collected at our physical dispatch center (Yass, NSW) occurs via terminal entry when a customer requests a digital tax invoice. For loyalty programs, customers complete a physical paper form requiring a wet signature. These forms are digitally archived with a `source: offline_pos_signed` tag in our database.

4.2 Online Checkout Pipeline

Data collected via the `millandhide.com` domain is transmitted over TLS 1.3 encryption. Data is utilized exclusively to calculate shipping, process payment gateways, and deliver the purchased physical goods (home decor, saddlery, fashion).

5. Data Security & Storage

All personally identifiable information (PII) is encrypted at rest using AES-256. Access to the administrative console and routing logs is restricted via Role-Based Access Control (RBAC) and IP whitelisting. Kate Lenehan oversees all data audits and compliance checks on a quarterly basis.

Report Abuse: If you believe you have received unsolicited communication from our routing infrastructure, please forward the complete email headers to abuse@millandhide.com for immediate investigation.