Last updated: September 25, 2025
eklexic operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, the customer, with a curated shopping experience (the "Services"). eklexic is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.
Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described in this Privacy Policy.
1. Personal Information We Collect or Process
When we use the term "personal information," we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified, so that it cannot identify or be reasonably linked to you. We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:
- Contact details including your name, address, billing address, shipping address, phone number, and email address.
- Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
- Account information including your username, password, security questions, preferences and settings.
- Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
- Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
- Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
- Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.
- Geolocation data including precise location of your device when you enable location-based features or grant permission in your device/browser settings.
2. Personal Information Sources
We collect personal information from the following categories of sources:
- Directly from You: Information you provide when placing an order, creating an account, contacting customer support, or subscribing to our marketing communications.
- Automatically from Your Devices: Technical and usage data collected via cookies, pixels, and server logs when you interact with our website through various analytics and tracking technologies.
- Google Analytics: We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as your IP address, browser type, referring website, pages visited, time spent on our site, and demographic information. Google Analytics uses cookies and similar technologies to collect this data. We may also use Google Analytics advertising features including Remarketing and Demographics and Interest Reports to better understand our audience and improve our marketing efforts. This information helps us improve our website performance and user experience. For more information about how Google collects and uses data, please visit Google's Privacy Policy and Google Analytics Terms of Service.
-
Third-Party Service Providers: Data received from various service providers we use to operate our business, including but not limited to:
- E-commerce Platform Services: Website hosting, payment processing, and order management
- Payment Processing Services: Transaction confirmation, fraud prevention, and payment processing
- Shipping and Fulfillment Services: Delivery updates, tracking information, and order fulfillment
- Analytics and Performance Services: Website performance monitoring, user behavior analysis, heatmaps, and business intelligence
- Marketing and Advertising Platforms: Email marketing, SMS communications, social media advertising, retargeting, and customer engagement
- Customer Support Tools: Live chat, helpdesk systems, and customer service management
- Review and Rating Services: Product reviews, customer feedback, and reputation management
- Other Business Applications: Various software tools and applications that help us operate, secure, and improve our services
Current Service Providers: Our key service providers currently include Shopify (e-commerce platform), Google Analytics and Google Ads (analytics and advertising), Microsoft Clarity (user behavior analytics), Meta/Facebook and Instagram (social media advertising), Pinterest and TikTok (advertising platforms), Gorgias (customer support), Yotpo (email marketing and reviews), and various shipping carriers. This list may change as we add or remove services to improve our operations and customer experience.
Data Processing: Each service provider processes personal information in accordance with their respective privacy policies and data processing agreements. We ensure that all service providers maintain appropriate data protection standards and comply with applicable privacy laws.
3. How We Use Your Personal Information and Legal Basis
Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:
- Provide, Tailor, and Improve the Services. We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
- Marketing and Advertising. We use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
- Security and Fraud Prevention. We use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
- Communicating with You. We use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
- Legal Reasons. We use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.
Legal Basis for Processing (EEA/UK Residents)
Legal Basis | Purpose Example |
---|---|
Contractual Necessity | Processing your payment through Shopify Payments and fulfilling your order. |
Consent | Sending you marketing emails through Yotpo (where you have opted in), targeted advertising via Google Ads, Meta, Pinterest, and TikTok. |
Legal Obligation | Maintaining required business records (e.g., tax records), compliance with payment processing regulations. |
Legitimate Interests | Preventing fraud, improving the security and performance of our services through Microsoft Clarity analytics, sending non-marketing operational emails, and customer support via Gorgias. |
4. Data Sharing, Third-Party Disclosure, and Targeted Advertising
We share your Personal Information with third parties to help us use your data for the purposes described above, including processing your orders and running effective marketing campaigns.
I. Disclosure and Sharing with Third Parties
We share your Personal Information with the following categories of third parties:
Service Provider | Data Processed | Purpose | Transfer Safeguards |
---|---|---|---|
Shopify Inc. | All customer and order data | E-commerce platform hosting | Standard Contractual Clauses (SCCs) |
Shopify Payments | Payment information, billing details | Payment processing | PCI DSS compliance, SCCs |
Google (Analytics/Ads) | Usage data, device information, purchase behavior | Analytics and advertising | Google EU Data Processing Terms |
Meta (Facebook/Instagram) | Browsing behavior, purchase data, email (hashed) | Targeted advertising | Meta Data Processing Terms |
Microsoft Clarity | Session recordings, heatmaps, usage analytics | Website optimization | Microsoft Data Protection Addendum |
Browsing behavior, purchase data | Advertising and retargeting | Pinterest Data Processing Agreement | |
TikTok | Browsing behavior, purchase data | Advertising measurement | TikTok Data Processing Addendum |
Gorgias | Customer communications, order details | Customer support | Standard Contractual Clauses |
Yotpo | Email addresses, purchase history, preferences | Email marketing and SMS | Standard Contractual Clauses |
Shipping Carriers | Name, address, order details | Order fulfillment and delivery | Carrier-specific data agreements |
- Legal Compliance: We may disclose your Personal Information if required to do so by law, court order, or governmental regulation, or if we believe, in good faith, that such action is necessary to protect the rights, property, or safety of Eklexic Jewelry LLC or our users.
II. Targeted Advertising and the "Sale" or "Sharing" of Data
We use tracking technologies, such as cookies and pixels, to collect information about your browsing and purchase history on our Site. This data is shared with our advertising partners (like Google and Meta) to create profiles about your interests and deliver personalized advertisements to you on other websites and social media platforms. This practice is commonly known as Behavioral Advertising.
U.S. State Law Disclosure: Under the laws of certain U.S. states, including California (CPRA), this practice of sharing data for cross-context behavioral advertising may be considered a "sale" or "sharing" of personal information.
Your Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information for targeted advertising purposes at any time. Please refer to the "Your Privacy Rights and Choices" section for instructions on how to exercise this right, including the "Do Not Sell or Share My Personal Information" link.
5. Tracking Technologies and Your Choices
We use cookies, web beacons, tracking pixels, and similar technologies (collectively, "Tracking Technologies") to facilitate operations, analyze site usage, and conduct advertising. For detailed information about our use of cookies and tracking technologies, please see our Cookie Policy.
I. Types of Tracking Technologies Used
Technology | Description | Primary Use |
---|---|---|
Cookies | Small data files stored on your device's browser by a website. | Essential site functionality, remembering preferences, and advertising. |
Pixels (Tags/Beacons) | Tiny graphics with a unique identifier placed on a website or in an email. | Used by partners like Google Ads, Meta (Facebook), Microsoft Clarity, Pinterest, and TikTok to measure the effectiveness of ads and track actions taken by users on our site. |
Device Fingerprinting | The practice of gathering and combining information about your device (e.g., browser type, operating system, screen resolution) to create a unique identifier. | Used for fraud prevention and to enhance recognition for advertising and analytics. |
Local Storage | Data stored locally in your browser beyond the session (like HTML5 Local Storage). | Used to maintain user preferences and store larger data sets for site performance. |
II. Your Choices and Opt-Out Mechanisms
You have the right to control how tracking technologies are used.
- Browser Settings: You can adjust your browser settings to refuse or remove cookies. Please be aware that blocking essential cookies may affect the availability and functionality of the Site.
-
Opting Out of Targeted Advertising: Many companies involved in online behavioral advertising are members of industry groups that offer opt-out options. You can use the links below to exercise your choices regarding personalized advertising:
- Digital Advertising Alliance (DAA): http://optout.aboutads.info/
- Network Advertising Initiative (NAI): http://optout.networkadvertising.org/
- European Interactive Digital Advertising Alliance (EDAA): http://www.youronlinechoices.eu/
-
Specific Platform Opt-Outs: You can also manage your preferences directly with major advertising partners:
- Google: https://www.google.com/settings/ads/anonymous
- Meta (Facebook/Instagram): https://www.facebook.com/settings/?tab=ads
- Microsoft: https://account.microsoft.com/privacy/ad-settings
- Pinterest: https://help.pinterest.com/en/article/personalization-and-data
- TikTok: https://www.tiktok.com/safety/en-us/ads-and-data/
- Google Analytics: You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout
- Signals: We honor Global Privacy Control (GPC) signals where required. We do not respond to browser "Do Not Track" (DNT) signals.
- Consent Management: Where required by law (e.g., GDPR, ePrivacy), we seek consent for non-essential cookies and similar technologies. You may change or withdraw consent at any time via our cookie banner or by visiting our Cookie Policy page.
6. Data Retention Policy
We retain your Personal Information only for as long as is strictly necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. We are required by the CPRA to disclose the retention period for each category of personal information we collect.
Retention by Category
Category | Purpose | Retention |
---|---|---|
Contact details | Account/order servicing, legal | Account life + 7 years after last order |
Financial/payment tokens | Transaction processing | Stored by processor only; merchant retains last four digits and transaction references for 7 years |
Account credentials | Authentication | Account life; delete within 30 days of closure |
Transaction history | Customer service, legal | 7 years |
Device/usage data (analytics/ads) | Analytics/marketing | Up to 26 months or until opt-out/withdrawal of consent |
Support communications | Customer support | 3 years from last interaction unless legal hold |
Geolocation data | Location-enabled features, fraud prevention | As long as necessary for the enabled feature; typically session-level or until consent is withdrawn |
- Disposal: When data is no longer necessary, we securely delete or de-identify it to prevent any unauthorized access or use.
7. Security of Your Information
Security Measures: We use TLS encryption for data in transit; data at rest is encrypted by our hosting providers; payments are processed by PCI DSS-certified processors; access to personal information is restricted on a role-based, least-privilege basis; administrative access is logged and monitored; and we conduct periodic access reviews and vendor risk assessments. Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure while in transit. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us.
8. Relationship with Shopify
The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information here: Shopify Privacy Portal.
9. Third Party Websites and Links
The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.
10. Your Rights and Choices
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute, may apply only in certain circumstances and, in certain cases, we may decline your request as permitted by law.
- Right to Access / Know. You may have a right to request access to personal information that we hold about you.
- Right to Delete. You may have a right to request that we delete personal information we maintain about you.
- Right to Correct. You may have a right to request that we correct inaccurate personal information we maintain about you.
- Right of Portability. You may have a right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
- Right to Opt out of Sale or Sharing for Targeted Advertising. Depending on where you reside, you may have a right to opt out of the "sale" or "share" of your personal information or to opt out of the processing of your personal information for purposes considered to be "targeted advertising", as defined in applicable privacy laws. You can exercise your rights to opt-out of those uses here. Please note that if you visit our website with the Global Privacy Control opt-out preference signal enabled, depending on where you are, we will automatically treat this as a request to opt-out for the device and browser that you use to visit the website. If we are able to associate the device sending the signal to a Shopify account, we will apply the opt out request to the account as well.
- Right to Limit Use of Sensitive Personal Information (SPI). As detailed below, we only process SPI for necessary, expected purposes.
- Managing Communication Preferences. We may send you promotional emails, and you may opt out of receiving these at any time by using the unsubscribe option displayed in our emails to you. If you opt out, we may still send you non-promotional emails, such as those about your account or orders that you have made.
A. California Residents (CCPA/CPRA) - Specific Rights
California residents have the right to Know, Delete, Correct inaccurate information, and the right to Opt-Out of the sale or sharing of their personal information.
- Sensitive Personal Information (SPI) Limited Use Statement: We do not collect or process Sensitive Personal Information for the purpose of inferring characteristics about a consumer. We may process financial account numbers, payment card data, and precise geolocation data solely to complete your transactions and fulfill your requested orders or to provide location-enabled features that you request. We do not use or disclose SPI for additional purposes. Accordingly, a separate "Limit the Use of My Sensitive Personal Information" link is not required.
- Non-Discrimination Clause: We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying you goods or services, charging you different prices, or providing a different level of quality of goods or services.
- Response Timelines (CPRA): We will confirm receipt of your Right to Know, Delete, or Correct request within 10 business days. We will respond to your request no later than 45 calendar days from the date of receipt, with a possible extension of an additional 45 calendar days if necessary, which we will notify you about. We will respond to a request to Opt-Out or a request to Limit the Use of Sensitive Personal Information as soon as possible, but no later than 15 business days from the date we receive the request.
B. EEA/UK Residents (GDPR) - Additional Rights
If you reside in the UK or European Economic Area, and subject to exceptions and limitations provided by local law, you may exercise the following rights in addition to the rights outlined above:
- Objection to Processing and Restriction of Processing: You may have the right to ask us to stop or restrict our processing of personal information for certain purposes.
- Withdrawal of Consent: Where we rely on consent to process your personal information, you have the right to withdraw this consent. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent before its withdrawal.
Response Timelines (GDPR/UK GDPR): We respond to requests to exercise rights within one month of receipt. We may extend by up to two additional months for complex or numerous requests and will notify you of any extension.
C. How to Exercise Your Rights
You may exercise any of these rights where indicated on the Services or by contacting us using the contact details provided below. To learn more about how Shopify uses your personal information and any rights you may have, including rights related to data processed by Shopify, you can visit https://privacy.shopify.com/en.
We may need to verify your identity before we can process your requests, as permitted or required under applicable law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us. We will respond to your request in a timely manner as required under applicable law.
11. Children's Data
The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority in your jurisdiction. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.
Procedure for Deletion of Children's Data: If we become aware that we have inadvertently collected personal information from a child, we will promptly delete it. If you submit a request to delete a child's personal information, we require parental or guardian verification (for example, confirmation of account details or purchase information associated with the child's data) to confirm you are the authorized representative before we can fulfill the deletion request.
Children Under 13: Our Services are not directed to children under 13, and we do not knowingly collect their personal information. If you believe a child under 13 has provided personal information, contact us and we will delete it after verifying parental status.
12. Complaints
If you have complaints about how we process your personal information, please contact us using the contact details provided below. Depending on where you live, you may have the right to appeal our decision by contacting us using the contact details set out below, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.
Appeals (Certain U.S. States): If we deny your request under applicable U.S. state privacy laws, you may appeal by replying to our decision email or contacting us within 45 days with "Privacy Appeal" in the subject. We will respond within 45 days. If you remain unsatisfied, you may contact your state attorney general.
13. International Data Transfers
Your Personal Information may be stored and processed in any country where we have facilities or engage service providers, including the United States. By using the Site, you understand and acknowledge that your information may be transferred to countries outside of your country of residence, which may have different data protection rules than those of your country.
EEA/UK/Swiss Transfers: If you are a resident of the EEA, the UK, or Switzerland, we ensure that the transfer of your Personal Data outside of these jurisdictions is subject to appropriate safeguards. For the EEA we use the European Commission's Standard Contractual Clauses (SCCs); for the UK we use the ICO International Data Transfer Addendum (IDTA) or the UK Addendum to the EU SCCs; and for Switzerland we apply SCCs aligned to FDPIC guidance. We implement supplementary measures where appropriate.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date and provide notice as required by applicable law.
15. Contact Information and Policy Updates
If you have questions about our privacy practices, this Privacy Policy, or if you would like to exercise any of your rights, please contact us by email or mail:
- Email: customercare@eklexic.com
-
Mailing Address:
Eklexic Jewelry LLC
21926 Town Place Drive
Boca Raton, Florida 33433
United States