Privacy policy

Privacy Policy

Effective date: November 6, 2025
Who we are: Aiyah Crystals (“Aiyah,” “we,” “us,” “our”) operates aiyah.co, related subdomains, and our social channels (including Instagram @aiyah___). We sell handmade accessories and offer events, workshops, and consultations in the United States.

We respect your privacy and are committed to protecting your personal information. This policy explains what we collect, how we use it, and your choices.

1) What we collect

Information you provide

  • Account & profile: name, email, password, country/region, preferences.

  • Orders & payments: shipping/billing addresses, phone, order details; payment details are processed by our payment partners—we don’t store full card numbers.

  • Consultations & events: forms you submit, scheduling details, notes you choose to share.

  • Customer support: messages, return details, photos you send us.

  • UGC & social: reviews, survey responses, DMs/comments you choose to share.

  • Wholesale/press: company/contact info if you reach out.

Information collected automatically

  • Device & usage: IP address, device/browser type, pages viewed, time on site, referring URLs.

  • Cookies & similar tech: session and preference cookies; optional analytics/marketing pixels if you consent (where required).

  • Approximate location: derived from IP for things like currency, language, shipping availability, and fraud prevention.

Sensitive data

We do not require sensitive personal data. If you voluntarily share wellness/emotional information during crystal consultations, we treat it as confidential service info and use it only to provide the service you requested.

2) How we use your information

  • Run our store: process orders, payments, shipping, returns, and accounts.

  • Support: answer questions, handle warranties/repairs, resolve issues.

  • Consultations & events: schedule, personalize sessions, deliver related materials.

  • Personalization: remember preferences (e.g., currency/language) and suggest relevant products/content.

  • Marketing (with consent where required): emails/SMS about new drops, events, offers; run ads; invite reviews.

  • Analytics & improvement: understand site performance and improve products/services.

  • Fraud & security: detect, investigate, and prevent fraud or illegal activity.

  • Legal compliance: tax, accounting, and regulatory obligations.

U.S. legal bases/authority: We process data to perform a contract (fulfill your order), with your consent (e.g., marketing cookies), and for legitimate interests (e.g., site security, service improvement, reasonable direct marketing), and to comply with law.

3) Sharing your information

We share data only as needed to operate our business:

  • Ecommerce & hosting: our store platform/hosting (e.g., Shopify or equivalents).

  • Payments: processors like Shopify Payments/Stripe/PayPal (we never store full card details).

  • Fulfillment: shipping carriers, 3PLs, returns logistics.

  • Analytics & marketing: analytics tools, email/SMS providers (e.g., Klaviyo/Mailchimp), ad platforms (e.g., Meta/Google), with controls below.

  • Support & scheduling: helpdesk and booking tools (e.g., Help Scout/Zendesk; Calendly/Acuity).

  • Professional services: auditors, lawyers, accountants (under confidentiality).

  • Business transfers: as part of a merger, acquisition, or asset sale.

  • Legal & safety: if required by law or to protect rights, safety, and security.

Service providers must use your data only on our instructions and protect it.

4) Your U.S. state privacy rights

Depending on your state (e.g., California (CPRA), Colorado, Connecticut, Utah, Virginia), you may have rights to:

  • Know/access the categories and specific pieces of personal information we collected.

  • Correct inaccurate personal information.

  • Delete personal information (subject to lawful exceptions).

  • Portability (receive a copy in a portable format).

  • Opt out of certain processing, including targeted advertising and the “selling” or “sharing” of personal information (as those terms are defined by law).

  • Limit use of sensitive data (where applicable).

We do not sell personal information for money. We may use advertising/analytics tools that could be considered “sharing” or “targeted advertising.” You can opt out as described in Section 7 (Cookies & Ads). We honor Global Privacy Control (GPC) signals where required.

Exercising your rights: Email aiyah@aiyah.co with subject “Privacy Request” and tell us what right you want to exercise. We’ll verify your identity (and, where permitted, an authorized agent may submit on your behalf).

Non-discrimination: We won’t discriminate against you for exercising privacy rights (except as permitted, e.g., loyalty programs).

5) Children’s privacy

Our services are not intended for children under 13 and we don’t knowingly collect data from them. If you believe a child provided personal information, contact us to delete it. (COPPA compliant.)

6) Retention

We keep personal information only as long as needed for the purposes in this policy, for example:

  • Orders/tax records: up to 7 years (or as required by law).

  • Accounts & preferences: until you delete your account or request deletion.

  • Consultation notes: generally up to 2 years after your last session unless you ask us to delete sooner (unless we must keep it for legal reasons).

  • Marketing data: until you unsubscribe or withdraw consent.

7) Cookies, analytics, and ads

Your choices

  • Cookie banner/preferences: manage optional cookies (analytics/marketing) via our banner or settings link (where available).

  • Browser controls: block or delete cookies; some features may be limited.

  • Email/SMS: unsubscribe using the link or reply STOP.

  • Targeted ads: opt out via our “Do Not Sell or Share / Opt Out of Targeted Ads” link (footer), via your cookie preferences, or send us a privacy request. We honor GPC signals where required.

What we use

  • Necessary cookies: to run the site (login, cart, checkout).

  • Analytics: to measure and improve performance.

  • Marketing/ads: to measure ad performance and show relevant ads; these may be considered “sharing” or “targeted advertising” under state laws.

8) Security

We use administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls). No method is 100% secure—please use strong, unique passwords and keep them confidential.

9) Third-party links & social features

Our site may link to third-party sites or include social features (e.g., Instagram). Those services have their own privacy practices. Review their policies.

10) International visitors

We primarily serve the United States. If you access our services from outside the U.S., your data may be processed in the U.S., which may have different data protection laws.

11) Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We’ll post the updated version with a new effective date. Material changes will be highlighted on-site.

12) Contact us

Email: info@aiyah.co
Mailing address: Aiyah Inc. 4224 brooktree lane , Dallas, TX 75287, United States
Instagram: @aiyah___