Privacy Policy

The controller of your personal data is Stainless Jewelry LLC, 117 S Lexington Street, STE 100, Harrisonville, MO 64701, USA, trading as The Stainless Jewelry. References to "we", "us", or "our" mean the controller.

For any privacy-related question, please contact us at bohdan@stainlessjewellery.com.

We collect the following categories of personal information:

• Identification and contact information: name, billing and shipping address, email, phone number.
• Order and transaction information: items purchased, order value, order history, returns, communications about your order.
• Payment information: payment method type, the last four digits of your card, and a tokenised reference. We do not store full card numbers - these are handled by our payment processor.
• Account information (if you create an account): username, hashed password, preferences, wish list.
• Device and usage information: IP address, device type, browser, operating system, pages viewed, referring URL, timestamps, approximate location derived from IP.
• Marketing preferences: email subscription status, consent records.
• Customer support communications: messages you send us by email, chat, or social media.

• Directly from you, when you place an order, create an account, contact support, or subscribe to our newsletter.
• Automatically, through cookies and similar technologies - see our Cookie Policy.
• From service providers we use, such as payment processors and shipping carriers, who confirm transactions and deliveries.

We use personal information for the following purposes:

• To process your order: take payment, arrange delivery, handle returns, and provide customer service.
• To comply with legal obligations: tax, accounting, anti-money-laundering, sanctions, consumer-protection, and similar laws.
• To operate and improve the Site: secure it, prevent fraud, defend legal claims, run analytics where you have consented.
• To send marketing communications about similar products, subject to your right to opt out at any time.
• With your consent: for non-essential cookies, newsletter subscription, and any optional marketing communications. You can withdraw consent at any time.

We share personal data with the following categories of recipient, only as needed and under appropriate contractual safeguards:

• Payment processors (for example Stripe), to authorise and settle payments.
• Our United States third-party logistics (3PL) and warehousing partner, to pick, pack, and ship your order.
• Shipping carriers (for example USPS, UPS, DHL, FedEx), to deliver your order and provide tracking.
• Hosting, infrastructure, and software providers that operate the Site and back-office tools.
• Email-delivery and customer-support platforms.
• Analytics providers, where you have given consent for non-essential cookies.
• Professional advisers (lawyers, accountants, auditors) under duties of confidentiality.
• Public authorities, where required by law, court order, or to defend legal claims.

We do not sell your personal information for money. Where the term "sale" or "sharing" is defined broadly under United States state privacy laws (for example the California Consumer Privacy Act, as amended by the CPRA), the only activity that may fall within that definition is the use of advertising cookies for cross-context behavioural advertising, and only where you have consented. You may opt out at any time - see section 8.

We keep personal data only for as long as we need it for the purposes set out in this Policy, including to comply with tax and accounting obligations (typically 6-7 years for transaction records), defend legal claims, and operate our business. Marketing data is kept until you unsubscribe, and analytics data is kept for the period set in our analytics tools, which is described in our Cookie Policy.

Depending on the state in which you live, you may have the following rights in relation to your personal data:

• Right to know - to learn what personal data we hold about you and how we use it.
• Right of access - to obtain a copy of the personal data we hold about you.
• Right to correct - to ask us to correct inaccurate or incomplete information.
• Right to delete - to ask us to delete personal data we no longer need.
• Right to data portability - to receive certain data in a structured, machine-readable format.
• Right to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising, and of profiling for significant decisions.
• Right to non-discrimination - we will not deny you goods, services, or charge different prices for exercising your privacy rights.

These rights apply under the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and similar state-level laws as they come into effect. Some rights may differ slightly by state.

If you are located outside the United States and choose to do business with us, please be aware that your data will be processed in the United States under United States law. We will still respect reasonable requests in line with the principles set out above.

California residents and residents of other US states with similar rights may opt out of any "sale" or "sharing" of personal information for cross-context behavioural advertising. You can do this by:

• rejecting non-essential cookies in our cookie banner;
• emailing bohdan@stainlessjewellery.com with the subject line "Do Not Sell or Share";
• sending a recognised Global Privacy Control (GPC) signal from your browser - we honour GPC where required by law.

The Site is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

To exercise any of your rights, or for any privacy question, please email bohdan@stainlessjewellery.com, or write to us at Stainless Jewelry LLC, 117 S Lexington Street, STE 100, Harrisonville, MO 64701, USA.

We will respond within the time limits required by applicable law, typically within 45 days. We may ask you to verify your identity before acting on a request.

We use technical and organisational measures designed to protect personal data, including TLS encryption in transit, access controls, vetted service providers, and incident-response procedures. No system is perfectly secure, but we take security seriously and we will notify you and the relevant authorities of any data breach that is likely to result in a high risk to your rights, as required by law.

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows when the latest version took effect. Material changes will be brought to your attention by email or a clear notice on the Site.