Privacy Policy

Privacy Policy

Last updated: July 18, 2025

Aurilaya operates this store and website, including all related information, content, features, tools, products, and services, in order to provide you, the customer, with a curated shopping experience (the “Services”). Aurilaya is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction using the Services or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described here.

Personal Information We Collect or Process

When we use the term “personal information,” we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you. Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal information, including inferences drawn from this personal information:

  • Contact details including your name, address, billing address, shipping address, phone number, and email address.

  • Financial information including credit card, debit card, and financial account numbers, payment card information, transaction details, form of payment, payment confirmation, and other payment details.

  • Account information including your username, password, security questions, preferences, and settings.

  • Transaction information including the items you view, add to your cart or wishlist, or purchase, return, exchange, or cancel, and your past transactions.

  • Communications with us including information you include in communications with us (for example, customer support inquiries, reviews, survey responses).

  • Device information including information about your device, browser, or network connection, your IP address, time zone, language, and other unique identifiers.

  • Usage information including information about how and when you interact with or navigate the Services (pages viewed, referring/exit pages, clickstream data).

  • Location information where you enable location-based features or where your IP address may indicate an approximate location.

  • Marketing and preferences information including your communication preferences, cookie and consent choices, and inferences about your interests.

Personal Information Sources

We may collect personal information from the following sources:

  • Directly from you including when you create an account, visit or use the Services, communicate with us, participate in promotions, or otherwise provide personal information.

  • Automatically through the Services including from your device and browser when you use our products or services or visit our websites, and through cookies, pixels, SDKs, and similar technologies.

  • From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf (e.g., payments, shipping, analytics, support).

  • From our partners or other third parties such as marketing partners, advertising networks, or social platforms (consistent with your settings on those platforms).

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:

Provide, Tailor, and Improve the Services

We use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications related to your account, to process purchases, returns, exchanges, or other transactions, to create, maintain, and manage your account, to arrange for shipping, to facilitate returns and exchanges, to enable you to post reviews, and to create a customized shopping experience (such as recommending related products). This may include using your personal information to better tailor and improve the Services.

Marketing and Advertising

We use your personal information for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message, or postal mail, and to show you online advertisements for products or services on the Services or other websites and apps, including based on items you previously purchased or added to your cart and other activity on the Services. Where required by law, we will obtain your consent before sending you direct marketing communications.

Security and Fraud Prevention

We use your personal information to authenticate your account; provide a secure payment and shopping experience; detect, investigate, or take action regarding possible fraudulent, illegal, unsafe, or malicious activity; protect public safety; and secure our services and systems. If you register an account, you are responsible for keeping your credentials safe. We recommend that you do not share your username, password, or other access details with anyone.

Communicating with You

We use your personal information to provide you with customer support, respond to your inquiries, provide effective services, administer your requests, and maintain our business relationship with you (e.g., service updates, policy updates, transactional messages).

Legal Reasons

We use your personal information to comply with applicable law or respond to valid legal process (including requests from law enforcement or government agencies), to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.

Legal Bases for Processing (EEA/UK)

Where your personal information is processed in the European Economic Area (EEA) or the United Kingdom (UK), we rely on the following legal bases:

  • Contractual necessity (e.g., to process orders and payments, deliver products, provide support).

  • Legitimate interests (e.g., to secure our Services, prevent fraud, improve and personalize the user experience, perform analytics, and market to existing customers), provided these interests are not overridden by your rights and interests.

  • Consent (e.g., for certain marketing, cookies/analytics where required, SMS programs). You may withdraw consent at any time.

  • Compliance with legal obligations (e.g., tax, accounting, regulatory requirements).

Cookies and Similar Technologies

We and our partners use cookies, pixels, tags, SDKs, local storage, and similar technologies to: enable site functionality; remember your preferences; keep you signed in; analyze performance and usage; measure and improve marketing campaigns; and show personalized ads. You can manage cookie preferences through your browser settings and (where available) our consent management tools. Blocking certain cookies may impact your experience and functionality of the Services.

Categories of cookies we may use include: strictly necessary, performance/analytics, functionality, and targeting/advertising cookies. For more details, consult your browser’s help pages or our cookie banner/manager on the site.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  • With Shopify, vendors, and other service providers who perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping, marketing services).

  • With business and marketing partners to provide marketing services and advertise to you. For example, we may use Shopify features that support personalized advertising with third-party services based on your online activity with different merchants and websites. Our partners will use your information in accordance with their own privacy notices. Depending on where you reside, you may have a right to direct us not to share information about you for targeted advertising.

  • At your direction or with your consent such as to ship products to you via carriers, when you use social media widgets or login integrations, or when you participate in co-branded promotions.

  • With our affiliates or otherwise within our corporate group for purposes consistent with this Privacy Policy.

  • In connection with a business transaction such as a merger, acquisition, reorganization, sale of assets, financing, insolvency, or bankruptcy.

  • For legal compliance and protection to comply with applicable laws, enforce our terms and policies, protect the Services, our rights, and the rights of our users or others.

We do not sell your personal information for money. Depending on your jurisdiction, certain data sharing (e.g., for cross-context behavioral ads) may be considered a “sale” or “sharing.” See Your Rights and Choices for opt-out options where applicable.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify, as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services.

To help protect, grow, and improve our business, we may use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our store, with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information for those features, including responding to requests to exercise rights over use of your personal information for those purposes. To learn more about how Shopify uses your personal information and any rights you may have, please see the Shopify Consumer Privacy Policy and the Shopify Privacy Portal (where you may exercise applicable rights).

Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on those sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect personal information about children under the age of majority in your jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the details set out below to request deletion. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

Security and Retention of Your Information

We implement appropriate technical and organizational measures designed to protect personal information; however, no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you send to us may not be secure in transit. Please avoid using unsecured channels to communicate sensitive or confidential information.

How long we retain your personal information depends on different factors, such as whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce contracts and policies. We will retain personal information only for as long as necessary for the purposes described in this Policy unless a longer retention period is required or permitted by law.

Automated Decision-Making and Profiling

We may use automated systems (including via our service providers and advertising partners) to help personalize content and offers, prevent fraud, and improve our Services. Where such processing produces legal or similarly significant effects and is conducted in the EEA/UK, we will implement safeguards and, where required, obtain your consent or provide an avenue to request human review, express your point of view, and contest the decision.

International Transfers

We may transfer, store, and process your personal information outside the country where you live. If we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or the UK’s International Data Transfer Addendum, as relevant, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute, may apply only in certain circumstances, and in some cases we may decline your request as permitted by law.

  • Right to Access / Know: Request access to personal information we hold about you.

  • Right to Delete: Request deletion of personal information we maintain about you.

  • Right to Correct: Request correction of inaccurate personal information we maintain about you.

  • Right to Portability: Receive a copy of personal information you provided and request that we transfer it to a third party, in certain circumstances.

  • Right to Opt Out of Sale/Sharing/Targeted Advertising: Depending on your jurisdiction, opt out of data practices defined as “sale,” “sharing,” or “targeted advertising.”

  • Right to Restrict/Object (EEA/UK): Object to or request restriction of certain processing based on our legitimate interests.

  • Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time (this will not affect processing prior to withdrawal).

  • Managing Communication Preferences: You may opt out of promotional emails at any time by using the unsubscribe link in our emails. We may still send you non-promotional emails, such as those about your account or orders.

You may exercise rights where indicated on the Services or by contacting us using the details below. To learn more about how Shopify uses your personal information and any rights you may have (including rights related to data processed by Shopify), please visit: https://privacy.shopify.com/en (Shopify Privacy Portal).

We will not discriminate against you for exercising any of these rights. We may need to verify your identity before processing your request, as permitted or required by law. In accordance with applicable laws, you may designate an authorized agent to make requests on your behalf; we may require proof of authorization and direct verification by you.

Regional Notices (Illustrative)

Where required by applicable state, provincial, or national laws (e.g., EEA/UK GDPR, certain U.S. state privacy laws), we provide additional disclosures regarding categories of personal information collected, purposes of use, categories of recipients, and your rights. If you reside in such a jurisdiction, those rights apply to you as described in this Privacy Policy and any jurisdiction-specific addenda we may publish.

Complaints

If you have complaints about how we process your personal information, please contact us using the details below. Depending on where you live, you may have the right to appeal our decision by contacting us using the same details, or lodge your complaint with your local data protection authority. For the EEA, you can find a list of supervisory authorities on the website of the European Data Protection Board (EDPB). For the UK, you may contact the Information Commissioner’s Office (ICO).

SMS Marketing

Aurilaya (“we,” “our,” or “us”) collects phone numbers when you voluntarily sign up to receive SMS communications. These messages may include promotional offers, order updates, cart reminders, and other informational or marketing content.

Consent to receive SMS messages is optional and is not a condition of purchase.

Your information is shared only with our SMS service provider (e.g., Klaviyo) to deliver and manage messaging and is not sold to any third party for their own marketing purposes.

By opting in, you agree to receive recurring automated marketing and informational text messages. Message and data rates may apply. Message frequency varies. To opt out, reply STOP at any time. For help, reply HELP. After you opt out, you may receive a one-time message confirming your request.

We may change any short code or telephone number used to operate the Service and will notify you of these changes. Messages sent to a number we no longer control may not be received, and we are not responsible for honoring requests made in such messages.

Supported carriers are not liable for delayed or undelivered messages. You agree to provide a valid mobile number and to re-enroll if your number changes.

To the extent permitted by law, we are not liable for failed, delayed, or misdirected delivery of any information sent through the Service, any errors in such information, and/or any action you may or may not take in reliance on the information or Service.

We respect your right to privacy. For details on how we collect and use your data, see this Privacy Policy and our cookie/consent settings on the site.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the “Last updated” date, and provide notice as required by applicable law. Your continued use of the Services after any changes become effective constitutes your acknowledgment of the revised Policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, or would like to exercise your rights, please contact us at:

Aurilaya
Email: info@aurilaya.com
Preferred subject line: “Privacy Request – Aurilaya”