Privacy Policy

Crystal Ball Jewellery ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store and protect your personal data when you use our website, our personalised destiny analysis and our crystal jewellery shop. We process data in line with applicable data protection laws and in a manner consistent with trusted ecommerce and online service platforms.

1. Data we collect

We may collect:

• Account and profile: email address, name, password (hashed), and any profile details you provide.
• Analysis input: birth date and time, birth place, gender, Enneagram-style answers and any other information you give for your personalised analysis.
• Orders and shipping: billing and shipping address, phone number, and order history.
• Payment: payment is processed by Stripe. We do not store your full card number; we receive and store only the information Stripe provides (e.g. last four digits, brand) as needed for order and support purposes.
• Usage and technical data: IP address, device and browser type, and how you use the site (e.g. pages visited), similar to standard website analytics.

2. How we use your data

We use your data to:

• Provide and personalise your destiny analysis and crystal recommendations.
• Create and manage your account, and save your analysis when you choose to save it.
• Process orders, payments (via Stripe), shipping and returns.
• Send transactional emails (e.g. order confirmation, password reset) and, if you have agreed, marketing or updates.
• Improve our website, products and services (e.g. analytics, testing).
• Comply with legal obligations and protect our rights and those of our users.

We do not sell your personal information to third parties for their marketing. We may share data with service providers (e.g. hosting, Stripe, email, analytics) who act on our instructions and under agreements that protect your data.

3. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the site is used. You can control cookies through your browser settings. Blocking certain cookies may affect site functionality (e.g. staying logged in). Our approach is in line with common ecommerce and web best practices.

4. Data retention

We retain your data for as long as your account is active or as needed to provide services, process orders and comply with legal obligations (e.g. tax, consumer law). Analysis data linked to your account is kept in line with our service design. You may request deletion of your account and associated data subject to applicable law and our retention requirements.

5. Security

We use appropriate technical and organisational measures (e.g. encryption, access controls, secure hosting) to protect your data against unauthorised access, loss or misuse. Payment data is handled by Stripe in line with industry standards. No method of transmission or storage is 100% secure; we strive to follow practices used by reputable online retailers and platforms.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete or restrict processing of your data, or to object to certain processing. You may also have the right to data portability or to lodge a complaint with a supervisory authority. To exercise these rights or ask questions about your data, contact us via our Contact page. We will respond in line with applicable law.

7. Children

Our services are not directed at children under the age required in their jurisdiction (e.g. 13 or 16). We do not knowingly collect personal data from such children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

8. International transfers

Your data may be processed in Hong Kong or in countries where our service providers operate. We ensure appropriate safeguards (e.g. contracts, standard contractual clauses) where required by law so that your data is protected in line with this policy and applicable data protection regulations.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do. We encourage you to review this page periodically. For material changes we may notify you by email or a notice on the site where appropriate. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests, contact us via our Contact page or at support@crystalballjewellery.com.

© 2026 Crystal Ball. All rights reserved.