Privacy Policy

2.2   Social Login (OAuth) 

The following applies to Joyers digital products where social login is available. Specific data collection practices for each product are detailed in the product-specific privacy policy for that product.

If you sign in via Apple, Google, or Facebook, we receive your name, email, profile picture, and a unique identifier from that provider. We never receive your password. You can disconnect social login at any time in your account settings.

2.3   Location Data

The following applies to Joyers digital products where location-based features are available. Location data is not actively collected through the Joyers Inc. website.

With your explicit permission, we may collect approximate or precise location to improve product functionality and service delivery. You may revoke location access at any time in your device settings. Revoking access may limit certain features.

2.4  Automatically Collected Data

• Device identifiers: model, operating system version, unique device IDs
• Network information: IP address, mobile carrier, connection type
• Usage data: features accessed, screens viewed, session duration, crash reports, and interaction logs
• Inferred data: interests and behavioral patterns derived from your usage of our products

2.5   Cookies & Tracking Technologies

We use cookies, analytics tools, and mobile advertising identifiers (e.g., IDFA, GAID) for essential product functions, analytics, and advertising measurement. A cookie preference notice will appear on first use of any Joyers product or website. You may update your preferences at any time.

2.6   Data from Third Parties

We may receive data from advertising partners, analytics providers, and business clients (e.g., audience lists for campaign execution). Such data is used only for the purposes for which it was provided.

2.7  Sensitive Data

We do not intentionally collect sensitive personal information such as health data, biometric data, racial or ethnic origin, political opinions, or financial account credentials. If you believe sensitive data has been inadvertently collected, contact contact@JoyersHQ.com immediately.

3.3  To Communicate with You

• Send marketing communications about Joyers products and services — with your consent only
• Conduct product improvement surveys and research

You may opt out of marketing communications at any time via unsubscribe links or by contacting contact@JoyersHQ.com. Opting out does not affect transactional messages.

4.  How We Share Your Information

Joyers does not sell, rent, or trade your personal information to third parties for their independent marketing purposes. This applies to all users.

4.1  Technology & Service Vendors

We share data with trusted third-party vendors acting as processors on our behalf, including database infrastructure and authentication (Supabase), web deployment (Vercel), media storage and CDN delivery (Cloudinary), payment processing (Stripe), email delivery (SendGrid), and push notifications via Firebase Cloud Messaging (FCM). All vendors are engaged under written agreements.

4.2  Business Service Clients

We share aggregated, de-identified, or campaign-specific performance data with business clients as part of contracted service engagements. We do not share your identifiable personal data with business clients without your explicit consent.

4.3  Dual Role Disclosure

Joyers operates as both a data controller (when collecting data from our own product users) and a data processor (when handling data provided by business clients for service delivery). In our processor capacity, we act only on documented client instructions and do not use client-provided data for our own purposes.

4.4  Legal & Regulatory Disclosures

We may disclose information when required by applicable law, valid legal process (subpoena, court order), governmental authority, or to protect the safety of users. Where legally permitted, we will notify you of such requests.

4.5  Corporate Events

In the event of a merger, acquisition, asset sale, or reorganization, your information may be transferred. We will provide reasonable advance notice where legally permitted.

5.  How Long We Keep Your Data

We retain personal data only as long as necessary for the purposes in this policy, to meet legal obligations, and to resolve disputes. The periods below are maximum indicative limits. Data may be deleted sooner where it is no longer needed for its original purpose:

• Account data: retained for the duration of the active account, and deleted or anonymized within 24 months of account closure, unless a longer period is required by law
• Transaction and payment records: as required by applicable US tax and financial law
• Service engagement data: per applicable agreement, and as required by law
• Marketing consent records: retained for the duration of active consent, plus up to 3 years after withdrawal or last interaction, for evidentiary and compliance purposes
• Analytics and log data: retained for up to 24 months from collection, after which data is aggregated, anonymized, or deleted
• Support communications: retained for up to 12 months from the date of resolution

When data is no longer needed, we securely delete or irreversibly anonymize it using appropriate methods.

6.  Data Security

We implement reasonable technical and organizational measures to protect your personal information. These include encryption of data in transit and at rest, access controls, and internal security procedures appropriate to our current scale as an early-stage company.

No system is completely secure. We cannot guarantee absolute security of your data. We maintain an incident response process and will notify affected users and relevant authorities of a material data breach in accordance with applicable law. Our security posture will strengthen as we grow.

7.  Your Privacy Rights

7.1  All Users

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or outdated information
• Deletion — request deletion of your data, subject to legal retention requirements
• Portability — receive your data in a structured, machine-readable format where applicable
• Withdraw consent — for any consent-based processing, at any time
• Opt out of marketing — via unsubscribe links or by contacting us

To exercise any right, email contact@JoyersHQ.com. We will respond within a reasonable timeframe consistent with applicable law and may verify your identity before processing your request.

7.2  California Residents (CCPA/CPRA)

Our products and services are currently US-focused. We reference GDPR as part of our intended direction as we expand internationally. EEA and UK users have rights including access, correction, erasure, objection, and the right to lodge a complaint with their local supervisory authority. Contact contact@JoyersHQ.com for any requests.

7.3  EEA & UK Users (GDPR / UK GDPR)

Our products and services are currently US-focused. We reference GDPR as part of our intended direction as we expand internationally. EEA and UK users have rights including access, correction, erasure, objection, and the right to lodge a complaint with their local supervisory authority. Contact contact@JoyersHQ.com for any requests.

7.4  Children’s Privacy (COPPA)

Our products and services are not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from minors. If we discover such data has been collected, we will delete it promptly. Parents or guardians may contact contact@JoyersHQ.com to request deletion of a minor’s data.

Joyers Inc. digital products and services are currently directed at users aged 18 and above. Joyers Inc. may in future phases introduce access for users aged 13 and above across its digital products, subject to full compliance with COPPA and all applicable state laws governing minors’ access to digital platforms. Any such expansion will be accompanied by updated product-specific terms and advance notice to existing users.

7.5  Other US State Residents

Residents of Delaware, Virginia, Colorado, Connecticut, Texas, Florida, and other US states with applicable privacy laws may exercise equivalent rights by contacting contact@JoyersHQ.com.

7.6  Non-Discrimination

Joyers will not discriminate against any user for exercising their privacy rights under applicable law, including the CCPA/CPRA or any other applicable state privacy law. We will not deny goods or services, charge different prices, or provide a different level of service to any user because they exercised a right under this Privacy Policy. We may offer optional financial incentives related to data collection or use only where permitted by law and with your prior informed consent.

8.  International Data Transfers

Joyers Inc. is headquartered in the United States. Your information may be processed in the US or other countries where our vendors operate. For users outside the US, this may involve transfer to a country with different data protection standards. We take reasonable steps to ensure appropriate protections are in place, consistent with applicable law, and will implement recognized transfer mechanisms as required as we expand internationally.

9.  Third-Party Services

Our services may link to or integrate with third-party platforms (social login providers, analytics tools, advertising networks). This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies separately. We are not responsible for third-party data practices.

10.  Changes to This Policy

We may update this policy as our products, services, and legal obligations evolve. For material changes, we will make reasonable efforts to notify registered users by email or in-product notice before changes take effect. The 'Last Updated' date at the top reflects the most recent revision. Continued use of our products or services after an update constitutes acceptance of the revised policy.