Privacy Policy

Ciyomy Privacy Policy

Crafted with transparency and compliance to U.S. & global privacy laws, inspired by industry-leading standards.

1. Scope & Commitment

This policy applies to all personal data collected through:

  • www.ciyomy.com and associated subdomains

  • Customer service interactions (email, phone, live chat)

  • Offline channels (trade shows, warranty registrations)

We adhere to:

  • U.S. Federal Laws: FTC Act, COPPA, CAN-SPAM Act 

  • State Laws: California Consumer Privacy Act (CCPA), Virginia CDPA 

  • Global Standards: GDPR (for EU/UK users), Brazil’s LGPD

2. Data We Collect

Directly Provided

Category Examples Purpose
Identity & Contact Name, email, phone, address Order fulfillment, account management
Transactional Payment details, order history Fraud prevention, tax compliance
Communications Chat logs, service tickets Customer support optimization

Automatically Collected

Type Examples Tools Used
Device & Usage IP address, browser type, cookies Google Analytics, Hotjar
Location Geolocation (approximate) Shipping cost calculation
Marketing Ad interactions, campaign tags Meta Pixel, Google Ads

Note: We do not sell personal data. Aggregated analytics (non-identifiable) may be shared for market research.

3. Data Sharing & Third Parties

Service Providers

Category Purpose Examples
Payment Processors Secure transaction handling Stripe, PayPal
Logistics Partners Order delivery & tracking UPS, FedEx
Cloud Services Data storage & security AWS, Shopify (Shoplazza)

Legal Compliance

  • Disclose data if required by law (e.g., court orders, FTC investigations) .

  • Report data breaches to authorities within 72 hours (GDPR/CCPA mandates) .

4. Your Rights

Under CCPA/GDPR, you may:

  1. Access: Request a copy of your data (free within 30 days).

  2. Delete: Ask to erase non-essential data (excludes transactional records).

  3. Opt-Out: Withdraw consent for marketing or data sharing.

To exercise rights, email support@ciyomy.com with proof of identity.

5. Security & Retention

  • Encryption: TLS 1.2+ for data transmission; AES-256 for storage.

  • Access Controls: Role-based permissions for employees.

  • Retention:

    • Active accounts: 5 years post-last activity

    • Inactive accounts: 2 years (anonymized afterward)

6. International Data Transfers

  • EU/UK Users: Data transferred under Standard Contractual Clauses (SCCs) .

  • U.S.-EU Data Privacy Framework: Certified compliance for transatlantic flows.

7. Children’s Privacy

  • We do not knowingly collect data from users under 13 (COPPA compliance) .

  • Parental consent required for minor accounts (ages 13-16 under CCPA).

8. Policy Updates

  • Notified via email/website banner 30 days prior to changes.