Privacy Policy

Privacy Policy for Stonesoul.net

Last Updated: June 5, 2025
Effective Domain: stonesoul.net

1. Information We Collect

Purpose: To process orders, personalize experiences, and comply with legal obligations.
Categories of Data:

Identifiers: Name, email, shipping/billing address, phone number 10.

Payment Information: Credit card last 4 digits, expiration date (full data processed by PCI-DSS compliant gateways like Stripe) 15.

Device & Usage Data: IP address, browser type, pages viewed (via cookies) to prevent fraud and optimize site performance 310.

Crystal Preference Data: Birthdate (for五行 energy matching), purchase history, user-generated content (e.g., #StonesoulJourney posts) 9.

Sensitive Information: Never collect health/religious data.五行 birth element analysis is optional and encrypted.

2. How We Use Your Information

Legal Basis: Consent (GDPR Art. 6), contractual necessity, and legitimate interests 3.
Specific Uses Include:

Order Fulfillment: Shipping, returns (e.g., using address to send FedEx labels) 1.

Personalization: Recommend crystals based on purchase history (e.g., "Metal element users also buy Rock Crystal") 9.

Compliance: Screen orders for CA Prop 65 heavy metals (lead/cadmium) and fraud prevention 57.

Marketing: Send promotions only with opt-in consent. Unsubscribe link in all emails 8.

3. Cookies & Tracking Technologies

Types Used:

Essential Cookies: Session ID for cart retention.

Analytics Cookies: Google Analytics (anonymized IP) to track page views 310.

Advertising Cookies: Facebook Pixel (opt-out required for CA users per CCPA) 8.
User Control:

Adjust settings via browser or our Cookie Preference Center (footer link).

Global Privacy Control (GPC) signals honored for opt-out 10.

4. Data Sharing & Disclosure

We Disclose to:

Service Providers: Shopify (hosting), FedEx (shipping), payment gateways – all sign DPAs 13.

Legal Authorities: If required by subpoena or to report CA Prop 65 violations 57.

Business Transfers: In mergers, per 16 CFR § 681 (FTC Safeguards Rule).
We Never Sell personal data or sensitive information 10.

5. Children’s Privacy

Strictly 18+: No data collected from users under 18. Birthdate prompts verify age 410.

6. Policy Updates

Notified via email or site banner for material changes (e.g., new state laws).

Archive: Previous versions at help.stonesoul.net/privacy-archive 6.

Contact Us

Data Protection Officer: Marry Bai(bmmarry@outlook.com)

                                    "Crystals honor the Earth; we honor your trust."
                                                                — Stonesoul Ethics Pledge