Privacy Policy

1. Types of Information Collected

Information Provided Voluntarily by the User

• Account Information: When creating an account, you may provide email address, username, password, display name, and optional profile information (bio, avatar).
• Business User Information: Business users may provide additional information including business name, description, website, phone number, address, Instagram account, and business policies (shipping, returns, warranty).
• Contact Information: When contacting us through support channels, you may provide your name, email, and details about your inquiry.
• Order Information: If purchasing services become available on the Platform, you may be asked to provide shipping address, billing information, and contact details. Currently, the Platform does not process payments directly.

Information Collected Automatically

• Technical Information: IP address, browser type and version, operating system, device type, screen resolution, and referring website.
• Usage Information: Pages visited, time spent on pages, features used, search queries, clicks, and navigation patterns.
• Interaction Data: Your interactions with jewelry items including likes, dislikes, superlikes, views, clicks on external links, and items added to gems or cart.
• Session Information: Session identifiers, session duration, and timestamps of activities.

AI-Generated Profile Data

• Style Profiles: Based on your interactions (likes, superlikes), our AI system generates personalized style profiles using machine learning. These profiles are based on numerical/statistical representations of your preference patterns, to tailor recommendations.
• Style Descriptors: Human-readable summaries of your style preferences derived from your interaction patterns.
• Multi-Vector Clustering: For users with sufficient interactions, the system effectively clusters preferences to represent different aspects of your style.

Guest User Data

• Anonymous Identifier: Guest users are assigned a temporary anonymous UUID that does not identify them personally.
• Engagement Tracking: Swipe counts, search counts, view counts, session duration, and conversion trigger data.
• Data Retention: Guest user data is generally deleted after a period of inactivity (typically 30 days), unless retained for security or backup purposes.

2. Cookies and Local Storage

• Local Storage: The Platform uses browser local storage to save authentication tokens, user preferences (such as language settings), privacy acknowledgments, and session data. Information is stored locally. During use, the browser may send necessary data (like auth tokens) to our servers for operation, in accordance with this policy.
• Essential Data: We store authentication tokens, user data, and privacy acknowledgment status in local storage for Platform functionality.
• Referral Tracking: Referral links may include parameters/identifiers (such as click IDs or campaign identifiers) for measurement, attribution, and reporting purposes. These parameters may be captured by third parties (such as the seller's website or analytics tools) according to their respective policies. Technical information or click identifiers may be shared with sellers for referral verification and measurement purposes.
• Attribution to Sellers: For referral attribution, we may share with the seller a click/campaign identifier and minimal technical data required to verify the referral.
• Analytics: We do not use targeted advertising cookies; however, we use analytics tools (such as Google Analytics) to measure traffic and usage, which may place cookies. Analytics providers (such as Google) may process usage and technical data on servers outside Israel. These tools help us understand Platform performance. You may be able to block these through your browser settings. Some browsers/blockers may prevent actual measurement.
• Clearing Data: You can clear locally stored data through your browser settings. Note that this may log you out and reset your preferences.

3. Purposes of Information Use

• Platform Operation: To provide, maintain, and improve the Platform's features and services, including user authentication, content delivery, and transaction processing (if payments become available).
• Personalized Recommendations: To generate AI-powered personalized jewelry recommendations based on your interactions, search history, and style preferences.
• Search Functionality: To process search queries and provide relevant results using semantic understanding.
• User Experience Enhancement: To remember your preferences, improve navigation, and customize content presentation.
• Analytics and Improvements: To analyze usage patterns, measure Platform performance, identify technical issues, and develop new features.
• Business User Analytics: To provide business users with aggregated analytics about their items' performance (views, likes, click rates) without exposing individual user data.
• Communication: To respond to inquiries, send service-related notifications, and (with your consent) marketing communications. Service messages (such as verification, security, password reset) may be sent regardless of marketing consent. Marketing messages will only be sent with consent, and every marketing message will include a simple opt-out option. We will not send marketing communications without your consent, and you may opt-out at any time.
• Security: To protect against fraud, unauthorized access, and ensure Platform security.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. AI and Machine Learning

• Technology: We use machine learning models to understand preferences and improve recommendations and search.
• Profile Building: Your interactions (likes/skips/searches/views) are used to build a “style profile” that updates over time.
• Automated Categorization: For business users, the system may suggest categories/attributes when uploading items.
• No Automated Decision-Making with Legal Effects: AI is used for recommendations/categorization only and is not intended to make automated decisions with legal or similarly significant effects on the user. You may request deletion/reset of your style profile by contacting us.

5. Information Sharing with Third Parties

• Service Providers: We may share information with service providers who assist in Platform operations, such as:
  • Cloud hosting and database services (e.g., Supabase, Fly.io, Vercel)
  • Image storage and CDN services
  • Authentication services
  • Analytics services (e.g., Google Analytics) for measuring Platform usage and performance
  We may update this list of providers from time to time. These providers are contractually obligated to protect your information and use it only for the specified purposes.
• Business User Integrations: If business users connect external platforms (Shopify, Wix, Instagram), data is shared with those platforms according to their respective privacy policies and OAuth permissions granted.
• Aggregated Analytics: We may share aggregated, anonymized statistics with business users about their items' performance. This data does not identify individual users.
• Legal Requirements: We may disclose information when required by law, court order, or government request, or when necessary to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to the same privacy protections.
• With Your Consent: We may share information with third parties when you have given explicit consent.

6. Information Security

• Security Measures: We implement reasonable and accepted security measures to protect your personal information, including:
  • SSL/TLS encryption for data transmission
  • Password hashing for stored credentials
  • JWT-based authentication
  • Access controls and authentication requirements
  • Regular security updates and monitoring as needed
• Compliance: We operate in accordance with the Privacy Protection Regulations (Information Security), 5777-2017.
• Data Storage: Data may be stored on servers located outside Israel. The use of cloud services (such as Supabase, Fly.io) implies transfer of data to international regions. We ensure appropriate safeguards are in place. Transfer will be to providers providing accepted security protections and in accordance with law.
• No Absolute Security: While we take reasonable measures to protect your information, no system is completely secure. We cannot guarantee absolute security against all possible threats.

7. Data Retention

• Account Data: We retain your account information for as long as your account is active. Upon account deletion request, we will delete or anonymize your data within a reasonable timeframe, except where retention is required by law, security, or fraud prevention.
• Interaction Data: Interaction history (likes, dislikes, views) is retained to maintain your style profiles. This data may be anonymized over time.
• Guest User Data: Guest user data is generally deleted after 30 days of inactivity, though some data may be retained for security logs.
• Business Records: If in-platform purchases become available, payment records/invoices may be retained as required by law.
• Analytics Data: Aggregated analytics data may be retained indefinitely in anonymized form.

8. Your Rights

In accordance with the Privacy Protection Law, 5741-1981, you have the following rights:

• Right to Access: You may request to review the personal information we hold about you.
• Right to Correction: If your information is inaccurate, incomplete, or outdated, you may request its correction.
• Right to Deletion: You may request deletion of your personal information, subject to our legal retention obligations.
• Right to Object: You may object to the use of your information for direct marketing purposes, and we will respect such request.
• Withdrawing Consent: Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at the email address provided in Section 11. We may request reasonable identifying information to verify that the request comes from the data subject. We will endeavor to respond within a reasonable timeframe.

9. Children's Privacy

• The Platform is not intended for children under the age of 18 without parental consent.
• We do not knowingly collect personal information from minors under 18 without appropriate consent.
• If we become aware that we have collected personal information from a minor without such consent, we will take steps to delete that information.
• Parents or guardians who believe their child has provided personal information without consent should contact us.

10. Changes to Privacy Policy

• We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
• The updated policy will be posted on the Platform with a new "Last Updated" date.
• For material changes, we will provide prominent notice on the Platform before the changes take effect.
• Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

For any questions, clarifications, requests, or complaints regarding this Privacy Policy or the handling of your personal information, please contact us at:

Email: gemmafind.team@gmail.com

We will endeavor to respond to your inquiry within a reasonable timeframe.