Privacy Policy
Effective May 16, 2026
This Privacy Policy explains what information Danielle Morris Jewelry LLC ("we") collects when you visit daniellemorrisjewelry.com, what we do with it, and the choices you have. We've tried to keep it short and specific.
We are based in New York and our customers are in the United States. This policy is written for U.S. residents.
1. Information we collect
We collect only what we need to run the shop, fulfill orders, and improve the site.
You provide:
Account information when you create an account: name, email, password (stored as a salted hash, never in readable form)
Order information at checkout: shipping address, billing address, phone number (used only for order and shipping issues — we do not send marketing text messages), email
Payment information: handled directly by Stripe — we do not see or store full card numbers
Newsletter signup: email address (and, if you submit a form, any message you write)
Custom and contact inquiries: anything you choose to send us
Collected automatically when you use the Site:
Standard request information: IP address, browser type, device type, referring page, the pages you view, and timestamps
Cart and session information: items added to your cart and a session identifier to keep your cart in place between pages
Product analytics: pages viewed, items added to cart, checkout steps reached, and similar product-usage events. When you are signed in, this activity is associated with your account so we can understand the customer experience end to end.
Categories of personal information (for state privacy-law mapping): identifiers (name, email, account ID, IP address); commercial information (order history); internet and network activity (pages viewed, events, browser and device information); and approximate geolocation derived from IP. We do not collect sensitive personal information as defined by applicable state laws, and we do not conduct profiling that produces legal or similarly significant effects.
We do not knowingly collect personal information from children under 13.
2. How we use information
We use the information above to:
Process and fulfill your orders, including payments, shipping, customer support, and follow-up
Operate, secure, and improve the Site
Send transactional emails about your orders, account, and any custom work in progress
Send our newsletter, only if you have opted in, and only until you unsubscribe
Respond to inquiries you send us
Comply with legal obligations (tax, fraud prevention, recordkeeping)
3. Service providers we share information with
We do not sell your personal information. We do not share it for cross-context behavioral advertising. We use a small number of trusted service providers to operate the business; each is contractually limited to using your information only on our behalf.
For clarity: we do not "sell" or "share" personal information as those terms are defined under the California Consumer Privacy Act or analogous state laws, including via any of the providers listed below.
Current providers:
Stripe — payment processing. Receives name, billing address, email, payment card details (entered directly into Stripe), and order amount.
PostHog — product analytics. Receives browser and device information, and the pages and events on the Site. IP addresses are received as part of standard HTTP requests but we do not include them as event properties and we have enabled PostHog's "Discard client IP data" project setting so they are not stored. When signed in, a stable account identifier is linked to your activity.
Resend — transactional and newsletter email delivery. Receives your email address, name, and the contents of the email we send you.
Cloudflare — site delivery, security, and DDoS protection. Receives IP address and standard request information.
U.S.-based cloud hosting and managed database providers — operate the Site and store order data. All data above is encrypted in transit and at rest. Current vendor names are available on request at [email protected].
This list may change as our infrastructure evolves. We do not use advertising networks, retargeting pixels, social-media tracking, third-party comment systems, or chat widgets that share your data with their own products.
We may also disclose information when required by law, in response to valid legal process, or to protect our rights, your safety, or the safety of others.
4. Cookies and similar technologies
The Site uses a small number of cookies and similar identifiers:
Essential — keep you signed in, hold your cart, and protect against fraud. These cannot be turned off without breaking the Site.
Analytics — help us understand how the Site is used (see PostHog above). These are not used for advertising.
Analytics cookie posture by region: Visitors from the EU or UK, or any visitor whose browser signals Global Privacy Control (GPC), run analytics in cookieless mode — events are recorded for the current session only and nothing is written to your device. US and rest-of-world visitors use standard first-party analytics cookies that persist across sessions. This split means EU/UK visitors and GPC users never have non-essential data written to their device without consent.
To opt out of analytics cookies, you can exercise your privacy rights under §5, send a Global Privacy Control signal from your browser, or use your browser's cookie controls. Blocking essential cookies will prevent the Site from working properly.
We do not use advertising cookies, retargeting pixels, or social-media tracking. We do not embed third-party advertising scripts.
5. Your privacy choices
Residents of certain U.S. states have rights under their state's privacy laws. The specific rights available to you depend on where you live, but they generally include:
Right to know what personal information we have about you and how it's used
Right to access or receive a copy of that information
Right to correct inaccurate information
Right to delete personal information, subject to legal retention requirements
Right to opt out of sale or sharing for cross-context behavioral advertising — we do not engage in either of these activities
Right to non-discrimination for exercising these rights
To exercise any of these rights, write to us at [email protected] with the subject line "Privacy Request." We will verify your identity using information already in our records (typically details from your order history) and respond within 45 days of receipt. Where permitted by applicable law, we may extend that period once by an additional 45 days and will notify you of the extension and the reason for it. You may also designate an authorized agent to make a request on your behalf.
Appeals. If we deny your request, you may appeal that decision by replying to our response or writing to the same address with the subject line "Privacy Appeal." We will respond within the time required by applicable law, typically 45 to 60 days.
Global Privacy Control (GPC). We honor the GPC browser signal as an opt-out preference signal where required by law. Because we do not sell or share personal information for cross-context behavioral advertising, the signal is acknowledged but does not change any of our existing practices.
California "Shine the Light." California residents may request information about disclosures we have made to third parties for those parties' direct marketing purposes. We do not share personal information for third-party direct marketing and therefore have no such disclosures to report.
We do not offer financial incentives in exchange for personal information.
Newsletter unsubscribe: every newsletter contains an unsubscribe link, which is the fastest way to stop marketing emails. Transactional emails about active orders cannot be turned off.
6. Data retention
We keep your information only as long as needed:
Order records: at least seven years to meet tax and accounting obligations
Account records: for the life of the account; you can request deletion at any time, subject to active orders and legal retention
Newsletter list: until you unsubscribe
Analytics events: retained by our analytics provider for up to 12 months; we do not maintain a separate long-term store
Contact and custom inquiries: as long as needed to answer your question and for a reasonable period after, generally up to two years
7. Security
We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for sensitive data, hashed passwords, restricted internal access, and regular review of our service providers. No system is perfectly secure. If we ever experience a security incident affecting your information, we will notify you as required by law.
8. Children
The Site is intended for adults 18 and older. Consistent with the federal Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, write to us and we will delete it.
9. Changes to this policy
We may update this policy. The "Effective" date at the top reflects the most recent version. Material changes will be noted on the Site. Continuing to use the Site after a change takes effect means you accept the updated policy.
10. Contact
Privacy questions or requests?
Danielle Morris Jewelry LLC 5-49 Borden Avenue #2D Long Island City, NY 11101 [email protected] Subject line: "Privacy Request"
More pages