Privacy Policy

Account data: When you register or log in, we collect your email address and any profile information you provide (e.g. name, delivery address). This is processed by our authentication and database provider on our behalf.

Order data: When you place an order, we collect billing and shipping information, and order details. Payment card data is handled exclusively by Stripe and is never stored on our servers.

Technical data: With your consent, our performance monitoring service collects anonymised metrics (e.g. page load times, Core Web Vitals) to help us improve the site. No personal identifiers are included in this data.

Usage data: We use Vercel Analytics to collect anonymised, aggregated usage statistics (page views, referral source, approximate country, device type). No cookies are used and no personal data is stored.

Communications: If you contact us by email, we retain that correspondence to respond to your enquiry.

Newsletter: If you subscribe to our newsletter, we collect your email address and preferred language to send you marketing communications (new products, offers, skincare tips). You may unsubscribe at any time via the link in every email.

Contract performance (Art. 6(1)(b) GDPR): Processing your account and order data is necessary to fulfil your purchases and manage your account.

Consent (Art. 6(1)(a) GDPR): We process performance monitoring data (Core Web Vitals via Speed Insights) only after you give explicit consent via our cookie banner.

Consent — Newsletter (Art. 6(1)(a) GDPR): Newsletter emails are sent only on the basis of your explicit consent, given when you submit your email address via the newsletter sign-up form. You may withdraw consent at any time by clicking the unsubscribe link in any newsletter email, and we will stop sending marketing communications within 10 business days.

Legitimate interests (Art. 6(1)(f) GDPR): We process anonymised, aggregated usage data via Vercel Analytics (cookieless, no personal identifiers stored) under our legitimate interest in understanding how visitors use the site. We also rely on this basis to protect the security and integrity of our service.

Account and order data is retained for as long as your account is active and for up to 7 years afterwards to comply with tax and accounting obligations. You may request deletion at any time (subject to legal retention requirements) by contacting us at hello@ypheskincare.cy.

Email correspondence is retained for up to 2 years. Anonymised usage data processed via Vercel Analytics is not stored by us; Vercel retains aggregated statistics in accordance with their own privacy policy.