Privacy policy

PRIVACY POLICY

Cortivas Global LLC

https://shopcortivas.com

Effective Date: May 20, 2026

IMPORTANT: This Privacy Policy describes how Cortivas Global LLC ('Company,' 'we,' 'us,' or 'our') collects, uses, discloses, and protects your personal information when you visit our website (https://shopcortivas.com) and purchase products or services. This policy applies to all visitors and customers, including those from the European Union, United Kingdom, and other jurisdictions subject to GDPR. Please read this policy carefully. By accessing or using our website, you consent to the collection and use of your information as described herein.

1. SCOPE AND APPLICABILITY

1.1 Covered Websites and Services

This Privacy Policy applies to https://shopcortivas.com and all subdomains, mobile applications, and online services operated by Cortivas Global LLC. This policy does not apply to websites, applications, or services operated by third parties, even if linked from our Website. You should review the privacy policies of third-party websites and services separately.

1.2 Controllers and Processors

Cortivas Global LLC is the data controller for personal information collected through our Website. For residents of the European Union, United Kingdom, and other jurisdictions governed by GDPR, Cortivas Global LLC is the data controller and is responsible for ensuring compliance with GDPR requirements. Our Data Protection Officer (if appointed) or designated contact is cortivas.global@gmail.com.

1.3 Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Material changes will be effective upon posting to the Website. Your continued use of the Website following any changes constitutes your acceptance of the modified policy. We encourage you to review this policy periodically to stay informed of how we protect your information. The date at the top of this policy indicates the last update.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when interacting with our Website, including:

  • Account Registration: Name, email address, password, phone number, date of birth (if provided), and any optional profile information you choose to add.
  • Checkout and Purchase: Billing name, billing address, shipping address, phone number, email address, and payment card information (processed securely via Stripe or other third-party payment processors).
  • Customer Communications: Any messages, inquiries, feedback, or support requests sent to cortivas.global@gmail.com or through our contact form, including content and attachments.
  • Returns and Refunds: Return reason, Product condition, photos of returned items, return tracking information, and any correspondence about refunds or exchanges.
  • Marketing Opt-Ins: Email address, name, and preferences if you subscribe to our newsletter, promotions, or marketing communications.
  • Surveys and Feedback: Responses to optional surveys, product reviews, ratings, and any voluntary feedback you provide about your experience.

2.2 Information Collected Automatically

We automatically collect certain information about your device and browsing behavior when you visit our Website, without requiring your explicit consent (though you may have certain rights to limit such collection):

  • Device Information: Device type, operating system, browser type, browser version, unique device identifiers (UDID), mobile advertising ID, and device IP address.
  • Usage Data: Pages visited, products viewed, time spent on pages, clicks, scrolls, navigation paths, search queries, items added to cart (whether purchased or not), and checkout abandonment data.
  • Log Files: Server logs containing IP address, access time, browser request, page referrer, and exit pages.
  • Cookies and Similar Technologies: Unique identifiers, session IDs, preference settings, and tracking pixels used for authentication, security, analytics, and marketing purposes (see Cookie Policy section below).
  • Location Data: Approximate geolocation derived from IP address, and precise location if you grant explicit permission through your device settings.

2.3 Information from Third-Party Sources

We may receive personal information about you from third-party sources, including:

  • Payment Processors: Stripe, PayPal, and other payment providers may share transaction history, fraud detection results, dispute information, and confirmation of payment success or failure.
  • Shipping Carriers: Delivery confirmation, tracking updates, and delivery status notifications from USPS, UPS, FedEx, DHL, and international carriers.
  • Data Brokers and Background Check Services: Name, address, phone number, and public record information obtained for fraud prevention and verification purposes.
  • Marketing Partners: Partner platforms may provide list matches, lookalike audience data, or engagement metrics.
  • Public Sources: Information about your business or brand obtained from public websites, social media, or business registries if relevant to your purchase or account.

3. HOW WE USE YOUR INFORMATION

We use the personal information we collect for the following purposes:

3.1 Core Business Operations

  • Processing and Fulfilling Orders: Creating and maintaining your account, processing payments, confirming Orders, preparing shipments, and coordinating with shipping carriers to deliver Products.
  • Payment Authorization: Verifying payment information, authorizing transactions, preventing fraud, and managing refunds or chargebacks.
  • Customer Service: Responding to inquiries, addressing complaints, processing returns and refunds, providing order updates and tracking information, and resolving disputes.
  • Account Management: Creating and maintaining user accounts, setting and resetting passwords, storing preferences, and managing account settings.

3.2 Fraud Prevention and Security

  • Fraud Detection: Analyzing transaction patterns, device fingerprinting, IP reputation analysis, and cross-referencing with fraud databases to detect and prevent fraudulent transactions, chargebacks, and account takeovers.
  • Account Security: Monitoring for unauthorized access attempts, detecting suspicious login activity, enforcing password policies, and protecting against data breaches.
  • Compliance and Legal Obligations: Verifying identity, age, and eligibility; complying with government requests; investigating legal claims; and maintaining records for tax and regulatory compliance.

3.3 Marketing and Communications

  • Email Marketing: Sending promotional emails, product recommendations, sales announcements, and updates about new collections, discounts, and special offers (only to customers who have opted in).
  • Retargeting Campaigns: Using cookies, pixels, and identifiers to display targeted advertisements on other websites and social media platforms based on your browsing behavior and purchase history.
  • Transactional Communications: Sending order confirmations, shipping notifications, delivery updates, return instructions, refund confirmations, and other essential order-related messages.
  • Customer Engagement: Soliciting feedback, inviting product reviews, conducting surveys, and requesting testimonials to improve our business and Website.

3.4 Analytics and Business Improvement

  • Usage Analytics: Analyzing how customers use our Website, which products are popular, conversion rates, user behavior patterns, and traffic sources.
  • Product Development: Using feedback, reviews, and usage data to improve Product design, quality, features, and inventory decisions.
  • Website Optimization: Testing Website performance, fixing technical issues, improving user experience, and optimizing checkout processes.

3.5 Legal and Regulatory Compliance

  • Fraud Investigation: Investigating suspected fraud, unauthorized access, payment disputes, chargebacks, and other illegal activities.
  • Legal Claims: Defending against lawsuits, responding to subpoenas, complying with court orders, and establishing, exercising, or defending legal rights.
  • Tax and Reporting: Maintaining records for tax purposes, preparing financial statements, and complying with government reporting requirements.

4. LEGAL BASES FOR PROCESSING (GDPR)

For customers and visitors subject to GDPR (European Union, United Kingdom, and similar jurisdictions), we process personal information on the following legal bases:

  • Contract Performance: Processing payment information, fulfilling Orders, and delivering Products are necessary to perform our contract with you.
  • Legal Obligations: Complying with tax laws, anti-money laundering regulations, fraud prevention, and other statutory obligations.
  • Legitimate Interests: Fraud prevention, website security, customer service, analytics, business improvement, and marketing (where our interests are not outweighed by your privacy rights).
  • Explicit Consent: For marketing emails, cookies, and other processing activities where you have given affirmative consent through opt-in mechanisms.

5. SHARING AND DISCLOSURE OF INFORMATION

5.1 Information We Do Not Sell

Cortivas Global LLC does not sell, rent, trade, or lease your personal information to third parties for their marketing purposes. We do not monetize our customer lists. However, we do share information with third-party service providers as described below to fulfill business functions.

5.2 Service Providers

We share personal information with third-party service providers who process information on our behalf under strict confidentiality agreements and data processing agreements. These providers include:

  • Payment Processors: Stripe, PayPal, and other payment gateways receive payment card information, billing address, and transaction amounts to authorize and process payments.
  • Shipping and Logistics: DHL, international couriers, USPS, UPS, and FedEx receive name, address, phone number, and order details to arrange shipping and delivery.
  • Email Service Providers: Mailchimp, SendGrid, or similar platforms receive email addresses and customer data to send transactional and marketing emails.
  • Analytics Providers: Google Analytics, Hotjar, and similar tools receive browsing data, IP address, and usage information to analyze Website traffic and user behavior.
  • Customer Support Platforms: Helpdesk systems may store your emails, messages, and support history to provide customer service.
  • Marketing and Advertising: Facebook, Google, TikTok, and other advertising platforms receive hashed or anonymized customer data to create lookalike audiences and measure campaign effectiveness.
  • Fraud Prevention Services: Third-party fraud detection services may receive transaction data, IP address, and device information to assess fraud risk.
  • Cloud Storage and Hosting: Amazon Web Services (AWS), Shopify, or similar cloud providers may host our databases and store your information.

5.3 Legal Requirements and Court Orders

We may disclose personal information when required by law, including in response to subpoenas, court orders, government requests, or other legal processes. We may also disclose information to protect our legal rights, enforce our agreements, prevent fraud, or protect the safety and security of our customers or the public. We will attempt to notify you of such disclosures when legally permissible.

5.4 Business Transfers

If Cortivas Global LLC is acquired, merged with another company, enters bankruptcy, or sells substantially all of its assets, your personal information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information.

5.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for marketing research, analytics, advertising, and business purposes. For example, we may share that '30% of customers purchase jewelry with blue stones,' but without identifying specific individuals.

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, or tablet) that contain information about your browsing activity. When you revisit our Website, the cookie is sent back to our servers, allowing us to recognize your device and personalize your experience. Cookies can be session-based (deleted when you close your browser) or persistent (stored indefinitely until manually deleted).

6.2 Types of Cookies We Use

  • Essential Cookies: Required for Website functionality, such as shopping cart management, login authentication, payment processing, and security verification. These cannot be disabled without preventing Website functionality.
  • Analytics Cookies: Track how users interact with our Website, including pages visited, time spent, and navigation paths. This information helps us understand user behavior and optimize the Website. Examples include Google Analytics cookies.
  • Marketing Cookies: Enable retargeting and advertising campaigns on other websites and social media. These cookies track your browsing history to display relevant product advertisements.
  • Preference Cookies: Remember your settings, language preferences, and other customizations to personalize your browsing experience.

6.3 Tracking Pixels and Web Beacons

We use tracking pixels (also called web beacons or clear GIFs) to measure website engagement, track email opens, and monitor conversion rates. These are tiny, often invisible images embedded in web pages or emails that transmit data back to our servers or third-party analytics providers.

6.4 Cross-Domain Tracking

We may track your activity across multiple domains and third-party websites to understand your browsing patterns and serve relevant advertisements. This is accomplished through cookies, pixels, and identifiers that follow you across the internet.

6.5 Mobile Device Identifiers

If you access our Website through a mobile device, we may collect your Advertising ID (Apple IDFA or Android Advertising ID) to serve targeted advertisements and measure campaign performance.

6.6 Managing Cookies

You can control cookie settings through your browser. Most browsers allow you to disable cookies, delete existing cookies, or receive a warning before a cookie is stored. However, disabling essential cookies may prevent Website functionality (login, checkout, cart). Instructions for managing cookies vary by browser:

  • Chrome: Settings > Privacy and Security > Cookies and Other Site Data
  • Firefox: Preferences > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Privacy, Search, and Services > Clear Browsing Data

7. YOUR PRIVACY RIGHTS

7.1 GDPR Rights (European Union and United Kingdom Residents)

If you are a resident of the European Union or United Kingdom, you have the following rights under GDPR:

Right to Access (Article 15): You have the right to request access to the personal information we hold about you and to receive a copy of that information in a structured, commonly used, and machine-readable format.

Right to Rectification (Article 16): You have the right to correct inaccurate or incomplete personal information. We will update your information upon request.

Right to Erasure (Article 17): You have the right to request deletion of your personal information, except where retention is required by law or where we have a legitimate interest in retaining it (such as fraud prevention or legal proceedings).

Right to Restrict Processing (Article 18): You have the right to restrict how we process your personal information in certain circumstances, such as while you dispute accuracy.

Right to Data Portability (Article 20): You have the right to receive your personal information in a portable format and to transmit it to another controller.

Right to Object (Article 21): You have the right to object to processing of your personal information for direct marketing purposes, and in certain other circumstances.

Right to Withdraw Consent: If you have provided consent for processing, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

7.2 California Residents (CCPA and CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

Right to Know: You have the right to know what personal information we collect, how we use it, and with whom we share it.

Right to Delete: You have the right to request deletion of personal information collected from you, subject to certain exceptions.

Right to Correct: You have the right to request correction of inaccurate personal information.

Right to Opt-Out: You have the right to opt out of the 'sale' or 'sharing' of personal information (though we do not currently engage in such practices).

Right to Limit Use: You have the right to limit use of sensitive personal information.

Right to Non-Discrimination: We cannot deny goods or services, or charge different prices, based on your exercise of CCPA/CPRA rights, except where permitted by law.

7.3 Virginia, Colorado, Connecticut, and Utah Residents

If you reside in Virginia, Colorado, Connecticut, or Utah, similar privacy laws (VCDPA, CPA, CTDPA, UCPA) grant you rights including the right to access, correct, delete, and opt-out of targeted advertising and sales. Contact us at cortivas.global@gmail.com to exercise these rights.

7.4 Exercising Your Rights

To exercise any of your privacy rights, please contact us at:

  • Email: cortivas.global@gmail.com
  • Mailing Address: 30 N Gould St, Sheridan, WY 82801, United States

We will verify your identity and respond to your request within 30 days (45 days for California). If we cannot fulfill your request, we will explain the reasons and any applicable legal exceptions.

You may also authorize an authorized agent to submit requests on your behalf. We may require proof of authority and identity verification.

8. DATA SECURITY

8.1 Security Measures

We implement comprehensive technical, administrative, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, and destruction. These measures include:

  • Encryption: All payment card information and sensitive data transmitted between your device and our servers are encrypted using SSL/TLS protocol (indicated by the 'https' prefix in the URL).
  • Secure Payment Processing: We do not directly store credit card data. Payment processing is handled by PCI DSS-compliant third-party processors (Stripe, PayPal) that maintain the highest security standards.
  • Access Controls: Only authorized employees with a business need to know have access to personal information. We use role-based access controls and password protections.
  • Firewalls and Intrusion Detection: We employ firewalls and intrusion detection systems to monitor and prevent unauthorized access.
  • Data Minimization: We collect and retain only the minimum personal information necessary to fulfill your requests and comply with legal obligations.
  • Regular Security Audits: We conduct periodic security assessments and vulnerability testing to identify and remedy potential weaknesses.

8.2 Limitations of Security

While we employ industry-standard security measures, no security system is impenetrable. We cannot guarantee absolute security or protect against all potential threats, including sophisticated cyberattacks, insider threats, or zero-day vulnerabilities. You acknowledge the inherent risks of internet transmission and use the Website at your own risk. We encourage you to use strong passwords, enable two-factor authentication, and report any suspicious account activity immediately.

8.3 Data Breach Notification

In the event of a data breach involving your personal information, we will notify you within 72 hours (or as required by law) with details of the breach, information compromised, and recommended steps to protect yourself. Notification will be sent to the email address on file or via other means if email is unavailable.

9. DATA RETENTION

9.1 How Long We Keep Your Data

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Order Information: Retained for at least 3-7 years for accounting, tax, and fraud prevention purposes, or as required by applicable law.
  • Account Information: Retained for the duration of your account and for 1-2 years after account closure, unless you request deletion or legal obligations require longer retention.
  • Payment Card Information: Not stored by us; retained by payment processors (Stripe, PayPal) according to their policies and PCI compliance requirements.
  • Cookies: Session cookies are deleted upon browser closure. Persistent cookies expire per the timeframe set (typically 1-2 years), unless you manually delete them.
  • Marketing Lists: Retained while you remain subscribed; deleted upon unsubscribe request or within 30 days.
  • Fraud and Security Data: Retained for extended periods (up to 7 years) to detect patterns, prevent recurring fraud, and maintain audit trails.
  • Server Logs: Automatically deleted after 30-90 days unless required for investigation or legal purposes.

9.2 Erasure and Archiving

After the retention period, personal information is securely deleted or anonymized. However, data may be retained longer if required by law, for legal proceedings, fraud investigation, or other legitimate business reasons. Archived data is kept in secure offline storage and is not used for purposes other than legal or regulatory compliance.

10. INTERNATIONAL DATA TRANSFERS

10.1 Cross-Border Data Transfers

Cortivas Global LLC is based in the United States. If you are located in the European Union, United Kingdom, or other jurisdiction with data protection laws restricting international transfers, please be aware that your personal information may be transferred to, stored in, and processed in the United States and other countries that may not provide the same level of data protection as your home country.

10.2 Legal Mechanisms for Transfers

We rely on Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other legally recognized mechanisms approved by the European Commission to facilitate lawful transfers of personal information from the EU to the US. By using our Website, you consent to the transfer of your personal information to the United States, where it will be processed in accordance with this Privacy Policy.

10.3 Data Protection Adequacy

The United States does not have a finding of adequacy from the European Commission. Data transferred to the US is not subject to the same legal protections as GDPR-compliant processing. However, we implement supplementary safeguards, including encryption, access controls, and contractual obligations with service providers.

11. CHILDREN'S PRIVACY

Our Website is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will delete that information and the child's account. If you believe we have collected information from a child, please contact us immediately at cortivas.global@gmail.com. Parents or guardians who believe their child has provided personal information should contact us to request deletion.

For users under 18 (but over the age of majority for privacy purposes in their jurisdiction), parental consent may be required before collection of personal information. We comply with the Children's Online Privacy Protection Act (COPPA) and similar laws.

12. THIRD-PARTY WEBSITES AND SOCIAL MEDIA

Our Website may contain links to third-party websites, including social media platforms. This Privacy Policy applies only to our Website. When you click on external links, you are subject to the privacy policies of those third-party websites. We do not control or endorse the privacy practices of third parties and are not responsible for their collection or use of your information. Please review their privacy policies before providing personal information.

If you interact with our brand on social media (Facebook, Instagram, TikTok, etc.), information you provide may be collected by both the social platform and by us. Social platforms have their own privacy policies governing your information. We may use social media data for marketing analytics, audience targeting, and engagement measurement.

Social Media Sign-In: If you choose to sign in to our Website using your social media account (e.g., Facebook login), we will receive your public profile information, email address, and any other information you authorize the social platform to share. This information is used to create your account and personalize your experience.

13. MARKETING COMMUNICATIONS

13.1 Email Marketing Opt-In

We collect email addresses only from customers who explicitly opt-in to receive marketing communications. Opt-in occurs through: (a) checking a 'subscribe to updates' box at checkout; (b) signing up on the Website; or (c) providing written consent. We do not send unsolicited marketing emails to users who have not opted in.

13.2 Unsubscribe Mechanism

Every marketing email includes an 'Unsubscribe' link. Clicking this link removes your email from our mailing list within 5 business days. You may also manage your subscription preferences by logging into your account on the Website.

13.3 Transactional vs. Marketing Email

Transactional emails (order confirmations, shipping notifications, password resets, refund confirmations) are sent to all customers regardless of marketing preference, as these are essential to order fulfillment. Unsubscribing from marketing emails does not stop transactional emails.

13.4 SMS Marketing

We do not currently send SMS text messages, but if we offer SMS marketing in the future, we will obtain explicit opt-in consent and provide instructions to unsubscribe via reply text or account settings.

14. CONTACT US

If you have questions about this Privacy Policy, your personal information, or our privacy practices, please contact us:

  • Email: cortivas.global@gmail.com
  • Mailing Address: 30 N Gould St, Sheridan, WY 82801, United States
  • Website: https://shopcortivas.com

We will respond to inquiries within 10 business days. For GDPR data subject requests, we will respond within 30 days (45 days maximum).

Data Protection Authority: If you are located in the European Union or United Kingdom and believe we have violated your privacy rights under GDPR, you have the right to lodge a complaint with your local data protection authority.

This Privacy Policy is effective as of May 20, 2026, and applies to all users and customers of https://shopcortivas.com. Cortivas Global LLC reserves the right to update this policy at any time. Continued use of the Website following updates constitutes acceptance of the modified policy.