Privacy policy

shaaby (operated by Heliopolis Inc.)

This Privacy Policy explains how Heliopolis Inc., operating the brand shaaby (“shaaby,” “we,” “us,” or “our”), collects, uses, and discloses your personal information when you visit shaaby.com, use our related content, features, tools, products, and services (the “Services”), make a purchase, or otherwise communicate with us. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using or accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand the collection, use, and disclosure of your information as described here. If you have questions or want to exercise your privacy rights, contact us at hi@shaaby.com or Heliopolis Inc., 8 The Green, Suite B, Dover, DE 19901.

1. Personal information we collect or process

When we use the term “personal information,” we mean information that identifies or can reasonably be linked to you or another person. It does not include information collected anonymously or that has been de-identified. Depending on how you interact with the Services, where you live, and as permitted or required by law, we may collect or process the following categories of personal information, including inferences drawn from it:

  • Contact details, including your name, billing and shipping addresses, phone number, and email address.
  • Financial information, including payment card and financial account information, transaction details, form of payment, and payment confirmations. This information is collected and processed by our e-commerce platform and payment processors; we do not store complete card numbers.
  • Account information, including your username, password, security questions, preferences, and settings.
  • Transaction information, including the items you view, add to your cart or wishlist, and your purchases, returns, exchanges, cancellations, and past transactions.
  • Communications with us, including information you include when you contact us, such as customer support inquiries.
  • Device information, including information about your device, browser, or network connection, your IP address, and other unique identifiers.
  • Usage information, including how and when you interact with or navigate the Services.

2. Sources of personal information

We may collect personal information: directly from you (for example, when you create an account, use the Services, communicate with us, or otherwise provide it); automatically through the Services (including from your device and through cookies and similar technologies); from our service providers; and from our partners and other third parties.

3. Cookies and tracking technologies

We use cookies, pixels, tags, and similar technologies to operate the Site, remember your preferences, analyze traffic and performance, and support advertising. This includes analytics tools (such as web analytics services) and advertising pixels operated by third-party advertising and social media platforms, which help us measure and deliver relevant ads.

You can control cookies through your browser settings and, where offered, through cookie preference controls on the Site. Some features of the Site may not function properly if you disable cookies. For information about your choices regarding advertising cookies, see the “Your choices about advertising” section below.

4. How we use your information

We use personal information to:

  • Process, fulfill, and deliver your orders and manage returns, exchanges, or refunds;
  • Create and manage your account and provide customer support;
  • Send transactional messages, such as order confirmations and shipping updates;
  • Send marketing emails and text messages where you have provided the required consent, and personalize our communications and offers;
  • Operate, maintain, analyze, and improve the Site and our products;
  • Measure and deliver advertising and understand its effectiveness;
  • Authenticate accounts and detect, prevent, and address fraud, security issues, and misuse; and
  • Comply with legal obligations and enforce our Terms of Service.

5. Marketing emails and text messages

With your consent where required, we send promotional emails and SMS/text messages about products, offers, and news.

Email. You can opt out at any time by clicking “unsubscribe” in any marketing email or by contacting us at hi@shaaby.com.

Text messages. By providing your phone number and opting in, you consent to receive recurring automated marketing texts from us at that number. Consent is not a condition of purchase. Message and data rates may apply. You can opt out at any time by replying STOP to any message, and reply HELP for help.

Even if you opt out of marketing, we may still send you non-promotional messages about your orders or account.

6. How we disclose personal information

We do not sell your personal information for money. We may disclose personal information to third parties for legitimate purposes subject to this Privacy Policy, including:

  • Service providers, such as our e-commerce platform (Shopify), payment processors, shipping and fulfillment carriers, email and SMS providers, data analytics providers, customer support, and IT, cloud storage, and hosting providers.
  • Business and marketing partners, to provide marketing services and advertise to you, including personalized advertising based on your activity across different merchants and websites. These partners use your information under their own privacy notices. Depending on where you reside, you may direct us not to share information about you for targeted advertising (see “Your choices about advertising” below).
  • Affiliates and our corporate group, within the family of companies related to Heliopolis Inc.
  • At your direction or with your consent, such as when you ask us to share information to ship products or when you use social media widgets or login integrations.
  • Legal and safety purposes, when we believe disclosure is necessary to comply with law, respond to legal process (such as subpoenas, warrants, and similar requests), enforce our Terms or policies, or protect the rights, property, or safety of shaaby, our customers, or others.
  • Business transfers, in connection with a merger, acquisition, financing, bankruptcy, or sale of assets, where personal information may be transferred as part of the transaction.

7. Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve them. Information you submit to the Services may be transmitted to and shared with Shopify and third parties that may be located in countries other than where you reside. In addition, we use certain Shopify enhanced features that incorporate data from your interactions with our store, along with other merchants and with Shopify. For these features, Shopify is responsible for processing your personal information, including for responding to requests to exercise your rights over that use. To learn more about how Shopify uses your personal information and the rights you may have, see the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/privacy/app-users and, depending on where you live, the Shopify Privacy Portal at https://privacy.shopify.com/en.

8. Your choices about advertising (“selling”/“sharing”)

Some privacy laws define the use of advertising cookies and pixels to deliver cross-context or targeted advertising as “selling” or “sharing” personal information, even when no money changes hands. You can opt out of this activity here: https://shaaby.com/pages/data-sharing-opt-out, or by contacting us at hi@shaaby.com.

If you visit our website with the Global Privacy Control (GPC) opt-out preference signal enabled, then, depending on where you are, we will automatically treat this as a request to opt out for the device and browser you are using. To learn more about GPC, visit https://globalprivacycontrol.org/. Other than the Global Privacy Control, we do not recognize other “Do Not Track” signals that may be sent from your browser or device.

9. Data retention

We retain personal information for as long as needed to provide our products and services, maintain your account, comply with our legal obligations, resolve disputes, and enforce our agreements and policies. Retention periods vary based on the type of information and the purpose for which it was collected.

10. Data security

No security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Information you send to us may not be secure while in transit, so we recommend that you do not use unsecure channels to communicate sensitive information to us. We use reasonable administrative, technical, and physical safeguards designed to protect personal information.

11. Your U.S. privacy rights

Depending on your state of residence (for example, California, and other states with comprehensive privacy laws such as Virginia, Colorado, Connecticut, and others), you may have the right to:

  • Know and access the personal information we have collected about you;
  • Request correction of inaccurate personal information;
  • Request deletion of your personal information;
  • Receive a copy of your personal information and, in certain cases, port it to a third party;
  • Opt out of the “sale” or “sharing” of personal information and of targeted advertising; and
  • Not receive discriminatory treatment for exercising your rights.

Under the California Consumer Privacy Act (CCPA/CPRA), California residents also have the right to know the categories of personal information collected, the sources, the purposes for collecting or sharing it, and the categories of third parties with whom it is shared. We do not use or disclose sensitive personal information for purposes that require a right to limit under California law.

To exercise these rights, contact us at hi@shaaby.com or use the opt-out link above. We will verify your identity before processing your request, as permitted or required by law. You may designate an authorized agent to submit a request on your behalf; we may require proof of authorization and may need to verify your identity directly. We will respond within the timeframe required by law and will not discriminate against you for exercising your rights.

12. Your rights under GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data: access, rectification, erasure, restriction of processing, objection to processing, data portability, and the right to withdraw consent at any time (without affecting processing already carried out).

Legal bases. We process personal data where necessary to perform our contract with you (for example, to fulfill orders), where we have a legitimate interest (such as improving and securing the Site and marketing our products, balanced against your rights), where we have your consent (such as for marketing communications and certain cookies), and where necessary to comply with a legal obligation.

To exercise your rights, contact us at hi@shaaby.com.

13. Complaints

If you have a complaint about how we process your personal information, please contact us at hi@shaaby.com. Depending on where you live, you may have the right to appeal our decision by contacting us at the same address, or to lodge a complaint with your local data protection authority.

14. International data transfers

We are based in the United States, and the information we collect is processed in the United States and may be transferred to, stored, and processed in other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your country. If we transfer your personal information out of the European Economic Area or the United Kingdom, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses (or the UK equivalent), unless the transfer is to a country determined to provide an adequate level of protection.

15. Children’s privacy

The Services are not directed to or intended for children, and we do not knowingly collect personal information from children under the age of majority in their jurisdiction. If you are a parent or guardian of a child who has provided us with personal information, please contact us and we will take appropriate steps to delete it. As of the effective date of this Privacy Policy, we do not have actual knowledge that we “sell” or “share” (as those terms are defined in applicable law) the personal information of individuals under 16 years of age.

16. Third-party links and services

The Services may contain links to third-party websites and services that we do not control. This Policy does not apply to those third parties, and we are not responsible for their privacy or security practices or the accuracy of information found on their sites. Information you share on third-party social platforms may be viewable by others. Our inclusion of a link does not imply endorsement. We encourage you to review the privacy policies of any third-party sites you visit.

17. Changes to this Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for operational, legal, or regulatory reasons. We will post the revised Policy on the Site, update the “Last updated” date above, and provide notice as required by law. Your continued use of the Services after changes are posted constitutes acceptance of the revised Policy.

18. Contact us

Heliopolis Inc. (shaaby)

8 The Green, Suite B

Dover, DE 19901

Email: hi@shaaby.com