GOLDZENN Privacy Policy

Effective Date: March 23, 2026
Last Updated: March 23, 2026

1. Introduction & Identity

Effective Date: March 23, 2026

GoldZenn LLC, a Florida limited liability company doing business as GOLDZENN (“GOLDZENN,” “we,” “us,” or “our”), is committed to protecting the privacy and security of the personal information entrusted to us by our customers, visitors, and users. This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and safeguard your personal information when you interact with us through any channel, including our website at goldzenn.com (the “Website”), our physical retail location, email, telephone, SMS, live chat, social media, and any other means of communication.

1.1 Who We Are

Legal Entity	GoldZenn LLC
Trade Name	GOLDZENN
Registered State	Florida
Physical Address	1056 SW 67th Ave, Miami, FL 33144
Phone	(321) 521-4651
Email	contact@goldzenn.com
Website	goldzenn.com
Business Hours	Monday–Friday 10:00 AM–7:00 PM EST  |  Saturday 10:00 AM–4:00 PM EST

GOLDZENN is a Miami-based luxury jewelry brand specializing in fine gold (10K–24K) and silver (925/950) jewelry, including Cuban link chains, tennis chains, bracelets, earrings, pendants, rings, and watches. We sell through our Website, in-store, and through authorized third-party marketplaces.

1.2 Scope of This Policy

This Policy applies to all personal information we collect or process in connection with:

• Your visits to and use of our Website, including browsing, account creation, and checkout;
• Purchases of our products, whether online, in-store, or via phone order;
• Communications with us, including by email, phone, SMS, live chat, and web forms;
• Your subscription to our email or SMS marketing programs;
• Product reviews submitted through third-party review platforms;
• Custom order requests, returns, exchanges, and warranty claims;
• Your interactions with our advertisements on third-party platforms (Meta, Google, TikTok); and
• Any other interaction with GOLDZENN in which personal information is collected.

This Policy applies to all visitors, customers, prospective customers, and other individuals who interact with GOLDZENN, regardless of geographic location. If you are located in the European Economic Area (EEA), the United Kingdom (UK), or California, additional rights and disclosures specific to you are set forth in the jurisdiction-specific sections of this Policy (see Sections 8 and 9).

This Policy does not apply to the practices of third-party websites, platforms, or services that we do not own or control, even if they are linked from our Website. We encourage you to review the privacy policies of any third-party service before providing your personal information to them.

1.3 Children’s Privacy

Our Website and services are not directed to, and we do not knowingly collect personal information from, individuals under the age of sixteen (16). This threshold satisfies both the Children’s Online Privacy Protection Act (COPPA), which applies to children under thirteen (13), and the General Data Protection Regulation (GDPR), which in certain contexts applies to individuals under sixteen (16). If we become aware that we have collected personal information from a child under sixteen, we will take prompt steps to delete that information. If you believe we may have inadvertently collected information from a child under sixteen, please contact us immediately using the information in Section 1.5.

1.4 Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will post the updated Policy on our Website with a revised “Effective Date” and, where required by applicable law, provide you with additional notice (such as by email or a prominent notice on our Website). We encourage you to review this Policy periodically. Your continued use of our Website or services after the posting of changes constitutes your acknowledgment of such changes; however, for processing that requires consent under applicable law (such as the GDPR), we will seek your affirmative consent where required before applying material changes to that processing.

1.5 How to Contact Us About Privacy

For all privacy-related inquiries, requests, or complaints, please contact us by email:

Email: contact@goldzenn.com
Subject line: “Privacy Request” (or “CCPA Request,” “GDPR Request,” “Do Not Sell or Share” as applicable)

All privacy requests must be submitted in writing via email to ensure proper documentation and processing.

We aim to respond to all privacy-related inquiries within ten (10) business days.

2. Information We Collect

We collect personal information—meaning information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to you or your household. Below is a comprehensive, categorized description of the types of personal information we collect.

Category A — Identifiers

Data Element	Examples
Full name	First name, last name
Email address	Personal or business email used at checkout, account creation, or correspondence
Phone number	Mobile or landline number provided at checkout, for SMS opt-in, or for customer service
Shipping address	Street address, city, state, ZIP/postal code, country
Billing address	Street address, city, state, ZIP/postal code, country (if different from shipping)
Account credentials	Username, password (hashed and encrypted; we do not store plaintext passwords)
Unique identifiers	Shopify customer ID, order number

Category B — Financial Information

Data Element	Details
Credit/debit card numbers	Processed and stored exclusively by Shopify Payments (which is PCI DSS Level 1 certified). GOLDZENN does not process, store, or have access to full card numbers.
Buy Now, Pay Later (BNPL) account information	If you pay via Affirm, Shop Pay Installments, Afterpay, or PayPal, your financing and account details are processed and stored by those platforms, not by GOLDZENN. These services may perform their own credit assessments and data collection; please review their respective privacy policies.
PayPal account information	If you pay via PayPal, your payment is processed by PayPal. We receive only your name, email, shipping address, and transaction confirmation.
Order history	Products purchased, order dates, order amounts, refund and exchange records, store credit balances
Transaction amounts	Item prices, discounts applied, taxes, shipping costs, total amounts paid

Important: GOLDZENN never processes, records, or maintains your full credit card number, debit card number, or bank account information on our own servers. All payment processing is handled by PCI DSS-compliant third-party payment processors.

Category C — Device & Technical Information

Data Element	Details
IP address	Your Internet Protocol address, which may be used to approximate your geographic location
Browser type and version	e.g., Chrome 124, Safari 18, Firefox 130
Operating system	e.g., Windows 11, macOS Sequoia, iOS 19, Android 16
Device type and identifiers	Desktop, mobile, or tablet; device model; unique device identifiers
Cookies	First-party cookies (set by goldzenn.com) and third-party cookies (set by analytics and advertising partners)
Pixel and tracking data	Data collected by the Meta Pixel, Google Ads tag, TikTok Pixel, and analytics integration tools that connect our store to Google Analytics 4
Session recordings	Microsoft Clarity records anonymized session replays including mouse movements, clicks, scrolls, and page interactions to help us understand how users navigate our Website. Clarity does not collect passwords or payment information.
Referring URLs	The webpage or search engine that directed you to our Website
Pages visited	Specific pages and products viewed on goldzenn.com, sequence of navigation
Time on site	Duration of your visit, time spent on individual pages
Approximate geolocation	City- or region-level location derived from your IP address (we do not collect precise GPS coordinates)

Category D — Behavioral & Interaction Data

Data Element	Details
Browsing history on goldzenn.com	Pages visited, collections viewed, navigation patterns
Product interactions	Products viewed, added to cart, added to wishlist, purchased, or abandoned
Site search queries	Search terms you enter on goldzenn.com
Live chat transcripts	Messages exchanged with our customer service team via our live chat provider
Form submissions	Information you submit through our web forms, including custom jewelry requests, engraving specifications, and special order inquiries
Product review content	Reviews, ratings, photos, and other content you submit via third-party review platforms
Ad interaction data	Clicks on our advertisements, conversion events (e.g., add-to-cart, initiate-checkout, purchase) tracked by Meta, Google, and TikTok

Category E — Communications

Data Element	Details
Email correspondence	Emails you send to us and our replies, including content, attachments, and metadata
SMS messages	Marketing and transactional SMS messages sent via Klaviyo, including your opt-in status, message history, and opt-out requests
Phone call records	Date, time, duration, and general subject matter of phone calls with our customer service team (calls may be recorded for quality assurance where permitted by law and disclosed at the start of the call)
Customer service interactions	Records of inquiries, complaints, return/exchange requests, and their resolutions across all communication channels

Category F — Photos & Media

Data Element	Details
Damage/defect claim photos	Photographs you submit as part of a return, exchange, or warranty claim to document damage, defects, or product condition, as required by our Refund Policy
Custom order reference photos	Images you submit as design references or inspiration for made-to-order or custom jewelry pieces
Review photos	Photos you voluntarily upload with product reviews via third-party review platforms

Information We Do Not Collect

GOLDZENN does not knowingly collect:

• Special categories of personal data (as defined under the GDPR), including data concerning race, ethnicity, religious or philosophical beliefs, political opinions, trade union membership, genetic or biometric data, health information, sex life, or sexual orientation;
• Social Security numbers or government-issued identification numbers;
• Information from children under sixteen (16); or
• Criminal history or records of criminal convictions.

3. How We Collect Information

We collect personal information through three primary methods: directly from you, automatically when you visit our Website, and from third-party sources.

3.1 Directly from You

You provide personal information to us when you:

• Create an account on goldzenn.com (name, email, password);
• Place an order through our Website, by phone, or in-store (name, shipping and billing addresses, email, phone number, payment method selection);
• Contact us via email (contact@goldzenn.com), phone ((321) 521-4651), live chat, or web forms;
• Subscribe to email marketing through newsletter signup forms or at checkout;
• Subscribe to SMS marketing by opting in to receive text messages via Klaviyo;
• Leave a product review through third-party review platforms;
• Submit a custom order request through our custom jewelry inquiry forms, including design specifications, reference photos, and engraving details;
• File a return, exchange, or warranty claim by submitting your order information, description of the issue, and photographs of damage or defects as required by our Refund Policy; or
• Participate in a promotion, survey, or contest that we may offer from time to time.

3.2 Automatically When You Visit Our Website

When you visit goldzenn.com, certain information is collected automatically through the following technologies:

Technology	Provider	What It Collects
Cookies (first-party and third-party)	Shopify, Meta, Google, TikTok, Klaviyo	Session identifiers, browsing preferences, shopping cart contents, login status, ad attribution data
Meta Pixel & Conversions API (CAPI)	Meta Platforms, Inc.	Page views, product views, add-to-cart events, initiate-checkout events, purchase events, and associated data (hashed email, hashed phone, IP address, browser data). CAPI transmits certain event data server-side.
Google Ads Tag & Google Analytics 4	Google LLC (via analytics integration tools that connect our store to Google Analytics)	Page views, conversion events, e-commerce transaction data, device information, session duration, traffic source
TikTok Pixel	TikTok Inc.	Page views, product views, conversion events, device and browser data
Session recording	Microsoft Clarity	Mouse movements, clicks, scrolls, page interactions, heatmaps. Clarity masks sensitive input fields (passwords, payment data) and does not capture keystrokes in form fields.
Fraud prevention	NoFraud	Device fingerprinting, IP address, browser configuration, behavioral signals used to assess transaction risk and detect fraudulent orders
Shopify analytics	Shopify Inc.	Store performance data, visitor counts, conversion rates, cart metrics

For information about managing cookies and tracking technologies, including how to opt out, please see Section 5.6 of this Policy.

3.3 From Third-Party Sources

We may receive personal information about you from the following categories of third-party sources:

Source	Information Received
Payment processors (Shopify Payments, Affirm, Shop Pay Installments, PayPal, Afterpay)	Transaction confirmation, payment status, billing name, billing address, fraud risk signals. BNPL providers (Affirm, Shop Pay Installments, Afterpay) may share order approval/denial status and installment payment information.
Shipping carriers (UPS, FedEx)	Delivery status, delivery confirmation, delivery address verification, signature confirmation (where applicable)
Advertising platforms (Meta, Google, TikTok)	Ad conversion data, audience segment membership, click attribution data, and aggregate performance metrics used to measure the effectiveness of our advertising campaigns
Review platforms	Review content, ratings, and reviewer information for display on our Website
Fraud prevention (NoFraud)	Transaction risk scores, fraud analysis results, recommendations to approve, review, or reject orders
Shopify	Customer account data, order data, and analytics processed on Shopify’s infrastructure as our e-commerce platform provider

When we receive personal information from third-party sources, we treat that information in accordance with this Policy and any additional restrictions imposed by the source of the data.

4. How We Use Your Information

We use the personal information we collect for the purposes described below. For each purpose, we have identified the legal basis under the GDPR (and UK GDPR) that authorizes the processing. Where we rely on legitimate interests, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. For U.S. residents, our processing is based on the business and commercial purposes described in this section, consistent with applicable state privacy laws.

#	Purpose	Categories of Data Used	Legal Basis (GDPR / UK GDPR)
4.1	To process and fulfill your orders. We use your name, shipping address, billing address, email, phone number, and payment method selection to process orders, arrange shipping, provide order confirmations, and send delivery updates.	A (Identifiers), B (Financial), E (Communications)	Performance of contract (Art. 6(1)(b)) — processing is necessary to fulfill our contractual obligation to deliver the products you purchase.
4.2	To communicate with you. We use your contact information to send transactional communications such as order confirmations, shipping notifications, delivery updates, and customer service responses to your inquiries.	A (Identifiers), E (Communications)	Performance of contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)) — it is in our mutual interest to keep you informed about the status of your orders and to respond to your inquiries.
4.3	To provide marketing communications. With your consent where required by law, we use your email and phone number to send promotional emails (via Klaviyo), SMS marketing messages (via Klaviyo), and retargeting advertisements (via Meta, Google, and TikTok). You may opt out of marketing at any time (see Sections 5.6 and 7).	A (Identifiers), C (Technical), D (Behavioral), E (Communications)	Consent (Art. 6(1)(a)) for email/SMS marketing to individuals who have not made a purchase. Legitimate interests (Art. 6(1)(f)) for direct marketing to existing customers (“soft opt-in”) where permitted under applicable law, provided the marketing relates to similar products and an unsubscribe mechanism is available.
4.4	To improve our Website and services. We use analytics data (Google Analytics 4 via analytics integration tools), session recordings (Microsoft Clarity), browsing data, and aggregated usage patterns to understand how visitors use our Website, identify areas for improvement, optimize page layouts, and enhance the overall shopping experience.	C (Technical), D (Behavioral)	Legitimate interests (Art. 6(1)(f)) — we have a legitimate interest in understanding how our Website is used so we can improve it. For EEA/UK visitors, non-essential analytics cookies require consent (Art. 6(1)(a)) obtained via our cookie preferences settings.
4.5	To prevent fraud and protect our business. We use device fingerprinting data (NoFraud), IP addresses, payment information, and behavioral signals to screen orders for fraud, verify identities, prevent unauthorized transactions, and protect against chargebacks and abuse.	A (Identifiers), B (Financial), C (Technical)	Legitimate interests (Art. 6(1)(f)) — we have a compelling interest in preventing fraudulent orders that harm both our business and our customers. For orders flagged for additional review, processing may also be based on performance of contract (Art. 6(1)(b)).
4.6	To process returns, exchanges, and warranty claims. We use your order history, contact information, photographs of damaged or defective products, and communications to evaluate and process return and exchange requests, issue refunds or store credit, and fulfill warranty obligations in accordance with our Refund Policy.	A (Identifiers), B (Financial), E (Communications), F (Photos)	Performance of contract (Art. 6(1)(b)) — processing is necessary to fulfill our return and warranty obligations. Legal obligation (Art. 6(1)(c)) where required by consumer protection law.
4.7	To personalize your experience. We use browsing history, purchase history, and product interaction data to provide product recommendations and a tailored shopping experience. Note: GOLDZENN does not engage in dynamic pricing based on individual user data. Our prices are determined by precious metal market rates and are the same for all customers.	A (Identifiers), D (Behavioral)	Legitimate interests (Art. 6(1)(f)) — personalization improves the customer experience without adversely affecting your rights.
4.8	To comply with legal obligations. We use personal information as necessary to comply with applicable laws, including tax reporting and remittance (e.g., sales tax, customs declarations for international shipments), responding to lawful requests from law enforcement and regulatory authorities, and participating in legal proceedings or dispute resolution.	A (Identifiers), B (Financial), E (Communications)	Legal obligation (Art. 6(1)(c)) — processing is necessary to comply with a legal obligation to which GOLDZENN is subject.
4.9	To run advertising campaigns and measure their effectiveness. We use the Meta Pixel and Conversions API (CAPI), Google Ads conversion tracking, and TikTok Pixel to: (a) measure the performance of our advertisements, (b) build and refine advertising audiences (including lookalike and retargeting audiences), (c) attribute conversions (such as purchases, add-to-cart events, and initiate-checkout events) to specific campaigns, and (d) optimize our advertising spend. This involves sharing certain data with Meta, Google, and TikTok as described in Sections 5.2 through 5.4.	A (Identifiers), C (Technical), D (Behavioral)	Consent (Art. 6(1)(a)) for EEA/UK visitors, obtained via our cookie preferences settings before advertising cookies are activated. Legitimate interests (Art. 6(1)(f)) for U.S. visitors, subject to opt-out rights described in Section 8.
4.10	To collect and display product reviews. We use third-party review platforms to collect and display customer reviews. These platforms may collect your name, email address, and review content when you submit a review. When you submit a review, your first name, review text, star rating, and any photos you upload are published on the applicable product page.	A (Identifiers), D (Behavioral), F (Photos)	Consent (Art. 6(1)(a)) — by submitting a review, you consent to publication of the review content. Legitimate interests (Art. 6(1)(f)) — reviews serve the legitimate interest of providing transparent product information to prospective customers.

Important Notes on Our Use of Your Information

• No sale of personal information for third-party marketing. GOLDZENN does not sell your personal information to third parties for their own direct marketing purposes. However, as described in Section 4.9 and further detailed in Section 5, our use of advertising pixels and conversion APIs may constitute “sharing” under the California Consumer Privacy Act (CCPA/CPRA). Your opt-out rights are described in Section 8.
• No automated decision-making with legal effects. GOLDZENN does not use your personal information for automated decision-making that produces legal effects or similarly significant effects concerning you. While we use automated fraud screening (NoFraud) to flag potentially fraudulent orders, all flagged orders are subject to human review before any action is taken.
• Aggregated and de-identified data. We may create aggregated, de-identified, or anonymized data from the personal information we collect. Once data is de-identified, it is no longer personal information and may be used for any lawful business purpose, including industry benchmarking, analytics, and marketing research, without restriction under this Policy.

---

5. Tracking Technologies & Cookies

5.1 — What Are Cookies and Tracking Technologies

When you visit goldzenn.com, we and our third-party partners use several types of technologies to collect information about how you interact with our website. This section explains each technology in plain language so you can make informed decisions about your privacy.

• Cookies are small text files placed on your device (computer, phone, or tablet) by a website you visit. They allow the site to remember your actions and preferences (such as your shopping cart contents, login status, and language) over a period of time.
• Pixels (also called tracking pixels or web beacons) are tiny, invisible images or code snippets embedded on web pages. When a page loads, the pixel sends information back to a third-party server — for example, telling Meta (Facebook) that you viewed a product or completed a purchase.
• Session recording is a technology that records your interactions with a website — including mouse movements, clicks, scrolling, and page navigation — so that site owners can replay sessions as video-like recordings to identify usability issues.
• Server-side tracking transmits data directly from our web server to a third-party platform, bypassing your browser entirely. Unlike cookies, which can be blocked by browser settings or extensions, server-side tracking operates independently of your browser’s cookie preferences.
• Device fingerprinting collects technical attributes of your device (such as browser type, screen resolution, and installed fonts) to create a unique identifier. This technique is used primarily for fraud prevention during checkout.
• Tag management systems are containers that load and manage multiple tracking scripts on a website. They do not collect data themselves but control which other tracking technologies run and when.

5.2 — Cookie Categories

We organize the tracking technologies on our website into four categories based on their purpose. The table below lists every technology by name, what it does, and whether you can opt out.

Category	Purpose	Technologies	Can You Opt Out?
Essential	Required for the website to function. These technologies enable core features such as your shopping cart, checkout process, account authentication, and fraud prevention. Without them, the site cannot operate properly.	Shopify session cookies — maintain your cart, login state, and checkout progress Shopify Payments (powered by Stripe) — processes credit and debit card transactions securely NoFraud — fraud detection and device fingerprinting during checkout (see Section 5.5)	No — these are required for the website to function. Disabling them will prevent you from shopping or completing purchases.
Analytics	Help us understand how visitors use our site — which pages are visited most, where visitors encounter problems, and how we can improve the shopping experience.	Google Analytics 4 (GA4) — collects data about pages visited, time on site, device type, geographic location, and user navigation paths Google Tag Manager (GTM) — manages the deployment of analytics and advertising tags (does not collect data itself) Analytics integration tools — connect our Shopify store to Google Analytics 4, Google Ads, Meta, and other platforms to ensure accurate tracking of purchases, cart actions, and browsing events Microsoft Clarity — session recording and heatmap analytics (see Section 5.3 for full disclosure) Reporting and analytics tools — business reporting and analytics for our Shopify store Shopify Analytics — Shopify’s built-in analytics tracking browsing behavior, session data, and conversion data	Yes — see Section 5.6 for opt-out instructions for each provider.
Advertising	Used to deliver relevant ads, measure ad performance, and build audiences for retargeting. These technologies share data with advertising platforms so we can show you GOLDZENN ads on other websites and social media.	Meta (Facebook) Pixel — tracks page views, product views, add-to-cart actions, and purchases for Facebook and Instagram ad targeting and measurement Meta Conversions API (CAPI) — server-side tracking that sends event data directly from our server to Meta (see Section 5.4 for full disclosure) Google Ads Conversion Tracking — measures whether ad clicks result in purchases or other actions on our website TikTok Pixel — tracks page views, product views, and purchases for TikTok ad targeting and measurement Product feed management tools — manage our Google Shopping product feed, transmitting product data to Google Merchant Center	Yes — see Section 5.6 for opt-out instructions for each provider.
Functional	Enable enhanced features such as live customer support, product reviews, custom forms, and promotional popups. These improve your experience but are not strictly required for the site to work.	Live chat tools — live chat widget for real-time customer support; stores chat transcripts and collects your name and email if you provide them Third-party review platforms — collect your name, email, review text, star rating, and any photos you upload when you submit a review Web form tools — power custom jewelry request forms; collect names, contact information, and customization preferences you submit Product recommendation tools — display upsell and cross-sell popups and trust badges; may collect page view and interaction data Klaviyo on-site tracking — tracks pages viewed, products viewed, and cart activity to personalize email and SMS marketing (see Section 7 for full marketing disclosure)	Yes — see Section 5.6 for opt-out instructions. Note that disabling live chat or review widgets may limit certain features.

5.3 — Session Recording Disclosure (Microsoft Clarity)

We use Microsoft Clarity, a session recording and heatmap analytics service provided by Microsoft Corporation, to understand how visitors interact with our website. Clarity records the following interactions during your browsing session:

• Mouse movements and cursor position — continuous tracking of where your cursor moves on each page
• Clicks and taps — what you click or tap on, including buttons, links, images, and other elements
• Scrolling behavior — how far you scroll on each page and your scroll speed
• Page interactions and navigation — which pages you visit, in what order, and how you move between them
• Form interactions — which form fields you interact with and how long you spend on each (see note below about sensitive fields)
• Text selections — text you highlight or select on any page
• Session duration and page views — how long you spend on the site and on each individual page
• Frustration signals — rapid repeated clicks (“rage clicks”) and clicks on non-interactive elements (“dead clicks”)

These recordings are stored on Microsoft servers and may be replayed by GOLDZENN staff as video-like session replays. We use this data to identify usability issues, understand where visitors encounter difficulty, and improve the overall shopping experience.

What Clarity does NOT capture: Session recordings do not capture payment information, passwords, credit card numbers, or other sensitive form field inputs. Microsoft Clarity automatically masks sensitive input fields by default, including payment fields processed by Shopify Payments, Affirm, Shop Pay, and PayPal.

Microsoft may also use Clarity data in accordance with its own privacy policy, available at https://privacy.microsoft.com.

By continuing to use our website after being informed of our session recording practices through this Privacy Policy, you acknowledge and consent to the recording of your browsing session for the purposes described above. If you do not consent to session recording, you may opt out using the methods described below.

How to opt out of Microsoft Clarity:

• Enable the “Do Not Track” setting in your browser (see Section 5.6)
• Use a browser extension that blocks analytics scripts (such as uBlock Origin or Privacy Badger)
• Disable JavaScript in your browser for our website (note: this will significantly limit site functionality)

5.4 — Server-Side Tracking Disclosure (Meta Conversions API)

In addition to browser-based cookies and the Meta (Facebook) Pixel, we use the Meta Conversions API (CAPI) to send certain event data directly from our server to Meta Platforms, Inc. (the parent company of Facebook and Instagram).

How this works: When you take an action on our website — such as viewing a product, adding an item to your cart, or completing a purchase — our Shopify server sends that event data to Meta’s servers through a direct server-to-server connection. This data transmission occurs independently of your browser’s cookie settings. Even if you block cookies, use an ad blocker, or enable Do Not Track in your browser, this server-side data transmission will still occur.

What data is sent via CAPI:

• Event type (page view, product view, add to cart, initiate checkout, purchase)
• Hashed email address and phone number (used by Meta to match events to user profiles)
• IP address and browser user agent
• Purchase amounts and product identifiers
• A unique event identifier to deduplicate events sent by both the Pixel and the API

Why we use CAPI: Server-side tracking improves the accuracy of our advertising measurement and helps us understand which ads lead to purchases. Meta uses this data to optimize ad delivery and build audiences for our advertising campaigns on Facebook and Instagram.

How to limit server-side tracking: Because CAPI operates at the server level, it cannot be blocked by browser settings or extensions. To limit the use of your data for advertising after it reaches Meta, you can adjust your Meta Ad Preferences at https://www.facebook.com/adpreferences. You may also exercise your rights under applicable privacy laws (see the Consumer Rights section of this policy) to request deletion of your data.

Global Privacy Control (GPC) and server-side tracking: When we receive a valid Global Privacy Control (GPC) signal or other opt-out request under applicable law, we instruct Meta not to use data transmitted via the Conversions API for cross-context behavioral advertising for opted-out users.

5.5 — Device Fingerprinting (NoFraud)

We use NoFraud, a third-party fraud prevention service, to protect against fraudulent transactions on our website. During the checkout process, NoFraud automatically analyzes characteristics of your device to detect and prevent fraud. This analysis, known as device fingerprinting, collects technical attributes including:

• Browser type and version
• Screen resolution and display settings
• Installed fonts and plugins
• Operating system and device type
• IP address and approximate geographic location
• Other technical attributes that, taken together, create a unique device profile

This device profile is compared against known fraud patterns to assign a risk score to your transaction. Device fingerprinting occurs automatically during checkout — no action is required from you, and no separate consent prompt is displayed.

NoFraud also receives your order details and payment information (processed securely) to complete its fraud assessment. GOLDZENN uses NoFraud’s assessment to approve, flag, or decline orders. NoFraud processes your data in accordance with its privacy policy, available at https://www.nofraud.com/privacy-policy.

Because fraud prevention is essential to protecting both you and GOLDZENN, device fingerprinting by NoFraud cannot be opted out of during the checkout process.

5.6 — How to Manage Cookies and Opt Out

You have several options for controlling or limiting the tracking technologies described above. Please note that opting out of certain technologies may affect your experience on our website.

Browser Cookie Settings

Most web browsers allow you to control cookies through their settings. You can typically set your browser to block all cookies, block only third-party cookies, or delete cookies when you close the browser. Instructions vary by browser:

• Google Chrome: Settings > Privacy and Security > Cookies and other site data
• Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data
• Apple Safari: Preferences > Privacy > Manage Website Data
• Microsoft Edge: Settings > Cookies and site permissions > Manage and delete cookies and site data

Google Analytics Opt-Out

Install the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout. This add-on prevents the Google Analytics JavaScript (gtag.js, analytics.js) from sending data to Google Analytics.

Google Ads Opt-Out

Manage your Google advertising preferences and opt out of personalized ads at https://adssettings.google.com. You can also opt out of Google’s advertising cookies by visiting https://www.google.com/settings/ads.

Meta (Facebook/Instagram) Opt-Out

Adjust your ad preferences at https://www.facebook.com/adpreferences. You can control whether Meta uses data from its advertising partners (including GOLDZENN) to show you ads. Note that this controls how Meta uses the data for ad targeting; to limit the data sent from our server via CAPI, see Section 5.4 above.

TikTok Opt-Out

Manage your TikTok advertising preferences in the TikTok app: go to Profile > Settings and Privacy > Privacy > Ads Personalization. You can also opt out of personalized ads on TikTok via the platform’s Ads and Your Data page.

Microsoft Clarity Opt-Out

To prevent session recording by Microsoft Clarity, you may:

• Enable Do Not Track in your browser (see below)
• Install a browser extension that blocks analytics and session recording scripts, such as uBlock Origin, Privacy Badger, or Ghostery

Industry-Wide Opt-Out Tools

You may also opt out of interest-based advertising from participating companies through the following industry tools:

• Digital Advertising Alliance (DAA): https://optout.aboutads.info
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org
• European Interactive Digital Advertising Alliance (EDAA): https://www.youronlinechoices.eu

“Do Not Track” and Global Privacy Control (GPC)

Some browsers offer a “Do Not Track” (DNT) signal that requests websites not track your browsing activity. There is currently no universal standard for how websites must respond to DNT signals; however, we disclose our tracking practices in this section so you can make informed choices using the opt-out tools described above.

We recognize the Global Privacy Control (GPC) signal as a valid opt-out of the “sale” or “sharing” of personal information as required by the California Consumer Privacy Act (CCPA/CPRA). If your browser sends a GPC signal, we will treat it as a request to opt out of the sharing of your personal information with advertising partners for cross-context behavioral advertising. You can enable GPC in supported browsers or through extensions — learn more at https://globalprivacycontrol.org.

Essential Cookies Cannot Be Disabled

Cookies that are strictly necessary for the operation of our website (such as shopping cart cookies, authentication cookies, and fraud prevention technologies) cannot be disabled without impairing core site functionality. If you disable these cookies, you may be unable to add items to your cart, complete checkout, or access your account.

Note for EEA/UK Visitors

If you are visiting from the European Economic Area or United Kingdom and do not see a cookie consent prompt, please contact us at contact@goldzenn.com to manage your cookie preferences.

6. Third-Party Sharing

6.1 — Categories of Third Parties We Share Data With

To operate our business, process your orders, market our products, and improve our website, we share your personal information with the following categories of third parties. Each category is listed with the specific companies involved, the types of data shared, and the reason for sharing.

Category	Who	What We Share	Why
Payment Processors	Shopify Payments (powered by Stripe), PayPal, Affirm, Shop Pay / Shop Pay Installments, Afterpay	Name, billing address, shipping address, email, phone number, payment card details (processed securely — GOLDZENN does not store your card numbers), order amounts, and order details. Affirm, Shop Pay Installments, and Afterpay may additionally collect date of birth and perform a soft credit check to determine eligibility for installment plans.	To process your payment, authorize transactions, and fulfill buy-now-pay-later financing. Payment processing is handled on PCI DSS Level 1 certified infrastructure provided by Shopify. GOLDZENN does not store or have access to your full credit card numbers.
Shipping Carriers	UPS, FedEx, DHL, USPS, and other carriers as applicable	Name, shipping address, phone number, email (for delivery notifications), and order details (package weight, dimensions, declared value)	To deliver your order, generate shipping labels, provide tracking information, and handle delivery exceptions or returns.
Advertising Partners	Meta Platforms, Inc. (Facebook / Instagram), Google LLC (Google Ads), ByteDance Ltd. (TikTok)	Hashed email address and phone number, purchase events (product purchased, order value), browsing data (pages viewed, products viewed, add-to-cart events, checkout initiations), IP address, browser user agent, and device identifiers. Data is transmitted via both browser-based pixels and server-side APIs (see Sections 5.2 and 5.4).	To show you relevant GOLDZENN advertisements on Facebook, Instagram, Google Search, the Google Display Network, and TikTok; to measure the effectiveness of our advertising campaigns; and to build audiences of customers and similar potential customers for ad targeting.
Analytics Providers	Google LLC (Google Analytics 4), Microsoft Corporation (Microsoft Clarity), analytics integration tools, reporting and analytics tools	Browsing behavior (pages visited, time on page, navigation paths), device information (browser, OS, screen size), IP address (used for approximate geolocation), session recordings including mouse movements, clicks, and scroll behavior (Clarity only — see Section 5.3)	To analyze website traffic patterns, identify usability issues, understand which products and pages are most popular, and improve the overall shopping experience.
Marketing Platform	Klaviyo, Inc.	Email address, phone number, first and last name, purchase history (products purchased, order values, dates), browsing behavior on our website (pages viewed, products viewed, cart activity via Klaviyo on-site tracking), email engagement data (opens, clicks), and SMS delivery and response data	To send you marketing emails and SMS messages (with your consent), to segment our customer base for targeted communications, and to personalize the content of our marketing messages based on your interests and purchase history. See Section 7 for full details on email and SMS marketing.
Review Platform	Third-party review platforms	Name, email address, order details (product purchased, order date), review text, star rating, and any photos you upload	We use third-party review platforms to collect and display customer reviews. These platforms may collect your name, email address, and review content when you submit a review. They may also send you a follow-up email after your purchase requesting a review.
Fraud Prevention	NoFraud	Device fingerprint (browser type, screen resolution, installed fonts, and other technical attributes), IP address, order details, and payment information (transmitted securely)	To detect and prevent fraudulent transactions by analyzing device and transaction characteristics against known fraud patterns. See Section 5.5 for full details.
Live Chat	Our live chat provider	Chat transcripts (the messages you send and receive during a support conversation), name and email address (if you provide them), IP address, browser type, and pages visited before and during the chat	To provide real-time customer support via the live chat widget on our website and to maintain records of support interactions.
Form Services	Web form tools	Information you submit through custom forms, including your name, contact details, and product customization preferences for custom jewelry requests	To process custom jewelry inquiries and other form submissions on our website. Form data is transmitted to and stored on the form provider's servers.
Feed Management	Product feed management tools	Product data (titles, descriptions, prices, images, availability, product categories)	To manage and optimize our Google Shopping product feed, ensuring our products are accurately listed in Google Shopping results.
E-Commerce Platform	Shopify, Inc.	All data associated with your account and orders, including personal information, payment data (tokenized), order history, browsing behavior, and analytics data	Shopify hosts our online store and processes all transactions. Shopify’s use of your data is governed by its privacy policy at https://www.shopify.com/legal/privacy.
Upsell/Trust Widgets	Product recommendation tools	Page view data and interaction data (which popups you view or dismiss)	To display product recommendations, upsell offers, and trust badges to enhance your shopping experience.

6.2 — We Do Not Sell Your Personal Information

GOLDZENN does not sell your personal information to third parties for their own independent marketing purposes.

When we share data with advertising partners such as Meta (Facebook/Instagram), Google, and TikTok, it is for the purpose of advertising our products to you — not for those companies to market their own products or services to you. These platforms receive your data solely to help us deliver and measure GOLDZENN advertisements.

However, under certain state privacy laws — including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA) — the sharing of personal information with advertising partners for cross-context behavioral advertising (such as retargeting) may be classified as a “sale” or “sharing” of personal information, even when no money changes hands. If you are a California resident, you have the right to opt out of this type of sharing. Please see the Your Privacy Rights section of this policy for instructions on how to exercise that right, or click the “Do Not Sell or Share My Personal Information” link in our website footer. To exercise your right to opt out of sharing, email contact@goldzenn.com with the subject line “Do Not Sell or Share” or call (321) 521-4651.

6.3 — Service Providers vs. Third Parties

Privacy laws, including the CCPA/CPRA, distinguish between service providers and third parties:

• Service providers are companies that process your personal information on our behalf, under our instructions, and pursuant to a written contract that restricts them from using your data for any purpose other than providing services to GOLDZENN. The majority of the companies listed in Section 6.1 are service providers. This includes our payment processors (Shopify Payments, PayPal, Affirm, Shop Pay, Afterpay), shipping carriers, fraud prevention (NoFraud), analytics integration and reporting tools, live chat tools, review platforms, web form tools, and product feed management tools.
• Third parties are companies that may receive your personal information and use it for their own purposes, including improving their own products and services. Our advertising partners — Meta, Google, and TikTok — receive data that they may use in accordance with their own privacy policies, including to improve their advertising platforms and to serve ads from other advertisers. Microsoft (Clarity) and Klaviyo may also use aggregated or de-identified data for their own product improvement purposes.

We require all service providers to maintain appropriate security measures and to use your personal information only as directed by GOLDZENN and as permitted by applicable law.

6.4 — Legal Disclosures

In addition to the sharing described above, we may disclose your personal information in the following circumstances:

• Legal process: When we are required to do so by law, regulation, subpoena, court order, or other legal process.
• Protection of rights and safety: When we believe in good faith that disclosure is necessary to protect the rights, property, or safety of GOLDZENN, our customers, our employees, or the public. This includes exchanging information with law enforcement agencies and other companies and organizations for the purposes of fraud protection and credit risk reduction.
• Business transfers: In connection with a merger, acquisition, sale of assets, reorganization, bankruptcy, or other business transfer. If GOLDZENN is involved in such a transaction, your personal information may be transferred as part of that deal. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.
• With your consent: We may share your personal information with third parties when you have given us explicit consent to do so.
• Aggregated or de-identified data: We may share aggregated or de-identified information that cannot reasonably be used to identify you, without restriction.

7. SMS & Email Marketing

7.1 — Email Marketing

Our email marketing program is powered by Klaviyo, Inc. When you subscribe to our email list — whether through a website signup form, during checkout, or through another opt-in method — Klaviyo collects your email address and, if provided, your name and other profile information.

What we send:

• Promotional offers and discount announcements
• New product launches and collection announcements
• Personalized product recommendations based on your browsing and purchase history
• Abandoned cart reminders
• Order-related transactional emails (order confirmation, shipping notifications, delivery updates)

How Klaviyo personalizes emails: Klaviyo tracks your engagement with our emails (opens and clicks) and your browsing behavior on our website (pages viewed, products viewed, items added to cart) to build a customer profile. This profile is used to segment our email list and deliver more relevant content to you. Your purchase history, synced from Shopify, is also incorporated into your Klaviyo profile.

How to opt out of marketing emails:

• Click the “Unsubscribe” link at the bottom of any marketing email from GOLDZENN
• Email us at contact@goldzenn.com with the subject line “Unsubscribe”
• Call us at (321) 521-4651 to request removal from our email list

We will honor your opt-out request within 10 business days as required by the CAN-SPAM Act. Please note that even after you unsubscribe from marketing emails, you will continue to receive transactional emails related to your orders (such as order confirmations and shipping notifications), as these are not considered marketing communications.

CAN-SPAM compliance: Every marketing email we send includes our physical mailing address (GoldZenn LLC, 1056 SW 67th Ave, Miami, FL 33144), a clear and conspicuous unsubscribe mechanism, accurate “From” and “Subject” lines, and identification that the message is an advertisement where required.

7.2 — SMS Marketing (GOLDZENN SMS Updates)

Our SMS marketing program, GOLDZENN SMS Updates, is powered by Klaviyo, Inc. and is subject to the following terms:

By providing your phone number and opting in to our SMS program, you consent to receive recurring automated marketing and transactional text messages from GOLDZENN at the phone number you provided. You may opt in by entering your phone number in an SMS signup form on our website, during checkout, or by texting a keyword to our designated number.

Consent is not a condition of purchase. You are not required to opt in to SMS marketing in order to make a purchase on goldzenn.com or to receive any other services from GOLDZENN.

Types of messages you may receive:

• Marketing messages: Promotional offers, flash sales, discount codes, new product announcements, and collection launches
• Transactional messages: Order confirmations, shipping notifications, delivery updates, and appointment reminders (these may be sent even if you opt out of marketing SMS, as they relate directly to a transaction you initiated)

Message frequency varies. Message and data rates may apply. Your mobile carrier’s standard messaging and data rates apply to all text messages you send to or receive from GOLDZENN. GOLDZENN is not responsible for any fees charged by your mobile carrier. Transactional messages related to your orders are sent as needed.

How to opt out of SMS marketing:

• Text STOP in reply to any marketing text message from GOLDZENN. You will receive a single confirmation message acknowledging your opt-out.
• Email contact@goldzenn.com with your phone number and a request to be removed from our SMS list.
• Call us at (321) 521-4651 to request removal by phone.
• Submit a request through any contact form on our website.

GOLDZENN will honor opt-out requests submitted by any reasonable method, including but not limited to replying STOP to a text message, emailing contact@goldzenn.com, calling (321) 521-4651, or submitting a request in person or through our website. Opt-out requests will be processed within 10 business days.

Need help? Text HELP to receive assistance with our SMS program, or contact us at contact@goldzenn.com or (321) 521-4651.

Supported carriers: Our SMS program is supported by all major U.S. wireless carriers, including but not limited to AT&T, T-Mobile, Verizon, Sprint, and their subsidiaries. Carriers are not liable for delayed or undelivered messages.

Your privacy: We will not share your phone number with third parties for their own marketing purposes. Your phone number and SMS data are shared only with Klaviyo (our SMS platform provider) for the purpose of delivering messages on our behalf. See Section 6 of this policy for more information about third-party data sharing. For full terms governing our SMS program, see this privacy policy in its entirety.

7.3 — Push Notifications

Our website or Shopify-powered features may request permission to send you browser push notifications — small pop-up messages that appear on your device even when you are not actively browsing our website. These notifications may include promotional offers, back-in-stock alerts, or order updates.

Push notifications require your explicit opt-in. Your browser will display a permission prompt before any push notifications are sent. You are under no obligation to accept.

How to disable push notifications:

• Google Chrome: Settings > Privacy and Security > Site Settings > Notifications > find goldzenn.com > Block
• Mozilla Firefox: Settings > Privacy & Security > Permissions > Notifications > find goldzenn.com > Block
• Apple Safari: Preferences > Websites > Notifications > find goldzenn.com > Deny
• Microsoft Edge: Settings > Cookies and site permissions > Notifications > find goldzenn.com > Block
• Mobile devices: Go to your device’s notification settings, find your browser app, and disable notifications for goldzenn.com.

Disabling push notifications will not affect your ability to use our website or make purchases.

---

8. Your Privacy Rights — United States

GOLDZENN is committed to honoring the privacy rights granted to you under applicable U.S. state privacy laws. This section describes those rights, explains how to exercise them, and provides the disclosures required by law. If you are a resident of a state with a comprehensive consumer privacy law, you may have some or all of the rights described below.

8.1 California Residents — California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), grants you specific rights regarding your personal information. This section supplements the rest of our Privacy Policy and applies solely to California residents.

8.1.1 Your Rights Under the CCPA

As a California resident, you have the following rights:

• Right to Know. You have the right to request that we disclose to you the categories and specific pieces of personal information we have collected about you, the categories of sources from which that information was collected, the business or commercial purposes for collecting or sharing that information, and the categories of third parties with whom we share that information. You may request this information for the 12-month period preceding your request.
• Right to Delete. You have the right to request that we delete personal information we have collected from you, subject to certain legal exceptions. For example, we may retain information necessary to complete a transaction, comply with a legal obligation, detect security incidents, or exercise free speech rights.
• Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature and purposes of the processing.
• Right to Opt-Out of Sale or Sharing. You have the right to direct us not to “sell” or “share” your personal information. See Section 8.1.3 below for a detailed explanation of how GOLDZENN shares personal information for advertising purposes and how to opt out.
• Right to Limit Use of Sensitive Personal Information. Where a business uses sensitive personal information beyond what is necessary to perform the services or provide the goods you have requested, you have the right to limit that use. GOLDZENN uses sensitive personal information (such as financial information for payment processing and precise geolocation derived from IP addresses) only as necessary to fulfill your orders, provide our services, detect fraud, and comply with legal obligations. Because our use of sensitive personal information is limited to these exempt purposes, no additional limitation mechanism is required. However, if you believe we are using your sensitive personal information beyond these purposes, you may contact us using the methods described in Section 8.1.5 below.
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices or rates, provide you a different level or quality of goods or services, or suggest that you will receive a different price or rate or a different level or quality of goods or services, because you exercised a CCPA right. However, we may offer financial incentive programs as permitted by law — see Section 8.1.6 below.

8.1.2 Categories of Personal Information Collected and Shared

The following table describes the categories of personal information we have collected from consumers within the preceding 12 months, using the categories specified in the CCPA (California Civil Code § 1798.140):

CCPA Category	Examples	Collected?	Shared for Advertising?	Sold to Third Parties?
A. Identifiers	Name, email address, phone number, mailing address, IP address, account name, unique device identifiers	Yes	Yes (hashed)	No
B. Personal Information per Cal. Civ. Code § 1798.80(e)	Name, address, telephone number, credit card number, debit card number, financial information	Yes	No	No
C. Protected Classification Characteristics	Age (for age-gating purposes only)	Limited	No	No
D. Commercial Information	Purchase history, products viewed, products added to cart, shopping preferences, return/exchange history	Yes	Yes	No
E. Biometric Information	N/A	No	No	No
F. Internet or Other Electronic Network Activity Information	Browsing history on our website, search history, interactions with our website and advertisements, device type, browser type, operating system, referral URLs	Yes	Yes	No
G. Geolocation Data	Approximate location derived from IP address; city- and region-level location	Yes	Yes	No
H. Sensory Data	Photographs submitted in connection with warranty claims, returns, or customer support inquiries	Yes (when submitted by you)	No	No
I. Professional or Employment-Related Information	N/A	No	No	No
J. Non-Public Education Information	N/A	No	No	No
K. Inferences	Shopping preferences, product interests, purchasing propensity, consumer profiles created from browsing and purchase behavior	Yes	Yes	No
L. Sensitive Personal Information	Financial account information (collected and immediately transmitted to payment processors); precise geolocation (IP-derived)	Yes	No	No

Sources of personal information: We collect personal information directly from you (e.g., when you create an account, place an order, or contact us); automatically through your use of our website (e.g., via cookies, pixels, and server logs); and from third-party sources (e.g., advertising platforms, analytics providers, and payment processors).

Business purposes for collection: We collect personal information for the purposes described in our Privacy Policy, including to fulfill orders, process payments, provide customer support, communicate with you, improve our website and services, personalize your experience, conduct analytics, prevent fraud, comply with legal obligations, and conduct advertising and marketing.

8.1.3 “Do Not Sell or Share My Personal Information”

GOLDZENN does not sell your personal information to third parties for monetary consideration as that term is traditionally understood.

However, under the CPRA, the term “sharing” is defined broadly to include disclosing personal information to a third party for cross-context behavioral advertising purposes, whether or not for monetary consideration. By this definition, GOLDZENN does share certain personal information with advertising partners for the purpose of delivering targeted advertisements for GOLDZENN’s own products and services. Specifically:

• Meta Platforms, Inc. (Facebook/Instagram) — We share hashed identifiers (such as email addresses and phone numbers), website browsing activity, and purchase event data through the Meta Pixel and Conversions API (CAPI) to measure advertising effectiveness and deliver targeted ads to you on Facebook and Instagram.
• Google LLC — We share website browsing activity, conversion event data, and device identifiers through Google Ads conversion tracking and remarketing tags to measure advertising effectiveness and deliver targeted ads to you across Google Search, YouTube, and the Google Display Network.
• TikTok Inc. — We may share website browsing activity and conversion event data through TikTok tracking technologies to measure advertising effectiveness and deliver targeted ads to you on TikTok.

These advertising partners use your information solely to deliver and measure advertisements on GOLDZENN’s behalf. They do not use your information for their own independent marketing purposes unrelated to GOLDZENN.

How to Opt Out of Sharing for Targeted Advertising:

• Global Privacy Control (GPC): GOLDZENN recognizes the Global Privacy Control (GPC) browser signal as a valid opt-out request under the CCPA. If your browser or a browser extension sends a GPC signal, we will treat that signal as a request to opt out of the “sharing” of your personal information for cross-context behavioral advertising. You can learn more and download a GPC-enabled browser or extension at globalprivacycontrol.org.
• Email request: Send an email to contact@goldzenn.com with the subject line “Do Not Share My Personal Information.”
• Phone request: Call us at (321) 521-4651.
• Cookie-level opt-out: You may also opt out of advertising cookies by adjusting your cookie preferences through our cookie preferences settings or by using the industry opt-out tools listed in our Cookies section.

Please note that opting out of sharing does not mean you will stop seeing advertisements from GOLDZENN entirely. You may still see non-targeted (contextual) advertisements.

8.1.4 No Sale of Minor’s Personal Information

GOLDZENN does not have actual knowledge that it sells or shares the personal information of consumers under the age of 16.

8.1.5 How to Submit a Verifiable Consumer Request

To exercise your rights to know, delete, or correct your personal information, you must submit a verifiable consumer request to us. You may do so by any of the following methods:

• Email: contact@goldzenn.com — include “CCPA Request” in the subject line.
• Phone: (321) 521-4651 (Monday–Friday 10:00 AM–7:00 PM EST; Saturday 10:00 AM–4:00 PM EST).

Verification process: To protect your privacy and security, we must verify your identity before fulfilling your request. We will verify your identity by matching information you provide in your request (such as your name and email address) against information we already have on file, such as your order history and account details. If we cannot verify your identity from the information we maintain, we may request additional information from you, which will be used solely for verification purposes and will be deleted after verification is complete.

You may make a verifiable consumer request to know or delete up to two (2) times within a 12-month period.

Authorized Agents: You may designate an authorized agent to submit a request on your behalf. To do so, you must provide the authorized agent with written permission signed by you, and we may require you to verify your own identity directly with us and confirm that you authorized the agent. Alternatively, an authorized agent may submit a request on your behalf if the agent has a valid, legally recognized power of attorney under the California Probate Code.

Response timeline: We will acknowledge receipt of your request within 10 business days. We will respond to a verifiable consumer request within 45 calendar days of receiving it. If we need additional time (up to an additional 45 calendar days), we will notify you of the extension and the reason for it in writing.

8.1.6 Notice of Financial Incentive

GOLDZENN offers certain programs that may constitute “financial incentives” under the CCPA because they involve the collection of personal information in exchange for a price or service difference. The following program is subject to this disclosure:

110% Store Credit Return Program: GOLDZENN offers a 110% store credit bonus on eligible first-time returns, as described in our Return Policy. When you choose this option, you receive store credit equal to 110% of the value of the returned item, rather than a standard refund of the purchase price. To participate, you must have a GOLDZENN customer account associated with a valid email address.

• Personal information involved: Name, email address, order history, and return history.
• How to opt in: You opt into this incentive at the time of your return by selecting the 110% store credit option.
• How to withdraw: You may withdraw from this incentive at any time by choosing a standard refund (subject to our Return Policy terms and eligibility) instead of the store credit option at the time of your return. Once store credit has been issued, it is governed by the terms of our Return Policy and is not convertible to cash.
• Value of your data: The value of the financial incentive is reasonably related to the value of the consumer’s data to GOLDZENN. The 10% bonus (which represents the difference between a standard 100% refund and the 110% store credit) reflects the increased likelihood of a repeat purchase associated with retained customer accounts, the avoided payment processing fees on the original transaction, and the value of maintaining an ongoing customer relationship. We estimate the value of this incentive based on the expense associated with the benefit provided to the consumer.
• Non-discrimination: Participation in this program is entirely voluntary. You will not be penalized for declining the 110% store credit option or for choosing a standard refund.

8.1.7 CCPA Metrics Disclosure

GOLDZENN will publish annual CCPA metrics, including the number of requests to know, delete, correct, and opt out received in the prior calendar year, the number of requests complied with (in whole or in part) and denied, and the median response time, to the extent required by applicable regulations.

8.2 Virginia, Colorado, Connecticut, Texas, Oregon, and Other U.S. States

A growing number of U.S. states have enacted comprehensive consumer privacy laws granting residents rights similar to those described in Section 8.1. These include, without limitation:

• Virginia — Virginia Consumer Data Protection Act (VCDPA), effective January 1, 2023
• Colorado — Colorado Privacy Act (CPA), effective July 1, 2023
• Connecticut — Connecticut Data Privacy Act (CTDPA), effective July 1, 2023
• Texas — Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024
• Oregon — Oregon Consumer Privacy Act (OCPA), effective July 1, 2024
• Montana — Montana Consumer Data Privacy Act (MCDPA), effective October 1, 2024
• Delaware — Delaware Personal Data Privacy Act, effective January 1, 2025
• New Hampshire — New Hampshire Privacy Act, effective January 1, 2025
• New Jersey — New Jersey Data Privacy Act, effective January 15, 2025
• Nebraska — Nebraska Data Privacy Act, effective January 1, 2025
• Tennessee — Tennessee Information Protection Act (TIPA), effective July 1, 2025
• Minnesota — Minnesota Consumer Data Privacy Act, effective July 31, 2025
• Maryland — Maryland Online Data Privacy Act (MODPA), effective October 1, 2025
• Indiana — Indiana Consumer Data Protection Act, effective January 1, 2026
• Kentucky — Kentucky Consumer Data Protection Act, effective January 1, 2026
• Rhode Island — Rhode Island Data Transparency and Privacy Protection Act, effective January 1, 2026

Although each state law has unique provisions and applicability thresholds, the core consumer rights are substantially similar. GOLDZENN extends the privacy rights described in Section 8.1 to residents of all U.S. states with comprehensive consumer privacy legislation, regardless of whether we are technically required to do so under each state’s specific applicability thresholds. In general, these rights include:

• The right to access the personal data we hold about you.
• The right to correct inaccurate personal data.
• The right to delete your personal data, subject to legal exceptions.
• The right to obtain a copy of your personal data in a portable format.
• The right to opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects.

How to exercise your rights: You may submit a request using the methods described in Section 8.1.5 above (email or phone). We will respond in accordance with the applicable state law’s timeline requirements, which typically range from 45 to 60 days.

Right to appeal: If we deny your privacy request, you have the right to appeal that decision. To appeal, send an email to contact@goldzenn.com with the subject line “Privacy Rights Appeal” and include a description of the basis for your appeal. We will respond to your appeal in accordance with applicable law. If your appeal is denied, you may contact your state’s attorney general to submit a complaint.

Universal opt-out mechanisms: GOLDZENN recognizes the Global Privacy Control (GPC) signal as a valid opt-out of targeted advertising and/or sale of personal data under applicable state laws, including Colorado, Connecticut, Texas, Oregon, Montana, Delaware, and others that mandate recognition of universal opt-out mechanisms.

8.3 Florida

GOLDZENN is a Florida limited liability company headquartered in Miami, Florida. The Florida Digital Bill of Rights (FDBR), effective July 1, 2024, grants certain privacy rights to Florida residents. However, the FDBR applies only to entities with annual global revenues exceeding $1 billion that also meet at least one of the following criteria: (i) derive 50% or more of global gross revenue from online advertising sales; (ii) operate a consumer smart speaker and voice command component service with an integrated virtual assistant; or (iii) operate an app store or digital distribution platform with at least 250,000 applications.

GOLDZENN does not currently meet these thresholds. Nevertheless, as a Florida-based business, we believe our Florida customers deserve robust privacy protections. GOLDZENN voluntarily extends the same privacy rights described in Sections 8.1 and 8.2 above to all Florida residents. If you are a Florida resident and wish to exercise any privacy right, you may do so using the contact methods described in Section 8.1.5.

We will continue to monitor the FDBR and any amendments to its applicability thresholds to ensure ongoing compliance.

9. Your Privacy Rights — International

GOLDZENN serves customers located outside the United States. If you access our website or purchase our products from outside the United States, additional privacy laws may apply to you. This section describes your rights under the applicable international frameworks.

9.1 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, the General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and/or the Swiss Federal Act on Data Protection (“FADP”) apply to our processing of your personal data. GOLDZENN acts as the data controller for the personal data we collect from you.

9.1.1 Legal Basis for Processing

Under the GDPR, we must have a lawful basis for each purpose for which we process your personal data. The table below identifies the legal basis we rely upon for our principal processing activities:

Processing Purpose	Legal Basis (Art. 6 GDPR)	Explanation
Processing and fulfilling your orders (including payment, shipping, and returns)	Performance of a contract (Art. 6(1)(b))	Necessary to perform our contractual obligations to deliver products you have purchased.
Creating and managing your customer account	Performance of a contract (Art. 6(1)(b))	Necessary to provide account-related services you have requested.
Sending marketing emails and SMS messages	Consent (Art. 6(1)(a))	We send marketing communications only where you have given your prior, explicit consent. You may withdraw consent at any time.
Advertising cookies and tracking pixels (Meta Pixel, Google Ads tags)	Consent (Art. 6(1)(a))	Non-essential advertising cookies and tracking technologies are activated only after you provide consent via our cookie preferences settings.
Website analytics (Google Analytics, Microsoft Clarity)	Consent (Art. 6(1)(a)) / Legitimate interest (Art. 6(1)(f))	For EEA/UK visitors, non-essential analytics cookies including GA4 and Microsoft Clarity are activated only after consent is obtained. For visitors in other jurisdictions where consent is not legally required, we rely on our legitimate interest in understanding how visitors use our website to improve functionality, content, and user experience. We perform a balancing test to ensure this interest does not override your rights.
Fraud prevention and security (including NoFraud device fingerprinting)	Legitimate interest (Art. 6(1)(f))	We have a legitimate interest in detecting and preventing fraudulent transactions to protect both GOLDZENN and our customers.
Customer support and dispute resolution	Legitimate interest (Art. 6(1)(f)) / Performance of a contract (Art. 6(1)(b))	Necessary to respond to inquiries and resolve issues related to your orders or account.
Compliance with tax, accounting, and other legal obligations	Legal obligation (Art. 6(1)(c))	Necessary to comply with applicable laws, including tax reporting requirements and consumer protection laws.
Defending or exercising legal claims	Legitimate interest (Art. 6(1)(f))	We may process personal data as necessary to establish, exercise, or defend legal claims.

Where we rely on legitimate interest as our legal basis, you have the right to object to such processing (see Section 9.1.2 below). We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

Where we rely on consent as our legal basis, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9.1.2 Your Data Subject Rights

Under the GDPR and UK GDPR, you have the following rights with respect to your personal data:

• Right of Access (Art. 15). You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to obtain a copy of your personal data together with information about how it is being processed.
• Right to Rectification (Art. 16). You have the right to have inaccurate personal data corrected without undue delay, and to have incomplete personal data completed.
• Right to Erasure / “Right to Be Forgotten” (Art. 17). You have the right to request that we erase your personal data without undue delay where: the data is no longer necessary for its original purpose; you withdraw consent (where consent was the legal basis); you object to processing and there are no overriding legitimate grounds; the data was unlawfully processed; or erasure is required by law. This right is subject to exceptions, including where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
• Right to Restriction of Processing (Art. 18). You have the right to request that we restrict the processing of your personal data where: you contest the accuracy of the data (for the period needed for verification); the processing is unlawful and you request restriction instead of erasure; we no longer need the data but you require it for legal claims; or you have objected to processing pending verification of whether our legitimate grounds override yours.
• Right to Data Portability (Art. 20). Where processing is based on consent or a contract and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
• Right to Object (Art. 21). You have the right to object, on grounds relating to your particular situation, to processing based on legitimate interest. You also have the absolute right to object to processing for direct marketing purposes at any time, without needing to provide a reason.
• Rights Related to Automated Decision-Making (Art. 22). You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. GOLDZENN does not currently make decisions based solely on automated processing that produce legal or similarly significant effects on consumers. If this changes, we will update this Privacy Policy and provide appropriate safeguards, including the right to obtain human intervention, to express your point of view, and to contest the decision.

How to exercise your rights: You may exercise any of the rights described above by contacting us at contact@goldzenn.com. Please include “GDPR Data Subject Request” in the subject line. We will respond to your request within one (1) month of receipt. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt, together with the reasons for the delay.

There is no fee for exercising your rights in most cases. However, if your request is manifestly unfounded or excessive (particularly if repetitive), we may charge a reasonable fee or refuse to act on the request, as permitted by Article 12(5) of the GDPR.

9.1.3 Cross-Border Data Transfers

GOLDZENN is based in the United States. When you interact with our website or purchase our products, your personal data is transferred to and processed in the United States, where privacy laws may differ from those in the EEA, UK, or Switzerland.

We ensure that any transfer of your personal data outside the EEA, UK, or Switzerland is protected by appropriate safeguards, including:

• EU-U.S. Data Privacy Framework (DPF), UK Extension to the DPF, and Swiss-U.S. Data Privacy Framework: Where our service providers have self-certified under the applicable Data Privacy Framework, transfers are made in reliance on the relevant adequacy decision.
• Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we rely on the European Commission’s Standard Contractual Clauses (adopted pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021) and the UK International Data Transfer Addendum, as applicable, to provide adequate safeguards for cross-border transfers.

We do not rely on the EU-U.S. Privacy Shield, which was invalidated by the Court of Justice of the European Union in Schrems II (Case C-311/18, July 16, 2020).

You may request a copy of the safeguards we have in place for cross-border transfers by contacting us at contact@goldzenn.com.

9.1.4 Right to Lodge a Complaint

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you believe that our processing of your personal data infringes the GDPR or UK GDPR. A list of EU supervisory authorities and their contact details is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the United Kingdom, complaints may be lodged with the Information Commissioner’s Office (ICO) at https://ico.org.uk/.

We would appreciate the opportunity to address your concerns before you contact a supervisory authority, and we encourage you to contact us first at contact@goldzenn.com.

9.1.5 Data Protection Officer

GOLDZENN does not currently appoint a Data Protection Officer (DPO), as it is not required to do so under Article 37 of the GDPR given the nature and scale of our data processing activities. GOLDZENN is a small-to-medium-sized e-commerce retailer that does not carry out large-scale systematic monitoring of individuals or large-scale processing of special categories of personal data. For all privacy-related inquiries and data subject requests, please contact us at contact@goldzenn.com.

9.2 Canada (PIPEDA)

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation govern our collection, use, and disclosure of your personal information in the course of commercial activities.

GOLDZENN complies with the following PIPEDA principles:

• Consent: We obtain your meaningful consent at or before the time of collection. Consent for marketing communications is express (opt-in). You may withdraw your consent at any time, subject to legal or contractual restrictions, upon reasonable notice.
• Limiting collection: We collect only the personal information necessary for the purposes we have identified.
• Accountability: We are responsible for personal information under our control, including information transferred to third-party service providers for processing.
• Access and correction: You have the right to access the personal information we hold about you and to request correction of inaccurate or incomplete information.

To exercise your rights under PIPEDA, contact us at contact@goldzenn.com with the subject line “PIPEDA Request.” If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

Canada’s Anti-Spam Legislation (CASL): GOLDZENN sends commercial electronic messages (including marketing emails and SMS) to Canadian recipients only with prior express consent or where implied consent exists as permitted by CASL. Every commercial electronic message includes the sender’s identification, contact information, and a functioning unsubscribe mechanism. Unsubscribe requests are processed within 10 business days.

9.3 Australia (Privacy Act 1988)

If you are an Australian resident, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) govern our handling of your personal information.

GOLDZENN collects, uses, and discloses personal information of Australian customers in accordance with the APPs. Your rights include:

• Access: You have the right to request access to the personal information we hold about you (APP 12).
• Correction: You have the right to request correction of personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading (APP 13).
• Complaint: If you believe we have breached an APP, you may lodge a complaint with us. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

By placing an order with GOLDZENN, you acknowledge that your personal information will be transferred to the United States for processing. We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs.

To exercise your rights under the Privacy Act 1988, contact us at contact@goldzenn.com with the subject line “Australian Privacy Request.”

10. Data Security & Retention

10.1 Security Measures

GOLDZENN implements a range of administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. These measures include, but are not limited to:

• Encryption in transit: All data transmitted between your browser and our website is encrypted using SSL/TLS (Secure Sockets Layer / Transport Layer Security) protocols. Our entire website is served over HTTPS.
• PCI DSS compliance: GOLDZENN does not directly store, process, or transmit credit card numbers. All payment data is handled by PCI DSS Level 1-compliant payment processors, including Shopify Payments, PayPal, Affirm, and Shop Pay. PCI DSS Level 1 is the highest level of payment card industry security certification.
• No storage of payment card data: Credit card numbers, debit card numbers, CVV codes, and bank account details are never stored on GOLDZENN’s servers. Payment information is transmitted directly from your browser to our payment processors’ secure infrastructure.
• Access controls: Access to personal information is restricted to authorized GOLDZENN personnel who require it to perform their job functions. Access is granted on a need-to-know basis.
• Fraud prevention: We use NoFraud device fingerprinting and risk assessment technology at checkout to detect and prevent fraudulent transactions, protecting both GOLDZENN and our customers from unauthorized purchases.
• Infrastructure security: Our website is hosted on Shopify’s infrastructure, which maintains enterprise-grade physical and network security controls, including 24/7 monitoring, intrusion detection systems, and regular security audits.

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

10.2 Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The following table sets out our retention periods for different categories of data:

Data Type	Retention Period	Reason
Customer account data (name, email, phone, address, account preferences)	Until account deletion is requested	To provide ongoing account services, enable repeat purchases, and process returns or warranty claims. Upon request, account data is deleted within 45 days, subject to legal retention requirements.
Order and transaction records (invoices, receipts, order details, payment confirmations)	7 years from date of transaction	Required to comply with federal and state tax laws (IRS), accounting standards, and to defend against potential legal claims within applicable statutes of limitation.
Marketing and communication preferences (email opt-in/out status, SMS consent records)	Until you opt out, plus records of consent/opt-out retained for 3 years	To honor your communication preferences. Consent and opt-out records are retained to demonstrate compliance with CAN-SPAM, TCPA, CASL, and GDPR consent requirements.
Analytics data (Google Analytics)	26 months (GA4 default setting)	To analyze website traffic and user behavior for website improvement. Data is automatically deleted by Google after the retention period expires.
Session recordings and heatmaps (Microsoft Clarity)	30 days	To understand user interactions with our website for usability improvements. Recordings are automatically purged after 30 days.
Live chat transcripts	12 months	To provide customer support continuity and quality assurance. Transcripts may be deleted earlier upon request.
Cookie and tracking data	Varies by cookie (see Section 5 — Cookies & Tracking Technologies)	Retention periods vary: session cookies expire when you close your browser; persistent cookies have defined expiry dates; advertising cookies typically expire within 90 days to 13 months depending on the provider.
Customer support correspondence (emails, phone records)	3 years	To resolve ongoing and recurring issues, and to maintain records for potential disputes.
Fraud prevention data (NoFraud risk scores, device fingerprints)	2 years	To detect patterns of fraudulent activity and to support chargeback dispute resolution.

When personal information is no longer needed for the purposes outlined above and no legal obligation requires its retention, we will securely delete or anonymize it. Anonymized data, from which you can no longer be identified, may be retained indefinitely for analytical purposes.

10.3 Data Breach Notification

In the event of a security breach that results in the unauthorized access, acquisition, use, or disclosure of your personal information, GOLDZENN will:

• Investigate promptly: We will immediately investigate the nature and scope of the breach and take steps to contain it.
• Notify affected individuals: We will notify affected individuals as required by applicable law. Under state data breach notification laws (including Florida’s Information Protection Act of 2014, § 501.171, Fla. Stat.), we will notify affected Florida residents within 30 days of determining that a breach has occurred. For residents of other states, we will comply with the applicable notification timeline.
• Notify supervisory authorities (GDPR): Where the GDPR applies, we will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, unless the breach is unlikely to result in such a risk.
• Notify affected data subjects (GDPR): Where a breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the breach to the affected data subjects without undue delay.
• Document the breach: We will maintain a record of all data breaches, regardless of whether notification is required, including the facts relating to the breach, its effects, and the remedial action taken.

11. Children’s Privacy, Policy Updates & Contact Information

11.1 Children’s Privacy

Our website and services are not directed to, and are not intended for, individuals under the age of 13 (or under the age of 16 in the European Economic Area, United Kingdom, and Switzerland). GOLDZENN does not knowingly collect, solicit, or maintain personal information from children under these ages.

In compliance with the Children’s Online Privacy Protection Act (COPPA):

• We do not knowingly collect personal information from children under the age of 13.
• If we learn that we have inadvertently collected personal information from a child under 13, we will take prompt steps to delete that information from our systems.
• If you are a parent or guardian and believe that your child has provided personal information to GOLDZENN, please contact us immediately at contact@goldzenn.com so that we can take appropriate action.

For users in the EEA and UK, the GDPR and UK GDPR set the default age for digital consent at 16 (though individual Member States may lower this to as young as 13). We do not knowingly process the personal data of any individual under the age of 16 in these jurisdictions without verified parental consent.

11.2 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, the services we offer, applicable legal or regulatory requirements, or our business operations. When we make changes to this Privacy Policy:

• The “Last Updated” date at the top of this Privacy Policy will be revised to reflect the date of the most recent version.
• For material changes — such as changes to the categories of personal information we collect, new data sharing practices, or changes to your rights — we will provide notice by one or more of the following methods:
  • Email notification to the email address associated with your customer account;
  • A prominent notice on our website (such as a banner on our homepage); and/or
  • An in-account notification if you are a registered user.
• We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of our website after the posting of a revised Privacy Policy constitutes your acknowledgment of the changes. For individuals in the EEA, UK, and Switzerland: Where our processing is based on consent, continued use of the website alone does not constitute consent to new processing activities. Where additional or renewed consent is required under the GDPR or UK GDPR, we will obtain it before processing your personal data for new purposes.

Prior versions of this Privacy Policy are available upon request by contacting us at contact@goldzenn.com.

11.3 Contact Us

If you have any questions, concerns, or complaints regarding this Privacy Policy, our data practices, or your privacy rights, please contact us using the information below:

GOLDZENN (GoldZenn LLC)
1056 SW 67th Ave
Miami, FL 33144
United States of America

Phone: (321) 521-4651
Monday–Friday: 10:00 AM – 7:00 PM Eastern Time
Saturday: 10:00 AM – 4:00 PM Eastern Time

Email: contact@goldzenn.com

For privacy-specific requests (including requests to know, delete, correct, or opt out), please include “Privacy Request” in the subject line of your email to help us route your inquiry to the appropriate team and respond within the required timelines.

For GDPR and UK GDPR data subject requests, please include “GDPR Data Subject Request” in the subject line.