Privacy Policy

Date of publication: 2024.09.23

Last updated: 2026.05.04

1. Introduction

Welcome to Each Jewelry! The Platform is an online informational and analytical service that provides users with access to aggregated data, listings, and insights related to jewelry lots and auctions and is available through the website https://each-jewelry.com/, sub-domains, and any services, applications, tools, offline components, and features provided by Each Jewelry (the "Service," "Platform," "Website," "We," or “Us,") operated and governed by Each Jewelry RAA LLC, a limited liability company registered in Wyoming, the United States of America, with a registered address at 30 N Gould St Ste N, Sheridan, WY 82801, USA (the "Company"), on any computer device or laptop computer or another device ("Device") by you, including, where applicable, any mobile applications that may be offered by Each Jewelry on iOS and Android operating systems or adapted mobile versions of the Platform with separate or limited functionality.

Our Terms and Conditions are to be read in conjunction with this Notice.

2. Scope of this Privacy Notice

This Privacy Notice ("Notice") explains how we collect, use, disclose, retain, and protect personal data when you visit or use the Platform, create an account, subscribe to paid features, interact with our support team, receive communications from us, use Google/Facebook sign-in, interact with our Telegram bot or other messaging integrations, or otherwise communicate with us.

We process personal data in accordance with applicable data protection laws in the jurisdictions where we operate. This Notice is intended to provide a general overview of our data processing practices. Depending on your location, additional rights and disclosures may apply.

In particular:

  • If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, please refer to the section "Additional Information for EEA, the UK, and Switzerland" below;
  • If you are a resident of certain U.S. states, please refer to the section "Additional Information for U.S. Residents" below.

We may also provide supplemental privacy notices in connection with specific products, services, or processing activities where required by applicable law.

We may update this Notice from time to time in accordance with Section 19.

Please keep in mind that our Platform may contain links to other websites not owned or controlled by us, and we are not responsible for the privacy practices of those websites, services, or platforms. We encourage you to be aware when you leave our Website or application and to read the privacy notices of other websites that may collect and process your personal data.

  • people who use Each Jewelry (for this Notice, we define the terms "visitor," "user," "you," "your," and "yours" as a person who has access to Each Jewelry);
  • people who make complaints to us by email.

3. Responsible Person

Unless we tell you otherwise in an individual case, the responsible person for processing your personal data under this Notice ("Data Controller") is Each Jewelry RAA LLC, a limited liability company registered in Wyoming, the United States of America, with a registered address at 30 N Gould St Ste N, Sheridan, WY 82801, USA, and an email address of admin@each-jewelry.com.

4. Principles of Data Processing

According to the best worldwide privacy practices, we adhere to the following principles to protect your privacy:

  • principle of lawfulness, fairness, and transparency—we process Personal Data lawfully, fairly, and transparently concerning the data subject;
  • principle of purpose limitation—we collect Personal Data for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes;
  • principle of data minimization—we collect adequate Personal Data, relevant and limited to what is necessary concerning the purposes for which we process Personal Data;
  • principle of data accuracy—we keep personal data accurate and, where necessary, keep it up-to-date. We take every reasonable step to ensure that inaccurate Personal Data, having regard to the purposes for which they are processed, is erased or rectified without delay;
  • principle of storage limitation—we keep personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • principle of integrity and confidentiality—we process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures.

5. Types of Personal Data we process

Depending on how you use the Platform, we may process the following categories of personal data:

  • Account and identity data: email address, password stored in protected (hashed) form, optional first name, optional gender, optional date of birth, account settings, and communication preferences.
  • Authentication data: data received when you sign in through Google or Facebook, such as your email address and, where provided by the authentication provider, your name and date of birth.
  • Saved-content data: identifiers of saved lots, your recently viewed lots history (up to 100 entries, with viewed date/time), and related account-level technical records. You can clear this history at any time in your profile settings.
  • Payment and subscription data: payer email, payer name if provided, billing country or similar billing data if available, customer ID, payment ID, transaction ID, invoice ID, subscription ID, subscription status, payment status, selected plan, payment amount, currency, payment date/time, cancellation/renewal/failed-payment/refund information. We DO NOT store full card numbers, CVV/CVC values, or full bank account details.
  • Support and communications data: contents of support emails, support-form submissions, chat messages, Telegram bot interactions, attachments, and other data you voluntarily include in communications.
  • Messaging data: Telegram user ID, Telegram username if available, bot-interaction data, connection status, notification settings, and message-delivery history where relevant to communications.
  • Marketing and newsletter data: email address and subscription/opt-in or opt-out preferences where you subscribe to newsletters or promotional communications.
  • Legal and compliance data: records necessary to handle disputes, complaints, legal claims, regulatory requests, audits, and tax/accounting obligations.

We do not collect or process the following categories of data:

  • profile photos or images of users;
  • detailed click history on third-party auction house websites;
  • personal data about your activity on third-party auction house platforms;
  • persistent device identifiers (such as a unique device ID assigned to a user).

Personal Data Collected in an Automated Way

When you use the Platform, we may automatically process technical and usage data such as your IP address, browser type and version, operating system, device/browser language settings, dates and times of access, session duration, page visits, clicks, feature interactions, navigation events, technical error events, diagnostic data, server/API-request metadata, and security-related events recorded through platform logging or Microsoft Application Insights.

For core functionality, the Platform uses localStorage rather than first-party cookies, including for authentication, session continuity, user settings, and proper operation of platform features. At the same time, the Platform’s third-party analytics and advertising tools may use their own cookies, pixels, scripts, tags, or other storage/access technologies.

7. Use of Personal Data by Each Jewelry

We use personal data to:

  • create and administer accounts;
  • authenticate users;
  • allow you to save lots and manage preferences;
  • provide subscription and premium features;
  • process payments and maintain billing records;
  • send service and administrative communications;
  • respond to support requests;
  • operate Telegram-based notifications where enabled;
  • monitor platform stability, performance, and security;
  • prevent abuse, misuse, or unauthorized access;
  • perform analytics and improve the Platform;
  • send marketing communications where permitted and, where required, where consent has been obtained;
  • personalize certain features such as saved lots or premium brand alerts; and
  • comply with legal, regulatory, accounting, tax, dispute-resolution, and enforcement obligations.

If you contact support or voluntarily send us information that is not required for the relevant request, we will use that information only to the extent reasonably necessary to address your request, protect the Platform, or comply with applicable law. We do not ask users to submit sensitive personal data for ordinary registration, ordinary account use, or normal subscription checkout. If sensitive data is sent to us inadvertently, we may delete it, restrict its processing, or disregard it where it is not necessary for a legitimate purpose.

Consent to Data Processing

Where we rely on consent, we will ask for it separately, clearly, and in a manner that is appropriate to the relevant processing activity. Our marketing emails are based on newsletter signup or another separate user consent, and account registration by itself does not amount to automatic consent to receive marketing messages. Where applicable law requires consent for analytics, advertising, or other storage/access technologies, we will request that consent before activating those non-essential technologies. You may withdraw consent at any time, and withdrawal will not affect the lawfulness of processing carried out before withdrawal.

Service, security, administrative, payment, and account-related communications are not treated as optional marketing messages when they are necessary to provide the Platform, maintain account security, or administer your subscription.

Even if you unsubscribe from promotional messaging, we may still send you messages that are necessary for these purposes.

9. Compliance with Data Protection Laws in Applicable Jurisdictions

We structure this Notice to operate globally and to be supplemented by region-specific sections when local law requires additional disclosures or rights. If a local law provides greater protection or additional rights, that local law controls to the extent required. The additional EEA/UK/Switzerland section and the additional U.S. residents section form part of this Notice and prevail where they apply. We also may publish product-specific, feature-specific, or jurisdiction-specific supplements if a particular deployment or practice requires them.

10. Your Rights

Subject to applicable law and depending on your jurisdiction, you may have the following rights in relation to your personal data.

  • The Right to Request information about the personal data we process about you. You may request information about how we collect, use, disclose, store, and otherwise process your personal data. This may include information about the categories of personal data we process, the purposes of processing, the categories of sources from which we collected the data, the categories of recipients to whom the data has been disclosed, whether we transfer your personal data internationally and the safeguards used for such transfers, the relevant retention periods or the criteria we use to determine them, and whether we engage in profiling or automated decision-making where applicable;
  • The Right to Access. You may contact us to get confirmation as to whether or not we are processing your personal data. When we process your Personal Data, we will inform you of what categories of Personal Data we process regarding you, the processing purposes, the categories of recipients to whom Personal Data has been or will be disclosed, and the envisaged storage period or criteria to determine that period;
  • The Right to Correct or Update inaccurate data. You may request that we correct inaccurate personal data and, where appropriate, complete incomplete personal data that we maintain about you. We may ask for documentation or other information reasonably necessary to support the requested correction;
  • The Right to delete your account and related data. You may request that we delete your account and/or erase personal data that we process about you, subject to applicable legal exceptions. For example, we may retain information where necessary to comply with legal obligations, complete transactions, detect or prevent security incidents, protect against fraud or abuse, exercise or defend legal claims, or keep records required for tax, accounting, audit, or similar compliance purposes;
  • The Right to Withdraw consent where processing is based on consent. Where we rely on your consent as the legal basis for processing, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. If you withdraw consent, some features or services may no longer be available where the relevant processing is optional but necessary for that feature;
  • The Right to Opt Out of marketing communications. You may opt out of receiving marketing emails or similar promotional messages from us at any time by using the unsubscribe link included in the message, adjusting your account or communication settings where available, or contacting us using the details below. Even if you opt out of marketing, we may still send you non-promotional messages that are necessary to provide the Platform, administer your account, or comply with law;
  • The Right to Object to certain processing. Where provided by applicable law, you may object to our processing of your personal data when we rely on legitimate interests or another lawful basis that gives rise to an objection right. If you object to our use of your Personal Data for direct marketing purposes, including profiling related to direct marketing, we will stop using your Personal Data for those purposes;
  • The Right to Restriction of the processing. You have the right to obtain from us a restriction of processing of your personal data, as foreseen by applicable data protection law, e.g., to allow our verification of the accuracy of personal data after you contest the accuracy or to prevent us from erasing personal data when personal data is no longer necessary for the purposes but still required for your legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use the Platform;
  • The Right to Receive a portable copy of certain data. You have the right to receive your personal data from us in a structured, commonly used, and machine-readable format and to independently transmit this data to a third party, in case our processing is based on your consent and carried out by automated means;
  • The Right to Complain. You have the right to complain about our data processing practices by contacting us via admin@each-jewelry.com.
  • In some jurisdictions, opt out of targeted advertising, sale/sharing, or certain profiling.
  • How to Use these rights. To exercise any of the above-mentioned rights, you should primarily use the functions offered by the Website or otherwise via the Platform. If such functions are insufficient for exercising such rights, you shall send us a letter or email to the address set out below under the Notice, including the following information: name and email address. We may request additional information necessary to confirm your identity. We may reject unreasonably repetitive, excessive, or manifestly unfounded requests.

11. Data Storing and Deletion

We keep personal data for as long as reasonably necessary for the purposes described in this Notice, including

  • to provide the Platform,
  • maintain your account,
  • operate subscription services,
  • resolve support requests,
  • preserve opt-out preferences,
  • maintain security and technical logs,
  • comply with legal obligations, and
  • establish, exercise, or defend legal claims.

Where a specific fixed period is not available, we retain data using objective criteria such as account status, the length of the customer relationship, the need to maintain records of consent or opt-out preferences, the resolution of disputes, vendor retention settings, and mandatory tax/accounting requirements.

12. Data Security

We maintain administrative, technical, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and destruction.

These measures include password hashing, limited internal access on a need-to-know basis, cloud hosting and monitoring through Microsoft Azure/Application Insights, and logging/diagnostic controls to support operational security and troubleshooting.

We also work with service providers that are expected to implement appropriate security measures in line with their contractual and legal obligations. Applicable data protection law requires security measures appropriate to the risks of the processing, taking into account the nature of the data and the risks to individuals.

At the same time, no security program can guarantee absolute security. If we become aware of a personal data incident, we will assess it and respond in accordance with applicable law, including notification obligations where required.

13. Cookies and localStorage

The Platform does not use first-party cookies for core functionality. Instead, the Platform uses localStorage for authentication, session support, user settings, and proper operation of key features. Because privacy law in some jurisdictions regulates not only cookies but also web storage, pixels, scripts, and similar storage/access technologies, we describe all such technologies together in this section.

Third-party providers may use their own cookies independently. Where enabled, third-party services such as Google Analytics and Meta Pixel may use cookies, pixels, tags, scripts, or similar technologies for analytics, ad measurement, attribution, remarketing, or related purposes. Where required by applicable law, we will request consent before activating non-essential analytics or advertising technologies, and we will provide tools to withdraw that consent later. If a storage/access technology is strictly necessary to provide a service you explicitly request, we may rely on an applicable exemption, but only for that necessary purpose.

14. Contractors

We use contractors and service providers that process personal data on our instructions or, in some cases, act as separate controllers for their own services.

Our vendors are

  • Microsoft for Azure hosting and Application Insights;
  • Stripe and PayPal for payment processing and subscription administration;
  • Google for Google Analytics, Google sign-in, and Google Workspace;
  • Meta for Meta Pixel and Facebook sign-in; and
  • Messaging bot service providers – we may use Telegram bots and, where applicable, other similar bot-based messaging tools to enable automated communications with you, including service-related notifications, user support, and platform-related messages.

We may also disclose limited information to lawyers, accountants, auditors, tax advisers, regulators, courts, and law-enforcement authorities where necessary and legally permitted.

15. Children's Privacy

Our Platform is not intended for use by children under the age of 13. We do not knowingly collect, use, store, or otherwise process personal data of children under 13 years of age.

By using the Platform, the user confirms that they are at least 13 years old. If we become aware that we have collected personal data from a child under 13 without appropriate parental or legal guardian consent, we will take reasonable steps to delete such personal data as soon as possible.

If you believe that a child under 13 has provided us with personal data, please contact us at admin@each-jewelry.com.

16. Application of this Privacy Notice

This Notice applies to personal data processed through the Platform and other Company-controlled channels identified in this Notice. It does not apply to third-party websites, auction-house sites, payment pages, social-login environments, or messaging platforms that you access through links or integrations unless we expressly state otherwise. Those third parties may process personal data under their own notices and terms, and you should review their privacy information where relevant.

17. Acceptance of this Notice

By accessing or using the Platform, you acknowledge that you have read and understood this Notice. Where law requires a stronger form of choice, such as consent for certain marketing or storage/access technologies, we will request that consent separately and specifically; your general use of the Platform does not replace lawfully required consent.

18. Third-party links and auction-house content

The Platform may display information about auction lots or link to third-party auction houses or other websites. We are not responsible for the privacy practices of third-party websites or services. If you follow a link to a third-party website, that third party’s privacy notice applies.

19. Changes and Updates

We may update this Notice from time to time to reflect changes in the Platform, legal requirements, vendor relationships, security practices, or business operations. Where required by law, we will provide notice of material changes through the Platform, by email, or by another appropriate method before the changes take effect. We will also update the "Last updated" date at the top of this Notice.

20. Contact Us!

If you have questions about this Notice, want to exercise a privacy right, want to appeal a rights decision where applicable, or want more information about international transfer safeguards, please contact us at:

Data Protection Contact

Each Jewelry RAA LLC

Email: admin@each-jewelry.com

Mail: 30 N Gould St Ste N, Sheridan, WY 82801, USA

If you contact us, please provide enough information for us to understand your request, locate your records, and verify your identity where verification is reasonably necessary.

21. Additional notice for EEA, UK, and Swiss users

If you are located in the EEA, the United Kingdom, or Switzerland, the following additional provisions apply to our processing of your personal data. This section is intended to address GDPR/UK GDPR-style transparency requirements, including lawful bases, transfers, rights, and information about automated decision-making.

Lawful bases by purpose

Processing purpose

Main data categories

Primary lawful basis

Processing purpose: Account registration, login, password reset, account administration, saved lots, viewed lots history, account settings, user-requested features

Main data categories: Account data, authentication data, saved-lot data, localStorage/session data

Primary lawful basis: Contract or steps taken at your request before entering into a contract

Processing purpose: Social sign-in through Google/Facebook

Main data categories: Email, provider identifiers, basic profile fields provided by the provider

Primary lawful basis: Contract / user-requested authentication flow

Processing purpose: Subscription management, billing, payment verification, renewals, cancellations, refunds, invoice administration

Main data categories: Payment/subscription metadata, account identifiers, billing country, status information

Primary lawful basis: Contract; and legal obligation for accounting/tax recordkeeping where required

Processing purpose: Customer support and service communications

Main data categories: Contact data, support correspondence, Telegram bot data, account context

Primary lawful basis: Contract where necessary to support the service; otherwise legitimate interests in servicing users and resolving issues

Processing purpose: Platform security, diagnostics, abuse prevention, technical logs, Application Insights, fraud/risk handling

Main data categories: IP address, usage/technical data, event logs, error data

Primary lawful basis: Legitimate interests in securing, maintaining, and improving the Platform

Processing purpose: Core localStorage for authentication, session continuity, and user-requested preferences

Main data categories: localStorage/session/preference data

Primary lawful basis: Contract and/or legitimate interests in delivering the requested service

Processing purpose: Compliance, accounting, audits, legal claims, regulator/law-enforcement response

Main data categories: Any data reasonably necessary for the issue

Primary lawful basis: Legal obligation and/or legitimate interests in establishing, exercising, or defending legal claims

Processing purpose: Newsletter and promotional marketing

Main data categories: Email address, marketing preferences, subscription status

Primary lawful basis: Consent where required by law and, for EEA/UK/Switzerland publication, this draft assumes consent as the primary basis for promotional messaging

Processing purpose: Optional analytics and advertising technologies that are not strictly necessary, including Google Analytics and Meta Pixel where used for analytics/attribution/remarketing

Main data categories: Online identifiers, usage data, IP-derived data, pixel/tag data

Primary lawful basis: Consent where required for storage/access technologies and associated processing

Processing purpose: Aggregated service-improvement analytics that do not require consent under a valid local exception, and strictly necessary server-side diagnostics

Main data categories: Aggregated or technical event data

Primary lawful basis: Legitimate interests, only where lawful and proportionate

Your EEA/UK/Swiss rights

Depending on the circumstances, you may have the right to access your personal data, rectify inaccuracies, erase data, restrict processing, receive portable data, object to processing carried out on the basis of legitimate interests, withdraw consent at any time where we rely on consent, and complain to the supervisory authority in the country where you live or work or where the alleged infringement occurred. We will respond to rights requests without undue delay and, in general, within 1 (one) month, subject to lawful extensions where the request is complex or numerous.

International transfers

The Platform’s primary hosting location is Microsoft Azure’s Italy North region in Italy. Where Personal Data is transferred outside the EEA/UK/Switzerland, we will rely on a lawful transfer mechanism appropriate to the specific transfer, such as an adequacy decision; the European Commission’s Standard Contractual Clauses; the UK International Data Transfer Addendum/IDTA where relevant; or the EU-U.S. Data Privacy Framework/UK Extension/Swiss-U.S. DPF where the recipient is eligible, actively certified, and the certification covers the transferred data. You may request more information about the transfer mechanism that applies to your data by contacting us.

Automated decision-making

We DO NOT currently use solely automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR/UK GDPR Article 22. If we later introduce such processing, we will update this Notice and provide any additional disclosures and safeguards required by applicable law.

22. Additional Information for U.S. Residents

If you are a resident of a U.S. state with an applicable privacy law, including laws modeled on the CCPA/CPRA, Colorado Privacy Act, and Virginia Consumer Data Protection Act, this section supplements the rest of the Notice. Applicability depends on statutory thresholds and exemptions. Where a specific state law applies to you and to us, we will honor the rights required by that law. California residents have rights to know/access, delete, correct, opt out of sale or sharing, and non-discrimination, and California also recognizes opt-out requests through user-enabled global privacy controls. Colorado and Virginia likewise provide access/correction/deletion/portability rights and opt-outs for sale and targeted advertising, with response deadlines generally measured in 45 days.

Categories of personal information we collect

Category

Examples in the Platform context

Sources

Category: Identifiers

Examples in the Platform context: Email address, account identifiers, Telegram user ID, username, payment customer/subscription IDs, IP address, social-login identifiers

Sources: Directly from you; payment providers; social-login providers; automatically from device/browser

Category: Account credentials and related security information

Examples in the Platform context: Hashed password, login/session data, password-reset data

Sources: Directly from you; automatically from account/authentication systems

Category: Customer records/commercial information

Examples in the Platform context: Subscription plan, billing country, payment status, invoice/payment/subscription IDs, refund/cancellation data, saved lots

Sources: Directly from you; Stripe/PayPal; account activity

Category: Internet or other electronic network activity

Examples in the Platform context: Page visits, clicks, session data, feature interactions, referral/source data, technical timestamps, analytics events

Sources: Automatically from the Platform and analytics/monitoring tools

Category: Approximate geolocation/location-related data

Examples in the Platform context: Approximate location inferred from IP address (not precise geolocation)

Sources: Automatically from infrastructure or security services

Category: Support and communications information

Examples in the Platform context: Support emails, support-form content, attachments, Telegram bot messages, notification settings

Sources: Directly from you

Category: Profile data

Examples in the Platform context: Optional first name, optional gender, optional date of birth

Sources: Directly from you or, for some fields, from Google/Facebook sign-in where provided

Category: Inferences/audience segmentation data

Examples in the Platform context: Premium-brand alert segmentation and preferences based on your subscriptions/settings

Sources: Derived from account settings and user-selected preferences rather than sensitive behavioral profiles

Business and commercial purposes

We collect and use the above categories to provide and secure the Platform, administer accounts and subscriptions, process billing, respond to support requests, send service messages, operate user-requested notifications, analyze service usage, improve the Platform, send marketing communications where permitted, maintain legal/compliance records, and protect the Platform and our users.

Sale, sharing, and targeted advertising

We do not sell personal data for money. However, because the Platform uses Google Analytics and Meta Pixel for analytics, attribution, and potential remarketing/retargeting, some of those disclosures may be treated as "sharing" under California law or as processing for targeted advertising under Colorado or Virginia law, depending on how the tools are configured and used. Under certain U.S. state privacy laws, this type of processing may be considered “sharing” of personal data or processing for "targeted advertising." For this reason, and where required by applicable law, we provide you with the ability to opt out of such processing.

Your U.S. Privacy Choices

If you are a resident of certain U.S. states, you may have the right to opt out of the sale or sharing of your personal data, as well as the use of your personal data for targeted advertising.

Where supported, we recognize and honor valid browser-based opt-out preference signals, such as Global Privacy Control (GPC), in accordance with applicable law.

You may also contact us at admin@each-jewelry.com to exercise your rights.

How U.S. residents may exercise rights

You may submit requests to know/access, correct, delete, or obtain a copy of applicable data by emailing us at admin@each-jewelry.com. You may exercise the sale/share/targeted-advertising opt-out through any privacy settings center we provide or through an accepted Global Privacy Control/universal opt-out mechanism. We may need to verify your identity for access, correction, deletion, or portability requests, but we generally should not require full identity verification merely to process an opt-out of sale/sharing. For states that provide appeal rights, if we deny your request, you may appeal by emailing admin@each-jewelry.com with the subject line "Privacy Rights Appeal." We will not discriminate against you for exercising your rights.

Authorized agents

Where state law allows, you may designate an authorized agent to submit a privacy request on your behalf. If we reasonably need to do so, we may ask the agent to provide signed written authorization from you and may ask you to verify your identity directly, consistent with applicable law. California regulations and privacy policy requirements expressly address instructions for authorized agents.

Sensitive personal information

The Platform does not ask users to provide sensitive personal information for ordinary registration or ordinary use. Some data elements, such as account credentials, may fall within "sensitive personal information" definitions under California law, but they are processed to provide and secure the requested service rather than for unrelated secondary uses. If our practices change such that a "right to limit" becomes applicable, we will update this Notice and any required link structure.