Privacy Policy

Effective date: August 23, 2025
Applies to: jenvra.com (“Jenvra,” “we,” “us,” “our”)

Jenvra respects your privacy. This Policy explains what we collect, why we collect it, how we use and share it, how long we keep it, and the choices you have. By using jenvra.com, you agree to this Policy and our Terms.

US-first; California CPRA note. Where this Policy says “sell” or “share,” those terms follow the California Privacy Rights Act (CPRA). We do not sell personal information for money. We may share certain online identifiers with advertising partners for cross-context behavioral advertising. You can opt out (see Your Privacy Choices).

---

1) What We Collect

We collect the following categories of personal information:

• Identifiers & Contact Data — name, email, phone (optional), billing/shipping address, IP address, order ID, device/browser info.

• Commercial Data — products viewed/added/purchased, order details, payment authorization result (from payment processors), support history.

• Internet / Electronic Activity — site actions, pages viewed, session information, approximate location derived from IP, cookie IDs, advertising IDs.

• User-Generated Content — product reviews, photos/videos you submit, survey responses.

• Inferences (limited) — basic preferences derived from on-site actions (e.g., interest in a bundle).

• Sensitive data — we do not collect government IDs or precise geolocation. If you create an account, we may process account credentials (passwords stored hashed). We do not use sensitive data to infer characteristics.

Sources. You (checkout, forms, email/SMS opt-ins), your device (cookies, pixels), service providers (e.g., payment, ecommerce, email), and advertising partners (e.g., pixels on our pages).

---

2) Why We Use Personal Information

• Order processing & fulfillment (checkout, payments, shipping, returns/refunds).

• Customer support (answer questions, troubleshoot).

• Fraud/abuse prevention & chargeback defense (verify identity, detect risky activity, maintain transaction/consent logs, enforce limits against abusive behavior).

• Site operations & improvement (analytics, debugging).

• Marketing with consent (email/SMS) and advertising (including retargeting).

• Legal compliance (tax, accounting, consumer requests) and to protect rights, safety, and property.

Legal bases (US pragmatic): performance of a contract (your order), legitimate interests (security, fraud prevention, improvement), consent (email/SMS marketing & cookies beyond strictly necessary), and compliance with laws.

---

3) How We Share Information

We share personal information with:

• Service Providers / Processors – to operate our store and services (ecommerce platform, hosting, payment processors (e.g., Shopify Payments methods and PayPal), email/SMS provider (Klaviyo), support tools, shipping/fulfillment).

• Advertising/Analytics Partners – limited online identifiers via pixels/cookies to measure performance and show ads (e.g., Meta Pixel). This may be considered “sharing” under CPRA; see Your Privacy Choices.

• Fraud Prevention & Payment Disputes – processors and anti-fraud tools to reduce fraud and defend against chargebacks.

• Law & Safety – where required by law or to protect our rights or others’ safety.

• Business Transfers – in connection with a merger, acquisition, or similar event.

We do not sell personal information for money. We do not allow service providers to use your data for their own marketing.

---

4) Your Privacy Choices

• Email marketing. Unsubscribe anytime via the link in our emails.

• SMS marketing (if you opt in). Msg & data rates may apply. Msg frequency varies. Reply STOP to opt out; HELP for help. Consent is not a condition of purchase.

• Cookies/Ads. Manage preferences via our Cookie Preferences link (footer). You can opt out of sale/share for cross-context advertising via Your Privacy Choices (footer).

• Global Privacy Control (GPC). If your browser sends a GPC signal, we treat it as a Do Not Sell/Share request for that browser.

---

5) California (and similar state) Privacy Rights

Residents of California (and, with differences, CO/CT/VA/UT) have rights to:

• Know/Access the categories and specific pieces of personal information we collected about you.

• Delete personal information we collected from you (subject to legal/operational exceptions).

• Correct inaccurate personal information.

• Opt out of sale/share of personal information and targeted advertising.

• Non-discrimination for exercising rights.

How to exercise. Email hello@jenvra.com with the subject “Privacy Request” and tell us which right(s) you are exercising. We will verify your request (e.g., via your email and order details; we may request additional information). You may use an authorized agent; we may require proof of authorization and verification of your identity.

Limit use of sensitive data. Not applicable—Jenvra does not use sensitive personal information for inferring characteristics.

---

6) Retention

We retain personal information only as long as needed for the purposes above:

• Orders, payments, tax & fraud logs: up to 5 years from your last order (longer if required by law or to resolve disputes/chargebacks).

• Customer support & communications: up to 5 years from last interaction where needed for compliance or disputes.

• Marketing & website analytics: generally up to 24 months from last interaction or until you opt out/delete cookies.

• Account data: while the account is active; then per the timelines above.
  We may retain data longer where necessary to protect our rights, comply with law, or maintain accurate business records.

---

7) Security

We use commercially reasonable safeguards to protect personal information (TLS in transit, access controls, least-privilege access, encryption at rest where applicable, and incident response). No system is perfectly secure; you are responsible for maintaining the confidentiality of your account credentials.

---

8) Children

Our site is intended for adults 18+. We do not knowingly collect personal information from children under 16. If you believe a child provided information, contact hello@jenvra.com and we will delete it.

---

9) International Users

We primarily serve U.S. customers. If you access our site from outside the U.S., your information may be processed in countries with different laws. Where required, we rely on appropriate transfer safeguards.

---

10) State-Specific Disclosures (California Notice at Collection)

Below is a summary of our current practices:

Your Privacy Choices / Do Not Sell or Share My Personal Information: see the footer links on jenvra.com.

---

11) Do Not Track

We do not respond to Do Not Track signals. We honor Global Privacy Control as described above.

---

12) Changes to This Policy

We may update this Policy. If changes are material, we will post an updated version and change the effective date. Your continued use of jenvra.com after changes means you accept the updated Policy.

---

13) Contact Us

• Email: hello@jenvra.com

• Website: jenvra.com

---

EU/UK Addendum (for future expansion)

If you are in the EU/UK and interact with Jenvra, Jenvra is the controller of your personal data.

Purposes & legal bases. We process data as necessary to perform a contract (orders/support), with your consent (email/SMS marketing; non-essential cookies), for our legitimate interests (security, fraud prevention, site improvement), and to comply with legal obligations.

Your rights. You may have rights to access, delete, correct, restrict processing, portability, and to object (including to profiling for direct marketing). You may withdraw consent at any time. To exercise, email hello@jenvra.com. You may lodge a complaint with your local supervisory authority.

International transfers. Where we transfer data outside the EU/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and supplementary measures as needed.