Who We Are
Crystal Beauty LLC ("Crystal Beauty," "we," "us," or "our") is a registered disregarded entity incorporated under the laws of the State of Montana, United States. We operate the e-commerce website at crystalbeauty.com (the "Site") and sell premium skincare and beauty products. For privacy matters, Crystal Beauty LLC acts as the data controller of your personal information.
How We Use Your Information
We use the information we collect for the following purposes:
- Processing, fulfilling, and shipping your orders
- Sending order confirmations, shipping updates, and receipts
- Responding to your customer service inquiries and support requests
- Preventing fraud, abuse, chargebacks, and unauthorized access
- Personalizing your shopping experience and product recommendations
- Sending promotional emails and offers — only with your consent or where permitted by law
- Conducting analytics to improve our website, product range, and user experience
- Complying with legal obligations, tax reporting, and regulatory requirements
We will never sell your personal information to third parties for their independent marketing purposes.
Sharing Your Information
We disclose personal information only in limited circumstances:
- Payment processing: Stripe, Inc. processes all payments. Your card data is transmitted directly to Stripe under their PCI-DSS compliant systems. We do not receive or store sensitive card data.
- Shipping & logistics: We share your name and shipping address with our carrier partners (e.g., USPS, UPS, FedEx) solely to deliver your order.
- Analytics providers: We use anonymized or aggregated analytics data to understand site performance. We configure these tools to minimize personal data exposure.
- Legal compliance: We may disclose information when required by applicable law, court order, or government authority, or to protect our legal rights.
- Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity subject to the same privacy protections.
All third-party service providers we work with are bound by confidentiality obligations and are prohibited from using your data for purposes other than those we specify.
Cookies & Tracking
We use cookies and similar technologies to operate our website. For full details, see our Cookie Policy. In summary:
- Essential cookies: Required for shopping cart functionality, session management, and site security. Cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with our site (aggregate, anonymized data).
- Preference cookies: Remember your settings like language or display preferences.
You can manage cookie preferences in your browser settings or via the consent banner displayed on your first visit.
Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law:
- Order and transaction records are retained for a minimum of 7 years for tax and accounting purposes
- Customer support correspondence is retained for 3 years
- Marketing preferences and email consent records are retained until you opt out or withdraw consent
- Analytics data in anonymized form may be retained indefinitely
When data is no longer needed, we securely delete or anonymize it.
Data Security
We implement industry-standard safeguards to protect your personal information, including:
- SSL/TLS encryption for all data transmitted between your browser and our servers
- PCI-DSS compliant payment processing through Stripe
- Access controls limiting who within our organization can view personal data
- Regular security reviews and vulnerability assessments
- Secure storage practices with encrypted databases
While we take these measures seriously, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify you promptly if a breach affecting your data occurs.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Ask us to correct inaccurate or incomplete information
- Deletion: Request that we delete your personal data ("right to be forgotten"), subject to legal retention requirements
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to certain processing activities, including direct marketing
- Restriction: Request that we limit how we use your data in certain circumstances
- Withdraw consent: Revoke previously granted consent at any time without affecting prior lawful processing
To exercise any of these rights, contact us at [email protected] or call +1 (213) 320-0788. We will respond within 30 days.
Children's Privacy
Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal information from individuals under the age of 13. If we become aware that we have inadvertently collected data from a child, we will promptly delete it. If you believe a child has provided us with personal information, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last reviewed" date at the top of this page and, where appropriate, notify you by email or by displaying a notice on our website. Your continued use of our website after any change constitutes acceptance of the updated policy.