Privacy Policy

Katura 1999 ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase.

This Privacy Policy ("Policy") applies to all personal data collected by October Skies Benediction LLC, doing business as Katura 1999 ("Katura," "we," "us," or "our"), a South Carolina limited liability company, through:

• Our website at katura1999.com and all subdomains
• Our mobile applications (iOS and Android)
• Email and SMS communications
• In-person consultations, showroom visits, and jewelry repair services
• Third-party marketplaces where Katura products are sold
• Social media pages operated by Katura

By using our Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use our Services. This Policy is incorporated into and subject to our Terms of Service.

We use the information we collect to:

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following lawful bases as defined by the GDPR:

We do not sell your personal information. We may share your information with:

We never sell, rent, or trade your personal data. Period.

We share data only with the following categories of recipients, and only to the extent necessary:

• Payment Processing: Stripe, Inc. — PCI DSS Level 1 certified
• Email Communications: Brevo (Sendinblue) — for transactional and marketing emails
• Shipping & Fulfillment: ShipStation, FedEx, UPS, USPS, DHL
• Cloud Infrastructure: Vercel (hosting), Supabase (database), Amazon Web Services (media storage)
• Analytics: Google Analytics (anonymized), Vercel Analytics (privacy-focused)
• Customer Support: Internal support tools only — we do not use third-party helpdesk platforms
• Professional Advisors: Legal counsel, accountants, auditors (under confidentiality agreements)
• Law Enforcement: Only when required by valid legal process (subpoena, court order, or statutory obligation)

Katura 1999 is based in Atlanta, Georgia, United States. Your data may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the following legal mechanisms:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for international data transfers
• UK International Data Transfer Addendum: For transfers from the United Kingdom
• Data Processing Agreements: With all sub-processors, requiring equivalent protections

Our primary infrastructure providers (Vercel, Supabase, Stripe) maintain robust compliance programs and process data in accordance with applicable data protection regulations.

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. Below are our specific retention periods:

After the applicable retention period, data is securely deleted or anonymized so that it can no longer be associated with you. Anonymized data may be retained indefinitely for statistical purposes.

We implement appropriate technical and organizational measures to protect your personal information. However, no method of transmission over the Internet is 100% secure.

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Depending on your location, you have specific rights regarding your personal data. We honor these rights regardless of where you live, to the extent commercially practicable:

To exercise any of these rights, email legal@katura1999.com with the subject line "Privacy Rights Request." We will verify your identity and respond within 30 days (extendable by 60 days for complex requests, with notice).

We use cookies and similar technologies to improve your browsing experience, analyze site traffic, and personalize content. You can manage your cookie preferences through your browser settings.

Managing Cookies: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking strictly necessary cookies may impair site functionality (e.g., you won't be able to log in or maintain a shopping cart).

Some browsers transmit a "Do Not Track" (DNT) signal. There is currently no uniform standard for interpreting DNT signals. However, when we detect a DNT signal, we:

• Disable non-essential analytics cookies
• Do not load the Meta Pixel or marketing tags
• Continue to use strictly necessary cookies required for site functionality

We also support the Global Privacy Control (GPC) signal. When we detect a GPC signal, we treat it as a valid opt-out of the sale or sharing of personal information under CCPA/CPRA.

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at legal@katura1999.com.

If we discover that we have collected personal data from a child under 16 without verified parental consent, we will delete that data within 48 hours and notify the parent or guardian.

We do not use automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. Specifically:

• Order approvals and rejections are reviewed by human staff
• Credit decisions are not made by Katura — payment processing is handled by Stripe
• Product recommendations are based on non-personal, aggregated purchase patterns
• Fraud detection flags are always reviewed by a human before any action is taken

If we introduce automated decision-making in the future, we will update this Policy, provide meaningful information about the logic involved, and offer the right to contest decisions and obtain human review.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• Material Changes: We will email registered account holders at least 30 days before the changes take effect
• Minor Changes: We will update the "Last reviewed" date at the top of this Policy
• Continued Use: Your continued use of our Services after a change constitutes acceptance of the updated Policy

We encourage you to periodically review this Policy. The full revision history is available upon request by emailing legal@katura1999.com.

If you have a concern about our privacy practices that we cannot resolve directly, you may pursue the following options:

• Direct Resolution: Contact us at legal@katura1999.com. We aim to resolve all privacy complaints within 30 days.
• Binding Arbitration: If we cannot reach a resolution, either party may elect binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules. Arbitration will be conducted in Charleston County, South Carolina, United States.
• Supervisory Authorities: EU/EEA residents may file complaints with their local data protection authority. UK residents may contact the ICO. Brazilian residents may contact the ANPD.

For any privacy-related questions, data subject requests, or to exercise your rights under CCPA, GDPR, LGPD, or any other applicable privacy law: