The data we hold, and why.

Aquad'or, registered in the Republic of Cyprus, is the data controller for everything you submit through this site. Our office is at Ledra 145, 1011 Nicosia. The inbox for any privacy request is info@aquadorcy.com.

When you place an order, we collect your name, email, phone number, shipping address, and the items in the order. We do not see or store your card number. Payment is handled by Stripe, who carry the card data on their own systems.

When you write through the contact form, we collect your name, email, optional phone, and the body of your message. When you subscribe to the journal, we collect your email and the date you subscribed. When you visit the site, our analytics collect anonymous technical data: the page, the referrer, the country, the browser. We do not link this to your account.

We hold order data to perform the contract with you, that is, to ship the perfume you bought and to handle returns. We hold contact form messages to respond to you. We hold subscriber emails on the basis of your consent, which you can withdraw at any time. We hold analytics under our legitimate interest in understanding how the site is used, with the data anonymised where possible.

• Order records. Retained for seven years to meet Cyprus tax law.
• Contact form messages. Ninety days, then deleted.
• Subscriber emails. Until you unsubscribe, then deleted within thirty days.
• Shopping cart. Stored only in your browser as localStorage. Clear your browser data and it is gone.
• Analytics. Aggregated and retained for twenty four months.

We do not sell your data. The processors that touch it on our behalf are: Stripe for payment, Resend for transactional email, Vercel for hosting, Sentry for error reporting, Supabase for the database. Each operates under a data processing agreement with us and is GDPR compliant. We disclose data to any other party only when required by Cyprus law.

Under the GDPR you have the right to ask for a copy of the data we hold about you, to ask us to correct anything that is wrong, to ask us to delete it, to ask us to restrict what we do with it, and to receive your data in a portable form. Write to info@aquadorcy.com with the request. We respond within one calendar month. If you are not satisfied with our response, you can complain to the Cyprus Office of the Commissioner for Personal Data Protection.

We use a small number of first party cookies to keep your cart, to remember your cookie preference, and to power admin sessions. We use Vercel Analytics for anonymous traffic measurement, which uses first party cookies only. Stripe sets its own cookies on the checkout page to prevent fraud. You can manage cookies through your browser settings or through the consent banner.

We update this policy when the law changes or when we change a processor. Material changes are announced on this page with a revision date thirty days before they take effect. If you have an active subscription, we email you when the policy moves.