Privacy policy

Date: 2025-09-28

1. About This Policy

This Privacy Policy applies to all users of yucolen.store (“we”, “us”, “our”)—a brand specializing in women’s clothing (stylish apparel, wardrobe essentials, outerwear)—and details how we collect, use, store, protect, and share your personal data across all interactions with our website. This includes browsing products, creating an account, placing orders, signing up for style updates, or contacting customer support.

We adhere strictly to global data protection laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and regional equivalents, to ensure your privacy rights are respected and your data is handled transparently.

“Personal data” refers to any information that can identify you directly or indirectly, such as your full name, email address, postal address, phone number, payment details (e.g., last 4 digits of a credit card), browsing history (e.g., which dress styles you view), device information (IP address, browser type), and preferences (e.g., size preferences, favorite clothing categories).

This policy does not cover third-party websites or services linked from our site (e.g., social media platforms, payment gateways like PayPal)—we encourage you to review their privacy policies independently before engaging with them.

2. Data Controller & Contact Information

The data controller responsible for managing your personal data is the operator of yucolen.store. For privacy-related inquiries, requests (e.g., accessing your data, updating size preferences, withdrawing consent), or complaints, contact our dedicated privacy team:

  • Email: sales@yucolen.store (subject line: “Privacy Inquiry”)
  • Response Commitment: We acknowledge all requests within 1 business day and resolve them within 30 days. For complex requests (e.g., exporting your full order history), we may extend this timeline by up to 2 months, but we will notify you of delays and provide regular updates.

3. What Personal Data We Collect

We collect personal data only for specific, legitimate purposes and avoid unnecessary collection. The types of data depend on your interaction with our site:

3.1 Data Collected When Browsing (No Registration Required)

When you visit to view clothing (e.g., tops, dresses, outerwear) without registering or purchasing, we automatically collect technical data to maintain site functionality and improve your experience:

  • IP Address: To identify your general region (e.g., state) for optimizing shipping carrier matching (e.g., linking you to nearby warehouses for faster delivery) and detecting fraudulent activity (e.g., blocking logins from high-risk IP ranges).
  • Visit Date & Time: To analyze peak traffic (e.g., weekends vs. weekday evenings) and allocate server resources (e.g., ensuring the site doesn’t crash during seasonal sales like Black Friday).
  • Pages Viewed & Links Clicked: To understand popular styles (e.g., “neon sunglasses” or “casual dresses”) and refine site navigation (e.g., moving top-viewed categories like “Wardrobe Essentials” to the homepage).
  • Device & Browser Details: Browser type/version (e.g., Safari 17.2), operating system (e.g., iOS 18), and device model (e.g., iPhone 15) to ensure the site is mobile-responsive and fix display errors (e.g., resolving issues with dress size charts on Android devices).
  • Referral Source: To track how you found us (e.g., Google search for “stylish women’s outerwear,” Instagram ad, or a fashion blog) and prioritize effective marketing channels.

This collection is based on Article 6(1)(f) GDPR (our legitimate interest in a functional, user-friendly site) and CCPA Section 1798.100 (reasonable business purposes).

3.2 Data Collected for Account Registration

Creating an account (optional—you can purchase as a guest) lets you save size preferences, track orders, and access style updates. We collect voluntary data you provide:

  • Full Name: To personalize your account (e.g., “Welcome back, [Name]”) and ensure order details (e.g., delivery address) match your identity (reducing fraud risks).
  • Email Address: To send account confirmations (verifying your email to activate your account), password resets (if you forget your login), and order updates (e.g., “Your dress has shipped”).
  • Encrypted Password: Stored via industry-standard hashing (e.g., bcrypt)—we never access or store your raw password, even internally.
  • Optional Phone Number: For SMS delivery alerts (e.g., “Your package is out for delivery”) if you opt in—you can disable this via account settings.
  • Clothing Preferences: Optional details like size (e.g., “US 8 for dresses”), favorite categories (e.g., “casual tops”), or style preferences (e.g., “timeless designs”) to personalize recommendations (e.g., “New casual dresses in your size”).
  • Communication Opt-Ins: Whether you want to receive marketing emails (e.g., style tips, early access to new collections) or SMS promotions—this is separate from transactional emails (e.g., receipts) and can be revoked anytime.

3.3 Data Collected for Purchases

When you buy clothing (e.g., a dress or outerwear), we collect transactional data to fulfill your order:

  • Delivery Address: Full address (including apartment numbers) and special instructions (e.g., “Leave at front door”) to ensure accurate shipping—critical for clothing that may require signature confirmation.
  • Billing Address: To verify your payment method (e.g., matching the address on your credit card) and comply with anti-money laundering laws.
  • Order Details: Product name, size, color, quantity, and customizations (e.g., “embroidered initials on a jacket”) to ensure you receive the correct item.
  • Payment Identifiers: Last 4 digits of a credit card or PayPal ID—we never store full credit card details; all payments are processed by PCI DSS-compliant providers (e.g., Stripe) who encrypt financial data.
  • Order Notes: Requests like “Gift wrap for a birthday” or “Include a style guide”—we use these to personalize your order.

This collection is based on Article 6(1)(b) GDPR (necessary to fulfill our contract to deliver your clothing) and CCPA Section 1798.100 (fulfilling customer orders).

3.4 Data Collected When Contacting Support

If you reach out via email/contact form (e.g., asking about dress sizing, reporting a damaged top), we collect support-related data:

  • Your Name & Contact Info: Email/phone number to identify you (e.g., linking your inquiry to your order history) and respond.
  • Inquiry Details: Order number (if applicable), product issue (e.g., “dress hem is loose”), and photos (e.g., of the damaged hem) to resolve issues quickly—photos help us distinguish between manufacturing defects and wear.
  • Communication History: A record of messages (e.g., your initial question and our response) to ensure consistency if you follow up (e.g., “As we discussed, your replacement dress ships tomorrow”).

We retain this data only until your inquiry is resolved (typically 30 days post-communication) to ensure follow-up support (e.g., checking if your replacement fit correctly).

3.5 Data Collected via Cookies & Tracking Tools

We use cookies (small text files) and web pixels to enhance your experience—you can manage preferences via our “Cookie Settings” footer link:

Cookie Type Purpose Legal Basis
Strictly Necessary Cookies Enable core functions (e.g., remembering items in your cart, login session)—cannot be disabled. Article 6(1)(f) GDPR (legitimate interest)
Functional Cookies Save preferences (e.g., size, default shipping address) to avoid re-entering details. Article 6(1)(f) GDPR (legitimate interest)
Performance Cookies Collect anonymous data (e.g., how long you spend on a dress page) to improve site speed and layout. Consent (if required) or Article 6(1)(f) GDPR
Marketing Cookies Track interactions with ads (e.g., clicking a “new collection” email link) to deliver targeted promotions (e.g., “You viewed this jacket—save 15%”). Explicit consent (GDPR/CCPA)

Web pixels (invisible images in emails) track actions like email opens (e.g., “Did you view our style tips email?”) to measure marketing effectiveness—this data is anonymized unless you consent to link it to your account.

4. How We Use Your Personal Data

We use your data only for the purposes it was collected—no unstated use without your consent:

4.1 Fulfilling Orders & Providing Services

  • Process Payments: Share billing details with PCI DSS providers (e.g., Stripe) to verify funds and prevent fraud (e.g., flagging stolen credit cards).
  • Arrange Shipping: Share your name, delivery address, and order number with carriers (e.g., UPS) to ensure timely delivery—if you opted in to SMS alerts, we share your phone number with the carrier for updates.
  • Send Order Updates: Notify you via email/SMS (if opted in) about status changes: “Order confirmed,” “Shipped” (with tracking), “Out for delivery,” or “Delivered.”
  • Resolve Issues: Use order history and photos to address problems like wrong sizes (e.g., sending a replacement US 10 for a mistakenly shipped US 6) or damaged items (e.g., issuing a refund for a torn top).

4.2 Managing Your Account

  • Maintain Preferences: Update saved sizes, shipping addresses, and style preferences (e.g., adding “sustainable fabrics” to your favorites).
  • Secure Your Account: Use IP/device data to detect unauthorized access (e.g., a login from a new country) and send alerts (e.g., “We noticed a login from France—was this you?”).
  • Personalize Recommendations: Use size and style preferences to suggest items (e.g., “New casual tops in your size US 8”).

4.3 Improving Our Site & Collections

  • Analyze Trends: Combine anonymized browsing/purchase data (removing names) to identify popular styles (e.g., “60% of users view midi dresses before tops”) and optimize inventory (e.g., restocking neon sunglasses based on demand).
  • Test New Features: Roll out tools like “virtual fitting rooms” to a subset of users and use feedback to refine functionality (e.g., adding more size options to the tool).
  • Fix Technical Issues: Use browser data to resolve bugs (e.g., “Users on Android 14 can’t view size charts”) and improve mobile experience (e.g., simplifying checkout for phone users).

4.4 Communicating With You

  • Transactional Emails: Send non-marketing updates (account confirmations, receipts, refund alerts)—these are required to fulfill our contract.
  • Marketing Communications: Send emails/SMS about:
    • New collections (e.g., “Fall outerwear is here!”).
    • Style tips (e.g., “How to style our casual dresses for work”).
    • Exclusive offers (e.g., “10% off your next order for account holders”).These are sent only if you opt in—unsubscribe via email links or account settings.
  • Support Follow-Ups: Send a short survey (e.g., “How did we handle your size exchange?”) to improve customer service.

4.5 Ensuring Security & Compliance

  • Detect Fraud: Use IP/billing-delivery address matching to flag suspicious orders (e.g., multiple large orders with different billing addresses).
  • Comply With Laws: Retain order/payment records for 7 years to meet tax/accounting requirements (e.g., responding to IRS audits) and disclose data if required by law (e.g., court orders).

5. How We Share Your Personal Data

We never sell your data to third parties for marketing. We only share with trusted partners bound by strict privacy obligations:

5.1 Payment Service Providers

Share billing address, order amount, and payment identifiers (last 4 digits of a card) with PCI DSS providers (e.g., Stripe) to process payments securely—they use data only for transactions and do not retain it long-term.

5.2 Shipping Carriers

Share your name, delivery address, and order number with carriers (e.g., FedEx) to deliver your clothing—carriers may receive your phone/email (with consent) for delivery updates and delete your data post-delivery.

5.3 Technical Partners

Share anonymized browsing data (e.g., pages viewed, device type) with hosting/analytics partners (e.g., Google Analytics) to:

  • Maintain site performance (e.g., AWS ensures the site stays online during sales).
  • Detect cyber threats (e.g., Sucuri blocks DDoS attacks).
  • Improve user experience (e.g., identifying checkout bottlenecks).

Anonymized data cannot be linked to you (e.g., IP addresses are truncated to “192.168.1.XXX”).

5.4 Marketing Partners

If you opt in to marketing, share your email/phone with providers (e.g., Mailchimp for emails, Twilio for SMS) to send promotions—partners are contractually required to protect your data and honor opt-outs.

5.5 Legal Authorities

Disclose data if required by law (e.g., tax audits, fraud investigations)—we share only the minimum data needed and notify you unless prohibited (e.g., sealed court orders).

6. Data Security & Retention

6.1 Security Measures

  • Encryption: All data transmitted (e.g., account registration, payment details) uses SSL/TLS 1.3—prevents interception by hackers.
  • Secure Storage: Sensitive data (encrypted passwords, order records) is stored on servers with restricted physical access (24/7 security guards, biometric entry) and digital controls (multi-factor authentication for staff).
  • Regular Audits: Quarterly security checks and penetration testing (by third-party firms) to fix vulnerabilities (e.g., weak password policies).
  • Employee Training: Annual data protection training for staff—ensures they do not share customer data (e.g., your size preferences) with unauthorized parties.
  • Breach Response: If a breach exposes your data (e.g., email/order history), we notify you and regulators within 72 hours (per GDPR/CCPA) and provide steps to protect yourself (e.g., resetting your password).

6.2 Retention Periods

  • Account Data: Retained while your account is active—deleted 30 days after closure (unless legal obligations apply).
  • Order Data: Retained for 7 years (tax compliance)—anonymized after 7 years (identifiers like your name are removed).
  • Browsing Data: Anonymized/deleted within 3 months of your last visit.
  • Support Data: Deleted 30 days after your inquiry is resolved.
  • Marketing Data: Retained only while you opt in—deleted within 7 days of unsubscribing.

7. Your Privacy Rights

Under GDPR/CCPA, you have the following rights—email sales@yucolen.store with proof of identity (e.g., order confirmation, redacted ID) to exercise them:

7.1 Right to Access

Request a copy of all data we hold about you (e.g., order history, size preferences) in a machine-readable format (e.g., CSV)—free for the first request.

7.2 Right to Rectification

Correct inaccurate data (e.g., update your size from US 8 to US 10, fix a misspelled name)—we update linked records (e.g., future orders) within 7 days.

7.3 Right to Erasure (“Right to Be Forgotten”)

Request deletion if:

  • Data is no longer needed (e.g., inactive account with no pending orders).
  • You withdraw consent (e.g., opt out of marketing and no other legal basis for processing).We confirm deletion within 14 days—unless we must retain data for tax compliance.

7.4 Right to Restrict Processing

Limit use of your data if:

  • You dispute accuracy (e.g., your address is outdated—we stop using it until verified).
  • Processing is unlawful (but you don’t want deletion).

7.5 Right to Data Portability

Receive your data (e.g., order history, preferences) in a format you can transfer to another clothing retailer (e.g., CSV for importing into their account system).

7.6 Right to Object

  • Marketing: Opt out anytime (via email links or account settings)—we stop processing immediately.
  • Legitimate Interest Processing: Object to us using your browsing data to improve the site—we stop if your rights override our interests.

7.7 Right to Withdraw Consent

Withdraw consent for non-essential processing (e.g., SMS alerts)—does not affect past lawful processing.

7.8 Right to Lodge a Complaint

File a complaint with a data protection authority:

  • EU: Local authority (e.g., ICO in the UK).
  • California: California Attorney General’s Office.

8. Changes to This Policy

We update this policy for legal changes (e.g., new state privacy laws) or site features (e.g., adding a virtual fitting room). Changes are posted with a new “Last Updated” date—account holders get 7 days’ email notice for material changes. Continued use of the site constitutes acceptance.

9. Children’s Privacy

We do not collect data from children under 13—our clothing is designed for adults, and parents must ensure minors do not provide data. If we accidentally collect data from a child, we delete it within 7 days.