The House of XNUELIA — PRIVACY POLICY
Effective Date: August 31, 2025
Who We Are:XNUELIA LLC ("XNUELIA," "we," "us" or "our").
Scope: This Policy describes how we collect, use, share, and protect personal data when you use xnuelia.com, our ecommerce checkout, marketing programs, and customer‑support channels. It also explains your choices and rights.
At a glance: We collect data to fulfill orders, provide a secure and personalized experience, and improve our Services. We do not sell your personal information for money. You can opt out of targeted ads and certain sharing.
1) Notice at Collection (U.S.) — Categories, Sources, Purposes, Retention
We collect the following categories of personal information from you, your devices, service providers, and advertising/analytics partners for the purposes and retention periods set out below:
Category
Examples
Purposes
Retention (criteria)
Identifiers
name, username, email, phone, postal address, IP, device IDs account setup, orders, support, security, marketing (with consent/opt‑out), fraud prevention life of account + legal requirements
Commercial data
carts, orders, returns, preferences, support history fulfill orders, customer care, personalization, analytics
transaction life + tax/regs
Payment data
tokenized IDs, last4 (processed by PCI‑compliant provider) process payments, refunds, chargebacks per processor policy + legal
Internet/Network activity
pages viewed, clicks, referral URLs, session data, approximate location site functionality, analytics, security, ads (with consent/opt‑out) rolling 24 months (reviewed)
Inferences
derived preferences personalization, analytics rolling 24 months
User content
reviews, photos, survey responses community features, marketing (license below) until deleted or account closure
Sensitive data
none intended; if voluntarily provided (e.g., fit notes), we minimize and limit use fit/support only; no inferences as needed, then delete We will not retain personal information longer than reasonably necessary for the disclosed purposes and legal requirements (e.g., tax, accounting, fraud prevention, litigation).
2) Children
The Services are not directed to children under 13 (or higher local age). We do not knowingly collect data from children. Contact us to request deletion if you believe a child provided information.
3) How We Use Personal Data
Provide, operate, secure, and improve the Services
Process orders, payments, shipping, returns, and customer support
Personalize content and product recommendations
Send transactional emails/SMS (order updates); send marketing with consent or as permitted by law
Prevent fraud, enforce Terms, and comply with legal obligations
Debugging, analytics, research, and quality assurance
4) Cookies, Tracking & Global Privacy Control (GPC)
We use first‑ and third‑party cookies, pixels, and SDKs for core functionality, analytics, and advertising. Manage preferences via our Cookie Settings tool and browser settings. Where legally required, we honor the Global Privacy Control (GPC) signal as an opt‑out of “sale”/“sharing” for cross‑context behavioral advertising.
5) Advertising, Analytics & Your Choices
Email: Unsubscribe via the link or email privacy@xnuelia.com.
SMS: Reply STOP to opt out. Msg & data rates may apply.
Targeted ads / sharing: Use Do Not Sell/Share My Personal Information in the footer and Cookie Settings (plus GPC).
Analytics: You can use platform‑provided opt‑outs (e.g., browser add‑ons) and our Cookie Settings.
6) How We Share Personal Data
We share personal information with:
(a) Service providers/processors (payment, fulfillment, warehousing, email/SMS, analytics, security, hosting);
(b) Advertising/analytics partners (for measurement and, with consent/opt‑out, personalization);
(c) Business transfers (merger, acquisition, financing, or sale of assets);
(d) Legal/safety (to comply with law, protect rights, security, and property).
We do not sell personal information for money. If we "share" for cross‑context behavioral advertising or conduct targeted ads under state laws, you may opt out (Section 5).
7) International Data Transfers
If personal data is transferred outside your region (e.g., from the EEA/UK to the U.S.), we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or your consent where required. We implement supplementary measures as appropriate.
8) Legal Bases (EU/UK GDPR)
Contract (order processing, account services)
Legitimate interests (security, analytics, improvement, limited direct marketing) balanced against your rights
Consent (cookies, targeted ads, email/SMS marketing, international transfers when required)
Legal obligation (tax, accounting, compliance)
9) Your Rights
Depending on your jurisdiction (e.g., VCDPA (VA), CCPA/CPRA (CA), CPA (CO), CTDPA (CT), UCPA (UT), EU/UK GDPR), you may have rights to: access, confirm processing, correct, delete, port, and opt out of targeted advertising, sale, or profiling with legal/ similarly significant effects.
To exercise rights, email privacy@xnuelia.com with your request, jurisdiction, and a method for identity verification. Authorized agents may submit requests as permitted by law. We will not discriminate against you for exercising rights.
Appeals (VCDPA and similar)
If we deny your request, you may appeal by replying to our decision email with "Appeal" in the subject. If denied again, you may contact your Attorney General or data‑protection authority.
10) Data Security
We maintain administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, access controls, and regular reviews. No system is 100% secure.
11) Financial Incentives (CPRA)
If we offer a loyalty or referral program that provides discounts or benefits tied to personal information, we will disclose the program terms, categories of personal information implicated, and how the value is reasonably related to the benefit, and obtain your opt‑in consent. You may withdraw at any time.
12) User Content & Public Areas
If you submit reviews or photos, they may be public. Do not include personal or sensitive information you do not wish to make public. We may use your User Content per the Terms of §8.
13) Data Retention
We retain personal information only as long as necessary for the purposes described, including to comply with legal obligations, resolve disputes, and enforce agreements. We apply criteria such as account status, transaction history, and legal requirements.
14) Changes to This Policy
We may update this Policy from time to time. Material changes will be notified by updating the effective date and, where required by law, by additional notice (e.g., banner or email).
15) Contact Us
Data Controller: XNUELIA LLC
Email:privacy@xnuelia.com
Mail: Fairfax County, Virginia, USA