Privacy Policy
Effective date: 2026-05-25 · For questions, email hello@evarya.us.
Evarya (“we”, “us”) operates evarya.us and the related Shopify, Etsy, Instagram, and Facebook storefronts. This policy explains what data we collect, how we use it, who we share it with, and the choices you have. We aim to collect the minimum needed to run the store and measure marketing — and to let you opt out wherever the law and platform allow.
1. Information we collect
- Account & order data — name, email, shipping address, phone (if provided), order history. Provided directly by you at checkout.
- Payment data — handled entirely by Stripe. We never see your card number; Stripe returns us a transaction id and a tokenized last-4 only.
- Browsing data — pages visited, products viewed, cart additions, checkout steps. Collected by the Meta Pixel (browser, with your consent) and by the Conversions API (server, hashed and anonymized — see §3).
- Technical data — IP address, user-agent string, timestamps. Used for rate-limiting, fraud prevention, and basic server logs. Retained for 30 days then aggregated.
- Marketing email — if you subscribe to our newsletter, your email is stored in Resend and used only to send Evarya communications until you unsubscribe.
2. How we use it
- Fulfilling and shipping your orders.
- Customer support and warranty handling.
- Measuring ad and content performance so we can spend our marketing budget on what actually works.
- Detecting fraud, abuse, and security threats (rate-limiting, anti-bot, contact-form spam filtering).
- Complying with legal obligations (tax reporting, sales records).
We do not sell your personal data. We do not share it with data brokers. We do not use it for automated decision-making with legal effect on you.
3. Meta Pixel and Conversions API
We use the Meta Pixel (a small JavaScript snippet placed by Meta Platforms, Inc.) to measure how visitors interact with our site so we can run effective Facebook and Instagram ads. The Pixel sets cookies and reads basic browser identifiers when you view products, add to cart, begin checkout, or purchase.
We also use the Conversions API (a server-side counterpart) to send the same events from our Cloudflare Worker directly to Meta. The Conversions APIhashes identifiers (email, name) using SHA-256 before transmission, so Meta sees the irreversible hash, not the plaintext. Each event carries a deduplication id so Meta counts one event per action regardless of which channel reported it.
Your choices:
- The cookie banner at the bottom of the site lets you decline tracking. If you decline, the browser Pixel is not loaded and no browser events fire.
- The server-side Conversions API still fires on actual purchases (this is for sales attribution and order measurement — required for Meta's ads platform to function and treated by Meta as a legitimate-interest basis). Identifiers are always hashed.
- You can opt out of personalized Meta ads at Facebook → Settings & Privacy → Ads or via your Instagram ad preferences.
4. Third parties we share data with
| Service | Data shared | Purpose |
|---|---|---|
| Stripe | Card, billing address, email | Payment processing |
| Meta (Facebook / Instagram) | Browser identifiers, hashed email/name, event data | Ad measurement, audience optimization |
| Google Search Console | Aggregate search-performance data (no individual identifiers) | SEO measurement |
| Cloudflare | IP address, request metadata | CDN, security, hosting |
| Resend | Email address (only if you subscribe) | Transactional + marketing email |
| Etsy | Order data for Etsy-channel purchases | Order fulfillment via Etsy channel |
All processors are bound by their own contractual data-protection terms (GDPR Article 28, CCPA service-provider terms). We do not authorize them to use your data for their own marketing.
5. Cookies
We use a small number of cookies:
- Essential — session cookies for cart, checkout, and admin authentication. No consent required; cannot be turned off.
- Measurement / advertising — Meta Pixel cookies (
_fbp,_fbc). Only set if you accept the consent banner. - Preference — your consent choice itself, stored so we don’t re-prompt you.
6. Your rights
Depending on where you live (GDPR / UK GDPR / CCPA / similar), you may have the right to:
- Request a copy of the personal data we hold about you.
- Correct or delete that data.
- Object to or restrict certain processing.
- Withdraw consent for marketing cookies at any time via the cookie banner or by clearing your browser data.
- File a complaint with your local data-protection authority.
To exercise any of these, email us at hello@evarya.us from the email address on file. We respond within 30 days.
7. Retention
- Order data — retained for 7 years to satisfy tax-reporting and warranty obligations.
- Marketing data — until you unsubscribe, then 30 days as a suppression list to prevent accidental re-mailing.
- Pixel / CAPI events — held by Meta per their own retention policy (currently 180 days for individual events; indefinitely as aggregated audience signals).
- Server logs — 30 days, then aggregated.
8. Children
Evarya is intended for adult shoppers. We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact hello@evarya.us and we will delete it.
9. Changes to this policy
We update this policy when we add new services or processors, or when laws change. Material changes are notified via a banner on this site for 30 days. The effective date at the top of this page always reflects the current version.
10. Contact
Evarya — privacy questions, data requests, or complaints: hello@evarya.us.