Privacy Policy

Effective date: April 23, 2026 Last updated: April 23, 2026

This Privacy Policy describes how Iconec Jewelry LLC-FZ ("Iconec," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile applications, our website at iconec.co, and any related services (together, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Services.

1. Who We Are

Iconec is a diamond jewelry subscription service operated by:

Iconec Jewelry LLC-FZ United Arab Emirates Email: support@iconec.co Website: iconec.co

For the purposes of applicable data protection laws — including the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), the EU General Data Protection Regulation ("GDPR"), and the UK GDPR — Iconec Jewelry LLC-FZ is the data controller of your personal information.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information we receive from third parties.

2.1 Information You Provide Directly

Account and contact information

  • Full name
  • Email address
  • Phone number
  • Physical (shipping and billing) address
  • Date of birth
  • Nationality

Identity verification information (collected during KYC onboarding via our verification partner Sumsub — see Section 5)

  • Government-issued photo identification (Emirates ID, passport, or equivalent)
  • ID document number, issuing date, expiry date, issuing place, and sex as recorded on the ID
  • A selfie and liveness video of your face
  • Biometric data derived from your face for the purpose of matching against your ID (processed by Sumsub on our behalf)

Payment information

Payment card details are collected and processed directly by our payment processor, Stripe, through Stripe's secure payment interface. Iconec does not store full card numbers, CVVs, or bank account credentials on our systems. We receive and retain only a tokenized reference to your payment method, the last four digits of your card, the card brand, and the expiry date.

Communications

Any information you provide when you contact us for customer support, respond to a survey, or communicate with us by email, in-app messaging, or social media.

2.2 Information Collected Automatically

When you use the Services, we and our service providers automatically collect:

  • Device and technical information — device type, operating system and version, browser type, mobile network information, and unique device identifiers
  • Usage data — pages viewed, features used, interactions with in-app content, search queries within our catalog, time spent, and referral sources
  • Diagnostic and performance data — crash logs, error reports, launch times, and performance metrics, collected to help us maintain and improve the Services
  • Purchase history — records of your subscriptions, orders, credits earned and spent, and returns
  • Approximate location — inferred from IP address, used for fraud prevention and regional availability

We do not collect precise GPS location from the Services.

2.3 Information from Third Parties

We may receive information about you from:

  • Sumsub — identity verification results and data extracted from your ID
  • Stripe — payment status, payment method validity, and fraud signals
  • Delivery partners — delivery confirmation, signature capture, and handoff status
  • Authentication providers — if you sign in using a third-party service (e.g., Apple, Google)

3. How We Use Your Information

We use your information for the following purposes:

To provide the Services

  • Create and manage your account
  • Verify your identity and confirm eligibility (KYC / AML)
  • Process subscriptions, payments, credits, and purchases
  • Arrange shipping, delivery, returns, and pickups
  • Provide customer support

To operate our business

  • Prevent, detect, and investigate fraud, theft, unauthorized access, and other misuse of the Services
  • Comply with legal, tax, accounting, and regulatory obligations (including UAE VAT, AML, and record-keeping requirements)
  • Enforce our Terms of Service and other agreements
  • Protect the rights, property, and safety of Iconec, our customers, and our partners

To improve and personalize the Services

  • Analyze how users interact with the Services
  • Diagnose technical issues and improve stability
  • Personalize what you see, including jewelry recommendations based on your preferences and history

To communicate with you

  • Send transactional messages (order confirmations, delivery updates, payment receipts, subscription changes)
  • Send marketing communications where you have consented or where permitted by law
  • Respond to your inquiries and support requests
  • Send important service announcements, including changes to these policies

You can opt out of marketing communications at any time — see Section 8.

4. Legal Bases for Processing

Where GDPR or UK GDPR applies to you, we rely on the following legal bases to process your personal information:

  • Contract — to provide the Services you have requested
  • Legal obligation — to comply with applicable laws, including KYC, AML, tax, and consumer protection obligations
  • Legitimate interests — to prevent fraud, secure our Services, improve our products, and operate our business, where not overridden by your rights
  • Consent — for marketing communications and, where required, for biometric processing. You may withdraw consent at any time

5. Third Parties and Service Providers

We share your information only with trusted third parties who help us operate the Services. Each acts as a processor or independent controller under its own privacy terms.

PartnerPurposeData Shared
StripePayment processing, subscription billing, fraud detectionName, email, billing address, payment card data (collected directly by Stripe), purchase history
SumsubIdentity verification, biometric matching, AML screeningGovernment ID, selfie, liveness video, biometric data, personal details from ID
Google Maps PlatformAddress validation, delivery routingShipping address, approximate geolocation
Delivery and logistics partnersShipment and delivery of physical jewelryName, shipping address, phone number, order details
Cloud hosting providersApplication hosting and data storageAll categories, stored in encrypted form
Analytics providersAggregated product analytics and crash reportingDevice data, usage data, diagnostics
Communications providersTransactional email, SMS, and push notificationsName, email, phone, device tokens

We may also disclose personal information:

  • To regulators, courts, law enforcement, or government authorities where required by law or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
  • In connection with a merger, acquisition, financing, or sale of business assets, subject to standard confidentiality protections
  • With your consent or at your direction

We do not sell your personal information. We do not share your personal information with third parties for their own independent advertising purposes.

6. International Data Transfers

Iconec is based in the United Arab Emirates. Some of our service providers are located outside the UAE, including in the United States, the United Kingdom, and the European Economic Area.

When we transfer personal information outside your country, we rely on appropriate safeguards, including:

  • Transfers to countries recognized as providing an adequate level of protection under applicable law
  • Standard Contractual Clauses or equivalent contractual protections
  • Your explicit consent, where required

7. Data Retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter, subject to longer retention where required by law.

  • Account and profile data — retained for the duration of your account and for up to 7 years after closure, to comply with UAE commercial and tax record-keeping obligations
  • Transaction and payment records — retained for at least 7 years to comply with VAT, accounting, and AML obligations
  • KYC and identity verification records — retained for at least 5 years after the end of the customer relationship, as required by UAE AML regulations
  • Marketing preferences and consent records — retained for as long as you remain subscribed, plus a limited period afterward to honor opt-out requests
  • Support correspondence — retained for up to 3 years
  • Analytics and diagnostic data — retained in aggregated or anonymized form for longer periods

When retention periods expire, we securely delete or anonymize your information.

8. Your Rights

Depending on where you live, you may have the following rights in relation to your personal information:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct inaccurate or incomplete information
  • Deletion — request that we delete your personal information, subject to our legal retention obligations
  • Objection and restriction — object to or restrict certain processing, including for direct marketing
  • Portability — request a copy of certain information in a portable, machine-readable format
  • Withdrawal of consent — withdraw any consent you have previously given, without affecting the lawfulness of processing before withdrawal
  • Complaint — lodge a complaint with a supervisory authority, including the UAE Data Office

To exercise any of these rights, email support@iconec.co from the email address associated with your account. We may need to verify your identity before fulfilling the request. We will respond within the timeframes required by applicable law.

Opting out of marketing — you can unsubscribe at any time by clicking the link in any marketing email, adjusting your notification settings in the app, or contacting us directly. Transactional messages (order confirmations, delivery updates, account notices) cannot be opted out of while your account is active.

9. Security

We implement administrative, technical, and physical safeguards designed to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest
  • Tokenization of payment data through Stripe
  • Strict access controls and role-based permissions for our personnel
  • Regular security reviews and monitoring
  • Third-party security assessments of critical service providers

No method of transmission or storage is completely secure. If we become aware of a personal data breach that affects your rights, we will notify you and the relevant authorities in accordance with applicable law.

10. Children's Privacy

The Services are not directed to, and we do not knowingly collect personal information from, anyone under the age of 18. Our identity verification process requires proof of age. If we learn that we have collected information from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal information, please contact support@iconec.co.

11. Cookies and Similar Technologies (Website)

Our website uses cookies and similar technologies to operate the site, remember your preferences, and measure performance. The types of cookies we use include:

  • Strictly necessary — required for the site to function (login, cart, security)
  • Functional — remember your preferences and improve your experience
  • Analytics — help us understand how visitors use the site

You can manage cookies through your browser settings or, where available, through our cookie preferences tool. Our mobile applications do not use browser cookies but use equivalent storage mechanisms for authentication and app functionality.

12. Third-Party Links

The Services may contain links to third-party websites, apps, or services that are not operated by Iconec. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If the changes are material, we will notify you by email or through the Services before the changes take effect. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Iconec Jewelry LLC-FZ Email: support@iconec.co Website: iconec.co

For verified data subject requests (access, deletion, correction, etc.), please email support@iconec.co from the email address associated with your account.