Privacy Policy

Last updated: April 10, 2026

EydOil ("we", "us", "our") operates the website eydoil.com (the "Site"). We are an e-commerce retailer specializing in premium natural oils for skin care, hair care, and wellness. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our Site, place an order, create an account, or interact with us in any way.

By using our Site you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Site.

2.1 Information You Provide Directly

• Account information: name, email address, and password when you register for an account.
• Order information: billing and shipping address, phone number, and payment details (processed securely by our payment providers — see Section 8) when you make a purchase.
• Communications: any information you include when you contact us via email, contact form, or social media.
• Reviews & feedback: product reviews, ratings, or survey responses you choose to submit.

2.2 Information Collected Automatically

• Device & browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage data: pages viewed, time spent on pages, click paths, referring/exit URLs, and date/time of visits.
• Cookies & similar technologies: we use cookies, web beacons, and pixel tags as described in Section 5.
• Location data: approximate geographic location inferred from your IP address (used to display relevant currency and shipping options).

2.3 Information from Third Parties

• Social login: if you sign in via Google or Apple, we receive your name, email address, and profile picture as permitted by your social account settings.
• Payment processors: Stripe and PayPal may share transaction confirmations and fraud-screening results with us (they do not share your full card number).

We use the information we collect for the following purposes:

Purpose	Data Used
Process & fulfill orders — confirm purchases, arrange shipping, send tracking updates	Name, address, email, phone, payment confirmation
Account management — create and maintain your account, wishlist, and order history	Name, email, password (hashed)
Customer support — respond to inquiries and resolve issues	Contact details, order info, correspondence
Improve our Site — analyze usage patterns, fix bugs, optimize performance	Usage data, device data, cookies
Personalization — show relevant products, remember preferences (currency, language)	Usage data, location, cookies
Marketing communications — send newsletters and promotions (only with your consent)	Email address
Advertising — display personalized or contextual ads via Google AdSense	Cookies, device data (see Section 6)
Fraud prevention & security — detect unauthorized access and protect against abuse	IP address, device data, payment info
Legal compliance — meet tax, accounting, and regulatory obligations	Transaction records, invoices

We process your personal data under the following legal bases (applicable under GDPR and similar regulations):

• Contractual necessity: processing required to fulfill your orders and manage your account.
• Legitimate interest: improving our services, preventing fraud, and understanding how visitors use the Site — balanced against your rights and freedoms.
• Consent: marketing emails, personalized advertising, and non-essential cookies. You can withdraw consent at any time (see Section 11).
• Legal obligation: retaining transaction data for tax and accounting requirements.

Cookies are small text files placed on your device when you visit a website. We use them to make the Site work, to understand how you interact with it, and to serve relevant advertising.

5.1 Types of Cookies We Use

Category	Purpose	Examples
Strictly necessary	Essential for the Site to function — shopping cart, authentication, security	Session ID, CSRF token
Functional	Remember your preferences such as language, currency, and recently viewed products	Country preference cookie
Analytics	Help us understand how visitors interact with the Site (page views, bounce rate, traffic sources)	Google Analytics (_ga, _gid, _gat)
Advertising	Used to deliver ads relevant to your interests and to measure ad effectiveness	Google AdSense, DoubleClick (__gads, __gpi, IDE)

5.2 Managing Your Cookie Preferences

You can control and delete cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies
• Delete all cookies when you close the browser

For more information about cookies and how to manage them, visit allaboutcookies.org.

6.1 How Google AdSense Works

Google AdSense is a third-party advertising service provided by Google LLC. When you visit our Site, Google may place cookies on your device to serve ads. These cookies enable Google and its partners to serve ads based on your visits to our Site and/or other sites on the internet.

6.2 Personalized vs. Non-Personalized Ads

• Personalized ads (also known as interest-based ads) use cookies and similar technologies to show you advertisements based on your browsing history, interests, and demographics. Google collects data such as the websites you visit, your approximate location, and your device information to build an advertising profile.
• Non-personalized ads are not based on your past behavior. They use contextual information such as the content of the current page, your general location (country or city level), and the current search query.

6.3 Cookies Used by Google Advertising

Google and its advertising partners may use the following types of cookies:

• __gads / __gpi: used to serve and measure ads on the Site.
• IDE / DSID: used by DoubleClick (Google) to register and report on user actions after viewing or clicking an ad, and to measure ad effectiveness.
• ANID / NID: used to remember your ad preferences and show relevant ads on Google services and partner sites.
• 1P_JAR / CONSENT: used to store user preferences and deliver personalized ads.

6.4 Opting Out of Personalized Advertising

You have several options to control personalized advertising:

For more information on how Google uses data from partner sites, visit Google's Partner Sites policy.

We use Google Analytics 4 (GA4) to understand how visitors interact with our Site. Google Analytics collects information such as how often users visit, what pages they view, and what other sites they visited before coming to ours.

7.1 What Google Analytics Collects

• Pages you visit on our Site and how long you spend on each page
• How you arrived at our Site (direct, search engine, social media, referral link)
• Your approximate geographic location (country, city) based on IP address
• Your device type, browser, operating system, and screen resolution
• Interactions such as clicks, scrolls, and form submissions

7.2 IP Anonymization

Google Analytics 4 does not store full IP addresses. IP addresses are used only for geolocation purposes and are not logged or accessible to us.

7.3 Opting Out of Google Analytics

You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-out Browser Add-on. This add-on instructs the Google Analytics JavaScript not to send visit information to Google Analytics.

We work with trusted third-party companies to operate our business. These providers process personal data only as necessary to perform services on our behalf and are contractually bound to protect your information:

Provider	Service	Data Processed	Privacy Policy
Stripe	Payment processing	Payment card data, billing address	stripe.com/privacy
PayPal	Payment processing	Email, billing info	paypal.com/privacy
Google	Analytics, AdSense, OAuth	Usage data, cookies, email (OAuth)	policies.google.com/privacy
Railway	Hosting infrastructure	Server logs, IP addresses	railway.app/privacy

We do not sell your personal data to any third party. Data shared with the above providers is limited to what is necessary for them to perform their specific service.

Beyond the service providers listed above, we may disclose your personal information only in the following circumstances:

• Legal requirements: when required to comply with a law, regulation, legal process, or enforceable governmental request.
• Protection of rights: to enforce our Terms of Service, protect against fraud, or defend our legal rights.
• Safety: to protect the safety of our users, the public, or EydOil.
• Business transfer: in connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.
• With your consent: for any purpose not listed here, only with your explicit consent.

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Account data: retained for as long as your account is active. You may delete your account at any time by contacting us.
• Order & transaction data: retained for a minimum of 7 years to meet tax and accounting obligations.
• Customer support correspondence: retained for up to 3 years after the last interaction.
• Analytics data: aggregated analytics data (which does not identify individuals) may be retained indefinitely.
• Marketing consent records: retained for as long as the consent is valid, plus 3 years after withdrawal for compliance evidence.

When data is no longer needed, it is securely deleted or anonymized.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, please contact us at info@eydoil.com. We will respond within 30 days. If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used, (b) request deletion of your personal information, (c) opt out of the "sale" of personal information — though we do not sell personal data, and (d) not be discriminated against for exercising your rights. To make a request, contact us at info@eydoil.com.

Our Site is accessible worldwide, and your personal data may be transferred to and processed in countries other than your own — including the United States, where Google and other service providers operate. These countries may have data protection laws that differ from those of your country.

When we transfer data outside the European Economic Area (EEA), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's certification under recognized frameworks, to ensure your data is protected to an equivalent standard.

Our Site is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@eydoil.com and we will promptly delete such information.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit: all data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Secure password storage: passwords are hashed using industry-standard algorithms and are never stored in plain text.
• Access controls: access to personal data is restricted to authorized personnel on a need-to-know basis.
• Payment security: credit card information is processed directly by PCI-DSS compliant payment processors (Stripe, PayPal) and is never stored on our servers.
• Regular updates: we keep our software dependencies and infrastructure up to date to address known vulnerabilities.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest practical standards.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Post a notice on our Site if the changes are significant.
• Notify you by email if the changes affect how we process your data (and you have an account with us).

We encourage you to review this policy periodically. Your continued use of the Site after changes have been posted constitutes your acceptance of the updated policy.

See also: Terms of Service · Cookie Policy · Returns Policy