Privacy policy

Welcome to Diyona. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit our website, engage with our services, and purchase our lab-grown diamonds and diamond jewelry. We are committed to safeguarding your privacy and ensuring that your personal information is handled responsibly.

Last Updated: April 11, 2026

1. Scope

This Privacy Policy applies to all personal information collected through our website at diyona.com, our customer service channels, and any other interaction you have with Diyona. By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We may collect various types of information from you, including but not limited to:

  • Contact Information: Name, email address, phone number, and mailing address.
  • Payment Information: Credit card details and billing address (processed securely via our payment processor — we do not store full card numbers).
  • Order History: Details of your purchases, including product information and transaction history.
  • Communication Preferences: Information about your communication preferences and subscription to marketing materials.
  • Website Usage: Information collected through cookies and similar technologies, such as your IP address, browser type, device information, and browsing activity.
  • Chat Conversations: Messages exchanged through our on-site chat feature for customer support purposes.
  • Account Information: If you create an account, your login credentials and saved preferences.

3. Tracking Technologies

We use the following tracking technologies on our website:

  • Meta (Facebook) Pixel — for advertising measurement and retargeting.
  • Google Tag Manager and Google Analytics — for website analytics and performance measurement.
  • Essential cookies — for site functionality, cart persistence, and security.

You can opt out of interest-based advertising through your browser settings, the Digital Advertising Alliance (optout.aboutads.info), or by using browser extensions that block tracking scripts. You may also use your browser's Global Privacy Control (GPC) signal, which we honor as a valid opt-out request.

4. How We Use Your Information

We use the information collected for the following purposes:

  • Fulfilling Orders: Processing and delivering your orders, providing customer support, and managing returns and exchanges.
  • Internal Operations: Enhancing our website, improving our products and services, and conducting market research.
  • Marketing: With your consent, sending you promotional materials, special offers, and updates about our products and services.
  • Fraud Prevention: Detecting and preventing fraudulent transactions and unauthorized access.
  • Legal Obligations: Complying with legal requirements and responding to law enforcement requests.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:

  • Order and transaction data: 7 years (for tax and legal compliance).
  • Account information: Until you request deletion or 3 years after last activity.
  • Marketing preferences: Until you unsubscribe.
  • Chat conversations: 1 year.
  • Website analytics data: 26 months.

When personal data is no longer needed, we securely delete or anonymize it.

6. How We Protect Your Information

We employ a range of security measures to safeguard your personal information from unauthorized access, disclosure, or alteration. These measures include:

  • SSL/TLS encryption on all pages and transactions.
  • PCI-DSS compliant payment processing (we never store full card numbers).
  • Restricted access to personal data on a need-to-know basis within our organization.
  • Regular security reviews of our systems and third-party partners.

While we take every reasonable precaution, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data to the fullest extent possible.

7. Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will notify affected individuals and relevant regulatory authorities as required by applicable law. Notification will be provided without unreasonable delay and will include the nature of the breach, the data involved, and the steps we are taking to address it.

8. Sharing Your Information

We do not sell your personal information for monetary consideration. We may share your information with trusted service providers who assist us in delivering our products and services, including:

  • Payment processors (for transaction processing)
  • Shipping carriers (for order delivery)
  • Email marketing platforms (for communications you opt into)
  • Analytics providers (for website performance)

These partners are contractually obligated to protect your information and use it solely for the purpose for which it was disclosed. We do not share your personal information with any other third parties except as required by law.

9. Your Rights and Choices

  • You can opt out of receiving marketing communications from us at any time by following the unsubscribe instructions provided in the communication.
  • You can update, correct, or delete your personal information by contacting us at care@diyona.com.
  • You can choose to disable cookies through your browser settings, but this may affect your experience on our website.
  • You may request a copy of the personal data we hold about you by emailing care@diyona.com.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to Correct: You may request that we correct inaccurate personal information.
  • Right to Opt-Out: You may opt out of the sharing of your personal information for cross-context behavioral advertising. We use Meta Pixel and Google Analytics which may constitute "sharing" under CCPA. To opt out, email care@diyona.com or use your browser's Global Privacy Control setting.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide our services.

To exercise any of these rights, email care@diyona.com with "California Privacy Request" in the subject line. We will verify your identity and respond within 45 days. You may also designate an authorized agent to make a request on your behalf.

We honor Global Privacy Control (GPC) browser signals as valid opt-out requests.

11. International Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • We process your personal data based on: (a) your consent, (b) performance of a contract (order fulfillment), (c) our legitimate business interests, or (d) compliance with legal obligations.
  • You have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.
  • Your personal data may be transferred to the United States for processing. We rely on Standard Contractual Clauses approved by the European Commission to ensure appropriate safeguards for international transfers.
  • You have the right to withdraw consent at any time where processing is based on consent.
  • You have the right to lodge a complaint with your local supervisory authority.

To exercise your GDPR rights, email care@diyona.com with "GDPR Request" in the subject line.

12. Children's Privacy

Our products and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age. If we learn that we have collected personal information from a child under 13, we will delete it promptly. If you believe we have inadvertently collected data from a minor, please contact us at care@diyona.com.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website or sending you an email. The "Last Updated" date at the top indicates the most recent revision.

14. Contact Us

If you have any questions, concerns, or requests related to your personal information or this Privacy Policy, please contact us at care@diyona.com.

Thank you for choosing Diyona. Your privacy is important to us, and we are committed to ensuring the security and confidentiality of your personal information.