Privacy Policy

1. Who We Are

Curlit (“we”, “us”, “our”) is the trading name of Curlit, registered at 24 Nozha Street, Ard El Golf, Cairo, Egypt.
For any questions about this policy, email info@curlit.shop.

2. The Data We Collect

  • Identity & contact: name, email, phone, addresses.
  • Account & orders: login details, order history, payment token/last 4 digits (we never store full card numbers).
  • Hair profile (optional): curl/wave type and concerns when you take our quiz.
  • Marketing preferences: newsletter opt-in/opt-out, coupon use, loyalty points.
  • Technical data: IP, browser, device, pages viewed, cookies.
  • User content: reviews, photos/videos you upload, messages you send us.

3. How We Collect It

• Directly from you (checkout, forms, chat).
• Automatically via cookies/pixels.
• From service partners (payment gateways, couriers, analytics).

4. Why & On What Legal Basis

  • Contract: to process and deliver your orders.
  • Consent: newsletters, SMS, analytics & advertising cookies, hair-quiz profiling.
  • Legitimate interest: fraud prevention, site security, service improvement—never overriding your rights.
  • Legal obligation: tax, accounting, PDPL compliance.

5. Marketing Communications

We send email/SMS marketing only if you opt in. Every message has an instant unsubscribe link. Evidence of consent is stored for three years as required by Egypt’s Personal Data Protection Law (PDPL).

6. Cookies & Tracking Tech

This site uses:

  • Essential cookies (cart & checkout) – always on.
  • Analytics: Google Analytics, Microsoft Clarity – loads only after consent.
  • Advertising pixels: Meta Pixel – loads only after consent.
  • Email marketing: Mailchimp sets a cookie if you open or click an email.

You can change or withdraw consent anytime via “Cookie Settings” in the footer.

7. How Long We Keep Data

We keep order data for the statutory period (currently 10 years for tax). Marketing data is deleted when you unsubscribe or after 24 months of inactivity. Back-ups are securely destroyed on a rolling schedule.

8. Sharing With Third Parties

We share data only with trusted processors who help us run Curlit:

  • WordPress/WooCommerce hosting & Cloudflare CDN
  • Payments: Paymob, Fawry, Stripe/PayPal
  • Fulfilment & delivery: Flextock, couriers
  • Analytics/marketing: Google Analytics, Meta Pixel, Microsoft Clarity, Mailchimp
  • Professional advisers: accountants, auditors, legal counsel

They act under our instructions and are bound by confidentiality. We do not sell your personal data.

9. Children

We do not knowingly collect data from children. Any processing of children’s data is treated as sensitive and requires verified guardian consent under PDPL.

10. International Transfers

Some providers (e.g., Google, Meta) process data outside Egypt. We transfer data only when the destination ensures protection “not less than” the PDPL or when another lawful exception applies, and—where required—we obtain a permit from Egypt’s Personal Data Protection Center (PDPC).

11. Your Rights

Under Egypt’s PDPL you may:

  • Access or receive a copy of your data.
  • Correct or delete inaccurate data.
  • Restrict processing for a specific purpose.
  • Withdraw consent at any time.
  • Object if processing conflicts with your fundamental rights.
  • Receive breach notifications within three days if your data is affected.

Email info@curlit.shop and we’ll respond within six working days, as Article 10 PDPL requires.

12. Security

We protect data with HTTPS encryption, access controls, 2-factor authentication, regular security reviews, and staff training. Our breach-response plan meets the PDPL’s 72-hour regulator-notification rule.

13. Changes

If we update this policy, we’ll post the new version here and, if the changes are material, email you.

14. Contact

Questions or requests? Email info@curlit.shop