Privacy Policy
Effective date: 21 April 2026 · Last updated: 21 April 2026
This Privacy Policy explains how R.A.Y.K.A ("we", "our", "us"), operating the website and service known as MyColorSeason (the "Service") at mycolorseason.co, collects, uses, stores, and shares personal data. We operate from the United Arab Emirates and this policy is intended to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and, where applicable, the EU General Data Protection Regulation.
By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.
1. Who we are
Data Controller: R.A.Y.K.A, a business entity registered in the United Arab Emirates.
Trading as: MyColorSeason
Contact email: support@mycolorseason.co
2. What data we collect
We collect the following categories of personal data:
Information you give us
- Email address — to send your report and order confirmation.
- Uploaded photo (selfie) — used to analyze your skin tone, eye color, and hair color and generate your personal color report.
- Payment details — processed directly by Stripe; we never see or store your full card number. We receive a payment confirmation token.
Information we collect automatically
- Device and browser data — IP address, device type, operating system, browser, language, screen size.
- Usage data — pages visited, time on page, scroll depth, clicks, referral source, session recordings and heatmaps via Microsoft Clarity.
- Marketing attribution — UTM parameters, referral source, affiliate IDs, click IDs (Google gclid, Meta fbclid, TikTok ttclid, etc.), and our internal A/B test variant ID.
- Cookies and similar technologies — see Section 8.
3. How we use your data
We process your personal data for the following purposes and legal bases under the UAE PDPL:
| Purpose | Data used | Legal basis |
|---|---|---|
| Deliver your color report | Email, selfie, payment confirmation | Performance of a contract with you |
| Send order confirmation and receipts | Email, order details | Performance of a contract |
| Process refunds and respond to support requests | Email, order ID | Performance of a contract; legitimate interests |
| Improve the accuracy of our AI color analysis | Anonymized image and analysis outputs | Legitimate interests (improving service quality) |
| Prevent fraud, abuse, and chargebacks | IP, device data, payment metadata | Legitimate interests; legal obligation |
| Measure website performance and optimize conversion | Usage data, attribution, A/B variant | Legitimate interests; consent where required |
| Show you relevant ads on Meta, TikTok, and Google | Hashed email, pixel events, device data | Consent (via cookie banner) |
| Send marketing emails (newsletters, promotions) | Consent; you can unsubscribe at any time |
4. Who we share your data with
We share your personal data only with the following categories of trusted third-party processors, each bound by data protection contracts:
| Processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | United States |
| Supabase, Inc. | Database and storage (orders, account records) | United States / EU |
| Netlify, Inc. | Website hosting and serverless functions | United States / Global CDN |
| Resend, Inc. | Transactional email delivery | United States |
| Microsoft Corporation (Clarity) | Website analytics, session recording | United States / Global |
| Meta Platforms, Inc. | Advertising pixel and Conversions API | United States / Global |
| TikTok / ByteDance Ltd. | Advertising pixel and Events API | Global |
| OpenAI / AI model providers (if used) | Image analysis for color report | United States |
We do not sell your personal data to any third party.
5. International data transfers
Because our processors operate globally, your personal data may be transferred to and processed in countries outside the UAE, including the United States and the European Economic Area. When we make such transfers, we rely on safeguards permitted under UAE PDPL Article 22 and (where applicable) GDPR Chapter V, including adequacy decisions and Standard Contractual Clauses.
6. How long we keep your data
- Uploaded photos: retained for as long as reasonably necessary to deliver the Service and improve analysis quality, and in any case no longer than 90 days after your order, after which they are deleted or fully anonymized.
- Order records (email, order ID, amount, attribution): retained for up to 7 years to comply with UAE tax, accounting, and anti-money-laundering obligations.
- Marketing email preferences: retained until you unsubscribe, plus a reasonable suppression period thereafter.
- Usage and analytics data: retained in aggregated or pseudonymized form for up to 26 months.
7. Your rights
Under UAE PDPL and, where applicable, GDPR, you have the right to:
- Request a copy of the personal data we hold about you.
- Ask us to correct inaccurate data.
- Ask us to delete your data ("right to be forgotten"), subject to legal retention obligations.
- Object to processing based on legitimate interests, including direct marketing.
- Request that we restrict processing in certain circumstances.
- Request data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with the UAE Data Office (u.ae) or your local data protection authority.
To exercise any of these rights, email support@mycolorseason.co. We will respond within 30 days.
8. Cookies and tracking technologies
We use cookies and similar technologies for the following purposes:
- Strictly necessary — session, CSRF, A/B variant assignment. Cannot be disabled.
- Analytics — Microsoft Clarity (session replay, heatmaps), anonymized usage data.
- Marketing — Meta Pixel, TikTok Pixel, Google click tracking. These allow us to measure ad performance and show you relevant ads.
You can decline non-essential cookies via our cookie banner, and you can delete cookies through your browser settings at any time.
9. Security
We use industry-standard security measures including TLS/HTTPS encryption in transit, encrypted database storage at rest, access controls, and regular security reviews. No method of transmission over the internet is 100% secure — while we work hard to protect your data, we cannot guarantee absolute security.
10. Children
The Service is intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe we have, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or a prominent notice on the site.
12. Contact us
If you have questions about this Privacy Policy or your personal data, please contact:
R.A.Y.K.A (trading as MyColorSeason)
Email: support@mycolorseason.co
Website: https://mycolorseason.co