MyFacet — Privacy Policy

Last updated: February 11, 2026

1. Introduction

Welcome to MyFacet, the mobile application developed and operated by Joalys UK Ltd (hereinafter "Joalys", "we", "our" or "us"). MyFacet is a professional gemstone marketplace connecting sellers and buyers worldwide.

This Privacy Policy describes how Joalys UK Ltd collects, uses, protects and shares your personal data when you use the MyFacet application. We are committed to processing your personal data in a transparent, secure manner and in compliance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and all applicable data protection laws.

By using MyFacet, you accept the practices described in this Privacy Policy. If you do not accept these practices, please do not use our application.

2. Data Controller

App name
MyFacet
Developer
Joalys UK Ltd
Registered office
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, England
Registration (Companies House)
16757466
Operational office
Joalys Paris (Private) Limited, 40/7 Park Road, Colombo 05, Sri Lanka (PV 00332989)
Contact email
george@joalys-paris.com
Phone
+94 76 706 8581
Data Protection Officer
george@joalys-paris.com

Joalys UK Ltd is a company registered in the United Kingdom, subject to UK GDPR. Our data is hosted in the European Union (Ireland) via Supabase to ensure maximum protection for our users' data.

3. Personal Data We Collect

Data you provide directly

When you create an account and use MyFacet, we collect:

  • First and last name
  • Email address
  • Password (stored encrypted)
  • Phone number (optional)
  • Profile photo (optional)
  • Identity provider data (if you use Google or Apple Sign-In)

When you use the marketplace features:

  • Gemstone descriptions (title, characteristics, photos)
  • Pricing and sales information
  • Transaction history
  • Delivery information (postal address, instructions)
Note: We do not directly store complete credit card data. Payment information is processed securely by our payment provider in accordance with PCI-DSS standards.

Automatically collected data

When you use MyFacet, we automatically collect:

  • Unique device identifier (UUID)
  • Operating system and version
  • Application version
  • Language and time zone
  • Approximate country (via IP address) — used only to suggest the appropriate language and currency
  • Push notification tokens (for order and message notifications)

We do not track your precise location. Only country-level geolocation is used.

4. How We Use Your Data

We use your personal data collected through MyFacet for:

  • Managing your user account and authenticating you
  • Processing gemstone transactions and purchases
  • Communicating with you regarding your orders and our service
  • Sending push notifications about orders, messages, and important updates
  • Ensuring platform security and preventing fraud
  • Improving MyFacet and developing new features
  • Complying with legal obligations (accounting, tax)

5. Sharing Your Personal Data

We never sell your personal data to third parties.

We only share your data in the following limited circumstances:

Between platform users

As part of normal use of MyFacet, some of your data is visible to other users (public profile, necessary transaction information).

Third-party service providers

  • Supabase (EU, Ireland) — Database hosting, authentication, file storage. GDPR compliant, encrypted in transit and at rest.
  • Firebase Cloud Messaging (Google) — Push notifications only. No personal data shared beyond device tokens.
  • Google / Apple — Authentication services when you choose to sign in with Google or Apple.

6. Your Rights

Under GDPR and the UK Data Protection Act, as a MyFacet user you have:

  • Right of access (Article 15 GDPR): Obtain a copy of all personal data we hold about you.
  • Right to rectification (Article 16 GDPR): Request correction of inaccurate or incomplete data.
  • Right to erasure (Article 17 GDPR): Request deletion of your personal data. See section 9 for details.
  • Right to data portability (Article 20 GDPR): Receive your data in a structured, machine-readable format.
  • Right to object (Article 21 GDPR): Object to the processing of your personal data.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at george@joalys-paris.com. We will respond within 1 month (extendable to 3 months for complex requests).

7. Data Security

Joalys UK Ltd implements appropriate technical and organizational measures to protect your personal data within MyFacet:

Technical measures

  • SSL/TLS encryption for all communications
  • Encrypted password storage (bcrypt hashing)
  • Secure authentication with JWT tokens
  • Access controls and strong authentication
  • Secure infrastructure with firewalls

Organizational measures

  • Restricted data access (principle of least privilege)
  • Confidentiality clauses for all team members
  • Security incident response procedures
  • Regular security reviews

8. Data Retention

We retain your personal data collected through MyFacet for as long as necessary:

DataRetentionReason
Active account dataAs long as account is activeContract execution
Deleted account data30 days after deletionAllow restoration
Transaction & billing10 years after transactionAccounting/tax obligations
Security logs12 monthsSecurity & fraud detection
Push notification tokensUntil logout or deletionService delivery

9. Account & Data Deletion

You can request deletion of your MyFacet account and personal data at any time:

In-app deletion

  1. Open MyFacet and go to Settings
  2. Tap "Delete Account"
  3. Type DELETE to confirm
  4. Your personal data will be permanently deleted

By email

Send a deletion request to george@joalys-paris.com with the subject "Account Deletion Request — MyFacet".

What gets deleted

  • Your personal information (name, email, phone)
  • Your login credentials
  • Your device tokens for notifications
  • Your profile photo

What is preserved (legal requirement)

  • Transaction history — retained for 10 years (accounting/tax obligations)
  • Gemstone records associated with completed transactions
  • Payment records
Deleted account data is kept for 30 days to allow restoration in case of accidental deletion. After 30 days, deletion is permanent and irreversible.

10. Children's Privacy

MyFacet is not intended for children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information.

11. Contact & Complaints

For any questions regarding this Privacy Policy or your personal data in MyFacet, contact Joalys UK Ltd:

Email: george@joalys-paris.com
Mail: Joalys UK Ltd, Attn: Data Protection Officer, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, England
Phone: +94 76 706 8581

Right to lodge a complaint

If you believe that the processing of your personal data by MyFacet violates GDPR or UK GDPR, you have the right to lodge a complaint with:

  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
  • France: Commission Nationale de l'Informatique et des Libertés (CNIL) — cnil.fr

12. Changes to this Policy

Joalys UK Ltd may update this Privacy Policy from time to time. For substantial changes, we will notify you via email or through a notification in the MyFacet application, with 30 days notice before application.

By continuing to use MyFacet after the changes take effect, you accept the revised Privacy Policy.

© 2026 Joalys UK Ltd — MyFacet

george@joalys-paris.com