Privacy Policy

Last updated: 14 May 2026

1. Who We Are

Elyon ("we", "us", "our") operates the website at elyon.world. We are a clothing brand committed to ethical sourcing and faith-inspired design. This policy explains how we collect, use, and protect your personal data when you interact with our site and services.

2. Data We Collect

We collect only the information necessary to process your orders, provide customer support, and improve your shopping experience:

• Account data — name, email address, billing/shipping address, phone number, and account credentials when you register or place an order.
• Payment data — payment card details are processed securely by our payment gateway (WooCommerce Payments / Stripe). We never store full card numbers on our servers.
• Order history — records of products purchased, amounts, dates, and delivery status.
• Communication data — emails you send us, newsletter subscription preferences, and support correspondence.
• Technical data — IP address, browser type, device information, and browsing behaviour collected via cookies (see Section 6).

3. How We Use Your Data

We use your personal data only for these legitimate purposes:

• To fulfil orders — process payments, arrange shipping, and send order confirmations or updates.
• To manage your account — maintain your profile, order history, and saved payment methods.
• To communicate with you — respond to enquiries, send service messages (e.g. shipping updates), and, with your consent, send marketing emails.
• To improve our site — analyse usage patterns to refine our product offerings, layout, and user experience.
• To comply with legal obligations — maintain records for tax, fraud prevention, and regulatory requirements.

4. Legal Basis for Processing

We process your data under the following lawful bases:

• Contract performance — processing is necessary to fulfil your orders and provide account services.
• Consent — for marketing emails and optional data collection (e.g. newsletter sign-up). You may withdraw consent at any time.
• Legitimate interests — analytics, fraud prevention, and site improvement, where our interests do not override your privacy rights.
• Legal obligation — where we are required to retain or disclose data by applicable law.

5. Data Sharing

We never sell your personal data. We may share it with trusted third parties strictly for operational purposes:

• Payment processors — Stripe / WooCommerce Payments handle all payment transactions securely.
• Shipping carriers — Australia Post, DHL, or similar couriers receive your name and address solely for delivery.
• IT service providers — hosting (e.g. WordPress hosting), email delivery services (e.g. Brevo for newsletters), and analytics platforms.
• Legal authorities — if required by law, court order, or to protect our rights and safety.

All third parties are contractually bound to process data only on our instructions and to maintain appropriate security measures.

6. Cookies

Our site uses cookies and similar tracking technologies to enhance functionality and analyse traffic. The cookies we use include:

• Essential cookies — required for the site to function (e.g. cart contents, login session). No consent is needed for these.
• Analytics cookies — help us understand how visitors interact with our site (e.g. pages visited, time on site).
• Marketing cookies — used to deliver relevant advertisements and measure campaign effectiveness (only with your consent).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect site functionality.

7. Data Retention

We retain your personal data only as long as necessary:

• Account data — for the duration of your account, plus a reasonable period afterward in case of disputes or legal obligations.
• Order data — kept for 90 days for order history display, and up to 7 years for tax and accounting compliance.
• Marketing data — until you unsubscribe or your account is deleted.

8. Your Rights

Under applicable data protection law, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data, subject to legal retention obligations.
• Restriction — limit how we process your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us at founder@elyon.world. We will respond within 30 days.

9. Security

We implement appropriate technical and organisational measures to protect your data, including SSL/TLS encryption, secure payment processing via Stripe, regular security updates, and restricted access to personal data on a need-to-know basis.

10. International Transfers

If you are located outside Australia, your data may be transferred to and processed in Australia or other countries where our service providers operate. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for such transfers.

11. Third-Party Links

Our site may contain links to external websites (e.g. social media platforms). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the site after changes constitutes acceptance of the updated policy.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: founder@elyon.world
Website: https://elyon.world/contact