Policies
Privacy policy
Last updated: 2026-05-26 · Operator: Daphne by Mona, Lahore, Pakistan
This page explains what data we collect when you use the website daphnebymona.com, why we collect it, who we share it with, and the choices you have. We try to be specific rather than legalistic — if anything here is unclear, write to daphnebymona1@gmail.com and we’ll explain it in plain English.
1. What we collect
- Order details— name, phone, shipping address, items ordered, and (when paying by card) the payment provider’s confirmation token. We never see your full card number; payments run through our payment processor’s secure hosted page.
- Account / appointment requests — name, phone, email (optional), preferred date / time, notes you write.
- Device data — IP address, user-agent, the page you were on, the page you came from. We log this against your session for security (rate limiting, fraud detection, audit trail) and we do not sell it.
- Cookies — see the table in §4 below. Tracking cookies fire only after you click Accept.
2. Why we collect it
- Fulfill orders and appointments.
- Run the site safely — block credential stuffing, flag fraud, recover lost passwords.
- Understand what is and isn’t working on the site, with your consent (analytics). We never use analytics to identify individual people.
- Show you relevant ads on social and advertising platforms when you opted into marketing cookies. You can opt back out any time below.
3. Who we share it with
We work with a small set of trusted service providers, strictly to run the service. By category:
- Hosting & database — to run the website and store its data securely.
- Payment processing — to take card payments. We pass only the amount and your order number; your card details go straight to the processor and never to us.
- Transactional email — to send order, appointment, and password-reset emails.
- Analytics & marketing — only with your consent: to understand site usage and, if you opt in, to show relevant ads.
We do not sell personal data. We only share it with the service categories above, strictly to run the service.
4. Cookies
The site sets one essential cookie group and two optional groups.
| Cookie | Purpose | Lifetime | Optional? |
|---|---|---|---|
| __Host-daphne-session | Admin login (essential) | 8 h | No |
| __Host-daphne-cart | Holds your cart between visits (essential) | 60 days | No |
| __Host-daphne-receipt | Lets you see your own order receipt (essential) | 30 days | No |
| daphne-consent | Remembers your cookie choices (essential) | 13 months | No |
| _ga / _ga_* | Analytics — anonymized usage | ≤ 2 years | Yes |
| _fbp / fr | Marketing pixel — ad attribution | ≤ 3 months | Yes |
To change your cookie choices, delete the daphne-consent cookie in your browser settings — the banner will appear again on the next visit.
5. Retention
- Orders + invoices: kept for 7 years (tax / consumer-protection rules).
- Appointment requests: 24 months after the last contact.
- Server logs (IP / user-agent): 30 days, then aggregated.
- Backups: rolling 30-day window with our hosting provider.
6. Your rights
You can ask us at daphnebymona1@gmail.com to:
- see a copy of what we hold about you
- correct anything wrong
- delete your account + order history (subject to the retention rules above)
- stop receiving marketing emails
We respond within 30 days.
7. Children
The site isn’t intended for anyone under 16. If you believe a child has signed up, email us and we will delete the account.
8. Changes
When this policy changes substantively we will bump the "Last updated" date and reset the cookie banner so you get a fresh choice.