Free shipping on orders over JOD 250Engraving includedLifetime resize & polishDelivery across Jordan · Sat – Thu
ENAR
POLICIES

Privacy Policy

Alomar Jewellry — مجوهرات العمر

Last updated: 20 June 2026

Alomar Jewellry ("Alomar," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use and protect it, who we share it with, and the rights you have over it.

This policy applies to personal data we process when you:

  • visit or buy from our website at alomarjewelry.com;
  • use the Alomar mobile app on iOS or Android (including the virtual jewellery try-on feature);
  • shop, sell, or trade in jewellery at our store; or
  • contact us or interact with us on social media.

We operate primarily in Jordan and our prices are in Jordanian Dinar (JOD). This policy is written to meet Jordan's Personal Data Protection Law No. 24 of 2023 (PDPL), and it also provides additional rights for visitors in the European Economic Area / United Kingdom and in California (see Section 15, Region-specific rights).

In short: We collect the details needed to take your order, deliver it, run your account, and operate our store. Our virtual try-on works entirely on your device — your camera image is never sent to us. We do not sell your personal data. You can ask us to access, correct, or delete your data at any time at contact@alomarjewelry.com.


1. Who we are (the data controller)

The data controller responsible for your personal data is:

Alomar Jewellry (trade name) — مجوهرات العمر Operating across Jordan Email: contact@alomarjewelry.com

If your core question is about privacy or your personal data, please reach us at contact@alomarjewelry.com and write "Privacy" in the subject line.


2. The personal data we collect

We collect personal data in three ways: information you give us, information we collect automatically when you use our website or app, and information we receive from third parties.

2.1 Information you give us

Account and sign-in. When you create an account on our website or app, we collect your mobile phone number and/or email address, and a display name if you provide one. We use a passwordless sign-in: you receive a one-time code by WhatsApp or email, or you sign in with your Apple or Google account. If you use Apple or Google sign-in, we receive basic account-identity information from that provider.

Orders and delivery. When you place an order, we collect your name, phone number, email address, delivery address, city, and any order notes you add, together with the items ordered and your chosen payment method.

Saved addresses. If you save delivery addresses to your account, we store the label, recipient name, phone number, street, area, city, and notes for each.

Wishlist and preferences. If you save items to your wishlist or set gold-rate alert preferences, we store those choices linked to your account.

Payment information. For bank-transfer orders, you may upload a payment receipt, which we store securely. If you pay by card through our payment gateway, your card details are entered directly into the gateway's secure form — we never see or store your full card number (see Section 10).

In-store and trade-in. When you buy, place a custom order, arrange a repair, set up a layaway/instalment plan, or trade in jewellery at our store, our point-of-sale system records your name, phone number, email, address, and national ID or passport number, along with the details of the transaction. For trade-ins this includes an appraisal of the items you bring in (karat, weight, purity, and payout). We collect a national ID or passport number where needed to complete a regulated gold transaction and to identify the account; we do not scan or store a copy of your ID document.

Communications. If you contact us by email, WhatsApp, or social media, we keep a record of that correspondence.

2.2 Information we collect automatically

Device and technical data. When you use our website or app, we automatically collect technical information such as your IP address, browser or device type, and basic usage information.

Fraud-prevention data. When you place an online order, we record the IP address associated with it and may screen the combination of phone number and IP address to detect and prevent fraudulent orders.

Cookies and similar technologies. Our website uses cookies and similar technologies to keep you signed in, remember your shopping bag, secure access to invoice pages, and — where enabled — to measure traffic and support advertising. See Section 6.

Camera (virtual try-on). Our app's virtual try-on uses your device camera. Please read Section 5 carefully — this processing happens on your device and the camera image is not uploaded to us or anyone else.

What we do not collect in the app: Our iOS and Android apps contain no third-party analytics, crash-tracking, or advertising software, request no advertising identifier (no IDFA / no tracking prompt), and perform no cross-app or cross-site tracking. The only third-party component bundled in the app is our payment provider's fraud-prevention software, used solely to help secure card payments (see Section 10).

2.3 Information from third parties

  • Sign-in providers (Apple, Google) share basic account-identity details when you choose to sign in with them.
  • Payment and fraud-prevention providers share transaction status and fraud signals for card payments.

We do not buy marketing lists or enrich your profile with data purchased from data brokers.


2A. Sensitive data

Our store records a national ID or passport number for certain in-store and trade-in transactions, and bank-transfer payment receipts may reveal financial information. We treat this information as confidential, restrict access to authorised staff, and store it securely. We ask that you do not send us more sensitive information than necessary.


3. How we use your personal data, and our legal basis

We use your personal data for the purposes below. Under the PDPL and GDPR, each use rests on a lawful basis:

PurposeExamplesLegal basis
Provide your account and sign-inSending one-time codes; keeping you signed inPerformance of a contract; your consent
Process and deliver ordersTaking payment, arranging delivery, sending order updates, issuing invoicesPerformance of a contract
Operate our storeTrade-ins, custom orders, repairs, layaway, after-sales servicePerformance of a contract; legal obligation
Prevent fraud and keep our services secureScreening orders, securing accounts and invoice pages, audit loggingLegitimate interests; legal obligation
Provide virtual try-onRunning the on-device try-on; saving or sharing a photo only when you askPerformance of a contract; your consent
Send service messages and (if you opt in) gold-rate alertsOrder updates; price-alert notifications you enablePerformance of a contract; your consent
Measure and improve our website, and advertiseWebsite analytics and advertising, where enabled (Section 7)Your consent (where required); legitimate interests
Meet legal, tax, and accounting obligationsKeeping required transaction recordsLegal obligation

Where we rely on consent, you can withdraw it at any time (Section 14). Where we rely on legitimate interests, we have balanced those interests against your rights and you may object (Section 14).


4. Children's privacy

Our services are intended for adults. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us at contact@alomarjewelry.com and we will delete it.


5. Virtual try-on and your camera

Our app lets you try jewellery on virtually using your device camera. We have designed this to be private by default:

  • It runs entirely on your device. Face and hand positions are detected locally on your phone using on-device technology. The live camera image and the position data are processed in your device's memory only.
  • Your camera image is never uploaded. We do not send your camera feed, face geometry, or hand positions to Alomar or to any third party. The only thing your device downloads is the picture of the jewellery item to overlay.
  • We do not create a biometric profile. The try-on does not identify you, and we do not store or share any facial or hand "template." Position data exists only for the moment it is shown on screen.
  • Photos stay yours. A try-on photo is saved to your device or shared only when you choose to save or share it. We do not keep a copy.

To use try-on, your device will ask for camera permission, and (on iOS) add-to-photos permission if you choose to save a photo. You can decline or revoke these in your device settings; the rest of the app will keep working.


6. Cookies and similar technologies

Our website uses a small number of cookies:

Essential cookies (always on). These are needed for the site to work and cannot be switched off:

  • a secure session cookie that remembers your shopping bag; and
  • a short-lived, signed cookie that protects access to your invoice/receipt pages after you verify the last digits of your phone number.

These essential cookies are stored securely (HTTP-only) and are not used for advertising.

Analytics and advertising cookies (optional). Where enabled, our website uses Meta (Facebook) Pixel, Google Analytics 4, and Google Ads to understand how the site is used and to measure and deliver advertising. These set cookies such as _fbp, _fbc, _ga, and _gid and are described in Section 7.

You can control cookies through your browser settings, and through the ad and privacy controls Meta and Google provide. If you are in a region that requires opt-in consent for analytics and advertising cookies (such as the EEA/UK), please use those controls to manage them.

Our mobile apps do not use advertising or analytics cookies or trackers.


7. Analytics and advertising

To measure and promote our website, we use the following tools when they are enabled on the site:

  • Meta Pixel and the Meta Conversions API. These record website actions (such as viewing a product, adding to bag, and purchasing) to measure and target advertising on Meta platforms. When you make a purchase, our server may send Meta a record of the event. Your email address and phone number are irreversibly hashed (SHA-256) before they are sent; your IP address and browser user-agent are also sent. We do not send your name.
  • Google Analytics 4 and Google Ads. These measure website traffic and support advertising and conversion measurement using cookies and your IP address.

We use these to understand and improve our store and to show relevant advertising. You can opt out using your cookie choices (Section 6), your device/browser ad settings, and the tools Meta and Google provide. We do not sell your personal data, and our apps contain none of these tools.

Our website footer also links to our social media profiles (Instagram, Facebook, TikTok). Visiting those is governed by each platform's own privacy policy.


8. How we share your personal data

We share personal data only as needed to run our business, and only with the categories of recipients below. We require our service providers to protect your data and to use it only for the services they provide to us.

Service providers (processors / sub-processors):

RecipientWhat they do for usWhere
SupabaseHosts our database, accounts, and secure file storageUnited States
Netlify (and our hosting/CDN)Hosts and delivers our website and app servicesUnited States / global CDN
Meta PlatformsWhatsApp delivery of one-time sign-in codes and order messages; website advertising and measurement (Section 7)United States / global
GoogleSign-in (Google), app push notifications for rate alerts you turn on (Firebase Cloud Messaging; where enabled), website analytics and advertising, and fonts on printed invoices and the in-store screenUnited States / global
AppleSign in with Apple, and app push notifications (where enabled)United States / global
TwilioDelivery of one-time sign-in codes (backup channel)United States / global
HyperPay and its security partnersCard payment processing, 3-D Secure authentication, and payment fraud screening (where card payment is offered)Regional / global

We may also share personal data:

  • to comply with the law — with courts, regulators, or authorities where we are legally required to;
  • to protect rights and safety — to prevent fraud or protect our rights, customers, or staff; and
  • in a business transfer — if our business is reorganised, merged, or sold, in which case we will require the recipient to honour this policy.

We do not sell your personal data, and we do not share it for third-party advertising except through the website analytics/advertising tools described in Section 7 (which you can opt out of).


9. International data transfers

Alomar serves customers in Jordan, but some of our service providers store and process personal data outside Jordan, including in the United States (for example, our database and file storage are hosted in the United States, and our delivery, sign-in, messaging, and advertising providers operate globally).

When we transfer personal data outside Jordan, we take steps required by the PDPL to ensure it remains protected, including using providers that offer an adequate level of protection and appropriate contractual safeguards. For transfers of EEA/UK personal data, we rely on appropriate safeguards such as the Standard Contractual Clauses.


10. Payments

We offer card payment through our payment gateway and CliQ instant bank transfer. Our store also accepts in-person payment.

  • For bank transfer, you may upload a payment receipt, which we store securely and use only to confirm your order.
  • For card payments, your card details are entered directly into the secure form hosted by our payment provider. Alomar never receives or stores your full card number, expiry, or security code. Our provider may use device and fraud-screening signals (such as a device identifier and approximate location) to authenticate the payment and prevent fraud.

We store the order amount, payment method, payment status, and a payment reference — never your card number.


11. How long we keep your data

We keep personal data for as long as needed for the purposes described in this policy, and then for as long as required to meet our legal, tax, and accounting obligations or to resolve disputes. In practice:

  • Account data is kept while your account is active. You can ask us to delete it (Section 14).
  • Order, invoice, and in-store transaction records are kept for the period required by Jordanian tax and commercial law.
  • Payment receipts are kept only as long as needed to confirm and account for the related order.
  • Security and audit records are kept for a limited period to protect our services.

When we no longer need personal data, we delete it or render it anonymous.


12. How we protect your data

We use technical and organisational measures to protect your personal data, including:

  • Encryption in transit for data sent between your device and our services;
  • secure, access-controlled storage, with database row-level security so that each customer can reach only their own records;
  • a private, staff-only store for uploaded payment receipts, available only through short-lived, signed links;
  • protected invoice/receipt pages that require you to verify the last digits of your phone number;
  • secure on-device storage of your sign-in session (Apple Keychain on iOS; encrypted storage on Android); and
  • staff access controls, including two-factor authentication and audit logging in our store system.

No method of transmission or storage is completely secure, but we work to protect your data and to review our security regularly. If a personal-data breach occurs that is likely to cause you significant harm, we will notify the competent authority and affected individuals as required by the PDPL (within 72 hours to the regulator and 24 hours to affected individuals where the law requires).


13. Your privacy rights

Subject to the law that applies to you, you have the right to:

  • Access the personal data we hold about you and obtain a copy;
  • Correct data that is inaccurate, incomplete, or out of date;
  • Delete your personal data ("right to be forgotten"), subject to records we must keep by law;
  • Withdraw consent at any time, where we relied on your consent;
  • Object to or restrict certain processing, including direct marketing;
  • Port your data to another provider in a structured, machine-readable format; and
  • Withdraw from marketing at any time.

We will not discriminate against you for exercising these rights.


14. How to exercise your rights

To exercise any of the rights above, email contact@alomarjewelry.com with "Privacy" in the subject line, or contact us through the details in Section 17.

  • We may need to verify your identity before acting on your request, using information we already hold.
  • We will respond within the time required by the law that applies to you — generally 30 days (PDPL/GDPR) or 45 days (California), and we will tell you if we need more time.
  • You can delete your account and personal data yourself at any time — in the Alomar app (Account → Delete account) or on our website at alomarjewelry.com/account/delete. We also handle access, correction, and deletion requests manually if you email us.

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Directorate at Jordan's Ministry of Digital Economy and Entrepreneurship, or with your local data-protection authority.


15. Region-specific rights

European Economic Area / United Kingdom (GDPR / UK GDPR). Where the GDPR applies, our legal bases are set out in Section 3; you have the rights in Section 13, including the right to lodge a complaint with your local supervisory authority and the right to data portability. International transfers are addressed in Section 9.

California (CCPA/CPRA). If you are a California resident, you have the right to know the personal information we collect and how we use and disclose it, the right to delete it, the right to correct it, and the right to opt out of "sale" or "sharing" of personal information. We do not sell your personal information. Our use of advertising tools (Section 7) may be considered "sharing" for targeted advertising under California law; you can opt out through your cookie choices and browser/device controls. We will not discriminate against you for exercising your rights.


16. Third-party links and services

Our website and app may link to third-party sites and services (for example WhatsApp, our payment provider, and our social-media profiles). We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.


17. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through our website or app. Please review it periodically.


18. Contact us

If you have any questions about this policy or how we handle your personal data, contact us:

Alomar Jewellry — مجوهرات العمر Email: contact@alomarjewelry.com (subject line: "Privacy") WhatsApp +962 78 807 0777 · +962 2 724 5012 · Operating across Jordan

You may also contact Jordan's Personal Data Protection Directorate (Ministry of Digital Economy and Entrepreneurship) if you wish to raise a concern about how your personal data is handled.