◆  Complimentary insured delivery on all orders · Hatton Garden · London  ◆

Legal

Privacy Policy

Last updated: June 2026

1. Who We Are

Jabour & Co. is operated by Jabour Jewellery Limited, a company incorporated in England and Wales. Our registered address is available on request. Our primary contact email is hello@jabour.co.

We are the data controller for the personal data we collect from you through jabour.co and any related communications. This policy explains what we collect, why we collect it, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect personal data in the following ways:

When you place an order

  • Full name and delivery address
  • Email address and phone number
  • Order details (items, sizes, metals, engraving)
  • Payment information (processed by Stripe — we never see or store your card details)

When you book a consultation or submit an enquiry

  • Name, email address, and phone number
  • Your preferred appointment time and any message you provide

When you subscribe to our mailing list

  • Email address

Automatically when you browse

  • IP address, browser type, pages visited, time on site
  • This data is collected by Google Analytics 4 in anonymised or pseudonymised form
  • We use cookies — see our Cookie Policy for details

3. Legal Basis for Processing

We rely on the following lawful bases under UK GDPR Article 6:

  • Contract (Article 6(1)(b)): To process and fulfil your order, arrange delivery, and manage any returns or warranty claims.
  • Legitimate interests (Article 6(1)(f)): To prevent fraud, improve our website, and respond to enquiries. Our legitimate interests do not override your rights.
  • Consent (Article 6(1)(a)): To send you marketing emails (Klaviyo) and to place non-essential cookies. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): To retain financial records as required by HMRC.

4. Third-Party Processors

We share your data only with trusted service providers acting as data processors on our behalf. Each is bound by a data processing agreement and may not use your data for their own purposes.

Stripe

Payment processing

USA (EU-US Data Privacy Framework) · Privacy policy

Supabase

Order and lead data storage

EU (AWS eu-west-2) · Privacy policy

Resend

Transactional email (order confirmations, enquiry receipts)

USA (SCCs in place) · Privacy policy

Klaviyo

Email marketing (subscribers only)

USA (EU-US Data Privacy Framework) · Privacy policy

Vercel

Website hosting and edge functions

USA / EU (DPA in place) · Privacy policy

Google Analytics 4

Website analytics (anonymised)

USA (EU-US Data Privacy Framework) · Privacy policy

We do not sell your personal data to any third party, ever.

5. How Long We Keep Your Data

  • Order records: 7 years (HMRC legal requirement)
  • Consultation and enquiry records: 2 years from last contact
  • Marketing subscribers: Until you unsubscribe
  • Analytics data: 14 months (Google Analytics default)
  • Website server logs: 30 days

6. Your Rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data (subject to legal retention obligations)
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — at any time where we rely on consent (e.g., marketing emails)

To exercise any of these rights, email us at hello@jabour.co. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data correctly.

7. International Transfers

Some of our processors are based outside the UK/EEA (primarily in the USA). Where this is the case, we rely on one or more of the following transfer mechanisms: the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses (SCCs), or the UK Extension to the EU-US Data Privacy Framework.

8. Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, row-level security in our database, and restricted access to production systems. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security, but we take all reasonable steps to protect your information.

9. Cookies

We use cookies for essential site functionality and analytics. For full details, including how to manage your preferences, see our Cookie Policy.

10. Changes to This Policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. Material changes will be communicated by email if we hold your address.

11. Contact Us

Jabour Jewellery Limited
Hatton Garden, London, United Kingdom
hello@jabour.co