Effective Date: May 29, 2025.

1. Introduction.

This Privacy Policy describes chani.com’s (“CHANI”) practices regarding information we collect about you and the choices available to you regarding such information. For purposes of this Privacy Policy, unless otherwise stated, “information” or “personal information” means information relating to an identified or identifiable individual.

This Privacy Policy applies to information we collect where we control the purposes and means of processing, specifically information we collect through any of our websites, apps, emails, or other online services that link to this Privacy Policy (the “Service”) or other sources identified below. Please note that your use of the Service is subject to our Terms of Service.

This Privacy Policy does not apply to:

the practices of third parties we do not control

information collected in the context of your job application or employment with us

information that has been anonymized or, to the extent permitted by law, deidentified

See additional disclosures if you live in the following regions:

California

Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia

Nevada

EEA, Switzerland, and the UK

For our contact details, see the Contact Us section below.

2. Collection.

This section describes the information we collect and how we collect it.
‍
Information You Provide through the Service.
‍
When you use the Service, you may be asked to provide information to us, such as when you create an account, make a purchase, sign up for our newsletters, participate in a promotion, respond to our surveys, or contact support. The categories of information we collect in this context include:

Contact Identifiers, including your name, email address, postal address, and phone number.

Characteristics or demographics, including your age, birthdate, place and time of birth (to create your birth chart), gender, and country.

Commercial or transactions information, including records of products or services you purchased, obtained, or considered.

Account credentials, including your username, password, password hints, and other information for authentication or account access.

Payment information, including your payment instrument number (such as a credit or debit card number), expiration date, and security code as necessary to process your payments. This information is processed by our payment processors.

Content, including content within any messages you send to us (such as feedback, questions, or survey responses) or publicly post on the Service (such as in product reviews or blog comments).

Journal entries. Each week, we provide Journal prompts where users can share freeform responses. These responses may include personal thoughts, feelings, or other information, including sensitive personal data if you choose to provide it. We store all Journal entries securely in an encrypted format and use them solely for your personal reference. We do not sell or share your Journal entries with third parties.

Please do not provide any information that we do not request.
‍
Information from Your Browser or Device.
‍
When you use the Service, we and third parties we work with automatically collect information from your browser or device. The categories of information we automatically collect in this context include:

Device identifiers, including your device’s IP address.

Device information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.

Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, purchases you make or consider, time of day you browse, and referring and exiting pages.

Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.

This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:

Cookies. Cookies are browser-based text files which are dropped on your browser when you visit a website, open or click on an email, browse our Shopify Site, or interact with an advertisement. There are various types of cookies, including session cookies (which are cookies that expire when you close your browser) and persistent cookies (which are cookies that do not expire until a set expiration date or you manually delete them). Cookies may be first party (which are cookies served directly by us) or third party (which are cookies served by third parties we work with).

Pixels. Pixels (also known as web beacons) are code embedded in a service. There are various types of pixels, including image pixels (which are one-pixel transparent images) and JavaScript pixels (which contain JavaScript code). Pixels are often used in conjunction with cookies. When you access a service that contains a pixel, the pixel may permit us or a third party to collect information from your browser or device, or to drop or read cookies on your browser.

App technologies. App technologies are technologies included in apps that are not browser-based like cookies. For example, our apps may include Software Development Kits (SDKs), which are tools released by third parties that provide certain functionality. When you access our apps, these technologies may permit us or a third party to collect information from your browser or device.

We use these tracking technologies for a variety of purposes, such as to help make our Service work, personalize your browsing experience, prevent fraud and assist with security, and perform measurement and analytics.
‍
To exercise choice around tracking technologies, see Your Privacy Choices below.

‍Information from Other Sources.

‍We also collect information from other sources. The categories of other sources from which we collect information include:

Business partners that offer co-branded services, sell or distribute our products, or engage in joint marketing or promotional activities.

Third party vendors and related parties we work with in connection with receiving analytics, security, and fraud prevention services.

Social media platforms with which you interact. For example, when you engage with our content on social media (such as through our brand page or direct messages), we may collect information such as your contact identifiers and any comments you provide. We may also receive additional information from the social media platform that you have authorized the platform to disclose to us. If you publicly reference our Service on social media (such as by tagging us or using a hashtag associated with us in a post), we may use your reference on or in connection with our Service.

Data providers, such as licensors of private and public databases.

Public sources, such as information in the public domain.

Information We Infer.

‍We infer new information from other information we collect, including to generate information about your likely preferences or other characteristics.

‍Sensitive Information.

‍Some of the information we collect may be considered sensitive under applicable law. See additional disclosures in your region for details.

3. Purposes for Collection and Use.

Our purposes for collecting and using information include:

Providing services. We collect and use information to provide services to you, including to operate the Service, establish and maintain your account, and provide support.

Personalizing your experience. We collect and use information to personalize your experience and show you content we believe you will find interesting.

Communications. We collect and use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. We also collect and use information to personalize and deliver marketing communications to you, including by email, and, where you opt-in, push notifications.

Analytics. We collect and use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service.

Promotions. When you voluntarily enter a promotion, we collect and use information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law. By entering a promotion, you agree to the official rules that govern that promotion, and that, except where prohibited by applicable law, we, the sponsor, and related entities may use your name, voice and/or likeness in advertising or marketing materials.

Improvements. We collect and use information to develop and improve our services.

Security and enforcement. We collect and use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm.

At your direction or with your consent. We collect and use information for additional purposes where you direct us to use it in a certain way or with notice to you and your consent.

Non-personal information. Sometimes we anonymize or deidentify information so it is no longer considered personal information under applicable law. Where we deidentify information, we commit to maintain and use the deidentified information in deidentified form and not attempt to reidentify it. We may use non-personal information for any purpose to the extent permitted by applicable law.

To exercise choice around our collection and use, see Your Privacy Choices below.

4. Disclosure.

We disclose the information we collect for the purposes described in this Privacy Policy. The categories of persons to whom we disclose information include:

Service providers. Many of the third parties we work are service providers that collect and process information on our behalf. Service providers perform services for us such as payment processing, data analytics, website hosting, birth chart, and technical support. To the extent required by law, we contractually prohibit our service providers from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal information for any purpose to the extent permitted by applicable law.

Business partners. We disclose information to our business partners (such as Shopify) in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing or promotional activities.

Affiliates. We disclose information to our affiliates and related entities, including where they act as our service providers subject to this Privacy Policy or use the information in accordance with their own privacy policies.

The public. We disclose information you make public, such as information that you post on public boards (e.g., product reviews). Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to any rights you have under applicable law.

Recipients in a merger or acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

Recipients for security and enforcement. We disclose information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to protect the rights, property, life, health, security and safety of us, the Service or anyone else.

Recipients at your direction or with your consent. We disclose information where you direct us to or with notice to you and your consent.

Non-personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. 

To exercise choice around our disclosures, see Your Privacy Choices below.

5. Third Parties / Shopify.

Our Service may link to, or be incorporated into, websites and online services controlled by third parties, such as Shopify. In addition, we may integrate technologies into our Service, including those disclosed in the Collection section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
‍
Personal information collected by Shopify.
‍
When you visit the Shopify Site, Shopify automatically collects certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Shopify Site, Shopify collects information about the individual web pages or products that you view, what websites or search terms referred you to the Shopify Site, and information about how you interact with the Site. We refer to this automatically collected information as “Shopify Device Information.”  Shopify Device Information is shared back with us.
‍
Additionally, when you make a purchase or attempt to purchase through the Shopify Site, Shopify collects, and shares with us, certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number). We refer to this information as “Shopify Order Information.”
‍
How Shopify uses your personal information.
‍
We use the Shopify Order Information that we collect generally to fulfill any orders placed through the Shopify Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this information to communicate with you, screen for potential risk or fraud, advertising relating to our products, and to generally improve and optimize the Service.
‍
How Shopify shares your personal information.
‍
We use Shopify to power our online store – you can read more about how Shopify shares your Personal Data here: https://www.shopify.com/legal/privacy.

6. Your Privacy Choices.

This section describes the choices available to you regarding your information.
‍
Communications.

‍You can opt-out of receiving certain communications from us as follows:

Emails. To stop receiving marketing emails, follow the unsubscribe instructions near the bottom of such emails. Please note that you cannot opt out of transactional emails.

Push notifications. To stop receiving push notifications, adjust your device settings or uninstall our app.

Accounts.

If you have an account with us, you can delete your account through your account settings. We will address your request in accordance with our data retention practices.

‍Browser and Device Controls.

Cookies and pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.

App technologies. Unlike cookies, app technologies cannot be controlled by your browser settings. You can stop all collection of information through an app by uninstalling the app.

Preference signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.

Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of their tools.

Region-Specific Choice.
‍
See additional disclosures regarding your rights to exercise choice if you live in the following regions:

California

Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia

Nevada

EEA, Switzerland, and the UK

7. Children.

The Service is not directed toward children under 13 years old, and we do not knowingly collect personal information (as that term is defined by the U.S. Children’s Online Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the Contact Us section below. We will delete the personal information in accordance with COPPA.

8. Security.

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Please note that transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

9. Retention.

We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

10. International Transfer.

We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate. Where required by applicable law, we will provide appropriate safeguards for data transfers.

11. Changes to this Privacy Policy.

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide additional notice to you, such as through email or prominent notice on the Service.

12. Contact Us.

The controller under this Privacy Policy is:

Chani Nicholas Incorporated
12405 Venice Blvd. #422
Los Angeles, CA 90066

You may email us at info@chani.com.

If you have questions about our practices regarding your information or have trouble accessing this Privacy Policy, please contact us at the postal address or email address above. To exercise choice available to you, please use the designated methods listed in this Privacy Policy.

13. Region-Specific Disclosures.

California.‍

Notice at Collection

For residents of California, at or before the time of collection of your personal information, you have the right to receive notice of our data practices. Our data practices are as follows:

Collection. The categories of personal information we have collected in the past 12 months and the categories sources from which the personal information is collected are set out in the Collection section above.

Purpose. The specific business and commercial purposes for collecting and using personal information are set out in the Purposes for Collection and Use section above.

Disclosure. The categories of persons to whom personal information is disclosed, including service providers for business purposes, are set out in the Disclosure section above. We disclose the categories of personal information listed in the Collection section above to service providers for business purposes.

Sales and Shares. We do not sell or share personal information as those terms are defined under California law.

Sensitive Data. Some of the personal information we collect may be considered sensitive personal information under California law. We collect, use, and disclose sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.

Retention. The criteria used to determine the period of time we retain your personal information is set out in the Retention section above.

Requests

You have the right to exercise choice over your personal information as follows:

Verifiable Requests: You have the right to:

Know what personal information we have collected about you, specifically have the right to know the categories of sources from which personal information was collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of personal information that we sold, shared, or disclosed for a business purpose, the categories of third parties to whom we disclosed personal information, and the specific pieces of personal information we have collected about you;

Correct inaccurate personal information we maintain about you; and

Delete personal information that we have collected from you.

These rights are verifiable rights, meaning that we need to verify your identity before fulfilling them. To exercise any of these rights, submit a request to info@chani.com. We will confirm receipt of and respond to your request consistent with applicable law. To verify your identity, we may require you to confirm receipt of an email sent to an email address that matches our records, provide us with details relating to your history with us, or provide additional information. If we cannot verify your identity, we may deny your request in accordance with applicable law.

Sales and Shares: We do not sell or share personal information.

Shine the Light: If you are a customer, you may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make a request, please write us at the email or postal address set out in the Contact Us section above and specify that you are making a “California Shine the Light Request.”

Your rights are subject to exceptions and our retention practices. You have the right not to be discriminated against for exercising any of your rights. To the extent permitted by law, rights requests must be exercised through the applicable designated method listed above. You may make a rights request using an authorized agent. Except for rights requests made by opt-out preference signal, we will require written and signed proof of the agent’s permission to do so and we may verify your identity directly with you.

‍Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Jersey, New Hampshire, Oregon, Texas, Utah, and Virginia.

Data Practices

For residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia, our practices regarding the collection, use, disclosure, and retention of your personal data are set out in the main Privacy Policy above.

We do not sell or share your personal information as those terms are defined under applicable law. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.

Some of the personal data we collect may be considered sensitive personal data under applicable law. We collect sensitive personal data with your consent.

Requests

You have the right to exercise choice over your personal data as follows:

Verifiable Requests: You have the right to:

Confirm whether or not we are processing your personal data, and in some regions, confirm the categories of personal data we have processed;

Access your personal data;

Correct inaccuracies in your personal data;

Delete your personal data;

Obtain a copy of your personal data that you previously provided to us in a portable and readily usable format.

If you are an Oregon resident, you also have the right to obtain a list of the specific third parties to which we have disclosed personal data.

If you are a Delaware resident, you also have the right to obtain a list of categories of third parties to which we have disclosed your personal data.

These rights are verifiable rights, meaning that we need to verify your identity before fulfilling them. To exercise any of these rights, submit a request to info@chani.com (specifying the rights you wish to exercise). We will confirm receipt of and respond to your request consistent with applicable law. To verify your identity, we may require you to confirm receipt of an email sent to an email address that matches our records, provide us with details relating to your history with us, or provide additional information. If we cannot verify your identity, we may deny your request in accordance with applicable law.

Sales and Targeted Advertising: We do not sell or share your personal information, including for targeted advertising.

Consent: You have the right to revoke consent previously given to us for the processing of your personal data. To revoke consent, write us at the email or postal address set out in the Contact Us section above (specifying the consent you wish to withdraw). If you withdraw consent, you may not be able to receive certain services related to that consent.

Your rights are subject to exceptions and our retention practices. You have the right not to be discriminated against for exercising any of your rights. To the extent permitted by law, rights requests must be exercised through the applicable designated method listed above. You may make a rights request using an authorized agent. Except for rights requests made by opt-out preference signal, we will require written and signed proof of the agent’s permission to do so and we may verify your identity directly with you.

You have the right to appeal our decision in response to your request. To appeal, please write us at the email or postal address set out in the Contact Us section above and specify what you wish to appeal. We will review and respond to your appeal in accordance with applicable law. If we deny your appeal, you may submit a complaint to your Attorney General as follows:

For Colorado residents: https://coag.gov/file-complaint/

For Connecticut residents: https://www.dir.ct.gov/ag/complaint/

For Delaware residents: https://attorneygeneral.delaware.gov/fraud/cmu/complaint/

For Iowa residents: https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint/complaint-form

For Montana residents: https://dojmt.gov/office-of-consumer-protection/consumer-complaints/‍

For Nebraska residents: https://www.nebraska.gov/apps-ago-complaints/

For New Hampshire residents: https://www.doj.nh.gov/citizens/consumer-protection-antitrust-bureau/consumer-complaints‍

For New Jersey residents: https://www.njconsumeraffairs.gov/Pages/Consumer-Complaints.aspx

For Oregon residents: https://justice.oregon.gov/consumercomplaints/  

For Texas residents: https://oag.my.salesforce-sites.com/CPDOnlineForm 

For Utah residents: https://attorneygeneral.utah.gov/contact/complaint-form/

For Virginia residents: https://www.oag.state.va.us/consumercomplaintform

Nevada

We do not sell your information as defined under Nevada law.

14. EEA, Switzerland, and the UK

Data Practices

For individuals located in the European Economic Area, Switzerland, or the United Kingdom, our practices regarding the collection, use, disclosure, and retention of your personal data are set out in the main Privacy Policy above.

Lawful Basis for Processing

Data protection laws in your region require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers or partners; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Where applicable, we will transfer your personal data to third countries subject to appropriate safeguards, such as standard contractual clauses.

Requests

You have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, submit a request to info@chani.com (specifying the right(s) you wish to exercise).

Complaints

You also have the right to lodge a complaint with the data protection regulator in your jurisdiction.