Skip to main content
— Privacy Notice

We collect only
what we need.

This page explains what personal information KHAYT gathers from you, why, and what you can ask us to do with it. If you'd rather a thirty-second summary, it's at the top.

Last updated · 24 April 2026

We never sell your data. We don't track you across the web. We keep what we need to send your parcels, and delete the rest when you ask.

The short version

  • We collect your name, email, address, phone, and order history.
  • We use them to take your order, ship it, answer your questions, and — if you opt in — send the occasional letter.
  • We share them only with the services we rely on to run the shop (payments, shipping, hosting). Never with advertisers.
  • You can ask to see, correct, export, or delete your data at any time.

What we collect

When you order
Your name, email, shipping address, phone number, items chosen, payment reference (not the card number), and order totals.
When you create an account
Your email, a hashed password, and any addresses or preferences you save.
When you email us
The message you send and any information you include in it.
When you visit the site
Standard server logs (IP, user agent, referring page) kept for up to 14 days for security and debugging.
When you accept cookies
A session identifier to keep you signed in and your bag in sync between devices. See the cookies section below.

Why we use it

  • To take and fulfil orders — process payment, prepare the parcel, arrange the courier.
  • To support you — reply to emails, handle returns, carry out repairs.
  • To run the shop — fraud checks, accounting, and the legal records tax authorities require.
  • To write to you — only if you subscribe to the Letters from the Atelier. One quiet email per full moon; you can unsubscribe in one click.

The legal bases we rely on are contract (to fulfil your order), consent (for the newsletter), legitimate interests (for fraud prevention and basic analytics), and legal obligation (for accounting records).

Who we share with

Payments
Our payment processor sees your card details directly — we never do.
Shipping
Name, address, and phone are passed to the courier so they can deliver and, if needed, call you.
Hosting & database
Supabase (database, auth) and Vercel (web hosting) store the data encrypted at rest.
Email delivery
For transactional and newsletter emails. Your email is used solely for the message at hand.
Authorities
We disclose information to tax authorities or courts only when a law obliges us to — never more than asked.

We do not sell your data, rent it to advertisers, or feed it into any ad network.

How long we keep it

  • Order records: up to 7 years, as required by accounting law.
  • Account details: until you ask us to delete them.
  • Support emails: up to 2 years, then archived or erased.
  • Server logs: 14 days.
  • Marketing subscriptions: until you unsubscribe.

Your rights

Regardless of where you live, you can ask us to:

  • Show you a copy of everything we hold about you.
  • Correct anything that's wrong.
  • Delete your account and the data that's no longer legally required.
  • Export your data in a portable format.
  • Object to or restrict certain uses (for example, the newsletter or aggregated analytics).

Email privacy@khayt.house and we'll act within thirty days. You can also complain to your local data protection authority — in Egypt, the Personal Data Protection Centre; in the EU, your national DPA; in the UK, the ICO.

Cookies

We use three kinds of cookies:

Essential
Keep you signed in, hold your bag, and keep the checkout secure. These can't be turned off — the site wouldn't work.
Preferences
Remember your address choices and site settings, so the experience feels yours.
Analytics
Anonymous, first-party counts of which pages perform well. No cross-site tracking.

We don't use advertising cookies or third-party trackers. If we ever do, we'll ask first — properly, not with a dark-pattern banner.

Security

Data is encrypted in transit (HTTPS) and at rest. Access to the database is limited to a small number of people on our team, using strong authentication. No system is perfect, so if you ever spot something amiss, please tell us at security@khayt.house.

Contact

The data controller for this site is Khayt Atelier, Cairo. For anything on this page — or just to ask what we hold — write to privacy@khayt.house. A human answers, gently.

Changes to this notice

When we materially change how we handle your data, we'll update the "last updated" date at the top and email account holders at least two weeks in advance.

— Questions?

Write to us at care@khayt.house.

We reply within two working days, gently.

The Abaya EditThe Children's Wardrobe