Information we collect

We may collect your name, email address, phone or WhatsApp contact, delivery address, billing details, order notes, account details, support messages, age confirmation status, device information, and site usage data.

When payments are enabled, payment details are handled by the payment provider. Laylati should not store full card numbers on the site.

How we use information

• To respond to private product and delivery enquiries.
• To confirm age, availability, payment, shipping route, and local eligibility before dispatch.
• To process orders, refunds, replacements, and support requests.
• To secure the site, prevent misuse, and improve the shopping experience.
• To send product, delivery, or marketing updates only where permitted.

Sharing information

We share data only when needed to provide the service, such as with hosting providers, payment providers, shipping partners, analytics tools, email tools, customer support systems, and professional advisers. Each partner should receive only the information required for its role.

Cookies and analytics

We may use necessary cookies for site operation, cart state, age confirmation, security, and account functions. Analytics and advertising cookies should be used only after the tracking setup is confirmed and required consent controls are in place.

Retention and security

We keep personal information only for as long as needed for orders, support, legal, tax, fraud-prevention, and operational purposes. We use access controls and secure systems, but no online service can be guaranteed completely risk-free.

Advertising measurement and click identifiers

When advertising campaigns are active, Laylati may use analytics tags, advertising pixels, cookies, UTM parameters and click identifiers from platforms such as Google, Meta, TrafficJunky, TrafficFactory and ExoClick. Examples include gclid, fbclid, aclid, tfclid and ExoClick conversion tracking IDs. These identifiers help us understand which campaigns led to page views, product interactions, saved items, cart actions or private-list requests.

Browser events are configured to avoid sending the text entered in the email or WhatsApp field to advertising platforms. If server-to-server postbacks or conversion APIs are added later, they should be limited to event IDs, click IDs, timestamps, page paths, product IDs, value, currency and non-sensitive attribution data unless a separate consent and legal review supports more.

Your choices

You may ask to access, correct, or delete your personal information where applicable law allows. Contact rlmsx1221@gmail.com. We may need to verify your identity before acting on a request.