Privacy Policy
This Privacy Policy explains how GEMGEM Inc. (“GEMGEM”, “we”, “our”, or “us”) collects, uses, and safeguards your personal information when you use our website at https://gemgem.com/ (the “Site”) and our services.
GEMGEM Inc. is the data controller for all personal information collected through our website and services.
We are committed to protecting your privacy and being transparent about how we handle personal information. When we refer to “personal information” in this Policy, we mean any information that identifies or could reasonably be used to identify you as an individual.
We may update this Policy periodically. To stay informed of any changes, please review this page regularly.
1. Types of Information We Collect
Personal Information
When you sign up for or use our services, whether buying, listing, or selling, we may collect the following personal information:
- Basic details: full name, email address, date of birth, and contact number
- Account details: username and password
- Demographic information: country, city, state or province, and ZIP or postal code
Payment Information
We collect payment information when you make purchases or transactions through our website, including:
- Name, email address, billing/shipping address, and card number
- Credit or debit card details (processed securely)
- Bank account details for ACH or wire transfers
- Transaction history and payment status
Note: GEMGEM does not store full credit or debit card details. All card information is processed exclusively through our third-party payment processor, Stripe, Inc., which is PCI DSS Level 1 certified. Please review Stripe’s privacy policy at stripe.com/privacy.
Other Information
We may also collect other information in the following ways:
- User-Provided Data: Details you voluntarily share about your diamonds or jewelry (e.g., weight, clarity, certification, personal notes, and in-browser preferences)
- Automatic Collection: Information collected automatically, such as your IP address, device type, operating system, referring pages, and statistics about your engagement with our site or offer emails
2. How We Use and Share Information
Personal Information
We use personal information to:
- Account management and to contact you directly
- Fulfill and personalize our services
- Send you marketing and promotional materials (you may opt out of marketing communications at any time)
- Customize your browsing experience
- Comply with legal obligations and enforce our Terms of Service
Payment Information
We use payment information collected by us or by third parties (e.g., Stripe) to:
- Process transactions and prevent fraud
- Fulfill purchases and issue refunds
- Comply with anti-money laundering and financial regulations
All credit and debit card details are handled through third-party payment processors and are protected by industry-standard security (TLS encryption and PCI DSS compliance).
Other Information
We use other information to:
- Various improvements and troubleshooting
- Trend analysis and marketing and industry-related research
- Fraud prevention and security monitoring
- Aggregate or de-identified reporting (we may share aggregated data that does not personally identify you)
Consent for Your Personal Information
We collect personal information only when it is necessary to provide our services. Personal information refers only to data that could potentially identify you. We collect only what is necessary and do not collect information that is not applicable to your use of the service.
3. Marketing Communications
Opt-In
By providing your phone number and/or email when you sign up or update your account, you are consenting to receive SMS and/or email communications from us. We may collect the following contact information for the purposes of providing our services:
- Name
- Email address
- Phone number
When you enroll or create an account, we use this information to:
- Create an account
- Authenticate your identity
- Grant you access to specific features of our website
You may also opt in to receive SMS or email messages for the following purposes:
- Transactional Messages: Login PINs, account self-recovery, announcements, and milestones
- Marketing Messages: Sales promotions, draw prizes, free trials, and similar offers
Opt-Out
You can control the collection and use of your personal information and stop receiving promotional communications at any time using the following options:
- Updating your preferences in your account settings or profile
- Clicking the unsubscribe link in any marketing email or SMS message we send
- Contacting us directly at [email protected]
4. Your Rights
Subject to applicable privacy laws, you may have the right to request access to your personal information that we hold. Where permitted by applicable law, a small fee may apply for repetitive, excessive, or unfounded access requests.
To exercise this right, please submit a written request to [email protected], providing:
- Proof of identity (e.g., government-issued ID)
- Details of the personal information you want to access or update
- Any references to the personal information you want to access or update
If you believe that any information we hold about you is incorrect or incomplete, please contact us immediately at [email protected] so we can correct it.
5. California Residents — Your Rights Under CCPA / CPRA
If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), grants you enhanced rights regarding your personal information. This section supplements the rest of our Privacy Policy and applies solely to California residents.
Categories of Personal Information We Collect
In the past 12 months, we have collected the following categories of personal information:
| Category | Examples |
|---|---|
| Identifiers | Name, email address, IP address, account ID, device identifiers |
| Personal information categories (Cal. Civ. Code §1798.80(e)) | Name, address, phone number, credit card number, bank account details |
| Commercial information | Purchase history, transaction records, items listed or sold |
| Internet / electronic network activity | Browsing history on our site, search queries, clicks, session data |
| Geolocation data | Country, city, and state/province level (not precise GPS) |
| Inferences | Preferences and interests inferred from browsing or purchase behavior |
Your CCPA / CPRA Rights
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose, and the categories of third parties with whom we share it.
- Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., where retention is required to complete a transaction, comply with a legal obligation, or detect security incidents).
- Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
- Right to Opt-Out of Sale or Sharing: We do not sell your personal information for monetary consideration. However, we may share personal information with advertising partners for cross-context behavioral advertising. You may opt out via the “Do Not Sell or Share My Personal Information” link in our website footer, or by adjusting your cookie preferences.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information to the extent necessary to provide services.
- Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA rights. You will not be denied goods or services, charged different prices, or provided a different level of quality.
How to Submit a CCPA Request
- Email: [email protected] with subject line “CCPA Rights Request”
- We will acknowledge receipt within 10 business days and respond within 45 calendar days
- If more time is needed, we will notify you and may extend by up to an additional 45 calendar days
- You may designate an authorized agent to submit a request on your behalf with written authorization
- We may need to verify your identity before processing your request
6. Deletion Rights of Your Information
- You can request the deletion of your personal information by emailing [email protected]
- We will delete or de-identify your personal information within 45 calendar days of receiving a verified request, unless an exception applies
- We will retain your personal information to the extent required to comply with our legal obligations
- If you opt out of promotional offers from third parties, we may retain your email address on a suppression list to ensure you continue not to receive those communications
7. Data Security
We are committed to protecting your personal information from unauthorized access, use, loss, or disclosure. Our measures include:
- Physical access controls to our offices and server environments
- Keeping our software and systems up to date
- Managing personnel access to personal data on a need-to-know basis
However, no data transmissions over the internet are 100% secure. While we take all reasonable steps to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.
8. External Links
Our website may contain links to third-party websites. We do not control the privacy practices of these external sites, which include:
- Advertisers and marketing partners
- Authentication providers (e.g., Google Sign-In)
- Sponsors
When you visit a third-party website, we encourage you to review their privacy policy and terms of use to understand how your data will be handled.
9. Cookies
We use cookies on our website to collect additional data about you or your browsing patterns, and to improve our services by understanding the terms on which cookies are placed on your device in the following circumstances:
- Strictly necessary cookies: required for the basic operation of our site
- Analytical/performance cookies: allow us to recognize and count visitors and understand how visitors move around our site
- Functionality cookies: used to recognize you when you return to our site
- Targeting/advertising cookies: record your visit to our site, the pages you have visited, and the links you have followed
For full details on the cookies we use, including a complete cookie inventory and your management options, please refer to our Cookie Policy.
How Do We Use Cookies?
Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We use this information for statistical analysis purposes only, and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Please note: blocking all cookies will also affect our ability to remember your privacy preferences, including your opt-out from advertising. We strongly recommend using our cookie consent manager rather than blocking all cookies at the browser level.
List of Cookies We Collect
We collect cookies in the following categories:
| Cookie Name | Enable Description |
|---|---|
| PHPSESSID | Preserves user session state across page requests |
| XSRF-TOKEN | Ensures visitor browsing security by preventing cross-site request forgery |
| _EDGE_V | Session cookie used to track and store real-time information about the browser session |
| UTAG | Tracks the time of visit to a web page and stores that information in a cookie |
| _gat | Used by Google Analytics to throttle the request rate |
| __HTTP_AUTH_DUAL_RAIL_CODE_COOKIE | Used by the content delivery network as a security measure |
| NID/CONSENT/ANID/1P_JAR | Google cookies used to tailor content and advertisements and to help make the web safer for the user |
| SIDCC/SAPISID/SSID/HSID/SID/APISID | Google profile authentication cookies to protect user data from unauthorized access |
| SEARCH_SAMESITE/OTZ | Google cookies used for analytics |
| _ga / _gid / _ga_* | Google Analytics cookies used to distinguish users, measure page views, and track sessions |
| ph_* (PostHog) | PostHog analytics cookies used to track page views, events, user journeys, and session recordings on an anonymized basis |
| optimonk_* (OptiMonk) | OptiMonk personalization cookies used to manage on-site popups, overlays, and personalized offers |
| __stripe_mid / __stripe_sid | Stripe payment processor cookies used for fraud detection and secure transaction management |
| gemgem_session | GEMGEM session cookie used to maintain authenticated user state |
| gemgem_cookie_consent | GEMGEM first-party cookie that stores your cookie consent preferences for up to 6 months |
10. Children’s Privacy
GEMGEM is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. We comply with the Children’s Online Privacy Protection Act (COPPA).
11. Consent
By using our website, you consent to this Privacy Policy. If you do not agree to this Policy, please do not use our website.
Where required by applicable law (including GDPR for users in the European Economic Area and the UK, and CCPA for California residents), we will seek your explicit consent before collecting or using certain categories of personal data.
12. Identity Verification (Know Your Customer)
To maintain the integrity of our marketplace and comply with applicable legal and regulatory requirements, GEMGEM requires identity verification from sellers and, in certain circumstances, buyers. This process is commonly referred to as Know Your Customer, or KYC.
Why We Collect Identity Information
GEMGEM facilitates high-value transactions in pre-owned luxury jewelry and diamonds. As such, we are required or reasonably expected to:
- Verify the true identity of sellers listing items on our platform
- Verify the identity of buyers in transactions that meet or exceed regulatory reporting thresholds
- Detect and prevent fraud, money laundering, and the handling of stolen goods
- Comply with applicable financial regulations, including obligations under the Bank Secrecy Act (BSA) and FinCEN reporting requirements for high-value goods transactions
- Maintain records as required by law in connection with reportable transactions
What We Collect
For the purposes of identity verification, we may collect the following categories of information from sellers and qualifying buyers:
- Government-issued photo identification (e.g., passport, driver’s license, or national identity card)
- Proof of address (e.g., utility bill or bank statement dated within 90 days)
- Full legal name, date of birth, and nationality
- Business registration documents, where applicable (for professional or trade sellers)
Note: Government-issued identification is considered sensitive personal information under the CCPA and equivalent state privacy laws. We treat this data with heightened care and access controls.
How We Use and Store Identity Information
- Purpose limitation: Identity documents are used solely for verification, fraud prevention, and regulatory compliance. They are not used for marketing or shared with third parties except as required by law.
- Access controls: Access to identity documents is restricted to authorized personnel only, on a strict need-to-know basis.
- Secure storage: Identity documents are stored in encrypted form on access-controlled systems. We do not store physical copies.
- Retention: Verified identity documents are retained for a minimum of five years following the conclusion of the relevant transaction or account closure, as required under applicable anti-money laundering regulations. After this period, documents are securely deleted or permanently anonymized.
Third-Party Verification Services
We may use trusted third-party identity verification service providers to assist with the KYC process. These providers are contractually bound to process identity data solely for verification purposes and may not use it for any other purpose. We will update this Policy if the identity of our verification provider changes.
Refusal of Service
GEMGEM reserves the right to refuse, suspend, or terminate access to our platform for any user who declines to complete identity verification when required, or where verification cannot be successfully completed. This is a necessary measure to protect all parties on the platform and to maintain our regulatory standing.
13. Contact Us
For any questions regarding this Privacy Policy or to exercise your privacy rights, please contact us at:
Privacy requests: [email protected]
General inquiries: [email protected]
GEMGEM Inc.592 5th Avenue, #5B
New York, NY 10036
United States
We aim to respond to all privacy inquiries within 5 business days. For CCPA requests, we will acknowledge receipt within 10 business days and provide a substantive response within 45 calendar days.
