Privacy policy

Last updated: April 16, 2026

Havelay operates this store and website, including all related information, content,
features, tools, products and services, to provide you with a curated shopping experience
(the "Services"). Havelay is powered by Shopify, which enables us to provide the Services
to you. This Privacy Policy describes how we collect, use, and disclose your personal
information when you visit, use, or make a purchase or other transaction using the
Services or otherwise communicate with us. If there is a conflict between our Terms of
Service and this Privacy Policy, this Privacy Policy controls with respect to the
collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services,
you acknowledge that you have read this Privacy Policy and understand the collection,
use, and disclosure of your information as described here.

Personal Information We Collect or Process

When we use the term "personal information," we are referring to information that
identifies or can reasonably be linked to you or another person. Personal information
does not include information that is collected anonymously or that has been
de-identified. We may collect or process the following categories of personal
information, depending on how you interact with the Services, where you live, and as
permitted or required by applicable law:

  Contact details including your name, billing address, phone number, and email address.
  Financial information including credit card, debit card, and financial account
    numbers, payment card information, transaction details, form of payment, and
    payment confirmation. This information is collected and processed by Shopify
    Payments and our payment processors. We do not store your full card details on
    our own servers.
  Quiz responses including the answers you provide during our fitness quiz (such as
    your goals, activity level, equipment access, dietary preferences, and any
    photograph you choose to upload for plan personalization).
  Transaction information including the items you purchase and your past transactions.
  Communications with us including the information you include in communications with
    us, for example, when sending a customer support inquiry.
  Device information including information about your device, browser, or network
    connection, your IP address, and other unique identifiers.
  Usage information including information regarding your interaction with the Services,
    including how and when you interact with or navigate the Services.

Personal Information Sources

We may collect personal information from the following sources:

  Directly from you when you take our quiz, make a purchase, communicate with us, or
    otherwise provide us with your personal information.
  Automatically through the Services including from your device when you use our
    services or visit our website, and through the use of cookies and similar
    technologies.
  From our service providers including when we engage them to enable certain
    technology and when they collect or process your personal information on our behalf.
  From our partners or other third parties including advertising and analytics
    platforms.

How We Use Your Personal Information

Depending on how you interact with us or which of the Services you use, we may use
personal information for the following purposes:

  Provide, Tailor, and Improve the Services. We use your personal information to
    provide the Services, process your payments, generate your personalized 12-week
    fitness plan based on your quiz answers, deliver your plan files, send you related
    notifications, and maintain your access to your files.
  Marketing and Advertising. We use your personal information for marketing and
    promotional purposes, such as to send recovery and engagement emails related to
    your purchase, and to show you online advertisements on other websites including
    based on your activity on the Services.
  Security and Fraud Prevention. We use your personal information to provide a secure
    payment and shopping experience, detect, investigate or take action regarding
    possible fraudulent, illegal, unsafe, or malicious activity, protect public safety,
    and secure our services.
  Communicating with You. We use your personal information to provide you with
    customer support and to be responsive to you.
  Legal Reasons. We use your personal information to comply with applicable law or
    respond to valid legal process, including requests from law enforcement or
    government agencies, and to enforce our terms and policies.

AI Content Disclosure

We use artificial intelligence to help generate parts of your personalized plan
experience. Specifically, the "after" photo shown on the transformation page, if you
choose to upload one, is created using AI image generation based on your uploaded
photograph. This image is an illustration of a potential outcome and is not a
prediction or guarantee of your actual results. Individual results depend on
consistency, effort, diet, genetics, and other factors.

We will retain and disclose AI-generated content as required by applicable laws,
including California AB 853.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties
for legitimate purposes subject to this Privacy Policy. The main categories of
recipients are:

  Shopify — hosts our store, processes payments, and handles cart and checkout
    functionality.
  Resend — sends our transactional and marketing emails on our behalf.
  Supabase — provides secure database hosting for our customer, quiz, and order data.
  Cloudflare — provides DNS, CDN, and file storage (R2) for our plan files and images.
  Anthropic and Google — provide the AI models used to generate plan content and
    photo transformations during the quiz experience.
  Meta (Facebook and Instagram) — receives event data such as quiz completions and
    purchases so we can measure and optimize our advertising.
  Microsoft Clarity — provides session replay and heatmap analytics to help us
    improve the user experience on our website.
  Sentry and PostHog — provide error tracking and product analytics.
  Our business and marketing partners more generally, who will use your information
    in accordance with their own privacy notices. Depending on where you reside, you
    may have a right to direct us not to share information about you to show you
    targeted advertisements and marketing based on your online activity with
    different merchants and websites.
  Legal and safety recipients, such as law enforcement, regulators, and our legal
    advisors, in connection with a subpoena, court order, or similar request, or to
    enforce our terms or protect our rights.
  In connection with a business transaction such as a merger or acquisition, to
    comply with any applicable legal obligations, and to protect or defend the
    Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information
about your access to and use of the Services in order to provide and improve the
Services for you. Information you submit to the Services will be transmitted to and
shared with Shopify as well as third parties that may be located in countries other
than where you reside. In addition, to help protect, grow, and improve our business,
we use certain Shopify enhanced features that incorporate data from your interactions
with our store, along with other merchants and with Shopify. In these circumstances,
Shopify is responsible for the processing of your personal information, including for
responding to your requests to exercise your rights over use of your personal
information for these purposes. To learn more, see the Shopify Consumer Privacy Policy.

Third Party Websites and Links

The Services may provide links to websites or other online platforms operated by
third parties. If you follow links to sites not affiliated or controlled by us, you
should review their privacy and security policies and other terms and conditions.
We do not guarantee and are not responsible for the privacy or security of such
sites.

Children's Data

The Services are not intended to be used by children, and we do not knowingly collect
any personal information about children under the age of majority in your jurisdiction.
If you are the parent or guardian of a child who has provided us with their personal
information, you may contact us at support@havelay.com to request that it be deleted.
We do not knowingly "share" or "sell" (as those terms are defined in applicable law)
personal information of individuals under 16 years of age.

Security and Retention of Your Information

Please be aware that no security measures are perfect or impenetrable, and we cannot
guarantee "perfect security." Any information you send to us may not be secure while
in transit. We recommend that you do not use unsecure channels to communicate
sensitive or confidential information to us.

How long we retain your personal information depends on different factors, such as
whether we need the information to provide you with ongoing access to your plan,
comply with legal obligations, resolve disputes, or enforce other applicable
contracts and policies.

Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in
relation to your personal information. However, these rights are not absolute and, in
certain cases, we may decline your request as permitted by law.

  Right to Access / Know. You may have a right to request access to personal
    information that we hold about you.
  Right to Delete. You may have a right to request that we delete personal
    information we maintain about you.
  Right to Correct. You may have a right to request that we correct inaccurate
    personal information we maintain about you.
  Right of Portability. You may have a right to receive a copy of the personal
    information we hold about you and to request that we transfer it to a third party,
    in certain circumstances and with certain exceptions.
  Managing Communication Preferences. We may send you promotional emails, and you can
    opt out at any time by using the unsubscribe option in our emails. If you opt out,
    we may still send you non-promotional emails, such as those about orders you have
    made.

You may exercise any of these rights by contacting us at support@havelay.com. We will
not discriminate against you for exercising any of these rights. We may need to verify
your identity before we can process your request. In accordance with applicable laws,
you may designate an authorized agent to make requests on your behalf.

California residents: you have additional rights under the California Consumer Privacy
Act including the right to know, the right to delete, the right to correct, and the
right to opt out of the sale or sharing of your personal information. To exercise any
of these rights, email us at support@havelay.com.

Australian residents: the Australian Privacy Act 1988 and the Australian Privacy
Principles apply to your personal information in addition to the above. You can lodge
a complaint with the Office of the Australian Information Commissioner if you believe
we have not handled your personal information in accordance with the Act.

Complaints

If you have complaints about how we process your personal information, please contact
us at support@havelay.com. Depending on where you live, you may have the right to
appeal our decision or lodge your complaint with your local data protection authority.

International Transfers

Please note that we may transfer, store, and process your personal information outside
the country you live in. If we transfer your personal information out of the European
Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms
like the European Commission's Standard Contractual Clauses, or any equivalent
contracts issued by the relevant competent authority of the UK, unless the data
transfer is to a country that has been determined to provide an adequate level of
protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to
our practices or for other operational, legal, or regulatory reasons. We will post
the revised Privacy Policy on this website, update the "Last updated" date, and
provide notice as required by applicable law.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or if
you would like to exercise any of the rights available to you, please email us at
support@havelay.com.

Havelay is a brand operated by Dhaka Co (ABN 89 224 504 274), a business registered in Victoria, Australia.