Privacy policy.

OPIKJEWELS handles the personal information of its clients with the same discretion it applies to its stones. This policy explains what we collect, why, and the rights you hold.

Last updated: 13 May 2026 · Effective: 13 May 2026

1 · Who we are

OPIKJEWELS ("we", "our", "the Maison") is a luxury gemstone house with its registered office in Jakarta, Indonesia. For the purposes of EU GDPR and Indonesia's UU 27/2022 (Personal Data Protection Law), OPIKJEWELS is the data controller for the personal information described in this policy.

2 · What we collect

• Identity data — name, photo ID, proof of address (for KYC on orders above USD 50,000)
• Contact data — email, phone, shipping address
• Financial data — payment method, card token via Stripe / PayPal (we never see your full card number)
• Transactional data — your purchase history, wishlist, auction bids, certificate verifications
• Technical data — IP address, browser type, device, language, anonymised cookie identifiers
• Marketing data — your communication preferences and consent records

3 · Why we use it

• To fulfil your order, ship your stone, and provide warranty / aftercare
• To comply with KYC, anti-money-laundering, and export-control obligations
• To send transactional emails (receipts, shipping updates, certificate notifications)
• To send curated marketing communications — only with your explicit opt-in
• To protect against fraud, account abuse, and platform misuse
• To improve our website, conversion funnel, and concierge experience

4 · Who we share with

We share the minimum data required to deliver your order with the following carefully-vetted processors: Stripe (payments), PayPal (payments), Resend (transactional email), Cloudinary (image hosting), Brink's / Malca-Amit / Ferrari Group / DHL / FedEx (secured shipping & insurance), our certified gemological partners (GIA / SSEF / Gübelin / AGL / GRS / Lotus), and Anthropic / OpenAI (AI gemologist conversations). We never sell your personal data — full stop.

5 · Cookies & tracking

We use first-party cookies for authentication (your login session), shopping preferences (your currency and language), and analytics (PostHog). With your consent, we also use third-party advertising pixels — Meta (Facebook / Instagram) and TikTok — to measure ad campaign performance. You can decline these in your browser settings.

6 · International transfers

Because OPIKJEWELS serves clients in 175+ countries and uses global infrastructure, your data may be processed in Indonesia, the United States, the European Union, and Singapore. All transfers are protected by Standard Contractual Clauses (where applicable) and equivalent technical safeguards.

7 · How long we keep it

• Order and warranty records — 10 years (Indonesian commercial law requirement)
• KYC documentation — 7 years (AML obligation)
• Marketing data — until you unsubscribe + 30-day grace period
• Website analytics — 26 months in anonymised form

8 · Your rights

Under GDPR and UU PDP Indonesia you have the right to: access the data we hold on you, correct inaccurate data, request deletion (subject to legal retention obligations), restrict or object to processing, port your data to another service, and withdraw consent at any time. To exercise any of these rights, write to info@opikjewels.com with the subject line "Privacy request — [your right]". We respond within 30 calendar days.

9 · Children

Our services are not directed at, nor offered to, persons under 18 years of age. We do not knowingly collect personal data from minors.

10 · Changes to this policy

We may update this policy from time to time. The version date at the top of this page reflects the most recent revision. Material changes are announced by email at least 14 days before they take effect.