Free shipping on all Amazon picks · Shop our top-rated picks →

Privacy Policy

Last updated: May 2026

Crelooking (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you visit crelooking.com or interact with our content on third-party platforms (YouTube, TikTok, Instagram, Facebook).

1. Data Controller

The data controller responsible for your personal data is:
Crelooking, brand commercially operated by MAMOUMI Zakaria, sole proprietor (entreprise individuelle) established in Bordeaux, France.
SIREN: 883604290 — SIRET: 88360429000022
Contact: [email protected]

2. Information We Collect

We collect the following categories of data:

  • Information you provide directly: name and email address when you submit our contact form, subscribe to our newsletter, or place an order on our store.
  • Automatically collected data: IP address, browser type, device type, operating system, pages visited, referral source, time spent on pages, and similar technical information collected through cookies and analytics tools.
  • Third-party platform data: when you interact with our content on YouTube, TikTok, Instagram, or Facebook, those platforms collect data according to their own policies; we may receive aggregated, non-identifying analytics from those platforms.

3. How We Use the TikTok API

Crelooking integrates with the TikTok API to publish beauty content to our official TikTok channel (@crelooking). This integration uses two TikTok services:

  • Login Kit: lets the account owner authorize Crelooking to act on the connected TikTok account, using the user.info.basic scope.
  • Content Posting API: lets Crelooking upload and publish video files, using the video.upload and video.publish scopes.

Data we receive from TikTok: when authorization is granted, TikTok returns a limited profile object containing the account owner’s display_name and avatar_url. We do not request, collect, or store any other personal information through this API.

How we use this data: the display_name and avatar_url are used solely to confirm the connected account in our internal dashboard. The video.upload and video.publish scopes are used exclusively to post Crelooking’s own AI-augmented beauty videos (with FTC-compliant disclosure) to the connected channel. No third-party content is uploaded.

Retention: OAuth access and refresh tokens are stored encrypted on our server and rotated according to TikTok’s expiration rules (access token: 24 hours; refresh token: 365 days). Profile fields (display_name, avatar_url) are kept only while the connection is active and deleted within 30 days of disconnection.

Your rights: the connected TikTok account owner can revoke our access at any time via TikTok Settings → Privacy → Third-party apps. Revocation immediately invalidates our tokens. To request deletion of any residual profile data on our side, email [email protected] and we will erase it within 30 days, per Section 10 below.

4. How We Use Your Data

We use your personal data to:

  • Respond to your inquiries and provide customer support
  • Send you newsletters and marketing communications (only with your explicit consent)
  • Process and fulfill orders placed on our store
  • Improve our website, content, and product offering through analytics
  • Comply with legal obligations
  • Prevent fraud and protect the security of our services

5. Cookies

We use cookies and similar tracking technologies. You may accept, reject, or configure cookies via our cookie banner on first visit. Essential cookies (required for the site to function) are always active. Analytics and marketing cookies require your consent. You can change your preferences anytime through the “Cookie Preferences” link in our footer.

6. Meta Pixel and Facebook Tracking

We use the Meta Pixel (also known as Facebook Pixel, ID 1329284994174781) to measure the performance of our Meta advertising campaigns and to deliver relevant content to people who have visited our Site.

  • Data collected: IP address, browser and device information, pages viewed on crelooking.com, and standard events (PageView, ViewContent, AddToCart, InitiateCheckout, Purchase, Lead).
  • Purpose: measure ad performance, build custom and lookalike audiences for retargeting, and improve campaign efficiency.
  • Retention: Meta retains pixel events for up to 180 days by default for ads optimization.
  • Opt-out: reject marketing cookies via our cookie banner (see Section 8 below), and adjust your Meta ad preferences at facebook.com/settings?tab=ads.

For more details, see Meta’s Privacy Policy.

7. Google Analytics and Google Ads

We use Google Analytics 4 (GA4) and Google Ads conversion tracking (via the Google Tag, gtag.js) to understand site usage and optimize our advertising.

  • Data collected: anonymized IP address, pages visited, time on page, traffic source, device type, and events such as clicks, scrolls, and purchases.
  • Purpose: aggregate analytics, conversion tracking, audience remarketing, and campaign optimization.
  • Retention: 14 months by default in GA4; conversion data per Google’s standard retention policies.
  • Opt-out: install the official Google Analytics opt-out browser add-on, and reject analytics cookies via our cookie banner.

See Google’s Privacy Policy for more information.

8. Cookie Consent Management (CookieYes)

We use CookieYes as our Consent Management Platform (CMP). On your first visit, a banner asks you to accept, reject, or customize cookies before any non-essential tracking is activated.

  • Cookie categories: strictly necessary (always active), analytics, and marketing.
  • Granular control: you can accept all, reject all, or pick categories individually.
  • Change your mind: click the “Cookie Preferences” link in our footer or reopen the banner at any time to update your consent.
  • Storage: consent choices are kept locally in your browser for up to 12 months and then re-requested.

See CookieYes’s Privacy Policy for details on how the CMP itself handles your consent record.

9. Legal Basis (GDPR)

Under the EU General Data Protection Regulation, we process your data based on:

  • Consent: for newsletters, marketing cookies, and optional features.
  • Contract performance: for order processing and customer service.
  • Legitimate interest: for analytics, fraud prevention, and improving our services.
  • Legal obligation: for tax and accounting records.

10. Your Rights

If you are located in the European Economic Area, you have the right to: access, rectify, erase, restrict processing, port your data, object to processing, and withdraw consent at any time. If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the right to know what personal information we collect, request deletion, opt out of the sale of personal information (we do not sell personal information), and not be discriminated against for exercising your rights.

To exercise any right, contact us at [email protected]. We will respond within 30 days.

11. Data Retention

We retain your personal data only as long as necessary for the purposes described, or as required by law. Contact form data is retained for 3 years. Order data is retained for 10 years (French commercial law). Analytics data is retained for 26 months.

12. Data Sharing and Transfers

We do not sell your personal data. We share data only with service providers strictly necessary to operate our services (hosting, payment processing, analytics, email delivery), under contractual data-protection obligations. Some providers may be located outside the EEA; in such cases, we rely on Standard Contractual Clauses approved by the European Commission.

13. Security

We implement reasonable technical and organizational measures to protect your data: HTTPS encryption, access controls, regular backups, and security audits. No internet transmission is 100% secure, but we work continuously to safeguard your information.

14. Children

Our services are not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from minors. If you believe a minor has provided personal data, contact us and we will delete it.

15. Changes

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. Material changes will be communicated via email or banner.

16. Contact and Complaints

For any privacy-related question, write to [email protected].

If you are in the EU, you may also lodge a complaint with the French data-protection authority (CNIL) at www.cnil.fr.

Shopping Cart
Scroll to Top
Secure Checkout 256-bit SSL
Free Shipping US, UK, CA & AU
30-Day Guarantee Money-back refund
4.9 / 5 Rating Customer reviews

Follow Us

We accept VISA Mastercard AMEX Apple Pay G Pay Klarna