SPRING REFRESHSAVE UP TO 20% ON SELECT PRODUCTS       |     SPECIAL OFFERS

Search

Privacy Policy

Last Updated: March 18, 2026

This Privacy Policy describes how we collect, use, disclose, and safeguard your Personal Information when you visit or make a purchase from our website. It also explains your rights under applicable privacy laws, including the California Privacy Rights Act (CPRA).

By accessing or using our Website and Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

“You”

Means the individual accessing or using the Service, or the company or legal entity on whose behalf such individual accesses or uses the Service.

“Company”, “We”, “Us”, or “Our”

Refers to Leonor Greyl USA, 1320 Industrial Avenue, Suite B1, Petaluma, CA 94952.

“Website”

Refers to Leonor Greyl USA, available at https://www.leonorgreyl-usa.com.

“Service”

Refers to the Website and any related features, including e-commerce functionality, user accounts, and communication tools.

“Personal Information” or “Personal Data”

Information that identifies, relates to, describes, or could reasonably be linked to an individual.

“Sensitive Personal Information” (SPI)

As defined under CPRA, includes account log-in credentials, precise geolocation, financial information, etc.

“Service Provider”

A third party who processes Personal Information on behalf of the Company.

“Cookies”

Small files placed on your device that store information about your browsing activity.

“Usage Data”

Automatically collected technical data such as IP address, device type, browsing behavior, and analytics metrics.

2. Types of Information We Collect

In order to better provide you with our numerous services, we collect two types of information about our users: Personally Identifiable Information and Nonpersonally Identifiable Information. Our primary goal in collecting information from you is to provide you with a smooth, efficient, and customized experience while using our site.

 

Personally Identifiable Information: This refers to information that lets us know the specifics of who you are. When you engage in certain activities on this site, such as registering for a membership, ordering a product or service, submitting content and/or posting content in discussion forums or other public areas, entering a contest or sweepstakes, filling out a survey, or sending us feedback, we may ask you to provide certain information about If you yourself by filling out and submitting an online form. It is completely optional for you to engage in these activities. elect to engage in these activities, however, we may ask that you provide us personal information, such as your first and last name, mailing address (including zip code), email address, employer, job title and department, telephone and facsimile numbers, and other personal identifying information. When ordering products or services on the site, you may be asked to provide a credit card number. Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a particular activity, you will not be able to engage in that activity.

 

Nonpersonally Identifiable Information: This refers to information that does not by itself identify a specific individual. We gather certain information about you based upon where you visit on our site in several ways. This information is compiled and analyzed on both a personal and an aggregated basis. This information may include the Web site’s Uniform Resource Locator (“URL”) that you just came from, which URL you next go to, what browser you are using, and your Internet Protocol (“IP”) address. A URL is the global address of documents and other resources on the World Wide Web. An IP address is an identifier for a computer or device on a Transmission Control Protocol/Internet Protocol (“TCP/IP”) network, such as the World Wide Web. Networks like the Web use the TCP/IP protocol to route information based on the IP address of the destination. In other words, an IP address is a number that is automatically assigned to your computer whenever you are surfing the web, allowing web servers to locate and identify your computer. Computers require IP addresses in order for users to communicate on the Internet.

A. Personally Identifiable Information (herein, “ Personal Information ” or “Personally Identifiable Information”) you Provide.

When using our Website or purchasing products, we may collect:

  • First and last name
  • Email address
  • Billing and shipping address
  • Phone number
  • Account username and password
  • Order information (products purchased, transaction amounts)
  • Payment details processed through third-party payment processors
  • Customer service communications
  • Comments submitted through the Website

You may optionally create a user account and participate in commenting features.

B. Automatically Collected Information

We collect Usage Data when you browse or interact with the Website. This includes:

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Referring URLs
  • Pages viewed and time spent
  • Error logs
  • Device identifiers
  • Approximate location

This data is collected through:

  • Cookies
  • Server logs (Pressable hosting)
  •  Cloudflare CDN/firewall tools
  • Google Analytics 4 (GA4)
  • Tag Manager containers
  • Security tools such as reCAPTCHA

C. Cookies and Tracking Technologies

When you use our site we will store cookies on your computer in order to facilitate and customize your use of our site. A cookie is a small data text file, which a Web site stores on your computer’s hard drive (if your Web browser permits) that can later be retrieved to identify you to us. Our cookies store randomly assigned user identification numbers, the country where you are located, and your first name to welcome you back to our site. The cookies make your use of the site easier, make the site run more smoothly and help us to maintain a secure site. You are always free to decline our cookies if your browser permits, but some parts of our site may not work properly in that case.

 

We may use an outside ad serving company to display banner advertisements on our site. As part of their service, they will place a separate cookie on your computer. We will not provide any third-party ad server with any of your Personally Identifiable Information or information about your purchases. We and our third party ad server will collect and use Nonpersonally Identifiable Information about you, such as your IP address, browser type, the server your computer is logged onto, the area code and zip code associated with your server and whether you responded to a particular ad. Other advertisers may also place banner ads on our site in the same manner as above, but we will not disclose any Personally Identifiable Information to them

Cookies used: We use the following:

Essential Cookies

Required for the Website to function (e.g., WooCommerce checkout, account login, security).

Functional Cookies

Remember preferences such as login state or language.

Analytics Cookies (GA4)

Used to understand how visitors use the Website.

GA4 does not log IP addresses by default.

Advertising Cookies

Used by:

  • Meta (Facebook) Pixel
  • Pinterest Pixel
  • Google Ads ecosystem (via Tag Manager)

These cookies enable interest-based advertising and retargeting.

You can control Cookies via your browser settings.

3. Collection Methods and Use of Information

We do not collect any Personally Identifiable Information about you unless you voluntarily provide it to us. You provide certain Personally Identifiable Information to us when you: (a) register for our services and register your email address with us; (b) enter sweepstakes or contests sponsored by us or one of our partners; (c) sign up for special offers from selected third parties; (d) send email messages, submit forms or transmit other information by telephone or letter; or (e) submit your credit card or other payment information when ordering and purchasing products and services on our site. We may also collect information from you at other points on our site that state that such information is being collected.

 

In addition, we may also collect, or our third party ad server and/or content server may collect, certain Nonpersonally Identifiable Information. This information is ultimately stored in the form of store categories, and, in some cases, specific URLs. We use your IP address to diagnose problems with our servers, software, to administer our site and to gather demographic information. Our third party ad servers will also provide us with summary, but not individual, reports that will tell us how many ads were presented and clicked upon at out site.

 

We will primarily use your Personally Identifiable Information to provide our services to you, as required by our agreements with you. We will also use Personally Identifiable Information to enhance the operation of our site, fill orders, improve our marketing and promotional efforts, statistically analyze site use, improve our product and service offerings, and customize our site’s content, layout, and services. We may use Personally Identifiable Information to deliver information to you and to contact you regarding administrative notices. We may also use Personally Identifiable Information to resolve disputes, troubleshoot problems and enforce our agreements with you, including our Site Terms of Use, Sales Terms and Conditions, and this Privacy Policy.

4. How We Use Your Information

A. We use Personal Information for the following purposes:

  • To provide and maintain our Website and e-commerce functionality
  • To process orders and payments
  • To manage user accounts
  • To provide customer support
  • To communicate with you about orders, updates, and marketing (if you opt in)
  • To send newsletters through Mailchimp
  • To enhance security and prevent fraud
  • To perform analytics and improve our Website
  • To display personalized ads on third-party platforms
  • To comply with legal obligations

B.  WooCommerce and E-Commerce Operations

When you place an order, WooCommerce stores:

  • Name
  • Billing and shipping details
  • Email
  • Phone number
  • Products purchased
  • Order history
  • IP address (fraud prevention)

We share this information with:

  • Payment processors: PayPal, Authorize.net, Amazon Pay, Afterpay
  • Shipping carriers and fulfillment providers
  • Email marketing (Mailchimp) for transactional and optional marketing emails

Data Retention (WooCommerce)

  • Order information: retained indefinitely (for tax, fraud, and accounting purposes)
  • User accounts: retained until you request deletion
  • Analytics data: retained per GA4 retention settings (typically 14 months unless otherwise configured)

5. Security of Information

At our site you can be assured that your Personally Identifiable Information is secure, consistent with current industry standards. The importance of security for all Personally Identifiable Information associated with our user is of utmost concern to us. Your Personally Identifiable Information is protected in several ways. Access by you to your Personally Identifiable Information is available through a password and unique customer ID selected by you. This password is encrypted. We recommend that you do not divulge your password to anyone. In addition, your Personally Identifiable Information resides on a secure server that only selected Company personnel and contractors have access to via password. We encrypt your Personally Identifiable Information and thereby prevent unauthorized parties from viewing such information when it is transmitted to us.

Personal information that you provide that is not Personally Identifiable Information also resides on a secure server and is only accessible via password. Since this information is not accessible from outside the Company you will not be asked to select a password in order to view or modify such information.

In order to most efficiently serve you, credit card transactions and order fulfillment are handled by established third party banking, processing agents and distribution institutions. They receive the information needed to verify and authorize your credit card or other payment information and to process and ship your order.

Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personally Identifiable Information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.

 

6. Privacy Policies of Third Party Sites

Except as otherwise discussed in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. Other sites accessible through our site have their own privacy policies and data collection, use and disclosure practices. Please consult each site’s privacy policy. We are not responsible for the policies or practices of third parties. Additionally, other companies which place advertising on our site may collect information about you when you view or click on their advertising through the use of cookies. We cannot control this collection of information. You should contact these advertisers directly if you have any questions about their use of the information that they collect.

 

7. Payment Processing

We use third-party processors for secure payments:

  • PayPal
  • Authorize.net
  • Amazon Pay
  • Afterpay

We do not store payment card numbers on our servers.

Payment processors handle all sensitive financial details under PCI-DSS security standards.

8. Third-Party Services We Use

We use the following services, each governed by their own privacy policies:

  • Cloudflare (CDN, firewall, DDoS protection)
  • Google Analytics 4
  • Google Tag Manager
  • Google reCAPTCHA (spam prevention)
  • Google Fonts
  • Meta (Facebook) Pixel
  • Pinterest Pixel
  • Mailchimp (email marketing)
  • Pressable (WordPress hosting)

These providers may process Personal Information to perform their functions.

9. Hosting Provider (Pressable)

Pressable automatically collects:

  • IP addresses
  • Error logs
  • Security logs
  • Server-level analytics

These logs are retained per Pressable’s internal policies and used for performance and security.

10. Legal Basis for Processing (GDPR-Style Disclosure)

Even though we operate in the U.S., we provide these disclosures for transparency.

We process data under the following legal bases:

  • Contract performance (order processing, account access)
  • Legitimate interests (fraud prevention, site improvement, analytics)
  • Consent (email marketing, advertising cookies)
  • Legal obligation (tax and accounting records)

11. Data Transfers

We may transfer information to servers located outside your state or country.

We utilize reasonable safeguards such as contractual protections and secure transmission technologies as further explained below.

A. Cross-Border Transfers of Personal Information.   

We are headquartered in the United States and may transfer, store, and process Personal Information in the United States and in other countries where we or our service providers, contractors, or affiliates operate. These jurisdictions may have data protection laws that differ from, and in some cases may be less protective than, those in your country or state of residence, including the European Economic Area (“EEA”), the United Kingdom (“UK”), and the State of California.

B.  For California Residents

If you are a California resident, your Personal Information may be transferred to, stored, or processed outside of California and outside of the United States for legitimate business purposes. We disclose Personal Information only as described in this Privacy Policy and in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”).

When we transfer Personal Information to service providers, contractors, or third parties located outside the United States, we implement reasonable and appropriate safeguards designed to protect such information, including:

Entering into written agreements that limit the use of Personal Information to specified business purposes and require compliance with applicable privacy laws;

Requiring recipients to provide the same level of privacy protection required by CPRA;

Implementing administrative, technical, and physical security measures appropriate to the nature of the information.

We do not sell or share Personal Information except as described in this Privacy Policy, and any such disclosures are subject to contractual restrictions consistent with California law.

General Safeguards. Regardless of your location, we take steps designed to ensure that Personal Information is handled securely and in accordance with this Privacy Policy. These measures may include data minimization, access controls, encryption, and vendor due diligence.

C.   Further protections include the following:

  • Data Localization Disclosure: In some cases, we may store or process certain Personal Information within specific regions to comply with legal or contractual requirements.
  • Intra-Group Transfers:  Transfers within our corporate group are governed by internal agreements designed to ensure a consistent level of data protection.

12. Data Retention by Category (CPRA Requirement)

Data Type

Retention Period

Order information

Indefinitely (required for accounting/legal)

User accounts

Until deleted by user

Marketing email data

Until unsubscribed

Analytics data (GA4)

14 months (or per current GA4 configuration)

Server/security logs

Per hosting provider’s schedule

Cookies

Varies by cookie type (session or persistent)

13. Release of Information. 

We do not sell, trade, or rent your Personally Identifiable Information to others. We do provide some of our services through contractual arrangements with affiliates, services providers, partners and other third parties. We and our service partners use your Personally Identifiable Information to operate our sites and to deliver their services. For example, we must release your credit card information to the card-issuing bank to confirm payment for products and services purchased on this site; release your address information to the delivery service to deliver products that you ordered; and provide order information to third parties that help us provide customer service.

 

We will encourage our service partners to adopt and post privacy policies. However, the use of your Personally Identifiable Information by our service partners is governed by the privacy policies of those service partners, and is not subject to our control.

Occasionally we may be required by law enforcement or judicial authorities to provide Personally Identifiable Information to the appropriate governmental authorities. We will disclose Personally Identifiable Information upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.

 

We may also provide Nonpersonally Identifiable Information about our customers’ sales, traffic patterns, and related site information to third party advertisers, but these statistics do not include any Personally Identifiable Information.

14. Disclosure of Personal Information

We may share information with:

  • Service Providers
  • Payment processors
  • Advertising partners
  • Hosting providers
  • Shipping carriers
  • Analytics providers
  • Affiliates
  • Legal authorities (when required)

We do not sell Personal Information in the traditional sense.

However, cross-context behavioral advertising is considered “sharing” under CPRA.

15. CPRA Privacy Rights (California)

If you are a California resident, you have the right to:

A. Right to Know

Request disclosure of:

  • Categories of Personal Information collected
  • Categories of sources
  • Purposes for collection
  • Categories of third parties who receive your data
  • Specific pieces of Personal Information collected

B. Right to Delete

Request deletion of your Personal Information, with certain legal exceptions.

C. Right to Correct

Request correction of inaccurate Personal Information.

D. Right to Limit Use of Sensitive Personal Information

We do not use Sensitive Personal Information for purposes requiring an opt-out under CPRA.

E. Right to Opt-Out of “Sharing” for Advertising

You may opt out of cross-context behavioral advertising.

F. Right to Non-Discrimination

You will not be penalized for exercising your rights.

How to Exercise Your CPRA Rights;   Updating and Correcting Information

We believe you should have the ability to access and edit the Personally Identifiable Information that you have provided to us. You may change any of your Personally Identifiable Information in your account online at any time by linking to your account in accordance with instructions posted elsewhere on this site. You may also access and correct your personal information and privacy preferences by writing us at:

  • ·        By phone: (866) 473-9587 or (707) 763-1234
  • ·        Via the Website’s “Do Not Sell or Share My Personal Information” link
  • ·        Via email: info@leonorgreyl-usa.com

Please include your name, address, and/or email address when you contact us.

We will verify your request before processing it.

We encourage you to promptly update your Personally Identifiable Information if it changes. You may ask to have the information on your account deleted or removed; however, because we keep track of past transactions, you cannot delete information associated with past transactions on this site. In addition, it may be impossible to completely delete your information without some residual information because of backups.

16. Do Not Track (DNT)

Our Website does not respond to DNT signals, but third-party platforms may allow you to opt out of personalized ads.

17. Children’s Privacy

Our Services are not intended for use by children under the age of 13 (or under 16 for California residents). We do not knowingly collect personal information from children in these age groups.

Under 13: In compliance with the Children’s Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under age 13 without verifiable parental consent, we will delete that information as quickly as possible.

Under 16 (California Residents): Under the California Consumer Privacy Act (CCPA), we do not sell or share the personal information of consumers we actually know are less than 16 years of age.

If you believe that we might have any information from or about a child under these ages, please contact us at [Insert Email Address] so we can take immediate action to delete it.

18. Links to Third-Party Websites

We are not responsible for the privacy practices of third-party websites we link to.

19. Changes to This Policy

We may update this Privacy Policy at any time.

The “Last Updated” date reflects the most recent version.

20. Contact Us

If you have questions regarding this Privacy Policy, you may contact us:

Phone: (866) 473-9587 or (707) 763-1234