Privacy policy

Last Updated: April 26, 2026

This Privacy Policy describes how we collect, use, disclose, and safeguard your Personal Information when you visit or make a purchase from our website. It also explains your rights under applicable privacy laws, including the California Privacy Rights Act (CPRA).

By accessing or using our Website and Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

"You" Means the individual accessing or using the Service, or the company or legal entity on whose behalf such individual accesses or uses the Service.

"Company," "We," "Us," or "Our" Refers to Leonor Greyl USA, 1320 Industrial Avenue, Suite B1, Petaluma, CA 94952.

"Website" Refers to Leonor Greyl USA, available at https://www.leonorgreyl-usa.com.

"Service" Refers to the Website and any related features, including e-commerce functionality, user accounts, and communication tools.

"Personal Information" or "Personal Data" Information that identifies, relates to, describes, or could reasonably be linked to an individual.

"Sensitive Personal Information" (SPI) As defined under CPRA, includes account log-in credentials, precise geolocation, financial information, etc.

"Service Provider" A third party who processes Personal Information on behalf of the Company.

"Cookies" Small files placed on your device that store information about your browsing activity.

"Usage Data" Automatically collected technical data such as IP address, device type, browsing behavior, and analytics metrics.

2. Types of Information We Collect

In order to better provide you with our numerous services, we collect two types of information about our users: Personally Identifiable Information and Nonpersonally Identifiable Information. Our primary goal in collecting information from you is to provide you with a smooth, efficient, and customized experience while using our site.

Personally Identifiable Information refers to information that lets us know the specifics of who you are. When you engage in certain activities on this site, such as registering for a membership, ordering a product or service, submitting a contact or consultation form, entering a contest or sweepstakes, filling out a survey, or sending us feedback, we may ask you to provide certain information about yourself. It is completely optional for you to engage in these activities. If you elect to engage in these activities, however, we may ask that you provide us personal information, such as your first and last name, mailing address (including zip code), email address, employer, job title and department, telephone and facsimile numbers, and other personal identifying information. When ordering products or services on the site, you may be asked to provide a credit card number. Depending upon the activity, some of the information we ask you to provide is identified as mandatory and some as voluntary. If you do not provide the mandatory data with respect to a particular activity, you will not be able to engage in that activity.

Nonpersonally Identifiable Information refers to information that does not by itself identify a specific individual. We gather certain information about you based upon where you visit on our site in several ways. This information is compiled and analyzed on both a personal and an aggregated basis. This information may include the Web site's Uniform Resource Locator ("URL") that you just came from, which URL you next go to, what browser you are using, and your Internet Protocol ("IP") address.

A. Personally Identifiable Information You Provide

When using our Website or purchasing products, we may collect:

  • First and last name
  • Email address
  • Billing and shipping address
  • Phone number
  • Account username
  • Order information (products purchased, transaction amounts)
  • Payment details processed through third-party payment processors
  • Customer service communications
  • Birthday (if provided for loyalty program enrollment)
  • Responses submitted through our contact, consultation, and partner application forms

You may optionally create a user account and participate in our loyalty and rewards program.

B. Automatically Collected Information

We collect Usage Data when you browse or interact with the Website. This includes:

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Referring URLs
  • Pages viewed and time spent
  • Error logs
  • Device identifiers
  • Approximate location

This data is collected through:

  • Cookies
  • Shopify platform infrastructure
  • Cloudflare CDN/firewall tools
  • Google Analytics 4 (GA4)
  • Google Tag Manager
  • Meta (Facebook) Pixel

C. Cookies and Tracking Technologies

When you use our site we will store cookies on your computer in order to facilitate and customize your use of our site. A cookie is a small data text file which a Web site stores on your computer's hard drive (if your Web browser permits) that can later be retrieved to identify you to us. The cookies make your use of the site easier, make the site run more smoothly, and help us to maintain a secure site. You are always free to decline our cookies if your browser permits, but some parts of our site may not work properly in that case.

We may use an outside ad serving company to display banner advertisements on our site. As part of their service, they will place a separate cookie on your computer. We will not provide any third-party ad server with any of your Personally Identifiable Information or information about your purchases. We and our third-party ad server will collect and use Nonpersonally Identifiable Information about you, such as your IP address, browser type, the server your computer is logged onto, the area code and zip code associated with your server and whether you responded to a particular ad.

Cookies used:

Essential Cookies — Required for the Website to function (e.g., Shopify checkout, account login, security).

Functional Cookies — Remember preferences such as login state or cart contents.

Analytics Cookies (GA4) — Used to understand how visitors use the Website. GA4 does not log IP addresses by default.

Advertising Cookies — Used by:

  • Meta (Facebook) Pixel

These cookies enable interest-based advertising and retargeting.

You can control Cookies via your browser settings or via the cookie consent tool available on our Website.

3. Collection Methods and Use of Information

We do not collect any Personally Identifiable Information about you unless you voluntarily provide it to us. You provide certain Personally Identifiable Information to us when you: (a) register for our services and register your email address with us; (b) enter sweepstakes or contests sponsored by us or one of our partners; (c) sign up for special offers from selected third parties; (d) send email messages, submit forms, or transmit other information by telephone or letter; or (e) submit your credit card or other payment information when ordering and purchasing products and services on our site. We may also collect information from you at other points on our site that state that such information is being collected.

In addition, we may also collect, or our third-party ad server and/or content server may collect, certain Nonpersonally Identifiable Information. This information is ultimately stored in the form of store categories and, in some cases, specific URLs. We use your IP address to diagnose problems with our servers, software, to administer our site, and to gather demographic information.

We will primarily use your Personally Identifiable Information to provide our services to you, as required by our agreements with you. We will also use Personally Identifiable Information to enhance the operation of our site, fill orders, improve our marketing and promotional efforts, statistically analyze site use, improve our product and service offerings, and customize our site's content, layout, and services. We may use Personally Identifiable Information to deliver information to you and to contact you regarding administrative notices. We may also use Personally Identifiable Information to resolve disputes, troubleshoot problems, and enforce our agreements with you, including our Site Terms of Use, Sales Terms and Conditions, and this Privacy Policy.

4. How We Use Your Information

A. We use Personal Information for the following purposes:

  • To provide and maintain our Website and e-commerce functionality
  • To process orders and payments
  • To manage user accounts
  • To provide customer support
  • To communicate with you about orders, updates, and marketing (if you opt in)
  • To send newsletters and marketing emails through Klaviyo
  • To administer our loyalty and rewards program (Loyoly), including birthday offers if you have provided your birthday
  • To enhance security and prevent fraud
  • To perform analytics and improve our Website
  • To display personalized ads on third-party platforms
  • To comply with legal obligations

B. Shopify and E-Commerce Operations

Our Website is powered by Shopify. When you place an order, Shopify stores:

  • Name
  • Billing and shipping details
  • Email
  • Phone number
  • Products purchased
  • Order history
  • IP address (fraud prevention)

We share this information with:

  • Payment processors: Shopify Payments, PayPal, Amazon Pay, Afterpay
  • Shipping carriers and fulfillment providers
  • Email marketing (Klaviyo) for transactional and optional marketing emails

Data Retention (Shopify)

  • Order information: retained indefinitely (for tax, fraud, and accounting purposes)
  • User accounts: retained until you request deletion
  • Analytics data: retained per GA4 retention settings (typically 14 months unless otherwise configured)

5. Security of Information

At our site you can be assured that your Personally Identifiable Information is secure, consistent with current industry standards. The importance of security for all Personally Identifiable Information associated with our users is of utmost concern to us. Your Personally Identifiable Information is protected in several ways. Access by you to your Personally Identifiable Information is available through your account login. We recommend that you do not share your login credentials with anyone.

Personal information that you provide that is not Personally Identifiable Information also resides on a secure server and is only accessible via password. In order to most efficiently serve you, credit card transactions and order fulfillment are handled by established third-party banking, processing agents, and distribution institutions. They receive the information needed to verify and authorize your credit card or other payment information and to process and ship your order.

Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your Personally Identifiable Information, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through this site cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.

6. Privacy Policies of Third-Party Sites

Except as otherwise discussed in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. Other sites accessible through our site have their own privacy policies and data collection, use, and disclosure practices. Please consult each site's privacy policy. We are not responsible for the policies or practices of third parties. Additionally, other companies which place advertising on our site may collect information about you when you view or click on their advertising through the use of cookies. We cannot control this collection of information. You should contact these advertisers directly if you have any questions about their use of the information that they collect.

7. Payment Processing

We use third-party processors for secure payments:

  • Shopify Payments
  • PayPal
  • Amazon Pay
  • Afterpay

We do not store payment card numbers on our servers. Payment processors handle all sensitive financial details under PCI-DSS security standards.

8. Third-Party Services We Use

We use the following services, each governed by their own privacy policies:

  • Shopify (e-commerce platform and infrastructure)
  • Cloudflare (CDN, firewall, DDoS protection)
  • Google Analytics 4 (site analytics)
  • Google Tag Manager (tag management)
  • Google Fonts (web typography — Poppins)
  • Meta (Facebook) Pixel (advertising and retargeting)
  • Klaviyo (email marketing and transactional communications)
  • Loyoly (loyalty and rewards program, including birthday offers)
  • Judge.me (product reviews)
  • Complianz (cookie consent and privacy compliance)
  • Vidjet (video analytics — tracks video view metrics)
  • Instafeed (displays our Instagram feed — no personal data collected from visitors)
  • UpPromote (affiliate program management)
  • Stockist (store locator)
  • ReturnGO (customer-initiated return requests)

These providers may process Personal Information to perform their functions.

9. Hosting Provider (Shopify)

Our Website is hosted on Shopify's platform. Shopify automatically collects:

  • IP addresses
  • Error logs
  • Security logs
  • Server-level analytics

These logs are retained per Shopify's internal policies and used for performance and security. For more information, see Shopify's Privacy Policy at https://www.shopify.com/legal/privacy.

Additionally, our site uses Cloudflare for CDN, security, and DDoS protection. Cloudflare may process IP addresses and network traffic data as part of its service.

10. Legal Basis for Processing (GDPR-Style Disclosure)

Even though we operate in the U.S., we provide these disclosures for transparency. We process data under the following legal bases:

  • Contract performance (order processing, account access)
  • Legitimate interests (fraud prevention, site improvement, analytics)
  • Consent (email marketing, advertising cookies, birthday program enrollment)
  • Legal obligation (tax and accounting records)

11. Data Transfers

We may transfer information to servers located outside your state or country. We utilize reasonable safeguards such as contractual protections and secure transmission technologies as further explained below.

A. Cross-Border Transfers of Personal Information

We are headquartered in the United States and may transfer, store, and process Personal Information in the United States and in other countries where we or our service providers, contractors, or affiliates operate. These jurisdictions may have data protection laws that differ from, and in some cases may be less protective than, those in your country or state of residence, including the European Economic Area ("EEA"), the United Kingdom ("UK"), and the State of California.

B. For California Residents

If you are a California resident, your Personal Information may be transferred to, stored, or processed outside of California and outside of the United States for legitimate business purposes. We disclose Personal Information only as described in this Privacy Policy and in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CPRA").

When we transfer Personal Information to service providers, contractors, or third parties located outside the United States, we implement reasonable and appropriate safeguards designed to protect such information, including:

  • Entering into written agreements that limit the use of Personal Information to specified business purposes and require compliance with applicable privacy laws;
  • Requiring recipients to provide the same level of privacy protection required by CPRA;
  • Implementing administrative, technical, and physical security measures appropriate to the nature of the information.

We do not sell or share Personal Information except as described in this Privacy Policy, and any such disclosures are subject to contractual restrictions consistent with California law.

C. Further Protections

Regardless of your location, we take steps designed to ensure that Personal Information is handled securely and in accordance with this Privacy Policy. These measures may include data minimization, access controls, encryption, and vendor due diligence. In some cases, we may store or process certain Personal Information within specific regions to comply with legal or contractual requirements. Transfers within our corporate group are governed by internal agreements designed to ensure a consistent level of data protection.

12. Data Retention by Category (CPRA Requirement)

Data Type Retention Period
Order information Indefinitely (required for accounting/legal)
User accounts Until deleted by user
Marketing email data Until unsubscribed
Analytics data (GA4) 14 months (or per current GA4 configuration)
Server/security logs Per Shopify's and Cloudflare's schedules
Cookies Varies by cookie type (session or persistent)

13. Release of Information

We do not sell, trade, or rent your Personally Identifiable Information to others. We do provide some of our services through contractual arrangements with affiliates, service providers, partners, and other third parties. We and our service partners use your Personally Identifiable Information to operate our sites and to deliver their services. For example, we must release your credit card information to the card-issuing bank to confirm payment for products and services purchased on this site; release your address information to the delivery service to deliver products that you ordered; and provide order information to third parties that help us provide customer service.

We will encourage our service partners to adopt and post privacy policies. However, the use of your Personally Identifiable Information by our service partners is governed by the privacy policies of those service partners and is not subject to our control.

Occasionally we may be required by law enforcement or judicial authorities to provide Personally Identifiable Information to the appropriate governmental authorities. We will disclose Personally Identifiable Information upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.

We may also provide Nonpersonally Identifiable Information about our customers' sales, traffic patterns, and related site information to third-party advertisers, but these statistics do not include any Personally Identifiable Information.

14. Disclosure of Personal Information

We may share information with:

  • Service providers
  • Payment processors
  • Advertising partners
  • Hosting providers
  • Shipping carriers
  • Analytics providers
  • Affiliates
  • Legal authorities (when required)

We do not sell Personal Information in the traditional sense. However, cross-context behavioral advertising is considered "sharing" under CPRA.

15. CPRA Privacy Rights (California)

If you are a California resident, you have the following rights:

A. Right to Know

Request disclosure of:

  • Categories of Personal Information collected
  • Categories of sources
  • Purposes for collection
  • Categories of third parties who receive your data
  • Specific pieces of Personal Information collected

B. Right to Delete

Request deletion of your Personal Information, with certain legal exceptions.

C. Right to Correct

Request correction of inaccurate Personal Information.

D. Right to Limit Use of Sensitive Personal Information

We do not use Sensitive Personal Information for purposes requiring an opt-out under CPRA.

E. Right to Opt-Out of "Sharing" for Advertising

You may opt out of cross-context behavioral advertising.

F. Right to Non-Discrimination

You will not be penalized for exercising your rights.

How to Exercise Your CPRA Rights

You may update your Personally Identifiable Information in your account online at any time. You may also access and correct your personal information and privacy preferences by contacting us:

  • By phone: (866) 473-9587 or (707) 763-1234
  • Via the Website's "Do Not Sell or Share My Personal Information" link
  • Via email: info@leonorgreyl-usa.com

Please include your name, address, and/or email address when you contact us. We will verify your request before processing it.

We encourage you to promptly update your Personally Identifiable Information if it changes. You may ask to have the information on your account deleted or removed; however, because we keep track of past transactions, you cannot delete information associated with past transactions on this site. In addition, it may be impossible to completely delete your information without some residual information because of backups.

16. Do Not Track (DNT)

Our Website does not respond to DNT signals, but third-party platforms may allow you to opt out of personalized ads.

17. Children's Privacy

Our Services are not intended for use by children under the age of 13 (or under 16 for California residents). We do not knowingly collect personal information from children in these age groups.

Under 13: In compliance with the Children's Online Privacy Protection Act (COPPA), if we learn that we have collected personal information from a child under age 13 without verifiable parental consent, we will delete that information as quickly as possible.

Under 16 (California Residents): Under the California Consumer Privacy Act (CCPA), we do not sell or share the personal information of consumers we actually know are less than 16 years of age.

If you believe that we might have any information from or about a child under these ages, please contact us at info@leonorgreyl-usa.com so we can take immediate action to delete it.

18. Links to Third-Party Websites

We are not responsible for the privacy practices of third-party websites we link to.

19. Changes to This Policy

We may update this Privacy Policy at any time. The "Last Updated" date reflects the most recent version.

20. Contact Us

If you have questions regarding this Privacy Policy, you may contact us:

  • Phone: (866) 473-9587 or (707) 763-1234
  • Email: info@leonorgreyl-usa.com
  • Mail: Leonor Greyl USA, 1320 Industrial Avenue, Suite B1, Petaluma, CA 94952