Privacy Policy.

Effective: May 18, 2026 · Last reviewed: May 2026 · Version: 2.1

1. Introduction

In one sentence: We collect what we need to fulfill your order, keep your account secure, and improve the experience — and not a byte more.

Lyssora Inc. ("Lyssora," "we," "us," or "our") operates this website and the Lyssora storefront. We respect your privacy and are committed to handling your personal information with care. This policy explains what we collect, why, how it's stored/shared, and your rights. Contact info@lyssora.com with questions.

2. Information we collect

In one sentence: Order details, contact info, payment data (handled by Shopify), and standard analytics about how you use the site.

Account & order data — Your name, email address, shipping and billing address, phone number (if provided), order history, and any preferences you save to your account.

Payment data — Card numbers and payment details are entered directly into Shopify's secure payment environment. We do not see, store, or have access to your full card details — only the last four digits and card brand for record-keeping.

Communications — Messages you send us via email, contact form, or chat, plus any information you share about preferences, skin concerns, or product feedback when you correspond with our concierge team.

Device & usage data — IP address, browser type, device identifiers, referring pages, pages viewed, time on page, and similar information collected automatically through cookies and analytics tools.

Marketing engagement — Whether you open or click on our emails, interact with our SMS messages, view our ads on Meta or TikTok, or arrive via specific campaigns.

3. How we use information

We use information to:

• Process, ship, and support your orders
• Communicate with you about your account, orders, returns, and concierge requests
• Send marketing emails and SMS, when you've opted in, with content you can unsubscribe from at any time
• Personalise your shopping experience
• Improve our site, products, and editorial content through aggregated analytics
• Detect, prevent, and respond to fraud, abuse, or security incidents
• Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your data to make automated decisions that produce legal or similarly significant effects on you.

4. Shopify & payment processing

In one sentence: Our store runs on Shopify; payments are processed by Shopify Payments and your card details never touch our servers.

Our online store is hosted on Shopify Inc. ("Shopify"). Payments are processed by Shopify Payments, Apple Pay, Google Pay, PayPal, Klarna, and Afterpay. Each adheres to PCI-DSS.

5. Cookies & tracking technologies

Cookies are small data files placed on your device when you visit a website. We use them, plus pixels/beacons/local storage, for these purposes:

Essential — Required to operate the store: keeping items in your cart, remembering your session, processing checkout. These cannot be disabled.

Analytics — Help us understand how visitors use the site (Shopify Analytics, Google Analytics 4) so we can improve it. All analytics data is aggregated and anonymised.

Functionality — Remember your preferences — language, region, recently viewed products.

Advertising — Allow us to show relevant ads on Meta, TikTok, and Google, and to measure how effective those ads are.

6. Advertising & retargeting

In one sentence: We run ads on Meta and TikTok. The pixels they use let us show you Lyssora content if you've visited us — and let us know whether the ads worked.

We use Meta Pixel, TikTok Pixel, Google Ads, and Pinterest Tag to show ads to past visitors, build similar audiences, measure ad spend, and optimise campaigns. Opt out:

• On Meta: in your Facebook Ad Preferences
• On TikTok: under Settings & privacy → Ads
• On Google: through the Google Ads Settings page
• Across the web: at youradchoices.com (US) or youronlinechoices.eu (EU)

7. Email & SMS marketing

When you opt in, we use Klaviyo to send product updates, editorial content from The Lyssora Journal, ritual coaching, and the occasional offer. SMS via Shopify SMS or partner; standard rates may apply. Unsubscribe link in every email; reply STOP to opt out of SMS. Transactional messages continue regardless.

8. Data retention

• Order records — kept for 7 years for tax, accounting, and customer support purposes
• Account data — kept while your account is active, and deleted on request
• Marketing data — kept while you remain subscribed, deleted within 30 days of unsubscribe
• Analytics data — aggregated and retained indefinitely; individual identifiers are deleted within 26 months
• Concierge correspondence — kept for 3 years to support follow-up questions and service cases

9. International users

Lyssora is operated from the United States but ships to forty-seven countries. Data may be transferred to US, EU (Shopify EU data centres), or other regions. For EU/UK/Swiss transfers we rely on Standard Contractual Clauses.

10. Your rights — GDPR & CCPA

In one sentence: You have the right to access, correct, export, or delete your data — and we'll help you do any of those, free of charge.

• Access — request a copy of the personal information we hold about you
• Correction — ask us to correct inaccurate or incomplete information
• Deletion — ask us to delete your personal information ("right to be forgotten")
• Portability — request your data in a structured, machine-readable format
• Restriction — ask us to limit how we process your information
• Objection — object to processing for marketing or legitimate-interest purposes
• Non-discrimination — we won't treat you differently for exercising these rights

Email info@lyssora.com. We respond to verified requests within 30 days.

11. Security measures

• SSL/TLS encryption across the entire site, including all account and checkout pages
• Storage on PCI-DSS compliant infrastructure (Shopify)
• Access controls limiting who on the team can see customer information
• Regular software updates, security audits, and monitoring for suspicious activity
• Two-factor authentication on internal systems

12. Third-party services

E-commerce — Shopify Inc. (store hosting, checkout, order management)
Payments — Shopify Payments, Apple Pay, Google Pay, PayPal, Klarna, Afterpay
Shipping — FedEx, DHL Express, and regional carriers
Email & SMS — Klaviyo for email; Shopify SMS for transactional and marketing messages
Analytics — Shopify Analytics, Google Analytics 4, Hotjar
Advertising — Meta, TikTok, Google Ads, Pinterest
Customer support — Gorgias / Shopify Inbox

13. Children's privacy

Lyssora's products and services are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 16.

14. Updates to this policy

We may update this Privacy Policy from time to time. For material changes we'll notify by email or with a prominent notice on the site at least 14 days before the change takes effect.

15. Contact us

For any privacy or data-rights enquiry: info@lyssora.com

Postal address: Lyssora Inc., 183 Wythe Avenue, Suite 4B, Brooklyn, New York 11249, United States