Privacy Policy

Effective Date: November 1, 2025 | Last Updated: November 20, 2025

We respect your privacy and are committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, how we safeguard it, and your rights regarding your data.

1. Information We Collect

We collect the following categories of personal information:

Information You Provide Directly:

  • Account registration information (name, email address, password)
  • Profile information (style preferences, sizes, brand preferences, wardrobe details)
  • Payment information (credit card details, billing address) processed through third-party payment processors
  • Communications with us (customer support inquiries, feedback, survey responses)
  • User-generated content (photos, wardrobe items, reviews, comments)

Information Collected Automatically:

  • Device information (IP address, browser type, operating system, device identifiers)
  • Usage data (pages visited, features used, time spent, click patterns, referring URLs)
  • Location data (general location based on IP address)
  • Cookies and similar tracking technologies (see Cookie Policy below)

Information from Third Parties:

  • Social media profile information if you connect social accounts
  • Information from service providers and partners who assist us in operating our platform
  • Publicly available information related to fashion trends and product availability

2. Legal Basis for Processing (GDPR)

We process your personal information based on the following legal grounds:

  • Consent: When you provide explicit consent for specific processing activities (e.g., marketing communications, optional features)
  • Contract Performance: To provide services you've requested, process transactions, and maintain your account
  • Legitimate Interests: To improve our services, prevent fraud, ensure security, conduct analytics, and operate our business efficiently
  • Legal Obligations: To comply with applicable laws, regulations, legal processes, and governmental requests

3. How We Use Your Information

We use your personal information for the following purposes:

  • To create and manage your account and membership
  • To process transactions, subscriptions, and payment
  • To provide personalized recommendations, styling suggestions, and wardrobe organization
  • To operate AI-powered features including resale optimization and preference analysis
  • To communicate with you about your account, transactions, and service updates
  • To provide customer support and respond to inquiries
  • To improve, personalize, and develop new features and services
  • To conduct analytics and research to understand user behavior and preferences
  • To prevent fraud, ensure security, and protect against unauthorized access
  • To comply with legal obligations and enforce our terms and policies
  • To send marketing communications (with your consent where required)

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers:

We share information with third-party vendors who perform services on our behalf, including:

  • Payment processors (Stripe, PayPal, or similar)
  • Cloud hosting providers (Google Cloud Platform, AWS, or similar)
  • Analytics providers (Google Analytics or similar)
  • Email service providers
  • Customer support platforms
  • AI and machine learning service providers

All service providers are contractually obligated to protect your information and use it only for specified purposes.

Business Transfers:

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction.

Legal Requirements:

We may disclose information when required by law, legal process, or government request, or to protect our rights, property, safety, or that of our users or the public.

With Your Consent:

We may share information with third parties when you provide explicit consent.

Aggregate/De-identified Data:

We may share aggregated or de-identified information that cannot reasonably identify you with partners, researchers, or the public.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Account information: Retained while your account is active and for up to 3 years after account closure
  • Transaction records: Retained for 7 years for tax and accounting purposes
  • Marketing communications preferences: Retained until you withdraw consent
  • Usage and analytics data: Retained for up to 2 years
  • Legal compliance records: Retained as required by applicable law

When we no longer need your information, we will securely delete or anonymize it.

6. International Data Transfers

Our services are operated in the United States. If you are located outside the United States, including in the European Economic Area (EEA) or United Kingdom, your information will be transferred to, stored, and processed in the United States.

For data transferred from the EEA or UK, we implement appropriate safeguards including:

  • Standard Contractual Clauses approved by the European Commission
  • Ensuring service providers comply with applicable data protection frameworks
  • Implementing appropriate technical and organizational security measures

7. Your Privacy Rights

For All Users:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Object: Object to certain processing activities
  • Withdraw Consent: Withdraw consent for processing based on consent at any time

Additional Rights for GDPR (EEA/UK Users):

  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Restrict Processing: Request restriction of processing under certain circumstances
  • Automated Decision-Making: Right not to be subject to decisions based solely on automated processing that significantly affects you
  • Lodge a Complaint: File a complaint with your local data protection authority

Additional Rights for CCPA/CPRA (California Residents):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom information is shared
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of "sales" or "sharing" of personal information (we do not sell personal information)
  • Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (if applicable)
  • Non-Discrimination: Exercise privacy rights without discriminatory treatment

California "Shine the Light" Law: California residents may request information about disclosures of personal information to third parties for direct marketing purposes.

To Exercise Your Rights: Contact us at legal@lavishgains.com or through the contact form on our website. We will respond to verified requests within the timeframes required by applicable law (typically 30-45 days). We may need to verify your identity before processing your request.

Authorized Agents (California): California residents may designate an authorized agent to make requests on their behalf. We require written authorization from you and verification of the agent's identity.

8. Security

We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and updates
  • Employee training on data protection

However, no method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will promptly delete it. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after changes become effective constitutes acceptance of the updated policy. For material changes, we may provide additional notice such as email notification.

11. Cookie Policy

This website uses cookies and similar technologies to improve your experience, analyze traffic, personalize content, and support core platform functionality. Cookies allow us to remember your preferences, understand how you navigate the site, and deliver relevant features and services.

Types of Cookies We Use:

  • Strictly Necessary Cookies: Required for the website to function properly, including authentication, security, and basic functionality
  • Performance/Analytics Cookies: Help us understand how visitors use our site through aggregated statistics (e.g., Google Analytics)
  • Functional Cookies: Remember your preferences and settings to enhance your experience
  • Targeting/Advertising Cookies: May be used to deliver relevant content and advertisements (if applicable)

Cookie Management: You may adjust your browser settings to refuse cookies or alert you when cookies are being placed. Disabling cookies may affect the functionality and performance of the website. We use first party cookies for essential operations and third-party cookies for analytics and performance measurement.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

Your Cookie Consent: By continuing to use this website, you consent to the placement of cookies in your browser in accordance with this policy. EU/UK users will be presented with a cookie consent banner upon first visit, and you may withdraw consent at any time through our cookie preference center.

12. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature. Our website does not currently respond to DNT signals. We will continue to monitor developments in DNT technology and may implement DNT response mechanisms in the future.

13. Contact Information

For legal inquiries, privacy requests, or questions about these policies, you may contact us at legal@lavishgains.com or through the contact form provided on the website.

For GDPR Inquiries: If you are located in the EEA or UK and have concerns about our data practices, you may contact your local data protection authority.

For CCPA Inquiries: California residents may contact us using the methods above to exercise CCRA/CPRA rights. We do not discriminate against users who exercise their privacy rights.