Koalalane Privacy Policy

Last updated: August 2025

Koalalane (“Koalalane”, “we”, “us”, or “our”) respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit or shop via our websites, mobile sites, apps, and related services that link to this Policy (the “Services”). By using the Services, you agree to the practices described here.

1) Who we are & contact details

Entity: Koalalane (add your legal entity and registered address).

Email: info@koalalane.com

Postal: (Add postal address for privacy inquiries)

2) Information we collect

A. Information you provide

  • Account & profile: name, email, password, phone, addresses, preferences, DOB (optional).
  • Orders & checkout: shipping/billing addresses, contact details, product selections, gift notes.
  • Payments: processed by PCI-compliant partners; we don’t store full card numbers.
  • Customer service: chat, calls, emails, social DMs (may be recorded for quality).
  • Wellness/beauty preferences (optional): goals or sensitivities you share. Do not send clinical records.
  • User content: ratings, reviews, Q&A, photos, social handles.
  • Programs: loyalty, referrals, subscriptions, contests, surveys, events.
  • B2B/wholesale: business contacts, VAT/GST numbers.

B. Information collected automatically

  • Device & usage: IP address, device IDs, browser/OS, pages, clicks, session time, referrers, city/region.
  • Cookies & similar tech: cookies, local storage, pixels, SDKs, beacons.
  • Approximate location: derived from IP; precise location only with device permission.

C. Information from third parties

  • Payment & fraud partners: payment status, risk scores, chargebacks.
  • Logistics: shipping status, delivery confirmations, address corrections.
  • Analytics/ads & social: aggregated audience/ad performance; data per your platform settings.
  • Affiliates/marketplaces: referral/order data when you shop via partners.
  • Data enrichment (limited): accuracy and fraud prevention.

3) Why we use your information (purposes & legal bases)

A. Purposes

  • Provide the Services: accounts, orders, delivery, returns, warranties, subscriptions.
  • Support: respond to questions, resolve issues, process refunds/complaints.
  • Personalization: recommendations and tailored content for fruits & nuts, health/beauty, electronics accessories.
  • Marketing: emails, SMS, push, and online ads subject to your choices.
  • Loyalty & referrals: track points, rewards, and invitations.
  • Security & fraud: authenticate users, protect accounts, investigate activity.
  • Analytics: performance, forecasting, and UX improvements.
  • Legal/compliance: records, tax/audit, product safety, lawful requests.
  • Corporate transactions: due diligence in mergers/financing/sale of assets.

B. Legal bases (EEA/UK/Similar)

  • Contract performance (e.g., to fulfill orders).
  • Legitimate interests (security, analytics, limited direct marketing, fraud prevention).
  • Consent (optional marketing, non-essential cookies, precise location, social login).
  • Legal obligations (tax, accounting, product safety).

4) Cookies & tracking technologies

We use strictly necessary, performance/analytics, functional, and advertising cookies. Manage preferences through our Cookie Banner/Preferences Center, your browser, or platform ad settings. Blocking some cookies may impact functionality.

5) How we share information

We do not sell personal information in the common sense. We share with:

  • Service providers: hosting (Shopify), payments, analytics, messaging, fulfillment, address validation, returns/warranty, fraud prevention.
  • Advertising & social partners: measurement and targeted ads (may be deemed “sharing” in some regions).
  • Logistics carriers: shipping and returns.
  • Business transfers: merger, acquisition, financing, or sale.
  • Legal/safety: comply with law, enforce terms, protect rights and users.
  • With your direction: e.g., publishing reviews or sharing wishlists.

6) International transfers

Your data may be processed in countries other than your own. Where required, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses) with supplementary safeguards.

7) Retention

We retain data only as long as necessary, then delete or anonymize it. Examples: order/tax records 7–10 years; support logs 18–24 months; marketing contacts until you unsubscribe; loyalty history while active plus audit window.

8) Security

We use administrative, technical, and physical safeguards (encryption in transit, access controls, logging). No system is perfectly secure—use a strong, unique password and protect your devices.

9) Your privacy choices

  • Email: click Unsubscribe or manage in your account.
  • SMS: reply STOP (carrier rates may apply).
  • Push notifications: adjust browser/app/device settings.
  • Ads & cookies: use Cookie Preferences and platform controls.
  • Social integrations: disconnect via your social platform.
  • Access/Delete/Portability: see Regional Rights & how to submit a request.

10) Children’s privacy

The Services are not directed to children under the age required by local law (e.g., 13 in the US, 16 in some EU states). If you believe a child provided data, contact us to delete it.

11) Product-specific notes

  • Fruits & Nuts: may contain allergens (e.g., nuts). Facilities may handle common allergens.
  • Health & beauty care: not a substitute for medical advice; use as directed. Don’t submit sensitive medical records to us.
  • Electronics accessories: you may share device model for compatibility—never share confidential credentials.

12) Social features & user content

Reviews, Q&A, photos, or social content may be public. We may display your first name/initial, city, or handle. Share thoughtfully.

14) Automated decision-making & profiling

We may use limited profiling for recommendations, fraud detection, and tailored offers. We do not make decisions with legal or similarly significant effects solely by automated means without human review where required.

15) Regional privacy disclosures

A. EEA/UK/Switzerland

Controller: Koalalane. You have rights to access, rectify, erase, restrict, portability, object (including to direct marketing), and withdraw consent. You may lodge a complaint with your DPA. Transfers rely on SCCs and safeguards.

B. USA – California & similar state laws

We may “share” personal information for cross-context behavioral advertising (analytics/ads pixels). We do not knowingly sell/share data of consumers under 16.

Categories collected (12 months): identifiers, customer records, commercial info, internet activity, geolocation (approx), inferences, audio (support). Rights: know/access, correct, delete, opt out of sales/sharing/targeted ads, limit SPI (if applicable), non-discrimination.

C. Canada

Rights to access, correct, and withdraw consent, subject to exceptions. Data may be processed outside Canada.

D. India

Rights to access, correction, erasure, grievance redressal, and consent withdrawal under DPDP Act 2023. We rely on consent or legitimate uses to fulfill orders.

E. Australia & New Zealand

We comply with applicable privacy principles (APPs/IPP). You may request access/correction and lodge a complaint; we respond within a reasonable time.

16) Exercising your rights

Email info@koalalane.com with your name, region, and request type (access, correction, deletion, portability, opt-out, etc.). We’ll verify your request and respond within legal timeframes.

17) Do Not Track & Global Privacy Control

Where legally required and technically feasible, we honor recognized browser-level opt-out signals (e.g., GPC) for targeted advertising.

18) Data from offline interactions

When you contact us by phone, at events/pop-ups, or through paper forms, we collect the information you provide and process it under this Policy.

19) Loyalty, referrals & promotions

If you join Koalalane loyalty or refer friends, we process necessary data to credit points and rewards. Only send invites to people who expect them.

20) Subscriptions & auto-ship

If you enroll in auto-ship, we store necessary details (products, schedule, addresses, payment tokens). You can modify or cancel in your account.

21) Buy-Now-Pay-Later (BNPL)

BNPL options (e.g., Affirm/Klarna) are provided by third parties. Your use is subject to the provider’s terms and privacy policy.

22) Accuracy & responsibility

Please keep your account information accurate and up to date. You are responsible for safeguarding your login credentials.

23) Changes to this Policy

We may update this Policy. The “Last updated” date shows the latest revision. We’ll provide notice of material changes where required. Continued use means you accept the updates.

24) How to contact us

Email: info@koalalane.com

Postal: (Insert mailing address)

25) Short-form notices

We may display in-context summaries at collection points (e.g., “By creating an account, you agree to our Terms and Privacy Policy.”). Those link back to this Policy.

26) Records of processing (summary)

  • Data categories: identifiers, contact, order/payment tokens, device/usage, preferences, communications, UGC.
  • Subjects: customers, prospects, visitors, loyalty members, support contacts.
  • Processing: orders, support, marketing, analytics, fraud prevention, legal compliance.
  • Recipients: processors, carriers, payment gateways, marketing platforms, authorities (as lawfully requested).
  • Transfers: global (SCCs and safeguards).
  • Retention: purpose-based with statutory minimums.

27) Security incidents & breach notification

If a data breach occurs, we will investigate and notify affected individuals and/or regulators as required by law, including information on what happened and recommended steps.

29) California “Shine the Light”

California residents may request a list of certain third parties to whom we disclosed personal information for their direct marketing in the prior year. Email info@koalalane.com with “Shine the Light” in the subject.

30) Nevada

Nevada residents may opt out of the sale of covered information by emailing info@koalalane.com with “Nevada Opt-Out” in the subject. We do not currently sell such information as defined by Nevada law.

31) Accessibility

If you need this Policy in an alternative format, contact info@koalalane.com.

32) Effective date

This Policy is effective as of the “Last updated” date above and supersedes prior versions.

Quick summary

  • We collect information you provide, that’s collected automatically, and from trusted partners.
  • We use it to run the store, deliver orders, personalize experiences, improve security, and market responsibly.
  • We share it with service providers and partners under contracts; we don’t sell personal info in the common sense.
  • You can access, delete, and manage marketing/ads sharing choices (varies by region).
  • Manage cookies in our Preferences Center and unsubscribe from marketing anytime.

This document is a template and not legal advice. Please review with counsel for your jurisdiction.