Privacy Policy

Lorenova ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website lorenova.com (the "Site") or make a purchase from us.

By using our Site, you consent to the practices described in this policy. If you do not agree with this policy, please do not use our Site.

We collect the following categories of personal information:

2.1 Information You Provide

• Account information: Name, email address, phone number, and password when you create an account.
• Order information: Shipping address, billing address, and payment details when you make a purchase.
• Profile information: Birthday, saved addresses, and preferences you choose to share.
• Communication data: Any information you provide when contacting us, submitting a bespoke request, or subscribing to our newsletter.

2.2 Information Collected Automatically

• Device information: Browser type, operating system, device type, and screen resolution.
• Usage data: Pages visited, time spent on pages, click patterns, and referral sources.
• Cookies and similar technologies: We use cookies to enhance your experience, remember preferences, and analyse site traffic. See Section 8 for details.

We use your personal information for the following purposes:

• Order fulfilment: Processing, shipping, and delivering your orders.
• Account management: Creating and managing your account, and providing customer support.
• Personalisation: Customising your experience, such as birthday offers and product recommendations.
• Communication: Sending order updates, shipping notifications, and responding to your enquiries.
• Marketing: Sending promotional emails and offers (only with your explicit consent; you can opt out at any time).
• Analytics: Understanding how our Site is used so we can improve it.
• Legal compliance: Meeting our legal and regulatory obligations.
• Fraud prevention: Detecting and preventing fraudulent transactions.

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction with similar data protection laws, we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to fulfil your orders and manage your account.
• Legitimate interests: Improving our services, preventing fraud, and marketing to existing customers.
• Consent: Where you have given explicit consent, such as for marketing emails or non-essential cookies.
• Legal obligation: Compliance with applicable laws and regulations.

We do not sell your personal information. We share your data only with:

• Payment processors: Razorpay, for securely processing your payments. They have their own privacy policies governing the use of your information.
• Shipping partners: Courier and logistics companies to deliver your orders.
• Cloud service providers: Firebase (Google) for authentication and data storage; ImageKit for image hosting.
• Analytics providers: To help us understand site usage patterns (anonymised where possible).
• Legal authorities: When required by law, regulation, or legal process.

All third-party service providers are contractually required to protect your data and use it only for the purposes we specify.

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy:

• Account data: Retained for the lifetime of your account. Deleted within 30 days of account deletion request.
• Order data: Retained for 5 years for legal and tax compliance purposes.
• Marketing preferences: Retained until you unsubscribe or withdraw consent.
• Analytics data: Retained in anonymised form for up to 26 months.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at hello@lorenova.com. We will respond to your request within 30 days.

Our Site uses the following types of cookies:

• Essential cookies: Required for the Site to function (e.g., authentication, cart persistence). These cannot be disabled.
• Preference cookies: Remember your settings such as theme preference and language.
• Analytics cookies: Help us understand how visitors use our Site (e.g., page views, traffic sources).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect your experience on our Site.

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers.
• Secure authentication through Firebase Authentication.
• Access controls limiting who within our organisation can access your data.
• Regular security reviews of our systems and practices.

While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your personal data may be transferred to and processed in countries outside your jurisdiction (including the United States, where our cloud service providers operate). Where such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent measures approved by relevant data protection authorities.

Our Site is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will promptly delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our Site with a revised "Effective date". We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.