Privacy Policy

Your trust matters. This policy explains what personal information Aurora Lolita collects, how we use and protect it, and the choices you have over your data.

Last updated: April 22, 2026

This policy is provided in English as the authoritative version. If you need translation assistance, please email [email protected].

1 Scope of this Policy

This Privacy Policy applies to the website www.lolitawear.com and all related services operated by Aurora Lolita (together, "the Service"). It describes our practices around personal information. By using the Service, you agree to the collection and use of information consistent with this policy.

2 Information We Collect

We collect information in three ways: information you provide directly, information collected automatically as you browse, and information we receive from trusted partners.

Category	Examples
Account & Contact	Name, email address, password (stored as a salted hash), display name, preferred language.
Order & Shipping	Billing & shipping address, phone number, order history, gift messages, returns history.
Payment	Card type, last four digits, and payment tokens returned by our processors (Stripe, PayPal). We do not store full card numbers.
Technical	IP address, browser & device type, referrer URL, pages viewed, timestamps, coarse location derived from IP.
Marketing	Newsletter subscription status, wishlist items, coupon usage, survey responses.
Social	Public handle & email if you sign in with Google, Facebook, or X (only what those providers share with us).

3 How We Use Your Information

We process personal data only for the specific, legitimate purposes listed below, in line with GDPR Art. 6 and comparable laws:

Order fulfilment — processing payments, shipping parcels, providing customer support and returns. (Lawful basis: contract performance.)
Account management — authenticating your sign-in, syncing your cart and wishlist. (Contract performance.)
Service improvement — analytics, A/B testing, performance monitoring, fraud prevention. (Legitimate interest.)
Marketing — sending newsletters, new-arrival alerts and promotions, but only where you opted in. You can unsubscribe at any time. (Consent.)
Legal compliance — tax records, accounting, responding to lawful requests by authorities. (Legal obligation.)

4 Cookies & Tracking Technologies

We use cookies and similar technologies to keep you signed in, remember your cart, measure aggregated traffic, and personalise recommendations. You can manage cookies in your browser settings at any time.

Essential

Session & login
Shopping cart state
Security / CSRF tokens

Analytics

Page views & timings
Aggregated device stats
Error reporting

Marketing

Promo banners you've seen
Referral attribution
Abandoned-cart reminders

Do Not Track: We honor "Do Not Track" signals by disabling analytics and marketing cookies for visitors whose browser sends the DNT header.

6 International Data Transfers

Aurora Lolita operates globally. When your data is transferred outside your country of residence, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms to ensure your information remains protected.

7 Data Retention

Order records: kept for up to 7 years to comply with tax and accounting laws.
Account data: kept while your account is active. You may delete your account at any time.
Marketing preferences: stored until you unsubscribe, then archived as a suppression record so we don't contact you again.
Analytics logs: kept for up to 26 months in anonymised form.

8 Security Measures

We safeguard your data with industry-standard controls including TLS/SSL encryption in transit, encrypted password storage (bcrypt), least-privilege database access, rate limiting, 24/7 intrusion monitoring, and regular backups. No method of transmission over the internet is 100% secure; we strongly recommend using a strong, unique password for your account.

9 Your Privacy Rights

Depending on your location you may have the right to:

Access the personal data we hold about you.
Correct information that is inaccurate or incomplete.
Delete your account and personal data ("right to be forgotten").
Portability — request a machine-readable copy of your data.
Object / Restrict — opt out of certain processing, including direct marketing.
Withdraw consent at any time where processing is based on your consent.
Non-discrimination — we will never deny service for exercising your rights (CCPA).

To exercise any of these rights, email [email protected]. We respond within 30 days and may ask you to verify your identity first.

10 Children's Privacy

The Service is intended for users aged 13 and over (16 in the EEA). We do not knowingly collect personal data from children below this age. If you believe a minor has provided us with information, please contact us and we will delete it promptly.

11 Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the features we offer. When we make material changes, we will update the "Last updated" date above and, for significant changes, notify you by email or a prominent banner on the Service.

12 Contact & Data Protection Officer

If you have any questions, requests, or concerns about this policy or how your data is handled, please reach out to our privacy team:

Email: [email protected]
Postal: Aviavision Project LLC, Brooklyn, NY 11232, United States

If you are in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data-protection authority.

Questions about your data?

We're here to listen. Email us and a real human responds within 30 days — usually much sooner.

[email protected]

Return to Home