Privacy Policy

Last Updated: July 12, 2025

Introduction

This Privacy Policy describes how Lotus Vita LP (“we”, “us”, or “our”) collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from lotusvita.com (the “Site”).

Contact Us

If you have any questions about this policy or wish to exercise your privacy rights, please contact us at: [email protected]

1. Who We Are

Our legal entity is Lotus Vita LP and our website address is: https://www.lotusvita.com.

2. Personal Information We Collect and How We Use It

We collect information to provide and improve our services. This includes:

  • Information you provide directly: When you purchase from us, create an account, or contact us, you provide information including your name, billing address, shipping address, email address, phone number, and payment details. We use this to process orders, prevent fraud, respond to your requests, and send you information about your account.
  • Information from Comments: When you leave comments, we collect the data shown in the comments form, your IP address, and browser user agent string to help with spam detection. An anonymized string created from your email address (a hash) may be provided to the Gravatar service to see if you are using it.
  • Information from Media: If you upload images, be aware they may contain embedded location data (EXIF GPS) which can be extracted by visitors.
  • Information collected automatically (Cookies & Analytics): While you visit our site, we use cookies and tracking technologies to automatically collect information about your device and Browse activity. This includes:
    • Products you’ve viewed.
    • Your location, IP address, and browser type for estimating taxes and shipping.
    • Cart contents.
    • Interactions with our Site, which we analyze through services like Google Analytics and Microsoft Clarity to understand user behavior and improve our Site.
    • Interactions with our ads on third-party sites, using services like Google Ads, Google Tag Manager (GTM), Meta Ads, and Microsoft Ads to measure ad performance and deliver targeted advertising.

3. Cookies

Our website uses cookies to enhance your experience. These include functional cookies (e.g., to keep track of cart contents or remember your login) and analytics/advertising cookies. You can control and manage cookies through your browser settings and through our consent management platform.

4. Who We Share Your Data With

We do not sell your personal information for monetary gain. We only share your data with trusted third-party service providers as necessary to run our business and provide services to you. These partners include:

  • Order Fulfillment: We share your name, shipping address, and order details with our third-party logistics (3PL) partner, Deliverzen, to package and ship your products.
  • Payment Processors: To securely process payments, we share transaction data with PayPal and any other payment providers you use.
  • Transactional Email Providers: We use Postmark and SMTP2GO to send essential emails related to your account and orders, such as order confirmations and shipping notifications.
  • Analytics Services: We share data with Google Analytics and Microsoft Clarity to analyze website traffic and user behavior.
  • Advertising Partners: We share information with Google, Meta (Facebook/Instagram), and Microsoft to manage our advertising campaigns and deliver relevant ads to you.
  • Website Security & Performance: Our Site is protected and accelerated by Cloudflare, which processes IP addresses and traffic data as part of its security services.
  • Tax Services & Shipping Labels: We use services like WooCommerce Tax and EasyPost that may share order details with tax authorities or shipping carriers to calculate taxes and generate labels.
  • Spam Detection: Visitor comments may be checked through an automated spam detection service.

5. How Long We Retain Your Data

We retain your personal information only for as long as necessary.

  • Order Information: We will store order information for 7 years for tax and accounting purposes. This includes your name, email address, and billing and shipping addresses.
  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely to recognize and approve follow-up comments automatically.
  • User Accounts: We store your profile information as long as you have an account with us. You can edit or delete your personal information at any time.

6. How We Protect Your Data (Data Security)

We take the security of your data seriously. We implement a variety of security measures to maintain the safety of your personal information:

  • Encryption in Transit: All data transmitted to and from our Site is encrypted using SSL/TLS.
  • Network Security: Our Site is protected by a Web Application Firewall (WAF) provided by Cloudflare to prevent malicious attacks.
  • Access Controls: Access to your personal data is restricted to authorized personnel on our team who need the information to perform their jobs (e.g., fulfilling orders).
  • Secure Infrastructure: Our website is hosted in a secure, containerized environment using Docker.

7. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

  • The Right to Know and Access: You have the right to request a copy of the personal data we hold about you.
  • The Right to Deletion: You can request that we erase your personal data, subject to certain exceptions for legal, administrative, or security purposes.
  • The Right to Opt-Out of Sale or Sharing: You have the right to opt-out of your data being “shared” for purposes like cross-context behavioral advertising.
  • The Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise these rights, please contact us at [email protected].

8. Notice for California Residents (CCPA)

Do Not Sell or Share My Personal Information

We do not sell personal information for monetary gain. However, some of our advertising and analytics activities may be considered “sharing” of personal information under California law. California residents have the right to opt-out of this activity.

You can exercise your right to opt-out by managing your preferences on our dedicated page below:
https://www.lotusvita.com/opt-out-preferences/

9. Children’s Privacy

Our website is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top.

11. Amazon Services API Data Policy

This policy outlines the specific procedures governing our handling of all data accessed via the Amazon Services API.

  • Data Collection & Use: Information accessed via the Amazon Services API is collected and used for the sole and explicit purpose of order fulfillment. This data is processed within our self-hosted WordPress/WooCommerce platform to perform essential functions, including generating shipping labels and responding directly to customer service inquiries related to orders.

  • Data Sharing: To complete the order fulfillment process, we share necessary Personally Identifiable Information (PII) only with essential shipping carriers (such as UPS, FedEx, USPS). This data is shared only to the extent required to purchase postage and generate a shipping label. We do not sell, share, or use Amazon-sourced data for any marketing, advertising, or other purpose.

  • Data Storage and Retention: Amazon PII is stored securely within our WooCommerce database on our encrypted, self-hosted server. PII is retained for a maximum of 30 days post-shipment to facilitate customer service, returns, and refunds. After this 30-day period, an automated process securely anonymizes the PII within the order record. Non-identifiable transaction data required for financial and tax compliance is retained for the legally required 7-year period.

  • Data Security: All Amazon data is protected by a multi-layered security architecture. This includes encryption in transit (TLS/SSL managed by Cloudflare and Traefik), encryption at rest (AES-256 full-disk encryption on our server), and robust network protection through Cloudflare’s Web Application Firewall (WAF) and server-level firewalls. Access is strictly limited by role-based controls within WordPress and key-based authentication for server administration.

  • Data Disposal: Following the 30-day retention period, PII is permanently and irreversibly anonymized in our production database by a script that overwrites the sensitive fields. Backups containing PII are automatically purged according to the same retention schedule.