Last Updated: December 15, 2025

MY LOST WINDOW (“we,” “us,” or “our”) operates mylostwindow.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and make purchases from us. Please read this policy carefully. By using our Site, you consent to the practices described in this Privacy Policy.

1. Information We Collect

Personal Information You Provide

We collect information you voluntarily provide when you:

• Create an account or place an order (name, email address, shipping/billing address, phone number)
• Subscribe to our newsletter
• Contact us through our Contact Page
• Leave a product review
• Participate in promotions or surveys

Payment Information

Payment processing is handled by secure third-party payment processors (PayPal, Stripe). We do not store your full credit card numbers on our servers. Our payment partners are PCI-DSS compliant.

Automatically Collected Information

When you visit our Site, we automatically collect:

• Device information (browser type, operating system, device type)
• IP address and general location data
• Pages viewed, time spent, and navigation patterns
• Referring website or source
• Cookies and similar tracking technologies

2. How We Use Your Information

We use the information we collect to:

• Process and fulfill your orders
• Send order confirmations and shipping updates
• Respond to your inquiries and provide customer support
• Send marketing communications (with your consent)
• Improve our website, products, and services
• Detect and prevent fraud
• Comply with legal obligations

3. Legal Basis for Processing (GDPR – EU/EEA Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on:

• Contract Performance: To fulfill orders and provide services you requested
• Legitimate Interests: To improve our services, prevent fraud, and market our products
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

4. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and cart contents
• Analyze site traffic and usage patterns
• Deliver personalized content and advertisements
• Measure the effectiveness of our marketing campaigns

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect site functionality.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Shipping carriers, payment processors, email marketing platforms, and analytics providers who assist in our operations
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: For any other purpose with your explicit permission

6. Data Retention

We retain your personal information for as long as necessary to:

• Fulfill the purposes outlined in this policy
• Comply with legal obligations (typically 7 years for tax records)
• Resolve disputes and enforce agreements

You may request deletion of your data at any time, subject to legal retention requirements.

7. Your Rights

All Users

• Access the personal information we hold about you
• Request correction of inaccurate data
• Opt out of marketing communications
• Request deletion of your account and data

EU/EEA Users (GDPR Rights)

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

California Residents (CCPA Rights)

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your rights

Australian Users

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. You have the right to access and correct your personal information, and to make a complaint about our handling of your data.

8. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for all data transmission
• Secure payment processing through PCI-compliant providers
• Regular security assessments and updates
• Limited employee access to personal data

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. For EU/EEA users, we ensure appropriate safeguards are in place for international transfers in compliance with GDPR requirements.

10. Children’s Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Third-Party Links

Our Site may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date. Continued use of our Site after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or to exercise your privacy rights, please visit our Contact Page.

For data protection inquiries specifically related to GDPR, you may also reach us through our contact form with “GDPR Request” in the subject line.