Legal

Privacy Policy

This is a template, not legal advice. Have a licensed attorney review before publishing. Replace all [bracketed] values with your own details.

Effective date: July 2, 2026 · Last updated: July 2, 2026

1. Introduction

This Privacy Policy explains how [LEGAL ENTITY NAME], a [ENTITY TYPE] formed in [FORMATION STATE] ("Vossaire," "we," "us," or "our"), collects, uses, discloses, and shares personal information about you when you visit vossaire.com (the "Site"), purchase our products, or otherwise interact with us. Vossaire sells the Vossaire Mini, a home-use cosmetic skincare device, directly to consumers in the United States only.

This Policy is written for United States residents, with a focus on the rights of California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"). It does not address the EU/UK General Data Protection Regulation or other non-U.S. privacy laws, and our Site and products are not directed to individuals outside the United States.

By using the Site or purchasing our products, you acknowledge that you have read and understood this Policy.

2. Scope

This Policy applies to personal information we collect:

  • On the Site and through any related pages, forms, or checkout flows;
  • When you place an order, contact customer care, or sign up for marketing;
  • Through cookies, pixels, and similar technologies (see our Cookie Policy); and
  • From third parties, such as our advertising, analytics, and payment partners.

This Policy does not apply to the practices of third parties we do not own or control, including third-party websites, advertising platforms, or payment and installment providers, which are governed by their own privacy policies.

3. Notice at Collection

At or before the point we collect personal information, we provide this notice of the categories we collect, the purposes for which we use them, whether we "sell" or "share" them (as those terms are defined under the CCPA), and how long we retain them. The tables in Sections 4, 6, and 12 constitute our notice at collection. We do not use or disclose sensitive personal information for purposes that would require us to offer a "Right to Limit" beyond what is described in Section 9.

4. Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information, described using the categories enumerated in the CCPA (Cal. Civ. Code § 1798.140):

CCPA CategoryExamplesCollected?
A. IdentifiersName, shipping and billing address, email, phone, IP address, account login, order/customer ID, device identifiersYes
B. Customer records (§ 1798.80(e))Name, address, phone, payment card information (processed by our payment processor), purchase historyYes
C. Commercial informationProducts purchased or considered, order history, cart contents, returns, purchasing tendenciesYes
D. Internet or network activityBrowsing and interaction on the Site, pages viewed, referring/exit pages, clickstream, ad interactions, cookie and pixel dataYes
E. Geolocation dataCoarse (approximate, non-precise) location inferred from IP address, such as city/regionYes
F. Sensory dataNot collected, except product photos you voluntarily submit with a reviewLimited
G. Professional/employmentNot collected from customersNo
H. Education informationNot collectedNo
I. InferencesProfiles reflecting preferences, characteristics, interests, and purchasing behavior drawn from the aboveYes
Sensitive Personal InformationAccount log-in credentials with a password; we do not collect precise geolocation, government IDs, health data, or protected-class data for purposes requiring a Right to LimitLimited

We do not knowingly collect the contents of any consumer's mail, email, or text messages beyond messages you send us directly (e.g., customer care inquiries or reviews).

5. Sources of Personal Information

  • Directly from you — when you order, create an account, contact customer care, subscribe to marketing, or submit a review.
  • Automatically from your device — through cookies, pixels, SDKs, server logs, and similar technologies.
  • From service providers and partners — such as our payment processor, installment (BNPL) providers, email platform, analytics providers, and advertising platforms.
  • From advertising and analytics partners — measurement or audience data that helps us understand and reach potential customers.

6. How We Use Personal Information

  • Fulfilling orders — processing and shipping purchases, handling returns and exchanges, and sending order updates.
  • Payments — processing card and installment (BNPL) transactions through [PAYMENT PROCESSOR] and [BNPL PROVIDERS], and preventing fraud and chargebacks.
  • Customer care — responding to inquiries sent to care@vossaire.com and providing support.
  • Account management — creating and maintaining any account you register.
  • Marketing and email — sending promotional emails and managing subscriptions through [EMAIL PLATFORM = Klaviyo]; you may unsubscribe at any time.
  • Advertising — delivering, measuring, and optimizing advertising on platforms such as TikTok and Meta, including cross-context behavioral advertising (see Section 8).
  • Analytics and Site improvement — understanding Site use through [ANALYTICS/PIXELS = Google Analytics, TikTok Pixel, Meta Pixel].
  • Security and fraud prevention — protecting the Site, our customers, and our business.
  • Legal and compliance — complying with law, responding to lawful requests, enforcing our Terms, and defending legal claims.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

7. How We Disclose Personal Information

  • Service providers — companies that process personal information on our behalf under written contracts, including [PAYMENT PROCESSOR] and [BNPL PROVIDERS] (payments), [EMAIL PLATFORM = Klaviyo] (email), and shipping, fulfillment, hosting, and support vendors.
  • Analytics and advertising partners — providers such as [ANALYTICS/PIXELS = Google Analytics, TikTok Pixel, Meta Pixel]. Some disclosures constitute "sharing" for cross-context behavioral advertising (see Section 8).
  • Legal and safety recipients — courts, regulators, and law enforcement where required by law or to protect rights, safety, and property.
  • Corporate transactions — a buyer or successor in a merger, acquisition, financing, reorganization, bankruptcy, or asset sale.

Service providers vs. third parties. A service provider processes personal information only on our behalf, under contract terms that prohibit selling the data or using it for its own purposes. A third party may use personal information for its own purposes. Our use of advertising pixels can make certain recipients "third parties," and those data flows may be treated as a "sale" or "share" under the CCPA (see Section 8).

In the preceding 12 months, we have disclosed for a business purpose Categories A, B, C, D, E, and I to our service providers and partners as described above.

8. "Sale" and "Sharing" of Personal Information

Under the CCPA, "sale" and "sharing" are defined broadly. Sharing specifically includes disclosing personal information to a third party for cross-context behavioral advertising — targeting ads to you based on your activity across different sites and services.

Our advertising pixels involve "sharing," and may involve a "sale," of personal information. When you use the Site, the TikTok Pixel and Meta Pixel (and, to the extent used for advertising, Google Analytics) may transmit identifiers and internet/device activity (Categories A and D) to those platforms so we can measure and target advertising. Under the CCPA, this is "sharing" for cross-context behavioral advertising, and depending on how the platforms use the data, may also be a "sale."

In the preceding 12 months, we have "shared" (and may have "sold") the following for cross-context behavioral advertising: Category A (Identifiers), Category D (Internet/Network Activity), and inferences derived from them (Category I).

We do not knowingly sell or share the personal information of consumers under 16 years of age. Because our Site is intended for adults 18 and older, we do not knowingly collect such information at all. You can opt out of this "selling" and "sharing" — see Section 9.

9. Do Not Sell or Share My Personal Information

You have the right to opt out of the "sale" and "sharing" of your personal information, including for cross-context behavioral advertising. To exercise this right, you can:

  • Use our opt-out link — Click "Do Not Sell or Share My Personal Information" in the footer of vossaire.com and follow the instructions.
  • Enable a Global Privacy Control (GPC) signal — We honor GPC. When we detect a valid GPC signal from your browser or device, we treat it as a request to opt out for that browser or device. Enable it on each browser and device you use.
  • Email us — Send a request to [PRIVACY EMAIL].

Opting out does not require you to create an account. We will process your opt-out without requiring verification, though we may take reasonable steps to confirm the request relates to your browser, device, or account.

10. Your California Privacy Rights

If you are a California resident, you have the following rights, subject to certain exceptions:

  • Right to Know / Access — the categories and specific pieces of personal information we have collected, sources, purposes, and categories of third parties.
  • Right to Delete — delete personal information we collected from you, subject to legal exceptions.
  • Right to Correct — correct inaccurate personal information we maintain.
  • Right to Opt Out of Sale/Sharing — see Section 9.
  • Right to Limit Use of Sensitive Personal Information — because we do not use sensitive personal information for purposes beyond those permitted, there is currently nothing additional to limit; if this changes, we will provide a mechanism.
  • Right to Non-Discrimination — see Section 11.

How to Submit a Request

  • Email: [PRIVACY EMAIL]
  • Customer care: care@vossaire.com
  • Opt-out link: "Do Not Sell or Share My Personal Information" in the Site footer.

Verification. We will take reasonable steps to verify your identity before responding to a Right to Know, Delete, or Correct request, which may require your name, email, and details about a recent order. We will not use verification information for any other purpose.

Authorized Agents. You may designate an authorized agent to submit a request on your behalf. We may require proof of your written permission and may require you to verify your identity directly with us.

Response Timing. We will confirm receipt within 10 business days and respond within 45 calendar days, with a possible 45-day extension where reasonably necessary and with notice to you.

Right to Appeal. If we deny your request, you may appeal by emailing [PRIVACY EMAIL] with the subject line "Privacy Request Appeal." We will respond within a reasonable time and explain the outcome. You may also contact the California Attorney General.

11. Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you products or services, charge different prices, or provide a different level or quality of products or services because you exercised your rights. We may offer financial incentives (such as promotions) that are permitted under the CCPA and reasonably related to the value of your data; any such incentive will be described at the time it is offered.

12. Data Retention

We retain each category of personal information for as long as reasonably necessary for the purposes described in this Policy, then delete or de-identify it. Confirm and adjust [bracketed] values to your actual practice before publishing:

  • Order and transaction records — [7] years after the transaction for tax, accounting, warranty, and legal recordkeeping.
  • Account information — while active and for [24] months after inactivity, then deleted or de-identified.
  • Marketing data — until you unsubscribe or become inactive, plus [12] months.
  • Analytics and advertising data — [14–26] months per our providers' retention settings.
  • Customer care records — [36] months after your last interaction.

Where information is no longer needed, we securely delete, destroy, or de-identify it.

13. Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or disclosure. Payment card details are handled by our PCI-compliant payment processor; we do not store full card numbers on our systems. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Children's Privacy

Our Site and products are intended for adults 18 years of age or older. We do not knowingly collect personal information from anyone under 18, and we do not knowingly sell or share the personal information of consumers under 16 years of age. If we learn we have collected personal information from a child under 18, we will delete it. If you believe a minor has provided us personal information, contact us at [PRIVACY EMAIL].

15. Third-Party Links and Services

The Site may contain links to third-party sites and integrate third-party services (such as advertising platforms and payment/installment providers). We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

16. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where required, provide additional notice. Your continued use of the Site after changes become effective constitutes acceptance of the updated Policy.

17. Contact Us

  • Privacy inquiries: [PRIVACY EMAIL]
  • Customer care: care@vossaire.com
  • Mailing address: [LEGAL ENTITY NAME], [BUSINESS ADDRESS, CITY, CA ZIP]
  • Website: vossaire.com
Back to overview