Privacy policy

Last updated: April 21, 2026

Your privacy matters to us. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your information. It applies to all visitors and customers, including those in the United States, United Kingdom, European Union, Australia, and Canada.

1. Information We Collect

Information You Provide

When you shop with us, create an account, subscribe to our emails, contact support, or submit a review, we collect information you give us directly, which may include:

  • Name, email address, shipping and billing address, phone number,
  • Payment information (processed and stored by our payment processors, not by us),
  • Order history and subscription preferences,
  • Communications with our support team, and
  • Any other information you choose to provide (for example, in reviews or surveys).

Information Collected Automatically

When you visit our website, we and our third-party service providers automatically collect certain technical information, including:

  • IP address, device type, browser, operating system, and language,
  • Pages viewed, referring URLs, time on site, and click behavior,
  • Cookies, pixels, and similar tracking technologies, and
  • General location information derived from your IP address.

Cookies and Similar Technologies

We use cookies, tracking pixels (including from Meta/Facebook, TikTok, Google, and email service providers), and similar technologies to operate the website, remember your preferences, understand how our site is used, and deliver relevant marketing. You can manage cookie preferences through your browser settings and, where required by law, through the cookie consent banner shown on your first visit.

2. How We Use Your Information

We use your information to:

  • Process, fulfill, and deliver your orders,
  • Manage subscriptions and recurring payments,
  • Communicate with you about orders, support inquiries, and service updates,
  • Send marketing emails and personalized offers (where you have consented or where permitted by law),
  • Improve our products, website, and customer experience,
  • Detect, prevent, and investigate fraud, abuse, or violations of our Terms,
  • Comply with legal obligations, tax reporting, and regulatory requirements, and
  • Enforce our policies and protect our rights.

3. Legal Basis for Processing (UK and EU Customers)

Where the UK GDPR or EU GDPR applies to you, we process your personal data under the following legal bases:

  • Contract: to fulfill your order and provide the Services you requested,
  • Consent: for marketing emails, optional cookies, and other clearly consented-to purposes (you can withdraw consent at any time),
  • Legitimate interests: for fraud prevention, security, business analytics, and improving our products, where such interests are not overridden by your rights, and
  • Legal obligation: where we must retain or disclose information to comply with applicable law.

4. How We Share Your Information

We do not sell your personal information. We share information only as necessary with:

  • Fulfillment partners who warehouse and ship your orders,
  • Shipping carriers (USPS, Royal Mail, DHL, UPS, and others) to deliver your package,
  • Payment processors (Shopify Payments, PayPal, and others) to process transactions securely,
  • Marketing and analytics providers (including Meta/Facebook, Google, TikTok, Klaviyo, and similar) to run and measure advertising and email campaigns,
  • Customer support tools to respond to your inquiries,
  • Professional advisors (lawyers, accountants, auditors) where reasonably necessary, and
  • Regulators and law enforcement where required by law, legal process, or to protect our rights.

We may also share information in connection with a merger, acquisition, or sale of business assets, in which case you will be notified of any material change to how your information is handled.

5. International Data Transfers

We operate across multiple regions, and your information may be transferred to and processed in countries other than your country of residence, including the United States. Where we transfer personal data out of the UK, EU, or European Economic Area, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or recognized adequacy decisions, as applicable.

6. Data Retention

We retain your personal information only as long as reasonably necessary to fulfill the purposes described in this policy, including:

  • Order and transaction records: for the period required by tax and accounting law (typically 6–10 years, depending on jurisdiction),
  • Marketing data: until you unsubscribe or withdraw consent,
  • Support communications: up to 3 years after the last interaction,
  • Analytics data: in aggregated or pseudonymized form, for as long as commercially useful.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you,
  • Correct inaccurate or incomplete information,
  • Delete your personal information (subject to legal retention obligations),
  • Restrict or object to certain types of processing,
  • Portability — receive a copy of your data in a portable format,
  • Withdraw consent at any time for consent-based processing,
  • Opt out of marketing communications (via the unsubscribe link in any marketing email), and
  • Lodge a complaint with your local data protection authority.

For California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to request deletion, the right to correct inaccurate information, and the right to opt out of the "sharing" of personal information for cross-context behavioral advertising. We do not sell personal information for money. To exercise your rights, contact us at support@corevello.com.

For UK and EU Residents

You may lodge a complaint with the UK Information Commissioner's Office (ICO) or your local EU data protection authority if you believe we have not handled your information lawfully.

To exercise any of your rights, please contact us at support@corevello.com. We will respond within the timeframe required by applicable law (typically within 30 days). We may need to verify your identity before fulfilling a request.

8. Data Security

We use commercially reasonable administrative, technical, and physical safeguards to protect your personal information, including SSL encryption on our checkout, PCI-compliant payment processing, and access controls on our internal systems. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account password.

9. Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If you believe a minor has provided us with personal information, please contact us and we will delete it.

10. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties, and we encourage you to read their privacy policies before providing any information to them.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated "Last updated" date. Continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

12. Contact

For any privacy-related questions or to exercise your rights, contact us at support@corevello.com. We respond within 24–48 business hours, Monday–Friday, 9:00 AM – 5:00 PM Pacific Time (Los Angeles).