Privacy Policy

1. Personal Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information.

Information you provide directly

• Contact details: name, email address, phone number, shipping and billing address
• Account information: username, password, preferences and settings
• Payment information: credit/debit card details, transaction data, and payment confirmation (processed securely via our payment processors — we do not store raw card data)
• Communications: messages you send us via email or customer support channels
• Returns data: reason for return, product condition, and supporting images submitted through our returns portal

Information collected automatically

• Device and browser information: IP address, browser type, operating system, and unique device identifiers
• Usage data: pages visited, products viewed, items added to cart or wishlist, session duration, and navigation behaviour
• Cookies and similar technologies: used to remember your preferences and improve your experience (see section 6)

Information from third parties

• Analytics, security, and authentication providers: PostHog (behavioural analytics), Cloudflare (infrastructure, CDN, and security), Fingerprint (device identification for fraud prevention), and Firebase (account authentication)
• Shipping partners (DHL Express) who provide delivery status and fulfilment data
• Payment processors (Klarna, Airwallex, PayPal, Afterpay) who handle transaction processing on our behalf

2. How We Use Your Personal Information

We use your personal information for the following purposes:

• Providing and improving the Services: processing orders, handling payments, arranging shipping, managing returns and exchanges, maintaining your account, and personalising your shopping experience
• Customer support: responding to your enquiries and resolving issues
• Marketing and promotions: sending you marketing emails about products, offers, and updates (you can opt out at any time — see section 7)
• Fraud prevention and security: detecting and preventing fraudulent, illegal, or malicious activity, and protecting the integrity of our platform
• Legal compliance: meeting our obligations under applicable laws, responding to legal requests, and enforcing our terms and policies
• Analytics and product development: understanding how our Services are used so we can improve them

3. How We Disclose Your Personal Information

We do not sell your personal information. We may share it in the following circumstances:

• Service providers: third-party vendors who support our operations, including payment processors (Klarna, Airwallex, PayPal, Afterpay), shipping carriers (DHL Express), cloud infrastructure and security (Railway, Cloudflare), authentication (Firebase), email delivery (Postmark), behavioural analytics (PostHog), and device identification for fraud prevention (Fingerprint)
• Business and marketing partners: where you have consented to targeted advertising or promotional communications
• At your direction: for example, when you use social login integrations or direct us to share your data with a third party
• Within our corporate group: with affiliates or related entities where necessary
• Legal and safety reasons: to comply with applicable laws, respond to lawful requests from authorities, enforce our terms, or protect the rights and safety of our users or the public
• Business transactions: in connection with a merger, acquisition, or sale of assets, where your data may be transferred as part of that transaction

4. Third-Party Websites and Links

Our Services may contain links to third-party websites or platforms. We are not responsible for the privacy practices, security, or content of those sites. If you follow a link to a third-party site, we encourage you to review their privacy policy before providing any personal information.

5. Children's Data

Our Services are not intended for use by children under the age of majority in their jurisdiction. We do not knowingly collect personal information from children. If you believe a child has provided us with their personal information, please contact us at [email protected] and we will delete it promptly.

We do not knowingly sell or share personal information of individuals under 16 years of age.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our Services, remember your preferences, and analyse how our site is used. These may include:

• Essential cookies: required for the site to function correctly (e.g. session management, cart)
• Analytics cookies: used to understand visitor behaviour in aggregate
• Security and fraud prevention cookies: used to identify devices and detect suspicious activity
• Marketing cookies: used to deliver relevant advertising where you have consented

We use the following third-party tools that may collect data about your device or browsing behaviour:

You can manage your cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Services.

7. Your Rights and Choices

Depending on where you live, you may have some or all of the following rights regarding your personal information. These rights are not absolute and may be subject to legal exceptions.

• Right to Access / Know: request access to the personal information we hold about you
• Right to Delete: request that we delete your personal information
• Right to Correct: request that we correct inaccurate information we hold about you
• Right of Portability: request a copy of your data in a portable format
• Right to Opt Out of Targeted Advertising: opt out of the use of your data for targeted advertising purposes
• Managing marketing communications: unsubscribe from promotional emails at any time using the unsubscribe link in our emails. We may still send you transactional emails related to your orders or account

If you reside in the UK or European Economic Area, you may also have the right to:

• Object to or restrict our processing of your personal information for certain purposes
• Withdraw consent where processing is based on your consent (this does not affect the lawfulness of processing prior to withdrawal)

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will not discriminate against you for exercising your rights.

8. International Data Transfers

We are a global business and your personal information may be transferred to, stored, or processed in countries other than where you reside — including Australia, China, South Korea, and countries where our infrastructure providers operate.

Where we transfer personal information from the European Economic Area or the United Kingdom, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses or equivalent contracts issued by UK authorities, unless the destination country has been deemed to provide adequate protection.

9. Security and Retention

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or misuse. However, no security system is completely impenetrable. We recommend you do not share your account credentials with anyone or communicate sensitive information over unsecured channels.

We retain your personal information for as long as necessary to provide the Services, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymise it.

10. Complaints

If you have a complaint about how we handle your personal information, please contact us using the details below. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority. For EEA residents, a list of supervisory authorities is available at edpb.europa.eu.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the updated policy on our website and update the "Last updated" date at the top. Where required by law, we will notify you of material changes.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a privacy-related complaint, please contact us:

For the purposes of applicable data protection laws, The Korean Fashion is the data controller of your personal information.