Privacy Policy (GDPR + CCPA Compliant)
Effective Date: April 30, 2026
1. WHO WE ARE. LePsychic LLC, Prescott Valley, Arizona, USA. Data Controller for GDPR. Contact: info@lepsychic.com.
2. SCOPE. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and what rights you have. It applies to visitors, customers, members, and advisors of lepsychic.com and related properties.
3. INFORMATION WE COLLECT. (a) Information you provide: name, email, phone, shipping/billing address, date of birth (age verification), profile photo, account credentials, payment information (processed by Stripe; we do not store full card numbers), session content, reviews, support messages. (b) Automatically collected: IP address, device identifiers, browser type, pages viewed, referring URL, session duration, cookies, pixels. (c) From third parties: fraud signals from Stripe Radar, authentication from Shopify, marketing data from analytics partners. (d) Sensitive information: we may process information regarding philosophical/spiritual beliefs solely to deliver requested services; this is special-category data under GDPR Article 9, processed only with your explicit consent.
4. LEGAL BASES (GDPR). Contract performance (deliver readings/products); legitimate interests (fraud prevention, analytics, service improvement); consent (marketing, non-essential cookies, sensitive data); legal obligation (tax, accounting, disputes). You may withdraw consent any time.
5. HOW WE USE INFORMATION. Provide and bill for services; connect you with advisors; deliver products; send transactional and marketing messages (with consent); operate memberships and gift cards; prevent fraud and abuse; comply with law; improve the Site; personalize content; enforce our Terms.
6. COOKIES AND TRACKING. We use strictly necessary, functional, analytics (GA4, Shopify), and marketing cookies (Meta Pixel, TikTok Pixel, Klaviyo). Non-essential cookies require opt-in via our cookie banner. Change preferences via the Cookie Preferences link in the footer.
7. SHARING AND DISCLOSURES. Service providers under data processing agreements (Shopify, Stripe, Klaviyo, Cloudflare, Loki, Twilio, Google, Meta, TikTok, TaxJar/Avalara, support tools); advisors strictly to fulfill booked sessions; legal authorities on valid process; successors in merger/acquisition. We do not sell personal information or share it for third-party marketing without consent.
8. INTERNATIONAL TRANSFERS. Data may be transferred to and processed in the United States and other countries. Where required, we use Standard Contractual Clauses or equivalent safeguards for transfers out of the EEA, UK, or Switzerland.
9. RETENTION. Account information: life of account plus seven (7) years for tax/audit. Session metadata: seven (7) years for chargeback defense and legal compliance. Marketing consent records: duration of consent plus three (3) years. Earlier deletion on request subject to legal obligations.
10. YOUR RIGHTS (GDPR / UK GDPR). Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to lodge a complaint with your supervisory authority. Submit requests to info@lepsychic.com; response within thirty (30) days.
11. CALIFORNIA RIGHTS (CCPA/CPRA). Know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information. Submit via info@lepsychic.com or the Do Not Sell or Share My Personal Information link in the footer. No discrimination for exercising rights.
12. OTHER US STATE RIGHTS. Residents of CO, CT, VA, UT, TX, OR, MT and other states with privacy laws have substantially similar rights; exercise via info@lepsychic.com.
13. CHILDREN. The Site is not directed to anyone under eighteen (18). We do not knowingly collect personal information from minors. Contact info@lepsychic.com for deletion.
14. SECURITY. TLS encryption in transit, encrypted data at rest, access controls, two-factor authentication for staff, and vendor security reviews. No system is perfectly secure.
15. MARKETING. With your consent, we send promotional email and SMS. Unsubscribe via the link in each email or reply STOP to SMS. Transactional messages continue regardless.
16. DO-NOT-TRACK. We do not respond to browser Do-Not-Track signals; we honor Global Privacy Control signals where feasible.
17. UPDATES. Material changes posted with revised Effective Date and notified via email or on-site banner.
18. CONTACT. LePsychic LLC, Prescott Valley, Arizona, USA. Email: info@lepsychic.com.
