Your California Privacy Rights

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

Last Updated: [03, 2026]

This Privacy Notice for California Residents supplements the information contained in the Lilysilk Privacy Policy and applies solely to visitors, users, customers, and others who reside in the State of California (“consumers” or “you”). This notice is provided on behalf of [full legal entity name(s) operating the Lilysilk brand] and its affiliates and subsidiaries that are subject to this notice (collectively, “Lilysilk,” “we,” “us,” or “our”).

We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”), and other applicable California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice. The rights described in this notice are subject to exceptions, limitations, and verification requirements permitted by applicable law.

1. Personal Information We Collect

We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”).

In the preceding twelve (12) months, we may have collected the following categories of personal information from California consumers, depending on how they interact with us:

Category Examples Collected
A. Identifiers Real name, alias, postal address, billing address, shipping address, email address, telephone number, account name, customer number, Internet Protocol address, device identifiers, online identifiers, or other similar identifiers YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Name, address, telephone number, payment card information, and other similar information YES
C. Protected classification characteristics under California or federal law Characteristics such as age, gender, or other protected classifications, where you choose to provide them or where collection is required by law YES
D. Commercial information Records of products or services purchased, obtained, considered, returned, exchanged, or otherwise related purchasing or consuming histories or tendencies YES
E. Biometric information Fingerprints, faceprints, voiceprints, or similar biometric identifiers NO
F. Internet or other electronic network activity information Browsing history, search history, session activity, interaction with our website, app, email communications, advertisements, or other online services YES
G. Geolocation data Approximate geolocation inferred from IP address or device information YES
H. Sensory data Audio data such as customer service call recordings or voice messages, where applicable YES
I. Professional or employment-related information Business contact details or employment-related information if you interact with us in a business or recruiting context YES
J. Non-public education information Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records NO
K. Inferences drawn from other personal information Preferences, interests, shopping behavior, and other inferences used to personalize content, marketing, analytics, or fraud prevention YES
L. Sensitive Personal Information Account log-in credentials with password or other access credentials; payment card details with required security or access code; and other sensitive personal information described by California law, where applicable YES

Personal information does not include:

  • publicly available information lawfully made available from government records;
  • deidentified or aggregated information; or
  • information excluded from the scope of the CCPA.

2. Sources of Personal Information

We may collect personal information from the following categories of sources:

  • Directly from you, such as when you create an account, place an order, subscribe to our emails, contact customer service, enter a promotion, submit content, or otherwise communicate with us.
  • Automatically from your device or browser, such as through cookies, pixels, tags, SDKs, log files, and similar technologies when you use our website, app, emails, or advertisements.
  • From service providers and business partners, such as payment processors, fraud prevention vendors, shipping and fulfillment partners, customer support providers, analytics providers, and advertising or marketing partners.
  • From affiliates within our corporate group.
  • From publicly available sources or other third parties, where permitted by law.

3. Purposes for Collecting, Using, Retaining, and Disclosing Personal Information

We may collect, use, retain, and disclose personal information for one or more of the following business or commercial purposes:

  • to provide, operate, maintain, and improve our website, app, products, and services;
  • to process and fulfill purchases, payments, shipments, returns, exchanges, and customer service requests;
  • to create, service, and secure customer accounts;
  • to communicate with you regarding orders, account activity, customer service matters, promotions, surveys, and other marketing communications consistent with your preferences;
  • to personalize your shopping experience, including product recommendations, offers, and advertising;
  • to conduct analytics, auditing, testing, reporting, troubleshooting, and product development;
  • to help maintain the safety, security, and integrity of our systems, services, databases, website, and business;
  • to detect, investigate, prevent, and respond to fraud, security incidents, malicious activity, deceptive activity, or illegal activity;
  • to comply with legal obligations, lawful requests, court orders, and regulatory requirements;
  • to protect our rights, property, and safety, and those of our customers and others; and
  • to evaluate or complete a merger, acquisition, restructuring, financing, bankruptcy, or other corporate transaction.

4. Retention of Personal Information

We retain personal information only for as long as reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which it was collected, unless a longer retention period is required or permitted by law.

We determine retention periods based on factors including the nature and sensitivity of the information, the purposes for which it was collected, our relationship with you, operational necessity, legal and tax requirements, dispute-resolution needs, fraud-prevention requirements, and security considerations.

For example:

  • account information may be retained while your account remains active and for a reasonable period thereafter;
  • order, payment, and transaction records may be retained for the period required by applicable tax, accounting, and recordkeeping laws;
  • marketing preference data may be retained until you opt out or withdraw consent, plus a reasonable period to maintain suppression records;
  • website and device data may be retained in accordance with the lifecycle of the applicable cookie, analytics setting, or internal retention schedule.

5. Disclosure of Personal Information for a Business Purpose

In the preceding twelve (12) months, we may have disclosed the following categories of personal information to service providers, contractors, affiliates, or other third parties for business purposes:

  • Category A: Identifiers
  • Category B: California customer records information
  • Category C: Protected classification characteristics
  • Category D: Commercial information
  • Category F: Internet or other electronic network activity information
  • Category G: Geolocation data
  • Category H: Sensory data
  • Category I: Professional or employment-related information
  • Category K: Inferences
  • Category L: Sensitive Personal Information

We may disclose personal information for business purposes to the following categories of recipients:

  • affiliates and subsidiaries;
  • service providers and contractors;
  • payment processors;
  • fraud prevention and security vendors;
  • shipping, logistics, and fulfillment providers;
  • customer support and CRM providers;
  • IT, hosting, communications, and cloud service providers;
  • analytics providers;
  • professional advisors; and
  • regulators, law enforcement, or parties involved in a corporate transaction, where required or appropriate.

6. Sale or Sharing of Personal Information

Under California law, certain disclosures of personal information to third parties for cross-context behavioral advertising may be considered “sharing,” and in some cases may be considered a “sale.”

Because Lilysilk uses third-party advertising, marketing, analytics, and retargeting technologies, in the preceding twelve (12) months we may have sold or shared the following categories of personal information:

  • Category A: Identifiers
  • Category D: Commercial information
  • Category F: Internet or other electronic network activity information
  • Category G: Geolocation data
  • Category K: Inferences

We may sell or share those categories of personal information with the following categories of third parties:

  • advertising networks;
  • social media platforms;
  • analytics providers; and
  • marketing and advertising partners.

We do not knowingly sell or share the personal information of consumers under 16 years of age without the affirmative authorization required by California law.

7. Sensitive Personal Information

To the extent we collect Sensitive Personal Information, we use and disclose it only as reasonably necessary:

  • to provide requested goods or services;
  • to process transactions;
  • to maintain and secure accounts;
  • for security and fraud prevention;
  • to verify customer information;
  • to comply with legal obligations; or
  • as otherwise permitted by applicable law.

8. Your California Privacy Rights

Subject to applicable exceptions and verification requirements, California residents may have the following rights:

Right to Know / Access

You may request that we disclose:

  • the categories of personal information we collected about you;
  • the categories of sources from which the personal information was collected;
  • the business or commercial purposes for collecting, selling, or sharing the personal information;
  • the categories of third parties to whom we disclose personal information;
  • the categories of personal information we sold or shared and the categories of third parties to whom it was sold or shared;
  • the categories of personal information we disclosed for a business purpose and the categories of recipients to whom it was disclosed; and
  • the specific pieces of personal information we collected about you.

Right to Delete

You may request that we delete personal information we collected from or about you, subject to certain legal exceptions.

Right to Correct

You may request that we correct inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing

You may direct us not to sell or share your personal information.

Right to Limit the Use and Disclosure of Sensitive Personal Information

You may direct us to limit the use or disclosure of your sensitive personal information where California law gives you that right.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your California privacy rights, except as permitted by law.

9. How to Exercise Your Rights

To exercise your California privacy rights, please submit a verifiable consumer request to us through one of the following designated methods:

Only you, or a person authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable request on behalf of your minor child where permitted by law.

We may need to verify your identity and authority before processing your request. The information you provide must be sufficient for us to reasonably verify you are the person about whom we collected personal information, or that your authorized agent is validly acting on your behalf. We will use personal information collected in connection with your request only for verification, recordkeeping, and response purposes.

10. Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We may require the authorized agent to provide signed permission or other documentation demonstrating authority to act on your behalf, and we may also require you to verify your identity directly with us, as permitted by law.

11. Response Timing and Format

We will confirm receipt of your request and endeavor to respond within 45 days. If reasonably necessary, we may extend the response period once by an additional 45 days, in which case we will notify you of the reason for the extension within the initial 45-day period.

We generally do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded, in which case we may charge a reasonable fee or decline to act as permitted by law. We are not required to provide access-request disclosures more than twice in a 12-month period.

12. Opt-Out Preference Signals / Global Privacy Control

We recognize and process opt-out preference signals, including the Global Privacy Control (“GPC”), where required by applicable California law. If your browser or extension sends a valid GPC signal, we will treat it as a request to opt out of the sale or sharing of personal information for that browser and device, and, where required, as a request to limit the use and disclosure of sensitive personal information.

You may also exercise your right to opt out by using the “Do Not Sell or Share My Personal Information” link on our website: [insert URL or page path].

13. Do Not Track

Because there is not yet a universally accepted standard for browser-based “Do Not Track” signals, our websites may not respond to Do Not Track settings. However, where required by California law, we honor valid Global Privacy Control signals as described above.

14. Changes to This California Privacy Notice

We may update this California Privacy Notice from time to time in our discretion. When we make changes, we will post the revised notice on our website and update the “Last Updated” date above.

15. Contact Information

If you have any questions or comments about this notice, our privacy practices, or your rights under California law, please contact us at:

Email: [email protected]

Sign up for $10 OFF your next order

Enter Your Email Address

© Copyright 2010-2026 LILYSILK.

All Rights Reserved.

Terms & Conditions
Privacy Policy
Accessibility
Your California Privacy Rights