Privacy Policy
At ExpressLuv, your privacy is our priority. This policy explains how we collect, use, and protect your personal information when you use our gifting platform.
Quick Summary — What This Policy Covers
We collect only what's needed
Name, email, delivery address, and payment info to fulfill your gift orders
We never sell your data
Your personal information is never sold to third parties for advertising purposes
You control your data
Request access, correction, or deletion of your personal data at any time
Overview
ExpressLuv ("we", "us", "our") operates the website expressluv.com and related mobile/desktop applications (collectively, the "Platform"). We are committed to protecting your personal information and your right to privacy.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have regarding your personal data. It applies to all users of our Platform regardless of where they are located.
By placing an order, creating an account, or simply browsing our Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of our Platform.
Our Platform is powered by Shopify
ExpressLuv uses Shopify Inc. as our e-commerce platform. Shopify's data practices are governed by their own Privacy Policy available at shopify.com/legal/privacy.
Information We Collect
2.1 Information You Provide Directly
We collect information you give us when you interact with our Platform:
- Account information: Name, email address, password (encrypted), and profile preferences when you create an account.
- Order information: Delivery addresses (sender and recipient), phone numbers, gift messages, occasion dates, and product selections.
- Payment information: Credit/debit card details, billing address. Note: Full card numbers are processed directly by our payment gateways (Stripe, PayPal) and are not stored on our servers.
- Communications: Messages you send us via contact forms, email, WhatsApp, or live chat, including enquiries and feedback.
- Corporate gifting information: Company name, designation, bulk order requirements, and recipient lists for business clients.
2.2 Information Collected Automatically
When you visit our Platform, we automatically collect certain technical information:
- Device and usage data: IP address, browser type and version, operating system, pages visited, time spent, and referring URLs.
- Location data: Country and region derived from your IP address to personalise delivery options. We do not collect precise GPS location without your explicit consent.
- Shopping behaviour: Products viewed, items added to cart, wishlist activity, and purchase history.
- Cookies and tracking technologies: See Section 5 for full details on our cookie practices.
2.3 Recipient Information
When you send a gift through ExpressLuv, you provide us with your recipient's personal details including their name, delivery address, and phone number. This information is used solely for the purpose of delivering your gift and is treated with the same level of care as your own data.
Your responsibility as a sender
By providing a recipient's personal information, you confirm you have their consent (or it is a legitimate surprise gift) and that the information is accurate. Do not share another person's sensitive personal information without a valid reason.
How We Use Your Information
We use the information we collect for the following purposes, always with a lawful basis:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Process and fulfil your gift orders | Name, address, payment, order details | Contract performance |
| Send order confirmations and delivery updates | Email, phone number | Contract performance |
| Handle returns, refunds, and complaints | Order info, communications | Contract performance / Legal obligation |
| Personalise your shopping experience | Browsing history, past orders | Legitimate interests |
| Send marketing emails (with your consent) | Email, preferences | Consent (opt-in) |
| Prevent fraud and ensure platform security | IP address, device data | Legitimate interests / Legal obligation |
| Comply with tax and legal obligations | Transaction records, billing data | Legal obligation |
| Improve our platform and services | Usage analytics (anonymised) | Legitimate interests |
| Corporate gifting account management | Company info, recipient lists | Contract performance |
We never sell your data
ExpressLuv does not and will never sell, rent, or trade your personal information to third-party advertisers or data brokers. Your data is used exclusively to serve you better.
Sharing & Disclosure
We share your personal data only in the limited circumstances described below. We do not share your information for third-party advertising or profiling purposes.
4.1 Service Providers
We work with trusted third-party companies to operate our platform and deliver gifts. These providers are contractually bound to protect your data and can only use it for the purposes we specify:
- Delivery & logistics partners — To physically deliver gifts to recipients' addresses worldwide.
- Payment processors — Stripe, PayPal, and Razorpay to securely process transactions.
- Email service providers — To send transactional and marketing emails on our behalf.
- Analytics providers — Google Analytics and similar tools (data is anonymised where possible).
- Shopify Inc. — Our e-commerce infrastructure provider that hosts our store and processes order data.
- Customer support tools — Including WhatsApp Business API for customer communications.
4.2 Legal Disclosures
We may disclose your information where required to do so by law, court order, or regulatory authority, including to prevent fraud, protect the rights and safety of our users and the public, or to enforce our Terms of Service.
4.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your data becomes subject to a different privacy policy.
4.4 With Your Consent
We may share your information with third parties for any other purpose with your explicit consent. You can withdraw such consent at any time.
Cookies & Tracking Technologies
We use cookies and similar technologies to improve your browsing experience, personalise content, and analyse our traffic. Here is a breakdown of the cookie types we use:
| Cookie Type | Purpose | Can Opt Out? |
|---|---|---|
| Essential / Functional | Shopping cart, login session, security tokens. Without these, the site cannot function properly. | No — required for core functionality |
| Analytics | Google Analytics tracking page views, user journeys, and performance metrics to improve the site. | Yes — via cookie preferences |
| Preferences | Remembering your country/language selection, currency preference, and previously viewed items. | Yes — via cookie preferences |
| Marketing / Retargeting | Facebook Pixel, Google Ads, and similar tools to show relevant ads on other platforms based on your visit. | Yes — via cookie preferences |
Managing Your Cookie Preferences
You can manage or withdraw cookie consent at any time through our Cookie Settings panel or by adjusting your browser settings. Note that disabling certain cookies may impact your experience on our Platform (e.g. items may not stay in your cart).
For instructions on managing cookies in your browser, visit the help page of your specific browser (Chrome, Firefox, Safari, Edge).
Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes it was collected for, including legal, accounting, and reporting requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 7 years | Tax and legal compliance |
| Account information | Duration of account + 2 years after closure | Dispute resolution, service history |
| Marketing preferences | Until opt-out or account deletion | Consent-based communications |
| Customer support communications | 3 years | Service quality and dispute handling |
| Analytics data (anonymised) | 26 months (Google Analytics default) | Platform performance improvement |
| Recipient delivery information | 2 years | Repeat gifting convenience, delivery disputes |
When your data is no longer needed, we securely delete or anonymise it. You may request earlier deletion — see Section 7 for your rights.
Your Privacy Rights
Depending on your location (GDPR, PIPEDA, CCPA, or other applicable law), you have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Correct inaccurate or incomplete personal information
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Portability
Receive your data in a structured, machine-readable format
Right to Restrict Processing
Limit how we use your data in certain circumstances
Right to Object
Object to processing based on legitimate interests, including profiling for direct marketing
How to Exercise Your Rights
To exercise any of the rights above, please contact us at privacy@expressluv.com or through our Contact Us page. We will respond within 30 days of receiving your verified request.
We may need to verify your identity before processing your request to protect against unauthorised access.
California Residents (CCPA)
California residents have additional rights including the right to know what personal information is sold or disclosed and the right to opt-out of the sale of personal information. As noted, we do not sell personal information. To submit a CCPA request, email privacy@expressluv.com with "CCPA Request" in the subject line.
Children's Privacy
Our Platform is not directed to children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children under these ages without parental consent.
If you are a parent or guardian and believe we have collected information from your child without consent, please contact us immediately at privacy@expressluv.com and we will take steps to delete such information promptly.
If you believe a minor has submitted information
Contact us at privacy@expressluv.com immediately. We will investigate and remove any personal data collected from a child without proper consent.
International Data Transfers
ExpressLuv operates globally, delivering gifts to over 20 countries. As such, your personal data may be transferred to and processed in countries other than your own, including Canada (where we are headquartered), India, the United States, and other countries where our service providers operate.
When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with all third-party service providers
- Ensuring transfers comply with GDPR adequacy decisions where applicable
- Technical and organisational security measures appropriate to the risk level
Delivery partner information sharing is the minimum necessary to physically deliver your gift and is governed by strict data processing agreements.
Security
We take the security of your personal data seriously and implement industry-standard technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.
Our Security Measures Include:
- SSL/TLS encryption on all pages and data transmission (https://)
- PCI DSS compliance for payment processing — card data is handled by certified payment gateways
- Encrypted password storage — passwords are hashed and never stored in plain text
- Access controls — staff access to personal data is limited on a need-to-know basis
- Regular security audits and vulnerability assessments of our platform
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that poses a high risk to your rights, we will notify you and relevant authorities as required by law.
Protect your own account
Use a strong, unique password for your ExpressLuv account. Never share your login credentials. If you suspect unauthorised access, contact us immediately at support@expressluv.com.
Third-Party Links & Services
Our Platform may contain links to third-party websites, social media platforms, and embedded services (such as WhatsApp chat, review platforms like Trustpilot and Judge.me). This Privacy Policy applies only to ExpressLuv's Platform.
We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any external site you visit. Clicking on a third-party link will take you away from our Platform.
- Social media sharing buttons (Facebook, Instagram, Twitter/X) may track your activity independently
- Embedded maps (Google Maps) are governed by Google's Privacy Policy
- Review widgets (Judge.me, Trustpilot) have their own data practices
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify registered users via email for significant changes
- Display a prominent notice on our Platform for 30 days
Your continued use of our Platform after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically to stay informed.
Contact Us — Privacy Requests
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us through any of the channels below. We take all privacy enquiries seriously and will respond within 48 hours on business days.
Vancouver, BC V6Z 1L7
Canada
If you are located in the European Economic Area and believe your privacy rights under the GDPR have been violated, you also have the right to lodge a complaint with your local data protection authority (DPA).