Privacy Policy
Last Updated: March 2026
LarnaLabs (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at larnalabs.com and related services. It also describes your rights under applicable data protection law, including the General Data Protection Regulation (GDPR) where applicable.
By using our Site or purchasing our products, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
LarnaLabs acts as the data controller for personal data processed through this Site. Our designated Data Protection contact can be reached at [email protected]. We respond to all privacy-related inquiries within 30 days.
2. What Data We Collect
We collect the following categories of personal data:
Account and Contact Information
- Full name
- Email address
- Phone number (if provided)
- Institutional or company affiliation
- Username and encrypted password
Order and Transaction Data
- Billing address and shipping address
- Order history and product selections
- Payment confirmation records (we do not store full card numbers; payment processing is handled by PCI-compliant third-party processors)
- Correspondence related to orders, returns, or complaints
Browsing and Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Pages visited, time on site, referral source
- Cookie identifiers (see Section 9)
Communications Data
- Emails and messages you send to our support team
- Feedback, survey responses, or reviews you voluntarily submit
3. How We Use Your Data
We process your personal data for the following purposes:
- Order Processing and Fulfillment: To process your purchase, arrange delivery, send order confirmations and tracking updates, and handle returns or refunds.
- Account Management: To create and maintain your account, authenticate your identity, and provide access to order history.
- Customer Support: To respond to your inquiries, resolve disputes, and provide technical assistance.
- Legal Compliance: To verify eligibility, comply with record-keeping obligations, respond to lawful requests from authorities, and enforce our Terms of Service.
- Site Improvement: To analyze usage patterns, diagnose technical issues, and improve site performance and user experience.
- Communications: To send transactional emails, important policy updates, and — with your consent — occasional research-relevant product updates or newsletters.
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area, the United Kingdom, and other jurisdictions with similar data protection frameworks, we process your data on the following legal bases:
- Contract Performance (Article 6(1)(b) GDPR): Processing necessary to fulfill your order, manage your account, and provide customer support.
- Legal Obligation (Article 6(1)(c) GDPR): Processing required to comply with applicable laws, including financial record-keeping, fraud prevention, and regulatory requirements.
- Legitimate Interests (Article 6(1)(f) GDPR): Processing for site security, fraud detection, and service improvement, where these interests are not overridden by your rights.
- Consent (Article 6(1)(a) GDPR): For non-essential cookies and optional marketing communications. You may withdraw consent at any time without affecting prior processing.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to any third party. We share data only in the following circumstances:
- Payment Processors: We use PCI-DSS-compliant third-party payment processors. They receive only the data necessary to process your transaction.
- Shipping and Logistics Partners: We share your name and delivery address with courier services and fulfillment partners solely to ship your order.
- IT and Hosting Providers: Our website hosting and infrastructure providers may process data as data processors acting under our instructions and bound by data processing agreements.
- Legal Requirements: We may disclose data if required by law, court order, or government authority, or to protect the rights, property, or safety of LarnaLabs, our customers, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same privacy protections.
Any third party with whom we share data is contractually required to process it only as instructed by us and to implement appropriate security measures.
6. Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this Policy or as required by law:
- Account data: Retained for the duration of your account plus 3 years after account closure or last activity.
- Order and transaction records: Retained for a minimum of 7 years for tax, accounting, and legal compliance purposes.
- Customer support correspondence: Retained for 3 years from the date of last contact.
- Browsing and analytics data: Aggregated or anonymized data may be retained indefinitely; identifiable browsing data is retained for no longer than 26 months.
- Consent records: Retained for the duration of the consent plus 3 years.
When data is no longer required, it is securely deleted or anonymized.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete data.
- Right to Erasure: You may request deletion of your data where it is no longer necessary, where consent is withdrawn, or where processing is unlawful, subject to our legal obligations to retain certain records.
- Right to Data Portability: You may request your data in a structured, machine-readable format for transfer to another service.
- Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
- Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. Security Measures
We implement industry-standard technical and organizational measures to protect your personal data, including:
- TLS/SSL encryption for all data transmitted between your browser and our Site.
- Encrypted storage of passwords using modern hashing algorithms.
- Access controls limiting data access to authorized personnel only, on a need-to-know basis.
- Regular security reviews and vulnerability assessments.
- Incident response procedures to detect and address data breaches promptly.
While we take data security seriously, no method of electronic transmission or storage is 100% secure. We encourage you to use strong, unique passwords and to contact us immediately if you suspect unauthorized access to your account.
9. Cookie Policy
We use cookies and similar tracking technologies on our Site. Cookies are small text files stored on your device that help us operate the Site and improve your experience.
Types of Cookies We Use
- Strictly Necessary Cookies: Essential for the Site to function, including session management, shopping cart functionality, and secure login. These cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our Site, which pages are visited most, and where improvements are needed. These are only set with your consent.
- Functional Cookies: Remember your preferences such as language, currency, and notification settings. Set with your consent.
- Marketing Cookies: Used to deliver relevant content. We do not currently use third-party advertising cookies.
You can manage your cookie preferences through your browser settings or our cookie consent tool at any time. Note that disabling certain cookies may affect Site functionality.
10. International Data Transfers
LarnaLabs may transfer personal data to service providers located outside your country of residence. Where data is transferred outside the European Economic Area, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or equivalent protections under applicable law. You may request information about international transfer safeguards by contacting [email protected].
11. Children’s Privacy
Our Site and products are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete it promptly. If you believe we have inadvertently collected data from a minor, please contact us at [email protected].
12. Third-Party Links
Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.
13. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the Last Updated date at the top of this page and, where appropriate, notify you by email. We encourage you to review this Policy regularly.
14. Contact and Data Protection Officer
For privacy-related questions, requests to exercise your rights, or concerns about our data handling practices, please contact:
We are committed to resolving privacy concerns promptly and will respond to all data subject requests within 30 days. If you are not satisfied with our response, you have the right to contact your national data protection supervisory authority.
Related Resources
