Privacy policy

Last updated: May 17, 2026

Warmify Lab (“Warmify Lab”, “we”, “us”, or “our”) operates the online store and website at warmifylab.com, together with all related content, features, tools, products, and services (the “Services”). Our store is powered by Shopify, which provides the ecommerce infrastructure that enables us to sell products and deliver services to you.

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit or use the Services, make a purchase, or otherwise communicate with us. It applies to all users of our Services, regardless of where you are located.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If there is any conflict between this Privacy Policy and our Terms of Service, this Privacy Policy governs the handling of your personal information.

2. Personal Information We Collect or Process

When we use the term “personal information,” we are referring to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that is collected anonymously or that has been de-identified so that it cannot identify or be reasonably linked to you.

We may collect or process the following categories of personal information, including inferences drawn from this personal information, depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

• Contact details including your name, billing address, shipping address, phone number, and email address.

• Financial information including payment card details, financial account information, transaction details, form of payment, payment confirmation, and other payment information. We do not store full credit or debit card numbers on our servers – all card data is handled by our payment processors in accordance with PCI-DSS standards.

• Account information including your username, password (stored in hashed form), security questions, preferences, and settings.

• Transaction information including the items you view, add to your cart, purchase, return, exchange, or cancel, and your past transaction history.

• Communications with us including the information you include in messages to us, for example when sending a customer support enquiry, leaving a product review, or responding to a survey.

• Device information including information about your device, browser, or network connection, your IP address, approximate location derived from IP, and other unique identifiers.

• Usage information including information about how and when you interact with or navigate the Services, pages viewed, time spent, and referring websites or search terms.

• Marketing information including your email address or phone number where you have opted in to receive marketing communications from us, and your marketing preferences and opt-out status.

We do not intentionally collect sensitive information (such as health data, government identifiers, or financial account credentials) unless strictly required to fulfil a specific service. Where we do need to collect such information, we will seek your explicit consent and apply heightened protections.

3. How We Collect Personal Information

We collect personal information from different sources depending on how you interact with us:

• Directly from you, when you place an order, create an account, subscribe to marketing communications, contact customer support, participate in a promotion or survey, or otherwise provide information through the Services.

• Automatically through the Services, using cookies, log files, pixels, web beacons, and analytics tools. These technologies collect device and usage information as described above. See Section 6 (Cookies and Tracking Technologies) for more detail.

• From service providers, including Shopify and other providers that support payments, fulfilment, analytics, marketing, and fraud prevention, who may share information with us in connection with the services they perform on our behalf.

• From third parties, such as advertising platforms (e.g. Google, Meta) and analytics providers. We only use information from third parties where permitted by applicable law.

4. How We Use Personal Information

We use the personal information we collect to operate and improve our business. Specifically, we use your information for the following purposes:

• Providing and fulfilling the Services, including processing orders and payments, arranging shipping and delivery, managing returns and exchanges, maintaining your account, and providing customer support.

• Improving the Services, including analysing how customers browse and interact with our store, understanding preferences and trends, and improving our products, website design, and functionality.

• Marketing and advertising, including sending marketing emails or SMS messages where you have consented or where permitted by applicable law, displaying personalised advertisements on third-party platforms, and measuring the effectiveness of our advertising. You can opt out of marketing at any time – see Section 11.

• Fraud prevention and security, including detecting and preventing fraudulent transactions, securing accounts and payments, and monitoring for suspicious or unauthorised activity.

• Legal compliance, including complying with applicable laws and regulations, responding to lawful requests from authorities, enforcing our Terms of Service, and establishing or defending legal claims.

Legal Bases for Processing (EEA and UK Users)

Where the GDPR or UK GDPR applies to our processing of your personal information, we rely on the following legal bases:

• Contract performance – to process your orders and provide the Services you have requested.

• Legitimate interests – for fraud prevention, security, analytics, and improving the Services, where our interests are not overridden by your rights.

• Consent – for marketing communications and certain cookies.

• Legal obligation – where processing is required by applicable law.

Where we rely on legitimate interests, you have the right to object to that processing. See Section 11 for how to exercise your rights.

5. How We Share Personal Information

We do not sell your personal information in the traditional sense. However, certain sharing with advertising partners may constitute a “sale” or “sharing” of personal information under applicable privacy laws such as the CCPA/CPRA. We share personal information only in the following circumstances:

• Shopify. Our store is hosted by Shopify Inc., which processes personal information to provide ecommerce infrastructure, support payments and checkout, enable analytics, and support fraud prevention. Shopify may also process certain data independently as a data controller under its own privacy practices. For more information, visit

For more information about how Shopify handles your data, visit shopify.com/legal/privacy.

• Service providers. We share information with third-party providers that help us operate the business, including payment processors (e.g. Stripe, PayPal, Shopify Payments), fulfilment and shipping carriers, email and SMS marketing platforms, customer support tools, analytics providers, and fraud detection services. These providers may only use your information to perform services on our behalf, under appropriate data processing agreements.

• Advertising and marketing partners. We may share data such as hashed email addresses, pixel data, or device identifiers with advertising partners including Google LLC, Meta Platforms, Inc. (Facebook / Instagram), and TikTok (where applicable), to deliver targeted advertising, measure ad performance, and improve our marketing. This sharing may constitute a “sale” or “sharing” of personal information under the CCPA/CPRA. California residents may opt out – see Section 11.

• Legal and safety requirements. We may disclose personal information where required or permitted by law, including to comply with legal obligations or court orders, respond to lawful requests from law enforcement or government agencies, protect the rights, safety, or property of Warmify Lab or others, or enforce our Terms of Service.

• Business transfers. If Warmify Lab is involved in a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you as required by applicable law, and any successor will be subject to the commitments in this Privacy Policy.

6. Cookies and Tracking Technologies

Like most online stores, we use cookies and similar technologies – including pixels, web beacons, and local storage – to enable core website functionality, remember your preferences, analyse traffic, improve your experience, and deliver and measure personalised advertising.

The cookies we use fall into the following categories:

• Strictly necessary cookies – essential for the website to function, such as shopping cart and session management.

• Functional cookies – to remember your preferences and settings.

• Analytical and performance cookies – to understand how visitors interact with our site.

• Marketing and targeting cookies – to deliver relevant advertising and measure its effectiveness.

You can manage or withdraw consent to non-essential cookies through your browser settings or our cookie preference centre where available. Disabling certain cookies may affect website functionality.

We do not currently respond to “Do Not Track” browser signals. Where required by applicable law, we do support Global Privacy Control (GPC) signals.

7. Behavioural Advertising

We may use your personal information to show you targeted advertising on platforms such as Google and Meta, based on your browsing behaviour and interactions with our store. You can opt out of interest-based advertising through the following links:

• Google Ads Settings: https://adssettings.google.com

• Meta Ads Settings: https://www.facebook.com/settings/?tab=ads

• Network Advertising Initiative: https://optout.aboutads.info

• Your Online Choices (EU/UK): https://www.youronlinechoices.com

Opting out of interest-based advertising does not mean you will stop seeing ads – it means the ads you see will be less tailored to your interests.

8. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected. The length of time we keep your information depends on the type of information and the reason we collected it, but will generally include:

• The duration needed to fulfil your orders and provide the Services.

• The period required to meet our legal, tax, and accounting obligations (typically seven years in Australia).

• The time needed to resolve disputes and enforce our agreements.

When personal information is no longer required for these purposes, we securely delete, anonymise, or destroy it. If you request deletion of your personal information, we will action your request subject to our legal obligations – some information may be retained in anonymised or aggregated form.

9. International Data Transfers

Warmify Lab is based in Australia and operates globally. When you use our Services, your personal information may be transferred to and processed in countries outside your country of residence – including Australia, the United States, Canada, the European Union, and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from your own.

Where required by law, we take appropriate steps to ensure your information remains protected, including through Standard Contractual Clauses for EEA and UK transfers, data processing agreements with service providers, and other legally recognised transfer mechanisms.

10. Security

We implement reasonable technical and organisational security measures to protect your personal information from unauthorised access, disclosure, alteration, and destruction. These include SSL/TLS encryption for data in transit, secure hosting infrastructure provided by Shopify, access controls and role-based permissions, fraud detection systems, and regular security reviews.

No method of transmission over the internet or electronic storage is completely secure. While we do our best to protect your information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and relevant authorities as required by applicable law.

You are responsible for keeping your account credentials secure. Please contact us immediately at contact@warmifylab.com if you suspect any unauthorised access to your account.

11. Your Rights and Choices

Depending on where you live, you may have certain rights regarding your personal information. These may include the right to access the personal information we hold about you, correct inaccurate or incomplete information, request deletion of your information (subject to legal obligations), restrict or object to certain processing, receive your data in a portable format, and withdraw your consent where processing is based on consent.

To exercise any of these rights, please contact us at contact@warmifylab.com. We may need to verify your identity before processing your request, and we will respond within 30 days or as required by applicable law. We will not discriminate against you for exercising your privacy rights.

Marketing Opt-Out

You can opt out of marketing communications at any time by clicking “Unsubscribe” in any marketing email, replying “STOP” to any marketing SMS, or contacting us at contact@warmifylab.com.

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we have collected, disclosed, sold, or shared; request deletion or correction of your personal information; opt out of the “sale” or “sharing” of your personal information for cross-context behavioural advertising; limit the use of sensitive personal information; and not be discriminated against for exercising these rights.

To opt out of the sale or sharing of your personal information, contact us at contact@warmifylab.com or use the “Do Not Sell or Share My Personal Information” link on our website.

EEA and UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the GDPR or UK GDPR as described above. You also have the right to lodge a complaint with your local supervisory authority – in the EU, your national data protection authority (see edpb.europa.eu for a directory), or in the UK, the Information Commissioner’s Office (ico.org.uk).

Australian Residents (Privacy Act 1988)

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You may contact us at any time to access or correct your personal information or to make a privacy complaint. If your complaint is not resolved to your satisfaction, you may escalate it to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

12. Children’s Privacy

Our Services are not directed to individuals under the age of 16, or the applicable age of digital consent in your jurisdiction. We do not knowingly collect personal information from children without verifiable parental or guardian consent. If we become aware that we have collected personal information from a child, we will take prompt steps to delete it. If you believe we may have collected information from a child, please contact us at contact@warmifylab.com.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, platforms, or services that are not operated by us. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by Warmify Lab through our Services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services we offer, legal requirements, or for other operational reasons. When we make changes, we will post the updated version on this page and revise the “Last updated” date at the top. For material changes, we will provide more prominent notice, such as by email or a notice on our website. Your continued use of the Services after any update constitutes your acceptance of the revised Privacy Policy.