Privacy policy

Last updated: April 2026

Controller: Dermeva Beauty Group Inc., a Delaware corporation, with its registered place of business at 132 Christiana Mall, Newark, DE 19702, United States ("Dermeva", "we", "us").

Contact: support@getdermeva.com

This Privacy Policy explains how we collect, use, share, and protect personal information when you visit our online store, place an order, contact our support team, or interact with our marketing. It applies to customers and visitors in the United States, the United Kingdom, and Canada and is written to satisfy the EU/UK General Data Protection Regulation ("UK GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA") and other US state privacy laws, and the Personal Information Protection and Electronic Documents Act ("PIPEDA") in Canada.

1. Information We Collect

Information you provide

• Order and account data: name, billing and shipping address, email, phone, order history, account credentials.
• Payment data: card details and billing information are entered directly with our payment processors (Shopify Payments, PayPal, Apple Pay, Google Pay, Shop Pay). We do not store full card numbers.
• Customer support data: contents of emails, chat messages, photos, and any information you choose to send us.
• Marketing data: email address, marketing preferences, survey or review responses.

Information collected automatically

• Device and browsing data: IP address, browser type, operating system, device identifiers, referring URL, pages viewed, clickstream activity.
• Cookies and similar technologies: see our Cookie Policy at /pages/cookie-policy.

Information from third parties

• Order, fraud, and shipping confirmations from payment processors and carriers.
• Authentication confirmations from accelerated checkout providers.
• Aggregated audience and conversion data from advertising partners.

2. How We Use Your Information

• Fulfil your order — payments, shipping, notifications, returns.
• Provide customer service.
• Operate and improve the store — analytics on traffic and product interest.
• Send marketing communications where you have opted in (or under the UK soft opt-in for similar products to existing customers). Unsubscribe at any time.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations (tax, accounting, consumer protection, law-enforcement requests).

3. Lawful Bases (UK and EU Customers)

Where the UK GDPR applies we rely on: contract (to fulfil your order); legitimate interests (to operate, secure and improve the store, prevent fraud, and where permitted, contact existing customers about similar products); consent (for non-essential cookies and marketing emails to non-customers); and legal obligation (tax, accounting, regulatory).

4. Sharing Your Information

We do not sell your personal information for money. We share it only with:

• E-commerce platform: Shopify Inc. (Canada).
• Payment processors: Shopify Payments, PayPal, Apple, Google.
• Shipping carriers and fulfilment partners.
• Email/SMS providers (e.g. Klaviyo).
• Analytics and advertising partners (Google, Meta, TikTok). Some sharing of online identifiers may constitute a "sale" or "sharing" under California law; you can opt out in our footer or by enabling Global Privacy Control.
• Professional advisers under duty of confidence.
• Government and law-enforcement bodies where required.
• Successors in interest if we reorganise, merge, or sell part of our business.

5. International Transfers

We are based in the United States. Information from the UK, EEA, or Canada is transferred to and processed in the United States and other countries where our service providers operate. Where required, we rely on the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or comparable safeguards.

6. Retention

Order, accounting, and tax records: 6–7 years (legal requirement). Account information: while your account is active and a reasonable period after. Marketing data: until you unsubscribe. Customer-service correspondence: up to 3 years.

7. Your Rights

Depending on where you live: access, correction, deletion (subject to legal retention), restriction or objection, portability, withdraw consent, opt out of "sale"/"sharing" and targeted advertising (US state laws), non-discrimination, and the right to lodge a complaint with your data-protection authority (UK ICO, your provincial Privacy Commissioner in Canada, or your US state Attorney General).

To exercise any of these rights, email support@getdermeva.com with the subject "Privacy Request". We verify your identity and respond within the period required by your local law (usually 30 to 45 days).

8. Children

Our store is intended for adults (18+). We do not knowingly collect personal information from children under 16.

9. Security

TLS encryption in transit, access controls, PCI-DSS compliant payment processing. If we become aware of a breach affecting your personal information, we will notify you and the relevant regulators where required by law.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via the store and, where appropriate, by email.

Contact

Email: support@getdermeva.com

Mail: Dermeva Beauty Group Inc., 132 Christiana Mall, Newark, DE 19702, United States.