Privacy Policy

This Privacy Policy explains how Goldylost Hair Pty Ltd ("Goldylost", "Goldylost Hair", "we", "us", and "our") collects, uses, shares, and protects your personal information when you visit our website at www.goldylost.com, create an account with us, place an order, contact our team, or otherwise interact with us.

By visiting our website, creating an account, placing an order, subscribing to our marketing communications, or otherwise providing your personal information to us, you acknowledge that you have read this Privacy Policy and you consent to the collection, use, and disclosure of your personal information as described here.

This Privacy Policy applies in addition to our Terms and Conditions and our Shipping Policy. Where any inconsistency arises in relation to your privacy specifically, this Privacy Policy controls.

We have written this Policy with the privacy laws that apply to us in mind, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles for Australian customers; the California Consumer Privacy Act and the California Privacy Rights Act for California residents and applicable laws of other US states; and the Personal Data Protection Act 2012 of Singapore from the date Goldylost International Pte Ltd becomes the contracting party for sales to Singapore residents.

1. About This Privacy Policy

Goldylost Hair Pty Ltd is the entity responsible for the personal information collected through this website. When you provide personal information to us, you trust us with it, and we treat that responsibly.

For any question about this Privacy Policy, or to exercise any of the rights described in Section 8, please contact us at contact@goldylost.com.

2. Information We Collect

We collect personal information that you provide to us directly, information that is collected automatically when you use our website, and information that we receive about you from third parties.

Information you provide to us. When you create an account, place an order, contact our customer service team, or interact with us in other ways, you may provide us with information such as: your name; email address; postal and shipping addresses; telephone number; account login details; marketing preferences; order and purchase history; details of your communications with us; product reviews and feedback; and photographs that you choose to send us for shade matching or styling advice. Card and payment details are handled directly by our PCI-compliant payment processors (Shopify Payments, Stripe, and similar providers) and we do not see, store, or process full card numbers ourselves.

Information collected automatically. When you visit our website, we and our service providers may automatically collect information about your visit, including your IP address; device type, operating system, and browser; the pages you view; the products you look at and the items you place in your basket; the website that referred you to us; and your approximate location based on IP. This information is collected through cookies and similar technologies, as described in Section 4.

Information from third parties. We may receive information about you from third parties such as our shipping carriers (delivery status updates), our payment processors (transaction outcomes and fraud signals), our advertising partners (audience-matching and attribution data), and other publicly available sources.

Sensitive information. We do not generally seek sensitive information from you. However, you may choose to share information that is sensitive in nature when you correspond with our team — for example, you may tell us about hair loss, alopecia, a medical treatment, or another health-related circumstance when seeking advice on a wig or topper. If you choose to share that kind of information with us, we treat it as confidential and use it only to help you with your inquiry, unless you have asked us to use it for another specific purpose. We do not knowingly collect sensitive information by other means, and we ask that you only share what you are comfortable sharing.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To provide our products and services to you, including processing your orders, taking payment, arranging delivery, and handling returns and exchanges;
  • To communicate with you about your orders, including order confirmations, shipping notifications, delivery updates, and post-purchase follow-up;
  • To provide customer service and respond to your questions, requests, and complaints;
  • To send you marketing communications about Goldylost products, promotions, new arrivals, and events that we think you will enjoy, by email, SMS, and on the social and advertising platforms described in Section 5;
  • To personalize your experience on our website, including showing you products and content that are likely to be relevant to you;
  • To improve our website, our products, and our customer experience, including by understanding how visitors find and use our site;
  • To prevent, detect, investigate, and respond to fraud, chargebacks, security incidents, and abuse of our website;
  • To comply with our legal, regulatory, accounting, and tax obligations; and
  • To run and protect our business, including for accounting, audit, professional advice, dispute resolution, and corporate transactions.

By providing your email address or telephone number to us — for example, when you place an order, create an account, or subscribe to our newsletter — you consent to receiving marketing communications from us about Goldylost products, offers, and updates. You can opt out of marketing communications at any time using the methods set out in Section 8.

4. Cookies and Tracking Technologies

What cookies are. Cookies are small text files that are placed on your device when you visit a website. They allow the website to recognize your device and remember information about your visit. Similar technologies — including pixels, web beacons, and software development kits — work in similar ways. In this Policy, we refer to all of these as "cookies".

How we use cookies. Like most online services, we and our service providers use first-party and third-party cookies on our website. Some are essential to the operation of the website; others help us understand how the website performs, keep our services secure, and provide advertising and content that is relevant to you.

Your consent to cookies. By visiting and continuing to use our website, you consent to our use of cookies and similar technologies as described in this Section. You can withdraw your consent at any time by adjusting your browser settings to block or delete cookies, as described below — though doing so may affect the functionality of our website.

Categories of cookies we use.

  • Essential cookies — strictly necessary for the website to function, including maintaining your session, allowing you to log in to your account, adding products to your basket, and completing checkout securely.
  • Analytics and statistics cookies — help us understand how visitors find and use our website (number of visitors, pages viewed, source of visit, etc.) so we can improve it.
  • Marketing and advertising cookies — used to personalize the advertisements and content we show you, including on Meta (Facebook and Instagram), Google, TikTok, Reddit, and other advertising platforms, and to measure the effectiveness of our campaigns.
  • Functional cookies — support non-essential features such as embedded content (e.g., videos) and social-media sharing.
  • Preferences cookies — remember settings such as your language and region, so you have a more efficient experience on future visits.

Third-party cookies. Our website is hosted on Shopify, and analytics, advertising, and marketing cookies are also placed by service providers including Shopify, Google (including Google Analytics and Google Ads), Meta (Facebook and Instagram advertising), TikTok and Reddit (where active), and Klaviyo (email and SMS marketing). These third parties may use the data they collect to show you advertising on other websites. Their use of your information is governed by their own privacy policies, which we encourage you to review.

How to manage cookies. Most browsers allow you to view, manage, block, and delete cookies through their settings. The procedure varies by browser — please consult your browser's help documentation for instructions. You can also find general guidance on managing cookies at sites such as www.allaboutcookies.org.

5. Who We Share Your Information With

We share personal information with the following categories of recipients, in each case only to the extent reasonably necessary for the purposes set out in this Policy:

  • E-commerce and platform providers — Shopify, which hosts our online store and provides analytics, payment, and pixel-tracking infrastructure;
  • Payment processors — Shopify Payments, Stripe, and similar providers, who handle card payments on our behalf;
  • Email and SMS marketing providers — Klaviyo, which sends our marketing and transactional emails and SMS messages;
  • Advertising and analytics partners — Meta (Facebook and Instagram), Google (Analytics and Ads), TikTok, Reddit, and similar platforms, where active;
  • Shipping and logistics providers — Australia Post, DHL Express, FedEx, and similar carriers;
  • Our affiliates — Goldylost Hair LLC (our United States affiliate, operating our Doral boutique), Goldylost International Pte Ltd (our Singapore affiliate, from the date it becomes operational), and any future Goldylost group entity;
  • Professional advisers — accountants, auditors, lawyers, tax advisers, insurers, and similar professionals, where appropriate;
  • Regulators and authorities — government, regulatory, law-enforcement, and tax authorities, where required or permitted by law;
  • Business successors — in connection with a sale, merger, restructure, or similar corporate transaction involving Goldylost or any of its assets, including the planned consolidation of Goldylost group intellectual property under Goldylost International Pte Ltd; and
  • Other third parties with your consent, or where you have asked us to share your information.

We do not sell your personal information for monetary value. We do, however, share information with our advertising and analytics partners (such as Meta, Google, TikTok, and Reddit) in ways that may constitute "sharing" or "selling" under certain US state privacy laws, including the California Consumer Privacy Act and the California Privacy Rights Act. California residents have the rights set out in Section 8.

6. International Data Transfers

Goldylost is headquartered in Sydney, Australia. Our service providers and affiliates are located in a number of countries, including Australia, the United States, Canada, Singapore, and others. As a result, your personal information may be transferred to, stored in, and processed in countries other than the country in which you live, and the data-protection laws of those countries may differ from the laws of your country.

Where we transfer personal information overseas, we take reasonable steps to ensure that an adequate level of protection is maintained, including through contractual safeguards with our service providers, and by selecting providers whose security and privacy practices meet our expectations. By using our website and providing your personal information to us, you consent to the transfer of your information to the countries described in this Section.

7. How Long We Keep Your Information, and How We Keep It Safe

Retention. We keep your personal information for as long as it is reasonably needed for the purposes for which it was collected, and as required to meet our legal, accounting, tax, and regulatory obligations. As a general guide:

  • Account, order, and payment records — generally seven (7) years, in line with our tax and accounting obligations;
  • Customer service correspondence — generally up to five (5) years;
  • Marketing data — until you opt out, plus a reasonable cleanup period;
  • Cookie data and analytics — generally up to twenty-six (26) months for analytics cookies, with shorter periods for many marketing and session cookies.

When personal information is no longer needed for the purpose for which it was collected, we take reasonable steps to destroy or de-identify it.

Security. We take reasonable steps to protect your personal information from misuse, loss, and unauthorized access, modification, and disclosure. These steps include using reputable service providers with established security practices (such as Shopify and Stripe), restricting access to your information to staff and providers who need it, and using encryption for sensitive data in transit.

Data breaches. No system is perfectly secure. In the unlikely event of an eligible data breach affecting your personal information, we will notify you and, where required, the Office of the Australian Information Commissioner or any other relevant regulator, in accordance with the Notifiable Data Breaches scheme under the Privacy Act and any equivalent obligations under other applicable laws.

8. Your Privacy Rights

You have rights in relation to your personal information. The rights available to you depend on where you live and which laws apply to you. To exercise any right described below, please contact us at contact@goldylost.com. We may need to verify your identity before processing your request.

Marketing opt-out (all customers). You can opt out of our marketing communications at any time by clicking the unsubscribe link in any marketing email, replying STOP to any marketing SMS, or emailing us at contact@goldylost.com. Even after you opt out of marketing, we may still send you transactional messages about your orders.

Australian customers. Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the right to request access to the personal information we hold about you, and the right to request correction of any information that is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to your request within a reasonable time. We may charge a reasonable cost-recovery fee for access requests where one is permitted by law.

California residents. Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have the right to know what categories and specific pieces of personal information we have collected about them, the right to request deletion of personal information, the right to request correction of inaccurate personal information, the right to opt out of the "sale" or "sharing" of personal information, and the right to limit our use and disclosure of sensitive personal information. To exercise any of these rights, including to opt out of the sharing of your information for cross-context behavioral advertising (which includes the categories of advertising and analytics cookies described in Section 4), please email us at contact@goldylost.com with the subject line "California Privacy Request". We do not knowingly sell or share for cross-context behavioral advertising the personal information of consumers under sixteen (16) years of age.

Singapore residents. From the date Goldylost International Pte Ltd becomes the contracting party for sales to Singapore residents, the Personal Data Protection Act 2012 (Singapore) will apply. Under the PDPA, you have the right to request access to and correction of personal information we hold about you, and the right to withdraw consent to our continued use of your personal information for any purpose. Singapore residents may also lodge a complaint with the Personal Data Protection Commission of Singapore.

9. Children's Privacy

Our website and products are intended for adult customers and are not directed at children. We do not knowingly collect personal information from children under thirteen (13) years of age, or under sixteen (16) years of age in jurisdictions where that higher age applies. If you believe a child has provided us with personal information, please contact us at contact@goldylost.com and we will take appropriate steps to delete it.

10. Updates, Complaints, and How to Contact Us

Updates. We may update this Privacy Policy from time to time, at our discretion. The most current version will always be available on this page. Where we make a change that materially affects how we handle your personal information, we will indicate the change by such notice as we consider appropriate, for such period as is reasonable in the circumstances. Your continued use of our website following the posting of any update constitutes your acceptance of the updated Policy.

Complaints. If you believe we have not handled your personal information in accordance with this Privacy Policy or the law that applies to you, please contact us first at contact@goldylost.com so that we can investigate and respond. If you are not satisfied with our response, you may lodge a complaint with your local privacy regulator — for Australian customers, the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au; and for Singapore residents (once Goldylost International Pte Ltd is operational), the Personal Data Protection Commission.

Contact us. For any question about this Privacy Policy, or to exercise any of your privacy rights, please contact us at contact@goldylost.com.

NEVER MISS WHAT MATTERS

Your hair confidence
starts in your inbox

New arrivals. Exclusive sales. Nothing you'll want to miss. Join our list and get first access to new collections, restocks, and members-only offers.

Please enter your name
Please enter a valid email

Unlock early access, VIP offers, and restock alerts by SMS.

Please enter a valid phone number
Something went wrong. Please try again.

We respect your privacy & will never share your details.

Welcome!

You're on the list. Expect exclusive tips,
new arrivals and offers in your inbox soon.

Step 1 of 2