Privacy policy

PRIVACY POLICY

Last updated: April 20, 2026

This Privacy Policy explains how Lost Gen Club ("we", "us", or "our") collects, uses, and shares your personal information when you visit lostgenclub.com, including all regional storefronts and subdomains (such as us.lostgenclub.com, mx.lostgenclub.com, au.lostgenclub.com, and account.lostgenclub.com), and any other websites, mobile applications, or related services we operate (collectively, the "Site"), purchase our products, subscribe to our communications, or otherwise interact with us. It also describes your rights under applicable privacy laws, including the EU/UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the California Invasion of Privacy Act (CIPA), Mexico's Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), and other U.S. state privacy laws.

For details about our use of cookies and similar technologies, please see our separate Cookie Policy.

1. Information we collect

We collect the following categories of personal information:

  • Identity and contact data: name, email address, phone number, billing and shipping address.

  • Order and transaction data: products purchased, order history, customer number, returns, and payment confirmations. We do not store full payment card numbers — payments are handled directly by our payment providers.

  • Account data: if you create an account, your login credentials and account preferences.

  • Communications: messages you send us through contact forms, email, customer service channels, our live chat, or social media.

  • Reviews and user-generated content: if you submit a product review, your name, email, review content, and any associated metadata.

  • Marketing preferences: your subscription status and your interactions with our marketing emails.

  • Device and usage data: IP address, browser type, device type, operating system, referring URLs, pages viewed, time spent, clickstream data, marketing attribution data, and approximate location derived from your IP address.

We do not record or replay your individual browsing sessions, and we do not intentionally collect sensitive personal information as defined under applicable laws (such as government IDs, racial or ethnic origin, precise geolocation, or biometric data).

2. Sources of personal information

We collect personal information from the following sources:

  • Directly from you when you place an order, create an account, subscribe to our newsletter, contact us, submit a review, or interact with the Site.

  • Automatically when you browse the Site, through cookies, pixels, and similar technologies.

  • From third parties, including our payment processors (payment confirmation and fraud prevention), our advertising and analytics partners (interactions with our ads and content), our affiliate networks (referrals and conversion tracking), and social media platforms (limited public profile information when you interact with us).

3. How we use your information and our legal basis

We use your personal information for the following purposes. Under the GDPR, our legal basis for each purpose is identified in parentheses.

  • Order fulfillment: to process and ship orders, manage returns, provide customer service, and send shipping and delivery updates (performance of a contract).

  • Account management: to create and maintain your account (performance of a contract).

  • Site operation, security, and improvement: to operate, maintain, secure, and improve the Site, including checkout optimization and product reviews (legitimate interest).

  • Marketing communications: to send newsletters and promotional offers (consent, or legitimate interest for existing customers where permitted by law).

  • Personalized advertising: to show you relevant ads on third-party platforms, including through audience segmentation and lookalike modeling (consent).

  • Analytics, marketing attribution, and product improvement: to understand how visitors use the Site, attribute conversions across marketing channels, and improve our products and user experience (consent for non-essential cookies / legitimate interest).

  • Affiliate and referral programs: to operate and track our affiliate, influencer, and referral programs (legitimate interest / consent for cookies).

  • Fraud prevention: to detect, prevent, and respond to fraud, security threats, and unlawful activity (legitimate interest / legal obligation).

  • Legal compliance: to comply with tax, accounting, consumer protection, and other legal obligations (legal obligation).

  • Legal claims: to establish, exercise, or defend legal claims (legitimate interest).

4. Automated decision-making and profiling

We use automated tools to segment audiences, personalize marketing, attribute conversions, and serve relevant advertising. These activities may involve profiling based on your interactions with the Site and our marketing communications.

These activities do not produce legal or similarly significant effects on you. You have the right to object to such processing at any time, including by withdrawing your consent to non-essential cookies and unsubscribing from marketing communications.

5. Who we share your information with

We do not sell your personal information for monetary compensation. We share personal information with the following categories of recipients, each of which processes only the data necessary to perform their service and is bound by appropriate contractual data protection obligations.

5.1 Principal service providers

Our principal service providers include:

  • E-commerce platform and payments: Shopify (e-commerce hosting and Shopify Payments) and PayPal.

  • Email marketing: Klaviyo.

  • Customer service and live chat: RichPanel.

  • Advertising and analytics: Google (Analytics, Ads, YouTube), Meta (Facebook and Instagram advertising), TikTok, and Pinterest.

5.2 Other categories of service providers

We also share personal information with service providers in the following categories, including but not limited to the providers identified as examples:

  • Marketing analytics and attribution platforms (such as Triple Whale).

  • Affiliate and influencer marketing networks (such as Awin, Rakuten Advertising, and UpPromote). Some of these networks may receive identifiers and contact information (such as email and name) when attribution is required for commission tracking, in accordance with their respective privacy policies.

  • Product review platforms (such as Judge.me).

  • Checkout and conversion optimization tools (such as Zipify One Click Upsell).

  • Order tracking and shipment notification tools (such as ParcelPanel).

  • Logistics: shipping carriers and our third-party fulfillment partner.

  • IT, hosting, security, and fraud prevention providers.

5.3 Other recipients

  • Professional advisors, such as lawyers, accountants, tax advisors, and auditors.

  • Government and law enforcement authorities, where required by law, court order, or to protect our rights.

  • Successors in interest, in connection with a merger, acquisition, financing, or sale of business assets.

Updated list of service providers. We periodically review and update the service providers we work with. For a complete and current list, please contact us at legal@lostgenclub.com.

Some of our advertising and analytics partners may process your data in ways that qualify as "sharing" or "sale" under California and certain U.S. state laws (e.g., for cross-context behavioral advertising). You can opt out as described in Section 9.

6. International data transfers

Your personal information may be transferred to and processed in the United States and other countries where our service providers operate, including Canada, the European Union, the United Kingdom, and Singapore. These countries may have data protection laws that differ from those in your country of residence.

Where we transfer personal information from the EEA, the United Kingdom, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards, including:

  • The European Commission's Standard Contractual Clauses (SCCs);

  • The UK International Data Transfer Addendum;

  • Where applicable, the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, as adhered to by certified providers (such as Google and Meta).

You may request a copy of the relevant safeguards by contacting us at the email address in Section 13.

7. Data retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements. Specific retention periods are:

Category of data

Retention period

Order and transaction records

Up to 7 years from the order date, to comply with U.S. tax and accounting obligations.

Account information

For as long as your account is active, plus up to 2 years after closure.

Customer service and live chat communications

Up to 3 years from the last contact.

Marketing data and newsletter subscriptions

Until you unsubscribe or withdraw consent, plus up to 12 months to honor your preferences.

Reviews and user-generated content

For as long as the content is published on the Site, unless removal is requested.

Cookies and analytics data

Between 30 days and 26 months, depending on the specific tool. See our Cookie Policy.

Affiliate and attribution data

Up to 24 months for marketing attribution and affiliate commission tracking.

Fraud prevention and security logs

Up to 2 years from collection.

Legal claims documentation

Until the applicable statute of limitations expires.


When personal information is no longer needed, we delete or anonymize it. Once the retention period has expired, the rights of access, erasure, rectification, and portability cannot be enforced over deleted data.

8. Your rights

Depending on where you reside, you may have the following rights, which we honor in accordance with applicable law:

  • Access — request a copy of the personal information we hold about you.

  • Correction — request that inaccurate or incomplete information be corrected.

  • Deletion — request that we delete your personal information.

  • Portability — receive your information in a structured, commonly used, machine-readable format.

  • Objection or restriction — object to or restrict our processing of your information.

  • Withdraw consent — at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.

  • Opt out of sale, sharing, or targeted advertising — including via the Global Privacy Control (GPC) signal, where required by law.

  • Not be subject to automated decisions that produce legal or similarly significant effects on you.

  • Lodge a complaint with your local data protection authority.

8.1 California residents

Under the CCPA/CPRA, California residents additionally have the right to limit the use and disclosure of sensitive personal information, and the right to be free from discrimination for exercising privacy rights. You may also designate an authorized agent to submit requests on your behalf.

Notice at Collection. In the past 12 months, we have collected the following categories of personal information from California residents: identifiers (name, email, phone, IP address); customer records under Cal. Civ. Code § 1798.80(e) (contact and payment details); commercial information (order history and preferences); internet or other electronic network activity (browsing behavior); approximate geolocation; and inferences drawn from the above. We disclose these categories to the service providers and advertising partners listed in Section 5. We may "share" or "sell" identifiers, internet activity, and inferences with advertising partners for cross-context behavioral advertising. You may opt out using the "Do Not Sell or Share My Personal Information" link on our Site.

8.2 Other U.S. state residents

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, Rhode Island, Nebraska, and Nevada have rights similar to those described above, including the right to opt out of targeted advertising and the right to withdraw consent for processing of sensitive personal information. Residents of Minnesota and Maryland may also request a list of the specific third parties to whom we have disclosed their personal information.

8.3 Mexico residents (LFPDPPP)

Residents of Mexico have ARCO rights — Acceso (Access), Rectificación (Rectification), Cancelación (Cancellation), and Oposición (Objection) — as well as the right to revoke consent and to limit the use or disclosure of personal information. You may file a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (INAI).

8.4 How to exercise your rights

To exercise any of these rights, email us at the address in Section 13 with your name, the right you wish to exercise, and information sufficient for us to verify your identity (typically the email address associated with your account or order). We will respond within the timeframes required by applicable law, generally within one month under the GDPR and 45 days under the CCPA. If we cannot verify your identity or your request is manifestly unfounded or excessive, we may decline to act on it and will explain why.

9. How to opt out

  • Marketing emails: click the "unsubscribe" link at the bottom of any marketing email.

  • Cookies and tracking: use the cookie banner on our Site or your browser settings. See our Cookie Policy for details.

  • Sale or sharing of personal information: use the "Your Privacy Choices" link on the footer of the Site.

  • Targeted advertising on platforms: opt out directly with each platform — Meta (facebook.com/adpreferences), Google (adssettings.google.com), TikTok, and Pinterest — through their ad settings, or via industry tools such as the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA).

  • Global Privacy Control (GPC): we recognize and honor valid GPC signals as opt-out requests where required by applicable law.

10. Notice regarding electronic communications and tracking technologies

This section provides additional disclosures relevant to users in California and other jurisdictions with electronic communications privacy laws, including the California Invasion of Privacy Act (CIPA).

No session recording. We do not record, replay, or capture your individual browsing sessions on the Site, and we do not use session-replay tools that reconstruct user interactions.

Tracking pixels and tags. When you visit the Site and have provided the necessary consent, we use tracking pixels and tags from advertising and analytics partners (including Meta, Google, TikTok, and Pinterest), affiliate networks, and marketing attribution platforms. These technologies transmit information about your interactions with the Site (such as pages viewed, products added to cart, and purchases) to the respective providers, who use this information to measure ad performance, attribute conversions, and serve targeted advertising. By accepting non-essential cookies through our cookie banner, you consent to these transmissions.

Customer service and live chat communications. When you contact us through email, contact forms, or our live chat (powered by RichPanel), we record and retain those communications to provide customer service and improve our products. Live chat conversations are processed and stored by RichPanel as our service provider, under contractual data protection obligations. By initiating a chat or sending us a message, you consent to this recording. We do not share the content of these communications with advertising partners.

Withdrawing consent. You may withdraw consent to the use of tracking pixels at any time through our cookie banner, your browser settings, or by sending a Global Privacy Control (GPC) signal. Withdrawing consent will stop further transmissions but will not affect transmissions already made on the basis of prior consent.

11. Data security

We implement reasonable technical and organizational measures to protect your personal information, including encryption in transit (HTTPS/TLS), access controls, vetted service providers, and PCI-DSS compliance for payment data through our payment providers. However, no method of transmission or storage is fully secure, and we cannot guarantee absolute security.

12. Children's privacy

Our Site is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will delete it. If you believe a child has provided us with personal information, please contact us at the email address in Section 13.

13. Changes and contact

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will post the updated Policy on this page and update the "Last updated" date. Where required by law, we will obtain your consent or provide additional notice.

If you have any questions, comments, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: legal@lostgenclub.com

Postal address:

Lost Gen Club LLC

30 N Gould St, STE R

Sheridan, WY 82801

United States