Open Menu icon

Information you provide to us

How we disclose your information

Privacy Policy

Last Updated: Dec 30, 2025

Expand All
Expand/Collapse Icon

We collect the personal information you provide to us when you purchase our products or visit our website. The categories of information we may collect include:

Consumers

  • Personal Identifiers, including name, email address, postal address, telephone number, and online Identifiers
  • Internet Activity
  • Commercial Information, including purchases
  • Financial Information, including credit or debit card number
  • Location Information, including general location data
  • Physical and Audio Data, including physical characteristics or descriptions and audio recordings
  • Protected Classifications and Other Personal Characteristics, including age and sex, gender, or gender identity
  • Inferences from Other Data, including inferences created from other personal information collected

Spa Visitors

  • Personal Identifiers, including name, email address, and telephone number

Your Privacy Rights (U.S. Residents) 

Depending on your state of residence, you may have the following rights with respect to your personal information: 

  • Right to Know / Access: The right to request information about the categories and specific pieces of personal information we have collected about you, including the sources of that information, the purposes for collecting it, and the categories of third parties with whom we disclose it. 
  • Right to Delete: The right to request that we delete personal information we have collected from you, subject to certain legal exceptions. 
  • Right to Correct: The right to request that we correct inaccurate personal information we maintain about you. 
  • Right to Opt Out of Sale or Sharing: The right to opt out of the sale of your personal information or the sharing of your personal information for crosscontext behavioral advertising. 
  • Right to Limit Use of Sensitive Personal Information: The right to limit our use and disclosure of sensitive personal information to purposes permitted by law. 
  • Right to Data Portability: The right to receive a copy of your personal information in a portable and, to the extent technically feasible, readily usable format. 
  • Right to NonDiscrimination: The right not to receive discriminatory treatment for exercising your privacy rights. 

Sensitive Personal Information 

Certain categories of personal information we collect may be considered Sensitive Personal Information under applicable U.S. privacy laws. This may include: 

  • Financial information (e.g., credit or debit card numbers) 
  • Precise or general location data 
  • Audio recordings 
  • Gender, gender identity, or age 
  • Information related to physical or mental health, where voluntarily provided 

We collect and use Sensitive Personal Information only as reasonably necessary and proportionate to provide our products and services, process transactions, ensure security, comply with legal obligations, and for other permitted business purposes. Where required by law, you may request that we limit the use or disclosure of Sensitive Personal Information. 

Browser Cookies

We use cookies to create a better experience for you on our site. For example, cookies prevent you from having to login repeatedly, and they help us remember items you've added to your cart. We also use third-party cookies, which are cookies placed by third parties for advertising and analytics purposes. You can control these cookies through your browser settings. Where required by law, we obtain consent before placing non-essential cookies. 

Information from other sources

We may collect personal information about you from third-party sources, including Other consumers (e.g., referrals), Recruitment & Applicant Tracking System, and Retail Partners.

The categories of information we may collect include:

Other consumers (e.g., referrals)

  • Personal Identifiers, including Name, Email address, Postal address, Telephone number, and Online Identifiers
  • Physical and Audio Data, including Physical characteristics or descriptions
  • Protected Classifications and Other Personal Characteristics, including Age and Sex, gender, or gender identity
  • Inferences from Other Data, including Inferences created from other personal information collected

Recruitment & Applicant Tracking System

  • Personal Identifiers, including Name and Email address

Retail Partners

  • Personal Identifiers, including Name, Email address, Postal address, and Telephone number
  • Commercial Information, including Purchases
  • Financial Information, including Credit or debit card number

How long we keep your data

We do not retain data for any longer than is necessary for the purposes described in this Policy.

We generally retain data according to the guidelines below.

Data Retention Periods
Type of DataRetention Period
Cookies and online data we collect while you use our website, including Online IdentifiersWe delete or anonymize data concerning your use of our website within 7 years of collecting it.
Data we collect in order to process and ship orders you place with us, including Name, Email address, Postal address, Telephone number, Purchases, Credit or debit card number, Audio recordings, Inferences created from other personal information collectedWe keep personal information related to products and services you purchase for as long as the personal data is required for us to fulfill our contract with you, and for 7 years from your last purchase with us. We may keep data beyond this period in anonymized form.
Data we collect when you contact us for customer support and other inquiries, including Name, Email address, Postal address, Telephone number, Purchases, Credit or debit card number, Physical characteristics or descriptions, Audio recordings, Age, Sex, gender, or gender identity, Data related to physical or mental health, Inferences created from other personal information collectedWe keep customer feedback and correspondence with our customer service for up to 2 years to help us respond to any questions or complaints. We may keep data beyond this period in anonymized form.
Data we collect when you sign up for promotional and marketing communications, including Name, Email address, Telephone number, PurchasesWhere you have signed up to receive promotional and marketing communications from us, we will retain any data collected until you opt out or request its deletion. We may keep data beyond this period in anonymized form. We will further retain a record of any opt-outs in order to prevent sending you future communications.
Data we collect when you review our products, answer surveys, or send feedback, including Name, Email address, Telephone numberWe retain review, survey, and feedback data for up to 7 years following your last contact with us. We may keep data beyond this period in anonymized form to help improve our products and services.
Data we collect in connection with privacy requests, including Name, Email address, Online IdentifiersWe retain records related to privacy requests for a minimum of 24 months following the completion of the request.
Data we collect for security purposes, including Internet Activity, Inferences created from other personal information collectedWe retain security-related data as long as necessary to comply with our legal obligations and to maintain and improve our information security measures.

Why we process your information

We process personal information for the following business and commercial purposes:

  • Creating Customer Profiles
  • Delivering Targeted Ads
  • Fulfilling Customer Orders
  • Internal Business Operations
  • Managing Event & Guest Data
  • Marketing Our Products & Services
  • Meeting Compliance & Legal Requirements
  • Operating our Website or Mobile Apps
  • Preventing Fraud
  • Processing Payments
  • Providing Customer Support
  • Providing Cybersecurity
  • Sending Promotional Communications
  • Storing and Managing Data
  • Tracking Purchases & Customer Data

Sale and Sharing of Personal Information 

We may share certain categories of personal information with third parties for purposes of crosscontext behavioral advertising, analytics, and marketing. Under California law, this may be considered “sharing” of personal information. We do not knowingly sell personal information for monetary consideration. 

The categories of personal information that may be shared include: 

  • Personal Identifiers 
  • Internet or Network Activity 
  • Commercial Information 
  • Inferences drawn from other personal information 

You may opt out of the sale or sharing of your personal information at any time here: 

https://privacy.sundayriley.com/privacy-request 

We honor Global Privacy Control (GPC) signals where required by law. 

We may disclose personal information about you for business and commercial purposes when you purchase our products or visit our website:

Personal Information Sharing Categories
Personal Information CategoryCategories of Service ProvidersCategories of Third Parties
Personal IdentifiersAd Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, Customer Support Tools, Fraud Prevention Tools, Governance, Risk & Compliance Software, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Software Development Agency, Web Hosting Services, and NoneAd Networks, Data Analytics Providers, Payment Processors, Sales & Marketing Tools, Shipping Services, and Guest & Event Management Tool
Internet ActivityAd Networks, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Software Development Agency, and Web Hosting ServicesAd Networks, Data Analytics Providers, Payment Processors, and Sales & Marketing Tools
Commercial InformationAd Networks, Business Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Software Development Agency, and Web Hosting ServicesAd Networks, Data Analytics Providers, and Payment Processors
Financial InformationBusiness Operations Tool, Cloud Computing & Storage Providers, Collaboration & Productivity Tools, Commerce Software Tools, IT Infrastructure Services, Payment Processors, Sales & Marketing Tools, Software Development Agency, and Web Hosting ServicesData Analytics Providers and Payment Processors
Physical and Audio DataIT Infrastructure Services, Software Development Agency, and Web Hosting ServicesNone
Protected Classifications and Other Personal CharacteristicsBusiness Operations Tool, Collaboration & Productivity Tools, Commerce Software Tools, Customer Support Tools, IT Infrastructure Services, Sales & Marketing Tools, Software Development Agency, and Web Hosting ServicesAd Networks, Data Analytics Providers, Payment Processors, and Sales & Marketing Tools
Inferences from Other DataBusiness Operations Tool, Cloud Computing & Storage Providers, Commerce Software Tools, IT Infrastructure Services, Sales & Marketing Tools, Software Development Agency, and Web Hosting ServicesAd Networks, Data Analytics Providers, Payment Processors, and Sales & Marketing Tools

Data Security 

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, or disclosure. However, no method of transmission or storage is completely secure. 

Children’s Privacy 

Our products and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take appropriate steps to delete it. 

 

Changes to This Policy 

We may update this Privacy Policy from time to time. When we do, we will revise the effective date and post the updated version on our website. 

How to Exercise Your Privacy Rights 

You may submit a request to exercise your privacy rights by: 

  • Emailing us at: hello@sundayriley.com 

We will verify your identity before processing certain requests. Authorized agents may submit requests on your behalf where permitted by law. We will respond to verified requests within the timeframes required by applicable law, generally within 45 days. 

Powered byTrueVault logo