Privacy Policy

Last updated: May 2026

This is a working draft. Before launch, have a lawyer review it against your specific jurisdiction (US state laws, GDPR for EU, etc.). The structure here is a starting point, not legal advice.

Libre comme L'air (operated by YLunga Consulting LLC, "we", "us", "our") respects your privacy. This policy explains what data we collect, why, and what you can do about it.

What we collect

• Order information you provide at checkout: name, email, phone number, shipping address, and the items and sizes you ordered.
• Payment information entered on Stripe's hosted checkout page. We do not see or store your full card number; Stripe is our payment processor and is PCI-DSS compliant.
• Usage data: pages visited, basic device info, referral source. We use this in aggregate to improve the site.

How we use it

• To process and fulfill your order, including sharing your address with shipping carriers and our embroidery partner.
• To send order confirmations, shipping updates, and respond to support requests.
• To prevent fraud (Stripe Radar may evaluate transaction signals).
• If you opted in to our newsletter, to send occasional marketing emails. You can unsubscribe at any time.

Who we share it with

• Stripe, for payment processing.
• Vercel, our hosting provider.
• Shipping carriers (USPS, DHL, FedEx, local carriers in the destination country).
• Our embroidery and fulfillment partners, who receive your shipping address but not your payment information.
• Email service provider for transactional and (if you opted in) marketing emails.
• We do not sell your data to third parties.

Cookies and tracking

We use a small number of essential cookies (cart state, currency preference) stored in your browser's local storage. We may use a privacy-friendly analytics service that does not use cookies or track individuals. We do not run ad-network tracking.

Your rights

Depending on where you live, you may have the right to:

• Request a copy of the personal data we hold about you.
• Ask us to correct or delete that data.
• Object to processing or withdraw consent (for marketing emails, unsubscribe at the bottom of any email).

To exercise any of these rights, email orders@twothreeseven.com with the subject "Privacy request" and we will respond within 30 days.

Data retention

We keep order records for as long as required by tax and accounting law (typically 7 years in the US). Marketing email lists are retained until you unsubscribe.

Children

This site is not directed at children under 13, and we do not knowingly collect data from them.

Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by email to customers on our list.

Contact

Questions about privacy? Email orders@twothreeseven.com.