PRIVACY POLICY
Aldebaran Productions Inc. (LunaticAstrology / lorilothian.com)
Last Updated: December 21, 2025
Effective Date: December 21, 2025
1. INTRODUCTION
This Privacy Policy explains how Aldebaran Productions Inc. ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information through our website lorilothian.com (the "Site"), including all associated pages, features, and services.
This Privacy Policy applies to:
Visitors to the Site (whether you create an account or not)
Customers who purchase Digital Products
Email newsletter subscribers
All individuals whose personal information we process
This Privacy Policy does NOT apply to:
Third-party websites, services, or applications linked from the Site
Information collected by payment processors (Squarespace Payments, PayPal) or their service providers
Information collected by third-party analytics services (Google Analytics, Meta Pixel) directly from your browser
Please read this Privacy Policy carefully. By using the Site, you acknowledge and consent to the collection, use, and disclosure of your personal information as described herein. If you do not agree, please do not use the Site.
2. DEFINITIONS
"Personal Information" means any information that identifies you or can reasonably be used to identify you, including name, email address, mailing address, phone number, payment information, IP address, device information, browsing behavior, and location data.
"Processing" means any operation performed on Personal Information, including collection, storage, use, sharing, analysis, transfer, or deletion.
"Data Controller" means the entity that determines the purposes and means of Processing Personal Information (in most cases, the Company).
"Data Processor" means an entity that Processes Personal Information on behalf of a Data Controller (e.g., Squarespace, payment processors).
"Sub-Processor" means a Processor engaged by another Processor to Process Personal Information (e.g., Squarespace's sub-contractors).
3. WHAT PERSONAL INFORMATION DO WE COLLECT?
3.1 Information You Provide Directly
Account Registration & Profile:
Full name
Email address
Password (hashed and encrypted)
Billing address
Mailing/shipping address (if applicable)
Phone number (optional)
Date of birth (optional)
Timezone preference
Payment Information:
Credit card number (Visa, Mastercard, American Express, Discover)
Billing address
CVV/security code (if applicable)
PayPal account details (if using PayPal)
Transaction ID and receipt information
Note: Payment information is processed directly by Squarespace Payments or PayPal, NOT by the Company. The Company does not store your full credit card number.
Communications:
Email subject line and content when you contact us
Support tickets or inquiries you submit
Newsletter signup confirmation
Survey responses
Feedback or complaint details
Feedback & Survey Responses:
Customer surveys or feedback you choose to provide
Product reviews or ratings
Comments or content posted on the Site
User-generated content
3.2 Information Collected Automatically
Cookies & Tracking Technologies:
Website session data (site performance, navigation, click-through behavior)
Visitor identification and tracking (via Squarespace analytics cookies)
Device type and operating system
Browser type and version
Internet Service Provider (ISP)
Pages visited and time spent on each page
Links clicked
Referring website
Search queries
Timestamp of access
Device & IP Information:
IP address (used to determine approximate location)
Device identifiers and hardware information
Crash data and system logs
Mobile device ID (if using mobile app or mobile site)
Screen resolution and display settings
Device language and locale
Behavioral & Interest Data:
Browsing history on the Site
Products or courses viewed
Items added to cart (abandoned carts)
Purchase history and preferences
Email open rates and click-through rates
Engagement with marketing content
Time spent on each page
Scroll depth and interaction patterns
Location Data:
Approximate location (city/country level) based on IP address
GPS location (only if you grant permission on mobile devices)
Zip/postal code (if provided during registration)
3.3 Information from Third Parties
Payment Processors:
Transaction details from Squarespace Payments or PayPal
Payment confirmation status
Dispute/chargeback information
Fraud detection results
Analytics & Advertising Providers:
Google Analytics: Page views, user demographics, traffic sources, conversion data
Meta Pixel: Conversion tracking, audience data, remarketing information
Google Ads: Click-through data, conversion information
Email Service Providers:
Email delivery status and engagement metrics
List segmentation and subscriber preferences
Bounce rates and unsubscribe information
Business Partners & Marketing:
Newsletter signup information from promotional campaigns
Referral data (if referred by another user)
4. HOW DO WE USE YOUR PERSONAL INFORMATION?
4.1 Legitimate Business Purposes
The Company uses your Personal Information for the following lawful purposes:
To Provide Services:
Creating and managing your account
Fulfilling your purchase orders
Delivering Digital Products and granting access
Processing refunds or customer service requests
Sending order confirmations and delivery notifications
Responding to your inquiries and support requests
Providing customer support and assistance
Troubleshooting technical issues
Contractual Necessity:
Billing and payment processing
Tax compliance and financial reporting
Fraud prevention and detection
Dispute resolution and chargeback handling
Verifying your eligibility for services
Our Legitimate Interests:
Improving the Site, services, and user experience
Analyzing usage trends, customer preferences, and business metrics
Conducting marketing research and product development
Personalizing content and recommendations
Sending marketing communications (with your consent where required)
Enforcing these Terms of Service and other agreements
Protecting against fraud, abuse, and security threats
Complying with legal obligations and government requests
Business analytics and performance monitoring
Establishing, exercising, or defending legal claims
Legal Compliance:
Complying with GST/HST tax regulations in Canada
Responding to court orders, subpoenas, or legal process
Protecting the rights, property, and safety of the Company, users, and the public
Fulfilling regulatory requirements and reporting obligations
Maintaining records for accounting and legal purposes
Marketing & Communications (with consent):
Sending newsletters, promotional offers, and product announcements
Conducting email marketing campaigns
Displaying personalized advertisements and remarketing ads
Analyzing email engagement and campaign effectiveness
Creating customer segments for targeted marketing
4.2 Legal Basis for Processing (GDPR & Similar Laws)
For users in the European Union, United Kingdom, or other jurisdictions with strict data protection laws:
| Processing Purpose | Legal Basis |
|---|---|
| Account creation & service delivery | Contractual necessity |
| Payment processing | Contractual necessity & legal obligation |
| Fraud prevention | Legitimate interests & legal obligation |
| Marketing communications | Consent (opt-in) |
| Analytics & site improvement | Legitimate interests |
| Legal compliance | Legal obligation |
| Cookies & tracking | Consent (opt-in for non-essential) |
The Company acts as a Data Controller for Personal Information you provide directly (name, email, purchase history). Squarespace acts as a Data Processor on our behalf for hosting and managing this data. For analytics data (IP address, device information, browsing behavior) collected automatically, Squarespace and third-party analytics providers (Google, Meta) act as independent Data Controllers for their own purposes.
5. HOW DO WE SHARE YOUR PERSONAL INFORMATION?
5.1 Service Providers & Processors
The Company shares Personal Information with the following service providers to deliver services on our behalf:
Website Hosting & Payment Processing:
Squarespace Inc. (US-based)
Hosts the Site and processes transactions
Acts as Data Processor for customer data
Also acts as independent Data Controller for analytics data
Sub-processors: Stripe, Google, and other Squarespace vendors (see Squarespace DPA at https://squarespace.com/dpa)
Data Processing Agreement: https://www.squarespace.com/dpa
Sub-processor list: https://squarespace.com/dpa (updated regularly)
Payment Processing:
Squarespace Payments (US-based, via Stripe)
Processes credit/debit card transactions
Stored-value card processor
Subject to PCI DSS Level 1 compliance
Privacy Policy: https://stripe.com/privacy
PayPal Inc. (US-based)
Processes PayPal transactions
Acts as Data Processor
Subject to PayPal Privacy Policy: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Data Processing Agreement available upon request
Email Marketing & Communications:
Email service provider (TBD - for newsletter management and abandoned cart emails)
Stores subscriber lists and email engagement data
Sends marketing emails on our behalf
DPA available upon request
Analytics & Tracking:
Google Analytics (US-based, Google LLC)
Collects browsing behavior, traffic sources, and user engagement
Analyzes usage patterns and site performance
Data subject to Google's Privacy Policy: https://policies.google.com/privacy
Controlled by Google as independent controller
Data Processing Agreement: https://support.google.com/analytics/answer/3379636
Certifications: EU-U.S. Data Privacy Framework
Meta Pixel (US-based, Meta Platforms Inc.)
Tracks conversions and user behavior for Facebook/Instagram advertising
Enables remarketing and audience targeting
Data controlled by Meta as independent controller
Privacy Policy: https://www.facebook.com/policies/cookies/
Certifications: EU-U.S. Data Privacy Framework
Google Ads (US-based)
Conversion tracking and remarketing
Audience targeting and campaign analytics
Controlled by Google as independent controller
Privacy Policy: https://policies.google.com/privacy
5.2 Legal Requirements & Law Enforcement
The Company may disclose Personal Information if required to do so by law, court order, subpoena, government agency, or similar legal process. We will:
Provide you with notice of the legal request (unless prohibited by law)
Limit disclosure to information specifically requested
Challenge overly broad or improper requests where appropriate
Protect your privacy to the extent permitted by law
5.3 Business Transfers
If the Company is acquired, merged, or if a substantial portion of its assets are sold, Personal Information may be transferred as part of that transaction. You will be notified of any such change and any choices you may have regarding your Personal Information.
5.4 Aggregated & Anonymized Data
The Company may share aggregated, de-identified data (data that cannot identify you) with third parties for research, marketing, analytics, and business purposes. This data is NOT Personal Information and is not subject to this Privacy Policy.
5.5 Data Sharing NOT Permitted
The Company does NOT:
Sell your Personal Information to third parties (as defined under CCPA)
Share your Personal Information for "targeted advertising" without your explicit consent
Disclose your payment information (beyond what is necessary for payment processing)
Share your data with competitors or unrelated businesses for their direct marketing purposes
Rent or lease your email address or contact information
Share health or medical information with any third party
6. COOKIES & TRACKING TECHNOLOGIES
6.1 What Are Cookies?
Cookies are small text files stored on your device (computer, smartphone, tablet) that help websites recognize you and remember your preferences. The Site uses both "session cookies" (deleted when you close your browser) and "persistent cookies" (stored for extended periods).
6.2 Types of Cookies We Use
Essential/Functional Cookies (NO consent required)
Session management (keeping you logged in)
Shopping cart functionality
Payment processing and security
Form field population
Crash recovery and error logging
Protection against CSRF (Cross-Site Request Forgery) attacks
Example cookies: PHPSESSID, Commerce-checkout-state, siteUserCrumb, orderStatusSessionToken.
Analytics & Performance Cookies (Consent required for EU/UK residents)
Squarespace Analytics:
Unique visitor identification (
ss_cid,ss_cpvisit)Session tracking and page view counting
Traffic source analysis (referrer, campaign, device)
Duration: 2 years
Consent required: Yes (GDPR/UK/Canada)
Advertising & Marketing Cookies (Consent required)
Meta Pixel: Conversion tracking, audience creation, remarketing for Facebook/Instagram ads
Google Ads: Conversion tracking, audience analysis, remarketing campaigns
Google Analytics: Demographic data, interest categories, remarketing lists
Consent required: Always (GDPR, CCPA, Canada)
Third-Party Cookies
YouTube videos (if embedded): YouTube player preferences and viewing history
OpenTable/Tock (if embedded): Reservation system functionality
Other services: Depends on service provider
6.3 Cookie Management & User Control
You can manage cookies in your browser:
Most browsers allow you to decline cookies or receive a warning when a cookie is being set
You can delete cookies manually through browser settings
Some browsers offer "Do Not Track" (DNT) signals, though not all websites honor them
Disabling essential cookies may prevent the Site from functioning properly
Squarespace Cookie Banner:
The Site displays a cookie consent banner on first visit
You can accept all cookies, decline non-essential cookies, or customize preferences
Your choice is remembered via a consent cookie (1 year)
You can change your preferences at any time by clicking the cookie icon at the bottom of the page
Disabling Cookies:
If you disable cookies, some features of the Site may not function properly (e.g., shopping cart, account login, remembering preferences)
You may need to re-enter information repeatedly
Analytics and personalization will be limited
Cookie Opt-Out Links:
Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
Meta Pixel opt-out: Available through Meta's Privacy Center: https://www.facebook.com/privacy
Network Advertising Initiative (NAI) opt-out: https://optout.networkadvertising.org/
Digital Advertising Alliance (DAA) opt-out: http://optout.aboutads.info/
6.4 Do Not Track (DNT)
Some browsers include a "Do Not Track" feature. The Site does not currently respond to DNT signals, as there is no industry-wide standard for DNT implementation. We use cookies and tracking technologies as described in this Policy regardless of DNT signals.
7. DATA RETENTION & DELETION
7.1 How Long Do We Keep Your Data?
The Company retains Personal Information for as long as necessary to:
Provide services and fulfill your requests
Process transactions and handle refunds/disputes
Comply with legal and tax obligations
Defend against legal claims
Operate our business
Specific Retention Periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account information | Until account deletion | Service provision |
| Purchase history | 7 years | Tax compliance (CRA requirement) |
| Payment information | Not stored by Company | Processed by Squarespace/PayPal |
| Email addresses | Until unsubscribe | Marketing (with consent) |
| IP address/device info | 12–24 months | Analytics & fraud prevention |
| Cookies | Per cookie specifications (see Section 6) | Site functionality & analytics |
| Support tickets | 2 years | Dispute resolution & customer service |
| Abandoned cart data | 30 days | Marketing follow-up |
| Newsletter engagement | Until unsubscribe | Email list management |
| Log files | 90 days | Security and system administration |
| Dispute/chargeback records | 3–5 years | Legal protection and compliance |
7.2 Your Right to Deletion & Data Portability
You have the right to:
Request deletion of your Personal Information (subject to legal obligations to retain)
Receive a copy of your Personal Information in a portable format (GDPR: "right to data portability")
Correct or update inaccurate information
Restrict our use of your information
Request information about our data retention practices
To Exercise These Rights:
Contact us at privacy@inbox.lorilothian.com with a clear request:
"I request deletion of my account and all associated Personal Information."
"Please provide a copy of the Personal Information you hold about me."
"I request to exercise my right to data portability."
Include:
Your name
Email address
Account number (if applicable)
Specific request details
Any supporting documentation
The Company will respond within:
30 days (GDPR & UK, Canadian, and Australian privacy laws)
45 days (CCPA/California - extendable to 90 days)
5 business days (Initial acknowledgment; full response within timeframes above)
We may ask you to verify your identity before processing requests.
7.3 Account Deletion
To delete your account:
Log into your account
Navigate to account settings and select "Delete Account"
Confirm the deletion (may require password re-entry)
Upon deletion:
Your account will be deactivated immediately
Personal Information will be deleted within 30 days (retention of purchase history for tax purposes continues per Section 7.1 for 7 years)
You may lose access to digital products (except where you retain offline copies)
No refunds are issued upon account deletion (except as specified in Terms of Service)
You will receive a confirmation email of deletion
8. INTERNATIONAL DATA TRANSFERS
8.1 Data Transfers Outside Your Country
The Company and its service providers (Squarespace, PayPal, Google, Meta) are located in the United States. Your Personal Information will be transferred to, stored in, and processed in the United States, which may have different data protection laws than your country of residence.
For EU/UK/Swiss Residents:
The Company relies on the following legal mechanisms to transfer data to the United States:
Standard Contractual Clauses (SCC) (as updated by EU Commission on June 4, 2021)
Used by Squarespace, PayPal, and other processors
Incorporates European Commission's approved model contracts for data transfers
Available at: https://squarespace.com/dpa
Includes safeguards for data protection
Data Privacy Frameworks (DPF)
EU-U.S. Data Privacy Framework
UK Extension to EU-U.S. Data Privacy Frameworks
Swiss-U.S. Data Privacy Frameworks
Squarespace Inc. is certified under these frameworks: https://www.dataprivacyframework.gov/
Frameworks ensure "adequate level" of data protection
UK International Data Transfer Addendum (Addendum)
For UK residents, used in conjunction with Squarespace's International Data Transfer Addendum
Complies with UK GDPR Chapter 5
Adequacy Decisions (where applicable)
EU Commission decisions regarding countries with adequate data protection laws
By using the Site, you consent to the transfer of your Personal Information to the United States and other countries.
8.2 Non-EU/UK Residents
For residents of Canada, Australia, and other countries not governed by GDPR:
Data transfers are authorized under your country's privacy laws (e.g., Canada's PIPEDA allows transfers if "substantially similar" protections exist)
The Company takes appropriate safeguards to protect your data in transit and storage
You have the right to request information about international transfers
9. DATA SECURITY
9.1 Security Measures
The Company implements reasonable technical and organizational security measures to protect Personal Information against unauthorized access, alteration, disclosure, and destruction. These include:
Technical Measures:
Encryption of data in transit (HTTPS/TLS 1.2+)
Secure socket layer (SSL) for payment processing
Encrypted storage of sensitive data (AES-256 or similar)
Firewalls and intrusion detection systems
Regular security updates and patches
Automated backups and disaster recovery procedures
Penetration testing and vulnerability scanning
Web application firewalls (WAF)
Organizational Measures:
Limited employee access to Personal Information (need-to-know basis)
Employee confidentiality and non-disclosure agreements
Access logging and monitoring
Regular security audits and vulnerability assessments
Third-party security certifications (Squarespace's compliance programs)
Security training for employees
9.2 Payment Security
The Company does NOT store:
Full credit card numbers
Card verification codes (CVV)
Sensitive authentication data (Track 1/Track 2 data)
Cardholder names or expiration dates
Payment processors (Squarespace Payments/Stripe & PayPal) store and manage:
Tokenized payment information
Transaction history and settlement details
Fraud detection and chargeback data
Card metadata (last 4 digits, expiration month/year only)
All payment processing complies with the Payment Card Industry Data Security Standard (PCI DSS) Level 1 requirements. The Company is PCI DSS compliant through Squarespace.
9.3 No Absolute Security
IMPORTANT: While the Company uses industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. The Company cannot guarantee absolute security. By using the Site, you assume the risk that your information may be disclosed due to:
Unforeseen breaches
Acts of God or natural disasters
Factors beyond the Company's reasonable control
Third-party attacks or vulnerabilities
Government mandates or legal orders
If the Company becomes aware of a security breach affecting your Personal Information, we will:
Notify you within 30 days of discovery (or as required by law)
Describe the nature of the breach
Identify what information was compromised
Provide steps you can take to protect yourself
Notify relevant regulatory authorities where required
10. YOUR PRIVACY RIGHTS BY JURISDICTION
10.1 Canada (PIPEDA & Provincial Laws)
Your rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws:
Right to access: Request a copy of your Personal Information
Right to correction: Request correction of inaccurate data
Right to delete: Request deletion of your information (subject to legal retention obligations)
Right to object: Object to certain uses of your data
Right to withdraw consent: Withdraw consent to marketing communications at any time
Right to complain: File a complaint with privacy commissioner
To exercise rights: Contact privacy@inbox.lorilothian.com
Response Time: 30 days maximum
Complaint: If you have concerns about the Company's privacy practices, you may file a complaint with:
Federal Level: Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca)
Provincial Level: Your province's privacy commissioner (e.g., BC Office of the Information and Privacy Commissioner)
10.2 European Union (GDPR)
Your rights under the General Data Protection Regulation (GDPR) (if you're an EU resident):
Right of access: Obtain a copy of your data in a portable format
Right to rectification: Correct inaccurate or incomplete data
Right to erasure: Request deletion ("right to be forgotten")
Right to restrict processing: Limit how your data is used
Right to data portability: Receive data in a portable format (CSV, JSON, etc.)
Right to object: Object to marketing, profiling, or automated decision-making
Right not to be subject to automated decision-making: Including profiling or automated decisions
Right to lodge a complaint: File a complaint with your EU data protection authority
Right to request DPA: Request Data Processing Agreement details
Data Protection Authority Contact:
Locate your DPA at https://edpb.ec.europa.eu/about-edpb/board/members_en
Available in every EU member state
Response Timeframe: 1 calendar month (extendable by 2 months for complex requests)
10.3 United Kingdom
Your rights under the UK GDPR & UK Data Protection Act 2018 (if you're a UK resident):
Same rights as EU GDPR (above)
Right to lodge a complaint with the Information Commissioner's Office (ICO): https://ico.org.uk
Right to request judicial remedy: Seek redress through the courts
Response Timeframe: 1 calendar month (extendable by 2 months for complex requests)
10.4 Australia
Your rights under the Privacy Act 1988 (Cth) & Australian Consumer Law (if you're an Australian resident):
Right to access: Request your Personal Information
Right to correct: Request correction of inaccurate data
Right to complain: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)
Right to request complaint investigation: OAIC will investigate privacy complaints
Goods/services warranties: Australian Consumer Law provides statutory warranties for goods and services
To exercise rights: Contact privacy@inbox.lorilothian.com
Response Time: 30 days maximum
Complaint: Office of the Australian Information Commissioner (https://www.oaic.gov.au)
10.5 California (CCPA)
Your rights under the California Consumer Privacy Act (CCPA) (if you're a California resident):
Right to know: Request what Personal Information is collected, used, and shared
Right to delete: Request deletion of your data (with exceptions)
Right to opt-out: Opt out of "sale" or "sharing" of your data for targeted advertising
Right to correct: Request correction of inaccurate data
Right to limit use & disclosure: Limit how your data is used
Right to non-discrimination: No discrimination for exercising your rights
CCPA Definitions:
"Sale" = selling Personal Information for monetary value
"Sharing" = sharing for cross-context behavioral advertising (GA4 + pixels may constitute "sharing")
To opt-out: Contact privacy@inbox.lorilothian.com or click "Do Not Sell or Share My Personal Information" link in the Site footer
Response Timeframe: 45 days (may be extended by 45 additional days for complex requests)
Complaint: California Attorney General (https://oag.ca.gov) or California Consumer Protection Agency
11. MARKETING COMMUNICATIONS & NEWSLETTER
11.1 Newsletter Signup
To subscribe to our newsletter, you must:
Provide a valid email address
Consent to receive periodic updates, product announcements, and promotional offers
Be at least 18 years of age
At checkout, there is an opt-in for newsletter signup. You can uncheck this box to decline.
GDPR Note: For EU residents, newsletter signup requires explicit, affirmative consent. Pre-checked boxes alone do not satisfy GDPR requirements; you must actively check the box to opt in.
11.2 Marketing Emails
Once subscribed, we will send you:
Product announcements and course offerings
Promotional discounts and special offers
Educational content and astrology insights
Invitations to webinars, workshops, or events
Customer appreciation messages
Birthday or anniversary offers
Seasonal promotions
Frequency: Approximately 1-2 times per week (varies seasonally)
11.3 Unsubscribe
You can unsubscribe from marketing emails at any time by:
Clicking the "Unsubscribe" link at the bottom of any marketing email
Contacting support@inbox.lorilothian.com
Updating your account preferences on the Site
Replying to an email with "UNSUBSCRIBE"
Unsubscribe requests are processed within 5 business days. Note: You will still receive transactional emails (order confirmations, shipping notifications, password resets, refund notifications) even after unsubscribing from marketing.
11.4 Abandoned Cart Emails
If you add items to your cart but do not complete checkout, we may send you a reminder email to:
Remind you of items in your cart
Offer a discount or incentive to complete the purchase
Provide customer support if you have questions
Frequency: Typically 1-3 reminder emails over 30 days
You can opt out of abandoned cart emails by:
Unsubscribing (see Section 11.3)
Contacting support@inbox.lorilothian.com
Replying "STOP" to an abandoned cart email
12. THIRD-PARTY INTEGRATIONS & LINKS
12.1 Google Analytics
The Site uses Google Analytics to analyze user behavior and site performance. Google Analytics:
Collects data on page views, traffic sources, user demographics, and interests
Stores cookies on your device
May share data with Google's advertising products (Google Ads)
Is subject to Google's Privacy Policy: https://policies.google.com/privacy
Data Processing Agreement: https://support.google.com/analytics/answer/3379636
Sub-processors: Google LLC and subsidiaries
Google Analytics is NOT controlled by the Company. Google is an independent Data Controller. You can opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout
12.2 Meta Pixel
The Site uses Meta Pixel (formerly Facebook Pixel) for conversion tracking and audience creation for Facebook/Instagram advertising. Meta Pixel:
Tracks conversions (purchases, signups, etc.)
Creates audience segments for remarketing
Shares data with Meta (formerly Facebook)
Is subject to Meta's Data Policy: https://www.facebook.com/policies/cookies/
Processes data for Meta's advertising purposes
Sub-processors: Meta subsidiaries and service providers
Meta Pixel is NOT controlled by the Company. Meta is an independent Data Controller. You can manage preferences at https://www.facebook.com/privacy
12.3 External Links
The Site may contain links to third-party websites, services, and applications. The Company is NOT responsible for the privacy practices of third-party sites. When you leave the Site and visit a third-party website:
Their privacy policy applies (not this Policy)
We recommend reviewing their privacy policy before providing Personal Information
We are not liable for third-party practices
Third-party sites may set cookies or track you independently
13. CHILDREN'S PRIVACY
The Site is NOT intended for children under 18 years of age. The Company does NOT knowingly collect Personal Information from children under 18. If we become aware that we have collected Personal Information from a minor, we will:
Delete the information promptly
Take steps to prevent further collection
Notify the child's parent or guardian if required by law
If you believe we have collected information from a minor, contact privacy@inbox.lorilothian.com immediately.
COPPA Compliance: The Company complies with the Children's Online Privacy Protection Act (COPPA) (15 U.S.C. § 6501 et seq.) and similar children's privacy laws in Canada and other jurisdictions.
14. DIRECT MARKETING & COMMUNICATION PREFERENCES
14.1 Opt-In & Opt-Out
The Company respects your communication preferences. You can:
Opt in to marketing communications during account creation or checkout
Opt out by clicking "Unsubscribe" in marketing emails or contacting support@inbox.lorilothian.com
Manage preferences by logging into your account and updating your settings
Request Do Not Contact: Email support@inbox.lorilothian.com to request permanent removal
14.2 SMS & Push Notifications
The Site does NOT currently send SMS (text message) or push notifications. If this changes in the future, we will:
Provide explicit opt-in before sending
Include clear opt-out instructions in each message
Obtain separate consent from you
Comply with applicable regulations (TCPA, CASL, etc.)
15. CONTACT & PRIVACY OFFICER
15.1 Privacy Contact
For questions about this Privacy Policy, to request access to your data, or to exercise your privacy rights, contact:
| Request Type | Email Address |
|---|---|
| Data Access/Deletion | privacy@inbox.lorilothian.com |
| GDPR/CCPA/DSAR | privacy@inbox.lorilothian.com |
| Privacy Complaints | privacy@inbox.lorilothian.com |
| Marketing Preferences | support@inbox.lorilothian.com |
| General Privacy Questions | hello@inbox.lorilothian.com |
Mailing Address:
Aldebaran Productions Inc.
Privacy Officer
2912 West Broadway, Suite 108
Vancouver, BC V6K 0E9, Canada
Response Time: We will respond within 15 business days with acknowledgment and within 30-45 days with a full response (depending on your jurisdiction).
16. PRIVACY POLICY UPDATES
We may update this Privacy Policy from time to time to reflect:
Changes in our data practices
New legal requirements
Feedback from users
Updates to third-party services
Changes in our business operations
We will:
Notify you of material changes by email or through a prominent notice on the Site
Update the "Last Updated" date at the top of this Policy
Obtain your consent for material changes that increase our use of existing data or change the purposes of processing
Post the updated Privacy Policy on this page
Your continued use of the Site after changes constitutes your acceptance of the updated Privacy Policy.
17. MISCELLANEOUS
17.1 Entire Agreement
This Privacy Policy constitutes the entire agreement regarding our privacy practices and supersedes all prior agreements, understandings, and representations.
17.2 Governing Law & Jurisdiction
This Privacy Policy is governed by the laws of British Columbia, Canada, without regard to conflict of law principles. Disputes are resolved through the dispute resolution process outlined in the Terms of Service.
17.3 Third-Party Beneficiaries
This Privacy Policy is for the benefit of users and the Company. No third party has any rights or claims under this Policy.
17.4 Severability
If any provision of this Privacy Policy is found to be invalid or unenforceable, that provision shall be modified to the minimum extent necessary, and the remaining provisions shall continue in full force.
END OF PRIVACY POLICY
Last Updated: December 21, 2025
APPENDIX A: SQUARESPACE DATA PROCESSING & THIRD-PARTY SERVICE PROVIDERS
Primary Service Provider: Squarespace Inc.
Location: United States (headquartered in New York)
Role: Platform host, website builder, payment processor integration, analytics provider
Data Processed: Customer names, email addresses, purchase history, IP addresses, device information, browsing behavior
Data Subprocessors: Stripe, Google, Amazon, and others (full list at https://squarespace.com/dpa)
Data Processing Agreement: Available at https://www.squarespace.com/dpa
International Transfers: Uses EU Standard Contractual Clauses (SCC) and Data Privacy Frameworks
Retention Period: According to Squarespace's terms (typically 90 days after deletion request for some data)
Payment Processors:
Squarespace Payments (via Stripe): Credit/debit card processing; location: US; Certification: PCI DSS Level 1
PayPal Inc.: PayPal account payments; location: US; Certification: PCI DSS Level 1
Analytics Providers:
Google Analytics: Traffic analysis, user behavior, demographics; location: US; https://policies.google.com/privacy
Meta Pixel: Conversion tracking, advertising audiences; location: US; https://www.facebook.com/policies/cookies
Email Service Provider:
Google services are used on this Site for certain features and integrations (including email, analytics, and related functionality). Google’s own Privacy Policy and Terms of Service apply to any data that Google collects or processes through those services. Your use of those Google services is governed by Google’s terms and policies in addition to this Privacy Policy and our Terms of Service.
All third-party service providers are subject to confidentiality agreements and are bound to use your Personal Information only as necessary to provide services on the Company's behalf.