Privacy Policy


Lula's Returns in this statement means (Lula's Online Boutique, “we”, “us,” and “our”).  Lula's Returns handles product returns for items purchased from various retailers.  We manage the return and exchange process, including initiating, accepting, and processing items for return to retailers.  Lula's Returns offers our retailer customers return logistics software and a network of locations to enable shoppers to return and exchanges items online, in-store, in-person or by mail. 

This privacy statement explains how and why Lula's Returns collects, stores, uses and shares personal data from retailers and shoppers when you visit our website, connect with us offline or use our services.  Reading it will help you understand your privacy rights and choices. 

If you are one of our retailer customers, this privacy statement applies to you. If you are a shopper that returns products or goods to a retailer using Lula's Returns, the terms of this privacy statement will apply to your use of our services. Additionally, for shoppers, the retailer’s privacy policy will also apply to any information that Lula's Returns collects from you or the retailer in order to accept and process the return. This privacy policy also applies to anyone that visits our website or connects with us offline. This statement may be supplemented with additional notices depending on our websites and services concerned.

Notice to Non-Account holders

If you use our services without creating or logging into an account (such as an account as a retail partner of Lula's Returns), we’ll still collect personal data from or about you, which may include your name, address, payment information, device information, and location. We will use this information in accordance with this Privacy Statement and to comply with the law.

The personal data we collect

To provide our services, Lula's Returns may collect information about you (“personal data”). The personal data that Lula's Returns collects will be determined by your interaction with Lula's Returns, our merchant partners, and other sources.  Here are the kinds of personal data that we may collect when you create an account or use our services:

  1. Information that identifies you, for example:

    • First and last name

    • Address

    • Phone number

    • Email

    • IP address

    • Device Information, including browser type, application identification numbers

    • Information collected from cookies or similar technologies

    • Submitted request for an action, support, or information

  2. Commercial information, for example:

    • Purchase history

    • Order tracking

    • Product return information

    • Shipping Information

  3. Internet or network activity, for example:

    • Interactions with our services or website

    • Shopping history

  4. Geolocation data, for example:

    • Global Positioning System (GPS) information when you give us permission through your device settings

  5. Audio information, for example:

    • Call recordings when you talk to customer service

  6. Surveys, for example:

    • We may contact you to participate in surveys.  If you decide to participate, you may decide to include personal information

  7. Job Applications, for example:

    • We may post job openings and opportunities on our website. If you apply to one of these postings by submitting your application, we will collect and process the information you provide.

Where personal data comes from

We may collect personal information about you from various sources, for example from:

  • You

  • Publicly available sources

  • Retailers

  • Service providers, such as companies that help us manage risk and fraud, deliver services to you, and market our services

  • Lula's Online Boutique Return affiliates

If you have an account with Lula's Returns, we will associate information from all these sources with your account to improve your experience and for compliance and analytics purposes.


We do not knowingly collect personal information from people who are not allowed to use our sites and services, such as children under the age of 18.  Contact us if you believe that we’ve mistakenly collected personal data from someone not allowed to use our services. We’ll delete or anonymize it immediately, unless we’re legally required to keep it.

How we use cookies and similar technologies

We or our authorized service providers may use cookies and similar tracking technologies, to collect personal data. These help us provide our services, manage your preferences, analyze engagement and usage, and enhance the security of our website and service.

Some cookies can be temporary (“session cookies” like those used for navigating your browser) and disappear once you close it. Others last longer (“persistent cookies,” like when you ask a site to remember your login) and are saved to your computer until you delete them.

Our uses of cookies and similar technologies may fall into the following general categories:

Essential or Required: We may use cookies, web beacons, or other similar technologies that are necessary to the operation of our website, services, applications, and tools. This includes technologies that allow you access to our website, services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of our services;

Performance: We may use cookies, web beacons, or other similar technologies to assess the performance of our website, applications, services, and tools, including as part of our analytic practices to help us understand how our visitors use our website, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services, or tools;

Functionality: We may use cookies, web beacons, or other similar technologies that allow us to offer you enhanced functionality when accessing or using our website, services, applications, or tools. This may include identifying you when you sign into our sites or keeping track of your specified preferences, interests, or past items viewed so that we may enhance the presentation of content on our website;

Marketing: We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our website or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that have been delivered to you.

You can use the link provided in the disclosure on our website to disable or decline some cookies for our website and services. If you want to disable cookies entirely, your browser or mobile device might have an option to do that. However, keep in mind that since some parts of our service rely on cookies to work, those services could become difficult or impossible to use.

The information collected with these technologies helps us personalize your experience, measure the effect of our ads, prevent fraud and enhance the security of our sites and service.

You can disable or decline some cookies for our sites and services. But, since some parts of our service rely on cookies to work, those services could become difficult or impossible to use.

Some web browsers have an optional setting called “Do Not Track” (DNT) that lets you opt-out of being tracked by advertisers and some third parties. Because many of our services won’t function without tracking data, we do not respond to DNT settings.  To learn how to opt-out of this kind of tracking technology, visit About Ads. For more information, including instructions on disabling cookies, please visit:

Why we collect and process personal data

We may process your Personal Data when we have a valid legal basis to do so.  Depending on the circumstances, we may rely on your consent or the fact that processing is necessary to fulfill a contract with you or to comply with law.  We may also process your personal data where we believe it is in our or others’ legitimate interests, taking into consideration your interests, rights, and expectations.  Specific reasons why we collect your personal data may include:

  1. To operate our websites and provide our services, including to:

    • process a return and send goods or products

    • respond to questions, comments and other requests

    • authenticate your access to an account

    • communicate with you about your return, your account, our website, our services, or Lula's Returns

    • compare information for accuracy and verification purposes

    • keep your account up to date

    • Determine your location

  2. To manage our business needs, such as monitoring, analyzing, and improving our services and website’s performance and functionality.

  3. To comply with our obligations and to enforce the terms of our website and services, including to comply with all applicable laws and regulations.

  4. For our legitimate interests, including to:

    • manage our everyday business needs;

    • aggregate or anonymize personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why customers visit our websites and use our services; and

    • conduct business to business marketing; and

    • provide personalized services (also called interest-based marketing) offered by Lula's Returns on third-party websites and online services. We may use your personal data and other information collected in accordance with this privacy policy to provide a targeted display, feature or offer to you on third-party websites.

  5. To market to you about Lula's Returns products. We may also use your personal data to tailor the marketing content and certain services or website experiences to better match your interests on Lula's Returns and other third-party websites. We will obtain your consent to market our products and services to you as required by applicable law.

  6. To use cookies and similar technologies to provide a targeted display, feature, service or offer to you and/or to work with other third-parties such as retailers, advertising or analytics companies to provide these personalized services (also called interest-based marketing). We will obtain your consent to use cookies and similar technologies as required by applicable law.

  7. To provide you with location-specific options, functionality or offers if you elect to share your geolocation information through our services. We will use this information to enhance the security of our website and services and provide you with location-based services, such as advertising, search results, and other personalized (also called interest-based marketing) content. We will obtain your consent to provide you with location-specific options as required by applicable law.

  8. To respond to your requests, for example to contact you about a question you submitted to our customer service team.

How and why we share personal data

We do not sell your personal data.  We may share personal data across our services and with our affiliates and other members of our corporate family. Sometimes we share the personal data we collect with third parties to help us provide services, market our services, and comply with legal obligations.

We may share your personal data with:

  1. Our parent company, PayPal, Inc. and affiliates and subsidiaries it controls, but only for purposes allowed by this privacy policy;

  2. Retailers as necessary to provide our services and process returns;

  3. Service providers or business partners that help us with providing our services, processing returns, marketing, research, compliance, audits, corporate governance, communications, and security;

  4. Third parties in an aggregate or anonymized format that does not identify any specific person;

  5. Courts, governments, regulators and law enforcement when accompanied by a subpoena or other legal documentation that requires Lula's Returns or members of our corporate family to respond;

  6. Third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation; Third parties after receiving your consent; and

  7. Other third parties to:

    • Comply with laws

    • Investigate or enforce violations of our user agreement and terms of use

    • Facilitate a merger, purchase, or sale of part or all of our business

    • To prevent physical harm or illegal activity

How we protect your personal data

The security of your information is important to us. To protect your personal data, we use technical, physical, and administrative security measures that include:

  • Data encryption

  • Employing pseudonymization and anonymization techniques

  • Access controls

While we protect our systems and services, we can't guarantee that your information will not be accessed, viewed, disclosed, altered, or destroyed as a result of a breach of any of our safeguards. You provide us with information and use our services at your own risk. Additionally, you’re responsible for keeping your information private.

If your account is closed or you no longer use our services, we may keep your personal data and other information as required by law and according to our data retention policy. If we do, we’ll continue to handle it as we describe in this Statement.

Your choices for managing your data

Understanding your choices

You can control how personal data is collected or shared, as well as how we communicate with you. You may choose to limit the personal data you provide when our apps or services request it. To help make choices that are right for you, it’s important to understand that personal data helps us provide a richer, more personalized experience for you. Also, some personal data is required for our services to function at all.

Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered. Some messages are considered optional and some are necessary for you to manage your accounts with us or for us to provide our services. We use email, text messages, push notifications on your mobile device, and even paper mail depending on the situation and your preferences.

You can click the unsubscribe link in a marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device.

You won’t be able to opt out of messages that are considered necessary for us to provide our services or for you to manage your account, such as receipts, updates and emails that alert you to changes in your account’s status that require your attention. You may be able to decide how we send those messages, such as by email, text message, or a notification on your mobile device.

Understanding your rights

If you would like to delete your profile or personal information, you can always ask us by emailing  We will delete or anonymize any personal information we have, although the following exceptions apply: (1) we may still store your personal information if we need it to meet our legal or compliance obligations and/or to defend against legal claims; and (2) we may also continue to store your personal data in an aggregated and anonymized format that doesn’t identify you and can’t be attributed to you.  We will not deny you services, charge you different prices, or provide you with a different level of service solely for exercising your privacy rights.

Additional rights regarding your data

Depending on where you live, you may have additional rights as to your personal data. Residents of the European Union (“EU”), European Economic Area (“EEA”), United Kingdom (“UK”), Canada, Australia, New Zealand, Switzerland and California can learn more below.

EU, EEA, UK, Canada, Australia, New Zealand and Switzerland residents.

Controller: Lula's Returns is a private company, established in the United States of America. Our address is a private residence at 10327 Tuxford Drive, St Louis, Missouri, U.S.A. Our contact email address is . Legal Bases: The personal information that you share and we collect, as well as its purposes, are described in this Statement. Lula's Returns will only collect or process your personal information if we have a legal basis to do so. These are:

  • When you consent to our use of your data for a specific purpose.

  • When we need that data to enact a transaction or to provide you with services and products that you request. This includes personalizing features and protecting the security of Lula's Returns and its users.

  • When Lula's Return has a legitimate interest in using that data in the normal ways you'd expect, like ensuring Lula's Return’s services run properly, improving and creating new products, historical analytics research, promoting Lula's Returns, and protecting our legal rights.

  • When we need to process your personal information to comply with a legal or regulatory obligation.

In addition to the specific circumstances above, we will obtain your consent to use your data for other specific purposes, like sending marketing materials by email, text, push notification or phone calls depending on your account or operating systems settings and to identify your precise location in order to provide location specific options. 

Your rights: You have the following rights with regard to your personal data. To exercise any of these rights, please contact us at Please note that these rights are limited, like for example, where fulfilling your request would adversely affect other individuals or our legal obligations.

Right to Access: You have the right to request information about your personal data that we hold, how we use it, and who we share it with.

Right to Portability: Where you have provided your personal data to us on the basis of your consent, you have the right to ask us for a copy of this data in a structured, machine-readable format and to ask us to send this data to another data controller.

Right to Rectification: You have the right to ask us to correct your personal data where it is inaccurate or incomplete.

Right to Erasure: In certain circumstances, you have the right to ask us to delete the personal data we hold about you.

Right to Withdraw Consent: In situations where we are processing your personal data based on your consent, you may withdraw this consent at any time.

Right to Object to Processing: In situations where we are processing your personal data based on our legitimate interest, you can object that the interest is no longer legitimate. Lula's Returns will stop processing that data, unless we can demonstrate an overriding legitimate ground. You can also request to opt out of direct marketing.

Right to Restrict Processing: You have the right to ask us to stop any active processing of your personal data while we seek to verify data you claim is inaccurate, while we verify our legitimate interests, or while we cannot erase that data due to legal obligations.

Lula's Returns will try to respond to these requests within 30 days, but some might take longer. You will typically not be charged any fee for effecting these rights, but Lula's Return reserves the right to charge a reasonable fee (or refuse to comply) if the request is unfounded, repetitive, or excessive.

Complaints: In the event that you wish to make a complaint about how we process your personal data, please contact us at and we will do our best to resolve it. You can also choose to file a complaint with the relevant data protection authority.

California residents.

If you live in California and use Lula's Returns, you have some additional rights when it comes to your data.

Right to Delete: You can ask us to delete the personal information we have about you.

Right to Know: You can ask us for a list of the categories of personal information we have about you, the categories of sources from which we get personal information, the business purposes for which we collect personal information, and the categories of third parties with whom it is shared (you can also see that in this Statement). You also can ask us for a copy of the pieces of personal information we have about you.

California law gives you the right to opt out of the sale of your personal information. However, Lula's Returns does not and will not sell (or rent or disclose for value) any of your personal information.

To exercise any of these rights, you (or your authorized agent) can contact us by email at or via our mobile number 907-205-6318. We will provide a response to you within 45 days of your request, though in some exceptional cases it might take longer (if that happens, we'll let you know). We will need your name and email address to verify your request, and may also ask for additional information if necessary to verify the identity of the person making the request. We reserve the right to deny your request if we cannot verify your identity, or if an exemption applies (for example, where fulfilling your request would adversely affect other individuals, or where we have a conflicting legal obligation). That said, we will not discriminate against you for exercising any of your privacy rights.

The California Consumer Privacy Act (CCPA) requires us to disclose categories of personal information we collect and how we use it, the categories of sources from whom we collect personal information, and the third parties with whom we share it, which we have explained above.  The categories of information we collect includes:

  1. Identifiers, such as your name, username, email address, phone number, unique device identifiers, and your IP address;

  2. Commercial information, such as shopping history, returns on retailer sites, billing information and payment information;

  3. Internet or electronic network activity information, such as information about your device and your use of our Services;

  4. Geo-location data, when shared through your device settings or photos;

  5. Electronic, audio, visual, or similar information, such as your profile picture or photos;

  6. Surveys;

  7. Job Applications; and

  8. Inferences we draw or derive about users, such as your interests or preferences.

CCPA requires us to disclose certain metrics about the various requests we get, such as how many specific requests we receive from California residents in the last calendar year. To learn about the limited ways in which we disclose data for our business purposes -- that is, to a service provider -- and the categories of those service providers, please see the section of this policy called “How and why we share personal data.”

Please note that, while Lula's Returns provides tools to manage your privacy as described in this policy, we do not support “Do Not Track” browser settings at this time.

Lastly, California residents also have the right to request this information in an accessible alternative format. If you have a disability and would like to access this Statement in an alternative format, please contact us by email or mail as detailed below.

Data Transfers from the EU, EEA, Switzerland and UK

This section only applies if you are a resident of a member state of the EU, EEA, Switzerland or UK.

As we are located in the United States and Lula's Returns’ services are operated in the United States, if you are located outside of the United States, please be aware that information you share and we collect will be transferred to, and processed, stored, and used in the United States in order to provide Lula's Returns’ services to you. The United States does not have an adequacy decision regarding data protection from the European Commission.

We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data. In particular, for transfers of your Personal Data within PayPal related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). Other transfers may be based on contractual protections. We may also rely on the Privacy Shield for data collected pursuant to the privacy shield.  Please contact us for more information about this. 

Lula's Return intends to comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  Lula's Returns has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view the Privacy Shield List, please visit

The Federal Trade Commission has jurisdiction over  Lula's Returns’ compliance with the Privacy Shield. With regard to personal data that Lula's Returns may transfer from the European Union to the United States, in some circumstances, you may invoke binding arbitration.  Please visit for more information.

We will respond to complaints in a timely fashion, and further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (AAA), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit for more information or to file a complaint. The services of the AAA are provided at no cost to you.

If we transfer personal data received under the Privacy Shield to a third party, we may be liable if those parties process that data in a manner inconsistent with the Privacy Shield Principles.  In addition, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have questions or concerns regarding the use of your personal information, please contact us as set forth at the end of this statement. 

The EU-U.S. Privacy Shield framework was designed by the U.S. Department of Commerce and the European Commission to provide U.S companies with a mechanism to comply with European data protection requirements when receiving personal data from the EU. The framework was later adopted by the rest of the EEA, and the U.S. later reached a similar agreement with Switzerland. In July 2020, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield framework. As a result, Privacy Shield is no longer an appropriate safeguard for the purposes of legitimizing the transfer of personal data outside of the EEA or the UK. The Federal Data Protection and Information Commissioner (the Swiss supervisory authority) subsequently followed suit and invalidated the Swiss-U.S. Privacy Shield. Lula's Returns nonetheless intends to maintain its EU-U.S. and Swiss-U.S. Privacy Shield certification to demonstrate its compliance with generally accepted privacy principles.

Data Retention

We retain personal data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes described in this policy. We may retain personal data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your account is closed, we may take steps to mask personal data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such personal data in accordance with this Statement.

How this Statement changes over time

We’ll make changes to this Statement from time to time. This helps us stay up to date with changes to our business and the most current laws. After a new version is published, we’ll collect, store, use, and protect your personal data as we outline in that revised policy.

If the new version reduces your rights or increases your responsibilities, we’ll post it on the Statement page of our website at least 21 days before it becomes effective.

We may also notify you about these changes through email or other communications.

You understand and agree that you will be deemed to have accepted this Statement as well as any updated versions if you continue to use our services.