Privacy policy

PRIVACY POLICY — HACKERLILY

Last updated: 10 February 2026

This Privacy Policy describes how Hackerlily (“we”, “us”, “our”) collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from hackerlily.com (the “Site”).

This Privacy Policy is intended to meet requirements under applicable privacy laws, including the EU GDPR and UK GDPR where they apply.

1) Who we are

Controller / Business: Hackerlily Pty Ltd
ABN: 70 653 637 702
Manufacturer (at minimum): Hackerlily Pty Ltd, Gold Coast, QLD, Australia
Address: PO Box 1157, Sanctuary Cove, Gold Coast, QLD, Australia 4212
Email: laura@hackerlily.com

If you have questions about this policy or how we handle your personal information, contact us using the details above.

2) EU and UK Authorised Representatives (Product Safety)

For product safety enquiries, including requests relating to the EU General Product Safety Regulation (GPSR), you may also contact our authorised representatives:

EU Authorised Representative
Easy Access System Europe
Mustamäe tee 50
10621 Tallinn
Estonia
easproject.com
+372 5696 8939
gpsr.requests@easproject.com

UK Authorised Representative
Easy Access System UK Ltd
251 Gray’s Inn Road
London
WC1X 8QT
United Kingdom

3) Personal information we collect

“Personal information” means information that identifies, relates to, describes, or could reasonably be linked to you.

A) Information you provide to us

When you place an order, create an account, subscribe to marketing, opt in to SMS, enter a giveaway/competition, or contact us, we may collect:

  • Contact details: name, email address, phone number

  • Order details: billing/shipping address, items purchased, order notes, order history

  • Payment information: payment status/confirmation and limited payment details as provided by our payment partners (we do not store full card numbers)

  • Customer support communications: details you share when you contact us (including photos if you send them for support/returns/warranty)

  • Marketing preferences: email and SMS opt-in/opt-out status and engagement

B) Information we collect automatically

When you visit the Site, we may automatically collect:

  • Device and usage data: IP address, browser type, device identifiers, time zone, approximate location, pages viewed, clicks, referring pages, and how you interact with the Site

  • Cookies and similar technologies (see section 10)

C) Information we may receive from third parties

We may receive personal information from:

  • Shopify (our ecommerce platform)

  • Payment providers (payment confirmation and fraud prevention signals)

  • Delivery and fulfilment partners (shipping updates and delivery status)

  • Advertising and analytics partners (performance signals, where permitted by your consent settings)

4) How we use your personal information

We use personal information to:

A) Provide and deliver your order

  • Process purchases and payments

  • Arrange shipping, returns, exchanges, and warranty support

  • Send order confirmations and service messages

  • Provide invoices and manage customer accounts

B) Provide customer support

  • Respond to enquiries and provide fitting/product guidance

  • Troubleshoot issues and manage returns/exchanges

  • Improve customer support and training

C) Operate and improve our business

  • Maintain site security and prevent fraud

  • Debug, fix errors, and improve Site performance and shopping experience

  • Understand how customers use our Site (analytics)

D) Marketing and advertising (where permitted)

  • Send marketing emails if you opt in (or where otherwise permitted)

  • Send marketing SMS if you opt in to SMS marketing

  • Show advertising and measure campaign performance (subject to your cookie/consent settings)

5) Lawful bases (EU/UK GDPR)

If you are in the EEA/UK, we process personal information under these lawful bases (as applicable):

  • Contract: to process and deliver your orders and provide requested services

  • Legal obligation: to meet tax, accounting, product safety, and regulatory requirements

  • Legitimate interests: to operate our business, prevent fraud, secure our Site, improve services, and promote our products in a way that does not override your rights

  • Consent: for SMS marketing, certain marketing activities, and for non-essential cookies/trackers (depending on your location and settings)

6) Sharing your personal information

We share personal information with service providers who help us run our business, including:

  • Shopify (ecommerce platform and hosting)

  • Email & marketing provider: Klaviyo

  • SMS marketing provider: Burst SMS and Klaviyo (for SMS marketing where enabled)

  • Fulfilment / logistics partners: Next3PL and Red Panda (and any other carriers/couriers used to deliver your order)

  • Payment providers: Shopify Payments, PayPal, Afterpay, Visa, Mastercard (and any other payment methods enabled at checkout)

  • Analytics and advertising partners: Google Analytics, Meta (Facebook/Instagram), TikTok, Pinterest (where enabled and allowed by your consent settings)

  • Apps installed on our Shopify store: to support functions such as customer privacy settings, reviews, promotions, discounts, customer service, and onsite experience (these may process personal information on our behalf)

We share only what is reasonably necessary for our providers to perform services for us.

We may also disclose personal information:

  • To comply with laws, regulations, lawful requests, or court orders

  • To protect the rights, safety, and security of our business, customers, and others

  • In connection with a business transaction (such as a merger, acquisition, or sale of assets)

7) International data transfers

We are based in Australia. Some of our service providers process or store personal information outside your country, including in the United States, Canada, the United Kingdom, the EEA, and other jurisdictions.

Where the EU/UK GDPR applies, we rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses or other lawful mechanisms used by our providers.

8) Retention

We keep personal information only as long as needed for the purposes described in this policy, including:

  • Order records: as required for customer service, warranty support, accounting, and legal/tax obligations

  • Marketing: until you unsubscribe/opt out (including SMS STOP), or we stop using the channel

  • Customer support: as long as needed to resolve issues and maintain records

You can request deletion where applicable (see “Your rights”).

9) Automated decision-making

If you are a resident of the EEA/UK, you have the right to object to processing based solely on automated decision-making (including profiling) where it has legal or similarly significant effects.

We do not engage in fully automated decision-making that produces legal or similarly significant effects using customer data. Shopify may use limited automated processes to help prevent fraud.

10) Cookies and tracking technologies

We use cookies and similar technologies to operate our Site, remember preferences, run analytics, and (where permitted) support advertising.

Depending on your location, you may be shown a cookie banner that lets you accept or reject non-essential cookies. You can also adjust browser settings to block cookies, but parts of the Site may not function properly.

Blocking cookies may not completely prevent information from being shared with advertising partners where you have otherwise allowed advertising cookies through consent settings. You can also control your ad preferences through the settings of platforms such as Google and Meta.

11) Behavioural advertising

Where permitted by your cookie/consent settings, we may use personal information to provide targeted ads or marketing we think may be relevant to you, including via platforms such as Google and Meta.

You can opt out of targeted advertising using:

  • Meta (Facebook/Instagram) ad settings

  • Google ad settings

  • Your device and browser privacy controls

  • Any cookie preferences tool presented on our Site (where available)

12) Marketing choices (Email and SMS)

Email marketing: You can unsubscribe at any time by using the unsubscribe link in our emails.

SMS marketing: We only send marketing SMS where you have opted in. You can opt out at any time by replying STOP (or following the instructions in the message). Standard message and data rates may apply depending on your mobile plan.

13) Your rights (EEA/UK)

If you are in the EEA/UK, you may have the right to:

  • Access your personal information

  • Correct inaccurate information

  • Request deletion (in certain circumstances)

  • Object to processing (including direct marketing)

  • Restrict processing (in certain circumstances)

  • Data portability

  • Withdraw consent at any time (where consent is the basis)

To exercise these rights, contact us at laura@hackerlily.com.

14) Australia

If you are in Australia, you can contact us to access or correct your personal information. If you have concerns, you may be able to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

15) Children

Our Site is not intended for children, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take steps to delete it.

16) Security

We take reasonable steps to protect personal information. However, no method of transmission or storage is 100% secure.

17) Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. We will update the “Last updated” date at the top of this policy.

18) Complaints

If you have a complaint, contact us at laura@hackerlily.com.

If you are in the UK, you may lodge a complaint with the Information Commissioner’s Office (ICO).
If you are in the EEA, you may lodge a complaint with your local data protection authority.