Privacy Policy

Effective as of February 10, 2022

Last updated September 21, 2023

Introduction

Lofta and its affiliates (“Lofta,” “we,” “our,” or “us”) respect the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access this website (“Site”) and any of our online and offline services (collectively, “Services”).

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:

  1. Personal Data We Collect
  2. How We Use Your Personal Data
  3. How We Share Your Personal Data
  4. Cookies And Other Tracking Technologies
  5. Universal Opt-Out Mechanisms
  6. Security
  7. Third-Party Links
  8. Children’s Privacy
  9. Your State Privacy Rights
  10. Notice to California Residents
  11. Accessibility
  12. How to Contact Us

1. Personal Data We Collect

We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data:

Personal Data You Provide

We may collect the following personal data that you voluntarily provide to us in using our Site and Services:

  • Customer Account. If you create an account for any of our Services, you will provide us with your name, email address, and password. When you create an account, you can choose to save your billing and shipping information. When you log-in to your account, you will provide us with your email address and password.
  • Subscribe to Email Communications. When you subscribe to our email marketing communications, you will provide us with your email address. To unsubscribe from our marketing emails, please click the unsubscribe link included in the footer of our emails. You also may submit a request to us at sleep@lofta.com.
  • Purchases. When you make a purchase on our Site, you will provide your name, email address, payment method information, such as credit card and billing information, and the name, postal address, and phone number of the intended recipient(s). We use Shopify Payments to process your purchases. Please review Shopify’s privacy policy here. If you choose to finance a purchase, we use Affirm to provide financing. Please review Affirm’s privacy policy here. If you make a purchase through your online account, we also maintain a record of your purchase.
  • Order Status. When you use our Site to obtain your order status, you will provide us with your last name and either your email address or zip code.
  • Returns. When you submit a request to return an item, or submit questions regarding your return or online order, you will provide us with your name, email address, phone number, and any other information that you may voluntarily provide.
  • Submit an Inquiry. When you submit an inquiry, use our Live Chat feature, or otherwise contact our Customer Service department, you may provide us with your name, email address, postal address, phone number, or other information you choose to provide us. Our Live Chat feature is provided by Intercom. Intercom may collect, record, and store the information you provide in the chat. Please review Intercom’s privacy policy here.
  • Write a Review. When you write a review of our products or Site, you will provide us with your name, email address, and any other information that you may voluntarily provide.
  • Affiliate Program If you sign up to join our affiliate program, you will provide your name, email address, username, password, and company information, such as company name, website, postal address, and phone number. We use Impact Tech, Inc. to collect this information. Please review Impact’s privacy policy here.
  • Additional Information. When you submit information on the Site, send an email from the Site, enter a contest or sweepstakes, respond to a survey or communication, interact with us through social media channels, or participate in another Site function or feature, you may provide us with other information.

Personal Data as You Navigate Our Site

We automatically collect certain personal data through your use of the Site and Services, such as the following:

  • Usage Information. For example, individual requests, log-ins or non-log in information, Magento logs, and IP addresses, as well as information about the pages on the Site you access, the frequency of access, and what you click on while on the Site.
  • Device Information. For example, hardware model, operating system, application version number, and browser.
  • Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
  • Location Information. Location information from Site visitors on a city-regional basis.

Personal Data from Third Parties

In some cases, we may receive certain personal data from you about a third party. For example, when you make a purchase, you may provide the name, physical address, and phone number of the intended recipient, a third party. If you submit any personal data about another individual to us, you are responsible for making sure you have the authority to do so and to allow us to use their personal data in accordance with this Privacy Policy.

2. How We Use Your Personally Identifiable Information

We use the personal data we collect to provide the Services to you, to maintain and improve our Site and Services, and to protect our legal rights and the rights of others. In addition, we may use the personal data we collect to:

  • Register you as a user of the Site;
  • Personalize your Site experience and to allow us to deliver the type of content and product offerings in which you may be most interested;
  • Process your transactions and communicate with you regarding your order;
  • Confirm your order;
  • Deliver the products and Services that you obtain through our Site;
  • Prevent fraud and bill you for your purchases;
  • Contact you regarding our products and services that we feel may be of interest to you;
  • Administer a contest, promotion, survey or other Site feature;
  • Communicate with you about our Site or Services or to inform you of any changes to our Site or Services;
  • Maintain and improve our Site and Services;
  • Protect the security and integrity of our Site and Services;
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms of Use, and to otherwise fulfill our legal obligations;
  • Monitor compliance with and enforce this Privacy Policy and any other applicable agreements and policies;
  • Defend our legal rights and the rights of others;
  • Fulfill any other purposes for which you provide it, or any other purpose we deem necessary or appropriate;
  • Efficiently maintain our business;
  • Provide support and respond to your customer service requests; and
  • Comply with applicable law.

3. How We Share Your Personal Data

We may share the personal data that we collect about you in the following ways:

  • With vendors who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
  • With vendors to prepare, deploy and analyze advertising content;
  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
  • With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal data;
  • With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;
  • With any other person or entity where you consent to the disclosure; and
  • For any other purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary, including to protect the health or safety of others.

4. Cookies And Other Tracking Technologies

How We Use Cookies

Like many other companies, we use cookies and other tracking technologies (such as pixels and web beacons). To learn more about how we use cookies and to manage your cookie settings, please see our Cookie Policy.

We use Cookies to:

5. Universal Opt-Out Mechanisms

The Site recognizes the Global Privacy Control (“GPC”) signal. If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, we will treat that as a valid request to opt out. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to, or alter its practices when it receives “Do Not Track” signals.

6. Security

We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

8. Children’s Privacy

Our Site and Services are not intended for, directed at, or targeted to children under 13 years of age. We do not use this Site to knowingly collect, use, disclose, or solicit personal data from or market to anyone under 13. If you believe that we have received personal data from a child or other person protected under such laws, please notify us immediately at sleep@lofta.com and we will take reasonable steps to remove such information from our databases.

9. Your State Privacy Rights

Depending on the state in which you reside, you may have certain privacy rights regarding your personal data. If you are a California resident, please see our “Notice to California Residents” Section below. For other state residents, your privacy rights may include (if applicable):

  • The right to confirm whether or not we are processing your personal data and to access such personal data;
  • The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
  • The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
  • The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
  • The right, if applicable, to opt out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
  • If we are required by applicable law to obtain your consent to process sensitive personal data, the right to withdraw your consent; and
  • The right not to receive discriminatory treatment by us for the exercise of your privacy rights.

We use cookies and other tracking technologies to display advertisements about our products to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws. When we engage in those activities, we sell personal data (i.e., information from cookies) to third-party advertisers and analytics companies.

We do not use personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning individuals.

To exercise your rights, please submit a request through our interactive webform available here or by calling us at 800-698-8000. If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To do so, we will ask you to verify data points based on information we have in our records. If you are submitting a request on behalf of another individual, please use the same contact methods described above. If we refuse to take action regarding your request, you may appeal our decision through our interactive webform available here or by calling us at 800-698-8000. If you would like to opt out of sales and targeted advertising, you may alter your cookie preferences here.

10. Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified or aggregated information, or lawfully obtained, truthful information that is a matter of public concern. For purposes of this “Notice to California Residents” section we will refer to this information as “Personal Information.”

If you are California resident and a current or former employee, job applicant, or independent contractor of ours, please see our privacy notice available here for more information on our collection and use of your Personal Information in that capacity.

Notice at Collection of Personal Information

We currently collect and, in the 12 months prior to the Last Updated Date of this Privacy Policy, have collected the following categories of Personal Information:

  • Identifiers (name, postal address, Internet Protocol address, and email address)
  • Unique personal identifiers (cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)
  • Personal information described in California’s Customer Records statute (California Civil Code § 1798.80(e)) (signature, telephone number, as well as the categories listed in “Identifiers” category above)
  • Internet or other electronic network activity information (browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement)
  • Geolocation data
  • Commercial information (records of products purchased, obtained, or considered, and other purchasing or consuming histories or tendencies)
  • Audio, electronic, or similar information
  • Inferences drawn from above information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
  • Sensitive Personal Information

We collect Personal Information directly from California residents and may also collect Personal Information from advertising networks, internet service providers, data analytics providers, and government entities. We do not collect all categories of Personal Information from each source.

In addition to the purposes stated above in the section “How We Use Your Personal Data,” we collected the above categories of Personal Information for the following business or commercial purposes:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
  • Helping to ensure security and integrity to the extent the use of the consumer’s Personal Information is reasonably necessary and proportionate for these purposes
  • Performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, providing analytic services, or providing similar services
  • Providing advertising and marketing services, except for cross-context behavioral advertising, to the consumer provided that, for the purpose of advertising and marketing, our service providers and/or contractors shall not combine the Personal Information of opted-out consumers that the service provider or contractor receives from us, or on our behalf, with Personal Information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers
  • Advancing our commercial or economic interests, such as by inducing another person to buy products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction

Sale, Sharing, and Disclosure of Personal Information

The following table identifies the categories of Personal Information that we sold or shared to third parties in the 12 months preceding the Last Updated Date of this Privacy Policy and for each category, the category of third parties to whom we sold or shared Personal Information:

Category of Personal Information Category of Third Parties
Internet Protocol address

Cookies, beacons, pixel tags, or other similar technology

Internet or other electronic network activity information (browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement)
• Data analytics providers
• Social networks
• Advertising networks
Geolocation data • Data analytics providers
• Social networks

We sold or shared Personal Information for the following business or commercial purposes:

  • Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards
  • Providing advertising and marketing services
  • Advancing our commercial or economic interests

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated Date of this Privacy Policy and, for each category, the category of recipients to whom we disclosed Personal Information:

Category of Personal Information Category of Recipients
Name, email address, postal address • Vendors (e.g., email hosting, maintenance, backup, analysis, etc.)
• Business partners
• Government entities
Telephone number • Vendors (e.g., email hosting, maintenance, backup, analysis, etc.)
• Business partners
• Government entities
Commercial information (records of products purchased, obtained, or considered, and other purchasing or consuming histories or tendencies) • Vendors (e.g., email hosting, maintenance, backup, analysis, etc.)
• Business partners
Audio, electronic, or similar information • Vendors (e.g., email hosting, etc.)
• Business partners

We disclosed Personal Information for the following business or commercial purposes:

  • Helping to ensure security and integrity
  • Performing services
  • Providing advertising and marketing services (except for cross-context behavioral advertising)

We do not knowingly collect, sell, or share the Personal Information of consumers under 16 years of age. We do not use Sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations.

Retention of Personal Information

We retain your Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

Your Rights

If you are a California resident, you have the following rights with respect to your Personal Information:

  1. The right to know what Personal Information we have collected about you, including the categories of Personal Information, the categories of sources from which we collected Personal Information, the business or commercial purpose for collecting, selling, or sharing Personal Information (if applicable), the categories of third parties to whom we disclose Personal Information (if applicable), and the specific pieces of Personal Information we collected about you;
  2. The right to delete Personal Information that we collected from you, subject to certain exceptions;
  3. The right to correct inaccurate Personal Information that we maintain about you;
  4. If we sell or share Personal Information, the right to opt out of the sale or sharing;
  5. If we use or disclose sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and
  6. The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers.

How to Submit a Request to Know, Delete, and/or Correct

If you have an account with us, you must log into your account and submit your request to know, delete, and/or correct through your account. If you do not have an account, you may submit a request to know, delete, and/or correct through our interactive webform available here or by calling us toll free at 800-698-8000.

If you submit a request to delete and/or correct online, you may be asked to confirm separately that you want your Personal Information deleted.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California resident.

Our Process for Verifying a Request to Know, Delete, and/or Correct

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request.

We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Right to Opt Out of Sale or Sharing of Personal Information

If you are a California resident, you have the right to direct us to stop selling or sharing your Personal Information.

You may submit a request to opt out of sales or sharing through our interactive webform available here. If you have enabled privacy controls on your browser (such as a plug-in), we will also treat that as a valid request to opt out. Please see the “Universal Opt-Out Mechanisms” section above for more information.

Notice of Financial Incentive

From time to time, you may have the opportunity to provide Personal Information in exchange for discounts and price differences. For example, we provide discounts and price differences in exchange for you subscribing to our mailing list. Categories of Personal Information that we may collect when you subscribe to receive discounts and price differences include your name and email address. We also provide discounts in exchange for you signing up to our Rest Rewards program. Categories of Personal Information that we may collect when you sign up to receive discounts through our Rest Rewards program include your name and email address.

How to Opt-In and Right to Withdraw

Signing up for discounts and price differences is optional. By providing your email address during the discount sign-up process, you affirmatively opt in to receiving the financial incentive and to joining our mailing list. By providing your name and email address during the Rest Rewards registration process, you affirmatively opt in to receiving the financial incentive and to joining our Rest Rewards program. You have the right to withdraw from the financial incentives at any time. If you opt out of receiving a financial incentive, we will not reduce the value of any financial incentives you previously received from us. If you wish to withdraw from receiving a financial incentive, you may submit such a request at any time by emailing us at sleep@lofta.com.

How the Financial Incentive is Reasonably Related to the Value of Your Personal Information

The financial incentive or price difference is reasonably related to the value provided by your Personal Information. We take into consideration, without limitation, the anticipated revenue generated from such information, the anticipated expenses which we might incur in the collection, storage, and use of such information, and the anticipated expenses which we might incur related to the offer, provision, and imposition of any financial incentive or price difference. Based on this analysis, the value of your Personal Information that allows us to make these offers and financial incentives is the value of the offer itself.

Shine the Light Law

We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

11. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

12. How to Contact Us

To contact us for questions or concerns about our privacy policies or practices, please contact us by phone at 800-698-8000 or by email at sleep@lofta.com.