Privacy Policy

Last updated: November 1, 2025

1. Introduction

DotFolio LLC (“KoreanSpa”, “we”, “us”) values your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you visit or make a purchase from https://koreanspa.co (including subdomains, affiliated sites, and mobile apps — “Website”). By using the Website you consent to the collection and use of information in accordance with this policy.

We may update this Policy — updates will be published with a revised “Last updated” date.

2. Information We Collect

We collect categories of personal information required to operate the Website, provide services, and meet legal obligations.

2.1 Device Information (automatic)

Examples: IP address, browser type/version, time zone, cookies, pages/products viewed, search terms, interactions.
Purpose: properly load the Website, analytics and optimization, fraud prevention.
Source: collected automatically via cookies, web beacons, pixels (e.g., Meta Pixel, GA4, Klaviyo).
Shared with: processors such as Shopify, Meta, Google, Klaviyo. 
Drivse

2.2 Order Information

Examples: name, billing/shipping address, payment information, email, phone.
Purpose: process orders and payments, shipping, invoices, fraud screening, post-sale communications.
Source: provided directly at checkout.
Shared with: payment processors, carriers, Shopify.

2.3 Customer Support Information

Examples: name, email, messages, order details.
Purpose: support and dispute resolution.

3. Minors

Website is not intended for individuals under 16 years old. We do not knowingly collect data from children. If you believe your child provided data, contact us for removal.

4. Sharing Personal Information

We share personal information with third-party service providers only as necessary:

Shopify (e-commerce platform). 

Meta/Facebook (Pixel and Ads). 

Google (GA4, Google Ads). 

Klaviyo (email/SMS marketing).

Payment processors (PayPal, Stripe).

Carriers and logistics providers.

We may also disclose information to comply with legal obligations, respond to lawful requests, or protect rights.

5. Behavioral Advertising / Retargeting

We use personal information to provide targeted ads via Meta/Facebook Ads, Google Ads/YouTube, and Klaviyo. We share website activity (views, add-to-cart, purchases) with ad partners. Opt-out options:

  • Facebook: https://www.facebook.com/settings/?tab=ads
  • Google: https://www.google.com/settings/ads/anonymous
  • DAA opt-out: http://optout.aboutads.info/ 

6. Use of Personal Information

We use personal data to: process orders, manage accounts, communicate, marketing (with consent), analyze and improve services, prevent fraud, and comply with legal obligations.

7. Legal Bases (GDPR)

If you are resident in the EEA, we process personal information under: consent; contract performance; legal obligation; vital interests; public interest tasks; legitimate interests (which do not override fundamental rights).

8. Data Retention

We retain personal information only as long as necessary for purposes described. Typical retention examples:

  • Order data: retained for accounting/tax purposes (commonly up to 7 years depending on jurisdiction).
  • Analytics data: shorter periods (e.g., up to 2 years).
  • Marketing data: until unsubscribe/opt-out.

Contact us to request earlier deletion.

9. Automated Decision-Making

We do not engage in fully automated decision-making that results in legal or similarly significant effects. Processors (e.g., Shopify) may use limited automated rules for fraud prevention, such as temporary IP/card denylists. 

10. International Data Transfers

Your data may be transferred and processed outside the EEA (e.g., Canada, United States). We rely on appropriate safeguards (Standard Contractual Clauses, data processing agreements) to ensure GDPR compliance. 

11. Security

We implement technical and organizational measures to protect data against unauthorized access or disclosure, but no system is completely secure.

12. Your Rights

EEA/GDPR: access, rectification, erasure, portability, restriction, objection, withdraw consent.
CCPA (California): right to know, access, deletion, opt-out of sale/sharing (we do not sell personal data).
To exercise rights: support@koreanspa.co.

13. Cookies

We use functional, performance, analytics (GA4), and advertising cookies (Meta Pixel, Google Ads), and Klaviyo web tracking. Cookie lifetimes vary (session to up to 2 years). Manage cookies via your browser; blocking may affect site functionality.

14. Do Not Track

We do not alter our data collection or use practices in response to Do Not Track signals.

15. Changes to this Policy

We may update this Policy; updates will be published on the Website.

16. Contact

DotFolio LLC — KoreanSpa
Email: support@koreanspa.co