Privacy Policy

Effective Date: February 14, 2026  |  Last Updated: February 10, 2026

Lesuto Technologies, Inc. ("Lesuto," "we," "us," or "our"), located at 600 Congress Ave, STE 1400, Austin, TX 78701, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our platform, websites, applications, and services (collectively, the "Services"). By using the Services, you consent to the practices described in this policy.

1. Information We Collect

1.1 Personal Information

When you create an account, register as a merchant or supplier, or interact with the Services, we may collect the following personal information:

• Full name, email address, phone number, and mailing address
• Date of birth (for age verification purposes)
• Government-issued identification (for identity verification of merchants and suppliers, where required)
• Payment information, including bank account details and tax identification numbers, processed through Stripe
• Social media handles and profile information you choose to provide

1.2 Business Information

If you register as a merchant or supplier, we collect additional business information, including:

• Business name, type, and registration details
• Business address and contact information
• Tax identification numbers (EIN, VAT, or equivalent)
• Product catalog information, including descriptions, images, and pricing
• Commission rates and payout preferences
• Stripe Connect and Wise account information

1.3 Usage Information

We automatically collect information about how you interact with the Services, including:

• Pages visited, features used, and actions taken within the platform
• Search queries and browsing history within the Services
• Product viewing patterns, search queries, cart interactions, and wishlist activity on merchant storefronts (Chameleon Commerce SDK) — used to power personalized product recommendations. This data is only collected with your explicit consent via the storefront's cookie consent mechanism. See our Cookie Policy for details.
• Dates, times, and frequency of access
• Referring URLs and exit pages
• Interaction with emails we send (open rates, click-through rates)

1.4 Device and Technical Information

We collect technical information about the devices and connections you use to access the Services, including:

• IP address, browser type, and version
• Operating system and device type
• Device identifiers and hardware settings
• Language preferences and time zone
• Cookie data and similar tracking technologies (see our Cookie Policy)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Services: To create and manage your account, process transactions, calculate and distribute commissions, facilitate order fulfillment, and enable communication between merchants, suppliers, and customers.
• Payment Processing: To process payments, calculate taxes (via Stripe Tax), manage payouts through Stripe Connect and Wise, and maintain financial records.
• Platform Improvement: To analyze usage patterns, diagnose technical issues, develop new features, and improve the overall user experience.
• Security and Fraud Prevention: To detect and prevent fraudulent activity, unauthorized access, and other security threats.
• Communications: To send you service-related notices, order updates, promotional materials (with your consent), and respond to your inquiries and support requests.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
• Analytics: To generate aggregated, anonymized analytics for merchants and suppliers regarding their storefront performance, order trends, and revenue.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Suppliers (for order fulfillment): When you place an order, we share your name, shipping address, and order details with the relevant supplier(s) so they can fulfill your order. Suppliers are contractually obligated to use this information solely for order fulfillment.
• With Merchants: Merchants may see limited customer information (name, order details) for orders placed through their storefront, as necessary to provide customer support.
• Payment Processors: We share necessary financial information with Stripe, our payment processor, to facilitate payments, payouts, and tax calculations. Stripe's use of your information is governed by its own privacy policy.
• Service Providers: We share information with third-party service providers who perform services on our behalf, including cloud hosting (Google Cloud Platform), email delivery, analytics, and customer support tools. These providers are bound by contractual obligations to protect your information.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid legal processes, including subpoenas, court orders, or government requests.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share your information for other purposes with your explicit consent.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes, such as maintaining financial records for tax and auditing purposes. When your information is no longer needed for these purposes, we will securely delete or anonymize it.

Behavioral tracking data (product views, searches, and shopping activity collected by the Commerce SDK) is anonymized after 12 months and permanently deleted after 24 months. You can request immediate deletion of all behavioral data by deleting your account or contacting privacy@lesuto.com.

6. Data Security

We implement commercially reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS/SSL) and at rest, regular security assessments, access controls, and employee training. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Children's Privacy (COPPA)

The Services are not directed to children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe that a child under 13 has provided us with personal information, please contact us at legal@lesuto.com.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting the information, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out: You have the right to opt out of the "sale" or "sharing" of your personal information. Lesuto does not sell personal information. If we engage in "sharing" as defined under the CCPA (e.g., for cross-context behavioral advertising), you may opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, please contact us at legal@lesuto.com. We will verify your identity before processing your request and respond within forty-five (45) days.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent legislation. Lesuto Technologies, Inc. acts as the data controller for the personal data we process.

9.1 Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

• Contract Performance: Processing necessary to fulfill our obligations under a contract with you (e.g., providing the Services, processing orders, managing payouts).
• Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Services, preventing fraud, and ensuring platform security, where those interests are not overridden by your rights.
• Consent: Where you have given explicit consent to specific processing activities, such as receiving marketing communications.
• Legal Obligation: Processing necessary to comply with applicable laws, such as tax reporting and record-keeping requirements.

9.2 Your Rights Under GDPR

Subject to applicable law, you have the following rights:

• Right of Access: You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.

9.3 International Transfers (GDPR)

As Lesuto is based in the United States, your personal data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for such transfers. We also implement supplementary technical and organizational measures, including encryption in transit and at rest, to ensure your data receives an adequate level of protection.

9.4 Exercising Your GDPR Rights

To exercise any of the above rights, please contact us at privacy@lesuto.com. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request. If we are unable to fulfill your request, we will explain the reasons and inform you of your right to lodge a complaint with a supervisory authority.

10. Your Choices

• Account Information: You may update, correct, or delete your account information at any time by logging into your account settings or contacting us.
• Marketing Communications: You may opt out of receiving promotional emails by clicking the "unsubscribe" link in any marketing email or by adjusting your notification preferences in your account settings. Note that you may still receive transactional and service-related communications.
• Cookies: You can manage cookie preferences through your browser settings. See our Cookie Policy for more details.
• Do Not Track: Some browsers offer a "Do Not Track" feature. Our Services do not currently respond to "Do Not Track" signals.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your country. By using the Services, you consent to the transfer of your information to the United States and other jurisdictions as necessary for the purposes described in this Privacy Policy. We take appropriate safeguards to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Services and updating the "Last Updated" date. We may also notify you via email. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Lesuto Technologies, Inc.
600 Congress Ave, STE 1400
Austin, TX 78701
Email: legal@lesuto.com