Privacy.

What we collect

To send you what you ordered, we need a name, a shipping address, and a contact email. Payments are processed by a PCI-compliant third-party payment provider; your full card details are collected by them directly and never touch our servers.

If you create an account, we keep the same address and email so you don't have to type them again next time. If you sign up for new arrivals or Practice notes, we keep just your email. Nothing else.

We also collect a small amount of technical information automatically when you visit: browser, device type, the pages you viewed, and an approximate location derived from your IP address. This is the data that lets us see what's working on the site and what isn't.

How we use it

We use your contact and address details to fulfil orders, send shipping updates, and answer questions when you write to us. We use the technical data to keep the site working — diagnosing problems, finding broken pages, and quietly improving things over time.

If we send you anything beyond order updates — a new-arrivals email, or the occasional Practice notes — it is because you asked for it, and every one has an unsubscribe link at the bottom.

We do not sell your data. We do not share it with third-party marketers. We do not use it to train any model. We do not run third-party advertising trackers (Meta Pixel, Google Ads tags, or similar). If a future practice changes any of this, we will flag the change at the top of this page before it takes effect.

Who we share it with

A short, specific list. Each of these handles your data only to perform a task we ask of them, and each is bound by their own privacy practices.

• Our payment provider — payment processing. They collect your card details directly; we never see them.
• Our shipping carriers — delivery and tracking. The specific carrier depends on your destination and the warehouse fulfilling your order.
• ZeptoMail — order confirmations, shipping and delivery updates, return and refund notifications, and account sign-in links.
• Klaviyo — new-arrivals emails, restock alerts, Practice notes, and review requests. Only if you've opted in to one of these lists.
• Our hosting provider — the servers the site and the storefront run on.

We do not share your data with anyone else without your consent, with the narrow exception of complying with a lawful order from a court or regulator in Canada or your country of residence.

Cookies and similar technologies

We use cookies in three categories. You can choose which to allow on your first visit, and change your choice any time via Cookies in the footer.

Necessary cookies keep the site working — they remember you're signed in, hold the contents of your cart between pages, and remember the region and currency you've chosen. These cannot be turned off; the site can't function without them.

Analytics cookies help us understand which pages are visited, where things break, and how customers move through checkout. The data is aggregated and used to improve the site. Off by default — you choose whether to turn them on.

Marketing cookies are used to personalise what we show you and what we send — for example, restock alerts for colours you've browsed. Off by default. We do not run third-party advertising trackers, and we do not sell your data.

You can clear our cookies from your browser settings at any time. Doing so will sign you out and empty your cart.

Where it's held, and for how long

Account and order data is stored in databases hosted by our infrastructure providers. Backups are encrypted and held in the same region as the primary database.

We keep order records for as long as required by Canadian tax and accounting law — typically six to seven years from the end of the relevant tax year. Account data is kept while your account is active. If you close your account, we delete everything except the records we are required by law to hold, and only for as long as required.

Data in transit is encrypted with TLS; data at rest is encrypted at the provider level, and access is limited to the people who need it for a specific task.

If a security incident affects your personal data and creates a real risk of harm, we will write to you and notify the Office of the Privacy Commissioner of Canada, as PIPEDA requires.

Your rights

You can ask us at any time to:

• Show you the data we have on you.
• Correct anything that's wrong.
• Delete it.
• Move it to another provider in a portable format.
• Stop using it for a particular purpose.

Write to contact@modernyogi.co with "data request" in the subject line and we will respond within thirty days. There is no charge for this.

If you're in Canada and we haven't resolved your concern to your satisfaction, you have the right to complain to the Office of the Privacy Commissioner of Canada. If you're in Quebec, Law 25 gives you additional rights including data portability and the right to deindex — write to us and we'll honour them. If you're in the European Union or the United Kingdom, the same access, correction, and deletion rights apply under GDPR. We do not run separate processes by region; the easiest path is to write to us.

Children and minors

Modern Yogi is not directed at children. We do not knowingly collect data from anyone under the age of sixteen. If you believe a child has created an account or shared their information with us, please write to us and we will delete the record.

Changes and contact

We update this page when our practices change. Material changes are flagged at the top of the page for thirty days after they take effect.

Our Privacy Officer is Shashank Sharma. To action any of the rights above — or for any other question about how we handle your data — write to contact@modernyogi.co with "data request" in the subject line, or use our contact page. We respond within thirty days.