Last updated: February 9, 2026

Privacy Policy

1. Who we are

Loost (“we”, “us”, “our”) provides a QR-based checkout service that helps clothing popup brands recover sales on out-of-stock items. This Privacy Policy explains how we collect, use, and share information when you use our website and services.

If you have questions about this policy, contact us at hello@lorey.io.

2. Who this policy applies to

This policy covers two types of users:

  • Brand users — businesses that create an account on Loost to set up QR checkouts for their popup events.
  • End customers — shoppers who scan a QR code at a popup event and complete a checkout.

3. What data we collect

From brand users

  • Account information: email address, password (hashed), brand name.
  • Store connection data: your Shopify or WooCommerce store URL and API credentials needed to sync products and create orders.
  • Event and configuration data: event names, QR link settings, checkout customisations.

From end customers

  • Checkout data: name, email address, shipping address, and selected product/size. This data is passed to the brand's connected store to create the order.
  • We do not collect or store payment card details. Payments are processed entirely by the brand's payment provider (e.g. Shopify Payments, Stripe, PayPal) through their connected store.

Automatically collected data

  • Basic analytics: page views, QR scan events, checkout completion rates, device type, and browser information.
  • Cookies: we use a small number of cookies for authentication (keeping you logged in) and basic analytics. We do not use third-party advertising cookies.

4. How we use your data

  • Providing the service: creating and managing your account, syncing products from your store, generating QR checkout pages, and creating orders in your connected store.
  • Processing checkouts: passing end customer checkout data to the brand's Shopify or WooCommerce store so the order can be fulfilled.
  • Analytics and reporting: showing brands how their QR checkouts are performing (scan rates, recovery rates, order values).
  • Product improvement: understanding how the service is used so we can improve it. This is done using aggregated, non-personally-identifiable data wherever possible.
  • Communications: sending transactional emails (e.g. order confirmations, account notifications). We may also send product updates, which you can opt out of.

5. How we share your data

We share data only when necessary to provide the service:

  • E-commerce platforms: end customer checkout data is sent to the brand's Shopify or WooCommerce store to create orders.
  • Payment providers: payments are handled by the brand's connected payment provider. Loost does not process payments directly and does not have access to payment card information.
  • Infrastructure providers: we use third-party services for hosting, database management, authentication, and analytics. These providers process data on our behalf under appropriate agreements.

We do not sell your personal data to anyone.

6. Data retention

We retain account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or financial record-keeping purposes.

End customer checkout data is passed to the brand's connected store at the time of order creation. We retain a record of the transaction for analytics and support purposes.

7. Your rights

Depending on where you are located, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing of your data.
  • Request a portable copy of your data.

To exercise any of these rights, email us at hello@lorey.io. We will respond within 30 days.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encrypted storage for sensitive credentials, and access controls. No system is completely secure, but we take reasonable steps to protect the data entrusted to us.

9. Children

Loost is not directed at children under 16 and we do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify brand users by email or through the service. Continued use of Loost after changes are posted constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at hello@lorey.io.

← Back to Loost