We collect information from you on this Site to provide a meaningful, safe, efficient, and customized experience. We use this information to:
make it easier for you to use this Site,
communicate with you about your orders, billing and payment,
verify your identity when you make a purchase on our Site,
help you more quickly find information on IPSY's products and services,
provide targeted online marketing for the Site,
create content on this Site that's more relevant to you, and
alert you to new products, services and special offers that might specifically interest you.
When You Join IPSY. In order to join IPSY you must complete a beauty quiz that asks for beauty profile information like your skin tone, eye color, hair color, beauty brands and products you love, and where you usually shop for beauty products (your "Beauty Profile"). We use the Beauty Profile information to personalize your experience. If you subscribe to one of our Glam Bag programs then we will use the Beauty Profile information to send you Glam Bag items that fit your unique profile, alerts about IPSY products, services, and other beauty news that might interest you.
At the end of the beauty quiz, in order to join IPSY you must choose a username and password. Your username will be visible to other Ipsters when they visit the Site, so please choose carefully. You also must provide a valid email address and your age. We use your email to communicate with you about our Site and your account. We ask for your age to make sure you're old enough to use our Site and services.
If you provide us your email address but choose not to become a member, then we will retain your email address for a period of time to invite you back to the Site.
We use the this information, along with your email, for billing purposes, to fulfill your orders, and to communicate with you about your orders.
We collect your credit card information through our Site. The credit card information is encrypted and transmitted for storage to a high security vault according to strict industry standards. Once the data reaches the vault it is "tokenized". That means no credit card information is retained in IPSY's own systems. Instead we retain a token associated with your account that has no intrinsic value. Your credit card information is not exposed anywhere in our own systems. Please do not send your credit card information to our team directly, for example by sending this information to an IPSY customer care representative. Please use our secure, online system to enter your credit card information.
When You Request Information from Us. If you want us to notify you regarding particular products or special offers, contact us through IPSYCare, or if you sign up for our emails, you'll need to give us your email address. We use it to honor your requests, whether that's emailing you information about certain products or emailing you to tell you about an IPSY offer. You may choose to opt out of receiving these type of marketing messages at any time by clicking on the appropriate link at the bottom of the email you receive.
When You Post Public Content. We use this content to bring our community of fabulous Ipsters to life.
Public information you post on the Site. Information you post publicly on our Site is intended for public consumption. Please be aware that your username and profile image will be publicly displayed whenever you post a comment or review. In addition, postings you make on our Site may appear when Internet users execute searches on the subject of your posting. If you do not want this information to be displayed, you may terminate your account at any time. Please note that if you are a minor, living in California, and you have posted information publicly that you cannot remove yourself, you have the right to request it be hidden from public view. If you wish to have this information removed, please email us at privacy@IPSY.com and request removal. We may request additional information from you in order to complete your request.
Site visitors may be able to identify you or associate you with your IPSY account if you include personal information in your account profile or in any content you post. We cannot control who reads your postings or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information.
You can reduce the risk of being personally identified by choosing a username and profile image that do not identify you and by taking care to exclude any personal information in your comments, reviews, looks, or videos. You can change your username and profile picture at any time by logging into your account.
Public information you post on other sites. We also may collect information you post publicly on third-party sites, but only if you choose to follow instructions we provide. For example, we may collect pictures you post publicly on Instagram and re-post them on our Site, but only if you choose to use the hash tag "#IPSY" inside your Instagram post. You can always have us remove the information from our Site by contacting us through help.ipsy.com.
When You Share Information about Your Contacts. You may choose to share personal information about friends, relatives or colleagues with IPSY, such as the person's name, shipping address and email address. Please do not do so without their express permission.
You may choose to manually invite your friends to IPSY by using the "Invite with Email" button on the Site or by uploading data about your contacts to the Site. You also may grant IPSY permission to access your contacts list and pull the email addresses of your contacts to invite them to the Site.
When You Connect to Us with a Third-Party Service. You can connect to your IPSY account using external third-party services. The Site collects personal information about you from your social media accounts, but only if you opt-in and permit us to do so. When you connect to us through a third-party service like Facebook, Twitter, YouTube, and Instagram, we receive information from that third party identifying your account. We collect and store this information and use it to help you connect to our Site and to share your public content. Connecting your IPSY account to a third-party service is completely optional, and you will have the opportunity to grant permission when you attempt to connect. You can revoke permission by logging into the third party service and disconnecting the IPSY application from there, and through the native applications on your smart phone. We may retain the information we collected previously from you.
Log Files. Like most sites, IPSY automatically receives and stores in log files certain information from your browser when you visit the Site. This information includes your Internet protocol ("IP") address, browser type, Internet service provider, the referring/exit pages, your operating system, and the date/time stamp of your Site visit. Log files do not identify individual Site visitors. We use this information, which doesn't identify individual Site visitors, to analyze and understand how the Site works for you so we can improve it, to administer the Site, and to gather demographic information about Site visitors for targeted online marketing purposes. We may, however, link this automatically collected information to your personal information.
Cookies and Other Tracking Technologies Policy.
We use a variety of technologies to help us understand how you use IPSY.com, our IPSY apps, and our services so that we can provide you with a better experience. This guide explains the tracking technologies IPSY uses and is part of our commitment to a high standard of transparency in our privacy practices.
(i) Types of tracking technologies
Cookies. This is a small data file sent from a server to your web browser that is stored in your browser and sent back to the server each time the browser makes a request to the server. Cookies can improve a site user's experience by, for example, allowing the site to keep a user logged in while browsing, saving a user's site preferences, and allowing a user to add items to a shopping cart and preserve cart contents between site visits, even when the user is not logged in.
Clear gifs, web beacons, tracking pixels. These are tiny graphics with a unique identifier. They function similarly to cookies and are used to track the online movements of web users. Unlike cookies which are stored on a user's computer hard drive, clear gifs are embedded on web pages and are single pixel wide. IPSY does not tie information gathered by clear gifs to your personally identifiable information.
If you have turned on location services in your mobile device, we may collect information about your geolocation. If you do not want us to collect this information, you may turn off location services on your smart phone. Turning off location services will not affect your ability to access the app, but you may not be able to access certain geolocation based promotions that IPSY may offer from time to time.
SDKs. Software development kits (“SDKs”) are blocks of code provided by our partners that may be installed in our mobile applications. SDKs help us understand how you interact with our mobile applications and collect certain information about the device and network you use to access the application.
(ii) Tracking Technology Lifespans
Single-session tracking technology: lasts only as long as your site visit. Single-session cookies expire and delete themselves when you leave the site or close your browser. They are used for technical purposes such as enabling better navigation through a site or generating aggregated statistics about how a site is used. Single-session cookies do not publicly expose your personal information.
Multi-session or persistent tracking technology: remains on your browser or mobile device until you choose to delete it or the cookie expires. Persistent cookies are used to recognize a computer that has previously visited a site. This can improve the user's experience, for example by continuing preference settings from previous visits and by allowing users to login without entering a password with every site visit.
(iii) Tracking Purposes
We use tracking technologies for these general purposes:
Because it is strictly necessary. This tracking is needed to make IPSY work properly.
For performance. This tracking helps IPSY understand how the Site is functioning so IPSY can improve the Site.
For functionality. This tracking retains your personal preferences as you use the Site.
For advertising. This tracking helps us to refrain from delivering advertising to you that is not of interest to you
(iv) Cookies IPSY currently uses
Single session cookies are used to ensure the Site displays correctly on your device.
Persistent cookies are used to measure Site metrics such as which pages are popular, how often people visit the Site, whether people are visiting the Site for the first time, and whether visitors make purchases on the Site. They also are used to enhance Site functionality, for example to allow returning users to use the Site without logging in.
(v) Cookies for email subscribers
(vi) Third Party Cookies
IPSY partners with third-party service providers who set cookies and tracking pixels for Site visitors and members on our behalf in order to deliver their services. These services include targeted online marketing and analysis of data collected through cookies. These technologies allow a partner to recognize your computer or mobile device each time you visit IPSY.com or other sites that also utilize the third party's services, but do not allow access to personally identifiable information from IPSY.
Third parties may choose to include IPSY widgets on their sites. When you load a site that has chosen to include our widgets, we receive analytics information through a cookie that may be used to enhance our data or to improve our services.
(vii) Managing Cookies
You can delete cookies stored in your browser at any time. You also can choose not to accept cookies from any site, including IPSY.com, by changing the settings of your browser. If you reject or block all cookies in your browser settings, then you will not be able to fully use IPSY's services.
(viii) Do not track
IPSY does not currently take steps to respond to browsers "Do Not Track" signals as no uniform standard to respond to such signals has been developed at this time
Information collected automatically. We automatically collect information from your browser or device when you visit the Site. This information includes your IP address, device ID, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us, and the referring site address.This information also includes your operating system or application, your location, and your activities voluntarily have submitted to us (for example, your email address). If you are accessing our third party Affiliate’s stores through the IPSY shopper app, this information is automatically collected, too.
Information collected from your mobile device When visiting any of our mobile applications, we may use an advertising identifier created by your mobile operating system to store information on our servers and later retrieve it. The Android Advertising ID and Apple iOS IDFA are examples of advertising identifiers. For more information about advertising identifiers, please check the settings of your mobile device.
If you're not an IPSY member but we contacted you, then we may have received your contact information from one of your friends. An IPSY member may give us your name and email address so IPSY can send a personalized invitation to you to join IPSY. We also may send you personalized email ‘reminders' about IPSY from your friends. Similarly, an IPSY member may provide your personal information to us so we can ship a gift or other merchandise to you. We ask your contacts to share your personal information only with your permission, and you may unsubscribe from any marketing email you receive by following the unsubscribe link contained at the bottom of the communication.
Information we collect from you may be either personal or aggregate. Personal information is identifiable to you, like your name, email address, shipping and billing addresses, credit card information, and phone number. Aggregate information is summary data of the behaviors and interests of groups or categories, so it won't identify you.
Aggregate Information. We use aggregate information for the purposes of internal business research, sales and business development and reporting back to our brand partners. We may share aggregated information about our visitor and user base with third parties such as our Retail Partners. This information may include the number of daily visitors to our Site and the number of orders placed on a certain date. We also may share Beauty Profile information with brand partners. We do not link aggregated data with our Ipsters' personal information.
Personal Information. We do not sell, rent, trade, license, or otherwise disclose your personal information to third parties, except in these limited circumstances:
Disclosures to IPSY Agents, Consultants and Related Third Parties. Like most Internet retailers, we use third parties to help ensure our business runs smoothly. We disclose your information to these third-party companies so they can perform their specific functions for us. For example, we may provide your name, shipping address, email and phone number to third-party shippers like the U.S. Postal Service and the United Parcel Service to deliver our products to you. We also may provide your credit card information to third-party credit card processors and issuers to help us process your orders from us. IPSY’s third party vendors may recognize a tracking code used by your browser or application to enable you to receive customized content, or to enable you to use other technologies such as tags and scripts. The tracking code may reflect de-identified demographic or other data linked to data you. When we employ other companies to perform functions of this nature, we only disclose the information that they need to perform their requested function. We do not authorize them to retain, share, store, or use personal information provided by us for any other purpose.
If you visit or make a purchase from IPSY Shopper online or on our IPSY app, we disclose to our Retail Partners your name, and shipping address so that they may fulfill your order and ship products directly to you. We also share your email address with the Retail Partners whose product you purchase in case they need to contact you about that product. We may also disclose to our Retail Partners information about the frequency with which you purchased or accessed a product, which may in turn result in you receiving an email or push notification about that product or service.
We may also share the product reviews you post with our Retail Partners who may repost your reviews about their products on their websites or social media channels owned and operated by those Retail Partners.
Disclosures Required by Law or Otherwise. We may disclose your personal information if we believe, in good faith, that it's necessary to: (1) comply with a legal obligation such as in response to a court order or subpoena; (2) protect the safety of fellow Ipsters or the public; (3) protect against legal liability; or (4) protect and defend IPSY's rights or property.
Disclosures through Social Media. Remember that you control the privacy settings on each of your social media platforms. We allow you to share information from the Site to social media. In order for this to happen you first must opt-in. You can revoke permission to do this by logging into the social media service and disconnecting the IPSY application from there.
Log Into Your IPSY Account. You can change the personal information you provide to us, including reviews, looks and videos, by logging into your IPSY account and making the appropriate changes.
Opt-Out. You can always "opt-out" of having your personal information used for certain purposes. At your request, we will stop sending you certain emails or even deactivate your account to prevent any future purchases through it. You can submit these requests at any time by contacting IPSYCare.
Do Not Sell. IPSY does not sell or share your information unless it is necessary to complete a transaction at Your request. You may, however, opt out of sharing your information with our Retail Partners. For example, you can request that any reviews that you post not be shared with any of our Retail Partners. In order to opt out of sharing your information, such as reviews, with third parties, you may record your request here.
Block Cookies and Targeted Advertising. You can prevent IPSY and its third-party partners from setting and accessing cookies on your computer by setting your Internet browser to block cookies.
Cancel Your Subscription or Deactivate Your Account. You may cancel your Glam Bag subscription by logging into your account, clicking on "Account" and choosing "Edit Account Settings". If You need help deactivating your IPSY account, contact IPSYCare.
Contact Our Retail Partner Our Retail Partners each have their own privacy policies and methods for you to opt-out of having your personal information used for certain purposes. Please contact the Retail Partner directly for more information. You may find a list of the Retail Partners here.
At IPSY, we take data security seriously. We use industry standard technical, physical and administrative safeguards to secure our customers’ data. Online, we encrypt your personal information using Transport Layer Security (“TLS”). TLS allows for a private, reliable Site connection where your identity is authenticated with cryptography. Offline, we restrict access to your personal information to only those IPSY employees who need it to perform a specific job function. We require all IPSY employees with access to your personal information to follow specific security protocols concerning its proper handling. We also hold our vendors who need access to your personal information to strict confidentiality and security requirements. Third-party service providers assist us with the physical security of some of our computer hardware. When you visit our Site, you access servers that we backup constantly. Our servers are hosted at locations which are private and secure data center facilities, behind physical and virtual firewalls.
Please remember, however, that while we use industry-standard security measures to safeguard your personal information, we can't guarantee absolute security. We wish we could, but 100% security just doesn't exist anywhere online or off. We recommend that you do your part by keeping your passwords secure, changing them often and not using the same password across multiple accounts.
If you're between 13 and 16 years old, you must have your parent/guardian’s written permission to have an account and we ask that you not submit any personal information to us or post on our Site without the consent and supervision of a responsible parent or legal guardian.
We share personal information with others outside of IPSY, such as third-party shipping companies, so that they may fulfill orders for product you may purchase from IPSY.com or the IPSY app. We also share personal information with Retail Partners if you purchase the Retail Partner’s product through IPSY Shopper or the IPSY app. Please see What We Do With Your Information.
Shine the Light Law
California Consumer Privacy Act
(i) California Consumers’ Rights and Choices
If you are a California resident, California law permits you to request Information regarding the:
Categories of Personal Information (as defined by applicable California law) collected, sold or disclosed by us;
Purposes for which categories of Personal Information collected by us are used;
Sources of information from which we collect Personal Information; andSpecific pieces of Personal Information we have collected about you
In addition, if you are a California resident you may:
Opt-out of the sale or disclosure of your Personal Information, in some circumstances;
Opt-out of receiving marketing communications from us; however, you may still receive administrative or transactional communications regarding the Services;
Opt-in to certain financial incentive programs we may offer related to the collection, sale, or deletion of your Personal Information; and
Request deletion of your Personal Information by us and our service providers, in some circumstances.
Collection and Disclosure of Personal Information from California Residents
The table below outlines how we handle personal information from California residents.
|Personal Information collected|
|How we collect personal information||Please see Information We Collect or Receive From You.|
|Categories of personal information we’ve collected in the past 12 months||Identifiers, Personal Characteristics, Internet/Electronic Activity|
|Categories of personal information we sell||We do not sell personal information to third parties.|
|Categories of personal information we otherwise share||Identifiers|
Access My Personal Information: IPSY Data Request;
Delete My Personal Information: IPSY Data Deletion Request;
Do Not Sell My Personal Information: Do Not Sell
You may also make those requests by calling 1-888-769-4526.
Please be aware that we do not accept or process requests through other means (e.g., via fax, social media, email addresses, etc.).
We will review the information provided and may request additional information to ensure we are interacting with the correct individual. Please also be aware that making any such request does not ensure complete or comprehensive removal or deletion of Personal Information or content you may have posted, and there may be circumstances in which the law does not require or allow us to fulfill your request.
You may make changes to your personal data at any time by logging on to your account. If you would like to request information about your personal data or would like to delete your personal data, you may do so by logging on to your account and going to Account/Profile. Please note that IPSY may need to retain limited information about you in order to fulfill any order requests made by you, for litigation purposes or to fulfill other legal or regulatory obligations.
Created: January 1, 2012
Last Updated: January 15, 2020