Privacy Policy

This Privacy Policy describes the policies and procedures of Hawthorne Lab Inc. (“Hawthorne”, “we”, “our” or “us”) on the collection, use, and disclosure of your information on hawthorne.co and any other websites on which we post this Privacy Policy (collectively, the “Sites”) and the services, features, content, applications, and products we offer
(collectively, the “Services”).

Your privacy is important to us. When running Hawthorne, we follow a few fundamental principles:

  • We don’t ask you for information unless we truly need it. That being said, what we do ask for is solely to enable us to build an amazing customized experience and to communicate with you.
  • We don’t share your information with third parties except to deliver our Services and products, comply with the law, make Hawthorne better, protect our rights, or effectuate a business transfer
  • We’re not a huge, faceless corporation. We’re just normal people trying to deliver an incredible experience. If you have any questions or concerns about this policy, please reach out to us at help@hawthorne.co.
How You Accept this Policy

By using Hawthorne, creating a user account, or ordering a product through our Sites, you agree to the use, disclosure, and procedures outlined in this Privacy Policy.

What Information does Hawthorne Collect?

We may collect a variety of information about you:

  • Information from Third Party Services (defined below) that you explicitly give us access to;
  • Your contact information, such as your first name, last name, mailing address, phone number, social media handle, or email (depending on how you contact us);
  • Your account information, such as the username and password you may establish or be assigned in connection with our Services, and such other information you may choose to provide us in connection with your account;
  • Your payment information, such as your credit card or payment account information (although we use third-party payment processors - Shopify (Shop), Google Pay, and PayPal - and do not store your full payment card details on our systems) and billing address if you make purchases through our Sites;
  • Questionnaire responses you chose to provide such as: (i) information about your diet, alcoholic beverage preference, self-estimated body temperature, smoking habits, and self-estimated skin oil level; (ii) information about your lifestyle, such as place and dress of work, how you spend your Saturday nights, fragrance preferences and fashion sense; and (iii) details about your background, such as age, and personality type;
  • Other information you choose to provide through the Sites or our pages on social networks, such as information you may provide when interacting with us on TikTok, X/Twitter, Instagram, Facebook, YouTube, or Vimeo; and
  • Information we collect automatically when you interact with our Sites, including: (i) the IP address of the device you use to access our Services; (ii) the type of browser software you are using; (iii) the operating system you are using; (iv) the date and time you access or use our Services; (v) the website address, if any, that linked you to our Sites; (vi) the website address, if any, you leave our Sites and travel to; and (vii) other traffic data.
Information You Provide About Other Individuals

If you make a purchase, we may request certain information about a family member, friend, or other individual from whom you are purchasing a product (a “Recipient”) in order to complete your purchase. This may include contact information such as your or their name, email address, and shipping address. If you provide us with a Recipient’s information, you are responsible for obtaining the Recipient’s permission or for otherwise being authorized to do so.

You may have the opportunity to refer friends or other contacts to us. You may only submit a referral if you have permission to provide the referral’s contact information to us.  You are responsible for obtaining any necessary permissions from the individual you refer or for otherwise having the authority to make the referral.

Information We Automatically Collect

When you visit one of our retail stores in New York, we may collect information about your visit, such as purchases you make, returns or exchanges you initiate, and account or loyalty information you provide to our team members. If you make a purchase in-store, we may collect payment information and contact details in the same manner as described above for online purchases. Security cameras may be in operation at our retail locations for safety and loss-prevention purposes. Any information collected in our stores is treated in accordance with this Privacy Policy.

Like most websites, Hawthorne may incorporate technology such as “pixel tags”, “web beacons”, and “cookies.” Pixel tags or web beacons are tracking devices on websites or in emails that can monitor the behavior of the user visiting the website or sending the e-mail. Cookies (not to be confused with the sugary treat) are small files that web servers may place on your computer or mobile device when you visit a website.

Here, at Hawthorne, we use cookies to help identify and track usage of the Services and to make it easier to deliver a personalized experience. Our Sites use the following types of cookies for the purposes set out below.

Type of cookie - Purpose

Essential Cookies - These cookies are essential to provide you with Services available through our Sites and to enable you to use some of its features. Without these cookies, the Services that you have asked for cannot be provided, and we only use these cookies to provide you with those Services.

Functionality Cookies - These cookies allow our Sites to remember choices you make when you use our Sites. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-select your preferences every time you visit our Sites.

Analytics and Performance Cookies - These cookies are used to collect information about traffic to our Sites and how users use our Sites. The information gathered may include the number of visitors to our Sites, the websites that referred them to our Sites, the pages they visited on our Sites, what time of day they visited our Sites, whether they have visited our Sites before, and other similar information.  We use this information to help operate our Sites more efficiently, to gather broad demographic information, monitor the level of activity on our Sites, and improve the Sites. We use Google Analytics for this purpose. Google Analytics uses its own cookies. Please note Google’s ability to use and share information collected by Google Analytics about your use of Hawthorne is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to Hawthorne by disabling cookies on your browser. You also can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Social Media Cookies - These cookies are used when you share information using a social media sharing button or “like” button on our Sites or you link your account or engage with our content on or through a social networking website such as Facebook or Twitter. The social network will record that you have done this.

Targeted and advertising cookies - These cookies track your browsing habits to enable us to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, third party advertisers can place cookies to enable them to show advertisements that we think will be relevant to your interests while you are on third party websites. You can disable certain cookies that remember your browsing habits and target advertising at you by visiting http://youronlinechoices.eu/. If you choose to remove targeted or advertising cookies, you will still see advertisements but they may not be relevant to you. Even if you choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.

For a full listing and description of our use of cookies, please contact us at help and in the subject line, state “Cookies and Similar Technologies Request.”

You can typically refuse cookies, by adjusting your preference in your browser. However, be forewarned, disabling cookies may cause our Sites not to operate properly.  For further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.

Cookie Consent and Preference Management. When you first visit our Sites, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies (including analytics, targeted advertising, and social media cookies). You may update your cookie preferences at any time by clicking the "Cookie Preferences" or "Manage Cookies" link in the footer of our Sites. Please note that declining certain cookies may affect the functionality of our Sites or your experience. If you are a California resident, you may also opt out of the sharing of your personal information through cookies for cross-context behavioral advertising purposes by using the "Do Not Sell or Share My Personal Information" link on our Sites or by enabling a Global Privacy Control signal in your browser.

Information We Collect From Third Party Services

We haven’t built all of the features offered on Hawthorne from scratch. To run the Services, we often utilize various third-party products (collectively “Third Party Services”), such as Facebook, Instagram, TikTok, and Twitter. If you authorize these Third Party Services to share information with us, you grant us permission to collect certain information, such as your name, email address, phone number, and any other information that the third-party service makes available to us. Please note that your use of these Third Party Services is governed by their respective terms of service and privacy policies. For any information we receive from a Third Party Service, we use and disclose such information in accordance with our Privacy Policy. We also maintain pages for Hawthorne and our products on a variety of Third Party Services’ platforms, such as Facebook, Instagram, TikTok, Twitter, and YouTube, and other social networking services. When you interact with our pages on those third-party platforms, the third-party’s privacy policy will govern your interactions on the relevant platform. If the third-party platform provides us with information about our pages on those platforms or your interactions with them, we will treat that information in accordance with this Privacy Policy.

How We Use the Information We Gather

We primarily use the information we collect and store to enhance Hawthorne. Except if we sell all or a portion of our business, or as otherwise described below, we do not rent, trade, or sell your information.

To Provide Services to You

We use information to create an awesome experience. Some ways we may use your information include to:

  • Operate, maintain, administer, and improve the Sites and our Services;
  • Facilitate the sale and delivery of your purchases and registrations;
  • Contact and communicate with you when necessary;
  • Respond to your comments or questions;
  • Provide you with additional information according to your preferences;
  • Customize and personalize your Hawthorne experience, including our algorithm which helps decide which products may be ideal for you;
  • Generate aggregated statistics to help us improve the customer experience and develop new fragrances;
  • Make Hawthorne easier and more convenient for you (such as by prepopulating forms when you have already provided identical information);
  • Provide recommendations to you;
  • Send you information and marketing materials about Services and products available on our Sites as permitted by law (you will have the ability to opt out of such communications);
  • Train our team members; or
  • Other internal business purposes.

To Protect Us and Others and to Comply with the Law

We reserve the right to use your information as we reasonably believe is necessary to comply with the law or a court order; cooperate with law enforcement; enforce or apply our Terms of Use and other agreements; or protect the rights, property, or safety of Hawthorne, our employees, our users, or others. 

Aggregated and De-Identified Information

To improve our Services and for our lawful business purposes (including analytics), we may create aggregated and/or anonymous data from the information we collect. When doing so, we do our best to ensure that any aggregated and/or de-identified information cannot be linked back to you.

How We Share Information

Except as we discuss in this Privacy Policy, we will not share your information with third parties who wish to market other products and services to you.

Do Not Sell or Share My Personal Information. We do not sell your personal information for monetary consideration. But, our use of certain advertising cookies, pixels, and social media tracking technologies may constitute "sharing" of your personal information for cross-context behavioral advertising purposes under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). If you are a California resident, you have the right to opt out of this sharing at any time by clicking the "Do Not Sell or Share My Personal Information" link on our website, by enabling a Global Privacy Control (GPC) signal in your browser (see below), or by contacting us at help@hawthorne.co. We will process your opt-out request within fifteen (15) business days. Once you opt out, we will not share your personal information for cross-context behavioral advertising unless you subsequently provide consent. Note that opting out does not affect our ability to share your information with service providers who process data on our behalf for internal business purposes as described in this Privacy Policy.

We may provide your information to our contractors, agents, service providers, and designees  to enable them to perform certain services for us exclusively, including:

  • Order fulfillment;
  • Payment processing;
  • Payment Processing. We don't handle your payment card information directly — that's what payment processors are for. When you check out on our Sites, payment processing is handled by our third-party payment processors: Shopify (Shop), Google Pay, and PayPal (collectively, the "Payment Processors"). By completing a purchase through our Sites, you agree to be bound by the applicable terms of service and privacy policies of the relevant Payment Processor, including: (a) Shopify Consumer Terms of Service at shop.app/terms-of-service; (b) Google Pay Terms of Service at policies.google.com/terms?hl=en-US; and (c) PayPal User Agreement at www.paypal.com/us/legalhub/paypal/useragreement-full?country.x=US&locale.x=en_US. Note there may be other applicable terms and conditions in each of the above company’s legal pages. As part of completing your transaction, we may share with our Payment Processors, and authorize them to collect, use, retain, and disclose: (x) your transaction and payment processing activity information; and (y) related account data reasonably necessary to enable the payment processing services. Each Payment Processor's handling of your personal data is governed by their own privacy policy, including: (a) www.shopify.com/legal/privacy/consumers; (b) policies.google.com/privacy?hl=en-US; and, (c), www.PayPal.com/us/legalhub/paypal/privacy-full. Please take a moment to review those policies if you have questions about how your payment data is used. Note there may be other applicable privacy terms and policies in each of the above company’s legal pages.
  • Website-related services such as web hosting;
  • Improvement of website-related services and features;
  • Maintenance services;
  • Development of new fragrances or other products; or
  • Distribution of advertisements and other marketing materials on our behalf.

Business Transfers

We may choose to buy or sell assets or our business. In these types of transactions or potential transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your information will be one of the assets transferred to or acquired by a third party.

Compliance with Laws and Law Enforcement

Hawthorne may disclose information about you to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; (b) enforce or apply our Terms of Use and other agreements; (c) protect the rights, property, or safety of Hawthorne, our employees, our users, or others; or (d) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

What information can I access or change?

If you would like to request access to, correction of, or deletion of your information, please send us a note at help@hawthorne.co, and we’ll work with you. Depending on where you live, you may have additional rights regarding your personal information, including the right to know what information we hold about you, the right to request its deletion, and the right to opt out of the sale of your personal information. We do not sell your personal information. We may decline to fulfill your request where permitted or required by law.

If you decide you don’t want to receive text messages, email, or other mail from us, you can opt out of such communications by unsubscribing. Unsubscribing will stop you from receiving most types of communication, but it may not apply to communications about orders or transactions you place through the Services or to respond to your specific request.

Targeted Advertising

Some of the business partners that collect information about users’ activities on our Sites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising. Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by visiting http://www.networkadvertising.org/choices or the Digital Advertising Alliance by visiting http://www.aboutads.info/choices. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.

If you choose to opt out of targeted advertising, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioural advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general, we apply the following retention criteria:

  • Account and profile information: retained for the duration of your account and for a reasonable period thereafter in case you reactivate, and as required by law.
  • Purchase and transaction records: retained for a minimum of seven (7) years for tax, accounting, and legal compliance purposes.
  • Questionnaire and preference data: retained while your account is active and for a reasonable period following account deletion to support product development and analytics.
  • Marketing and communications preferences: retained until you opt out or request deletion.
  • Cookies and online activity data: retained in accordance with the retention periods described in the cookies section above, which vary by cookie type.
  • Legal and compliance records: retained for as long as required by applicable law or as necessary to defend or assert legal claims.

If you delete your account or request that your information be deleted, we will delete or anonymize your personal information within a reasonable time, subject to the retention periods and exceptions described above. We do not retain personal information for longer than is reasonably necessary for the stated purposes.

Data Security

We implement and maintain reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of the personal information we collect, consistent with the requirements of the New York SHIELD Act and other applicable law. These safeguards include, among other things, measures to detect, prevent, and respond to security incidents. We also require our third-party service providers who handle personal information on our behalf to maintain appropriate security measures. While we take these obligations seriously, no security system is impenetrable and we cannot guarantee the absolute security of our systems. Any information you provide to us is transmitted at your own risk, and you should take steps to protect the security of your own information.

Children

We are especially sensitive about children's information. Our Sites are not directed at children, and we do not knowingly collect personal information from children under the age of 13. In addition, consistent with the New York Child Data Protection Act and other applicable law, we do not knowingly collect, use, share, or profile minors under the age of 18 in ways that are inconsistent with their best interests or beyond what is necessary to provide our Services. We do not sell the personal information of minors.

If we discover that we have inadvertently collected personal information from a child under the age of 13, we will delete that information promptly. We do not condition a child's participation in any activity on the disclosure of more personal information than is reasonably necessary for that activity.

To the extent we ever collect personal information from a child under 13 (for example, where a parent purchases a product on behalf of a child), we will obtain verifiable parental consent before doing so, as required by COPPA. Parents and guardians have the right to review the personal information collected from their child, request its deletion, and refuse further collection or use. To exercise any of these rights, please contact us at help@hawthorne.co.

If we share any personal information collected from a child under 13 with third parties, we will do so only as necessary to fulfill the purpose for which it was provided (such as order fulfillment or payment processing) and will identify those categories of third parties in the direct notice provided to parents. We will not share a child's personal information with third parties for marketing purposes, and parents may consent to our collection and use of their child's information without consenting to disclosure to third parties for unrelated purposes.

We maintain a written information security program that includes specific measures to address data privacy and security risks related to children's personal information, consistent with the 2025 COPPA Rule amendments.

If you are a parent or legal guardian of a minor child, we will treat any information that you provide us while using Hawthorne on behalf of your minor child as otherwise described in this Privacy Policy. If you have questions about our information practices with respect to children, or if you learn that a child under the age of 13 has used Hawthorne, created a user account, or provided us with personal information, please email us at help@hawthorne.co.

Online Tracking And How We Respond To Do Not Track Signals

Online tracking is the collection of data about an individual's Internet activity used to deliver targeted advertisements and for other purposes. Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) incorporate a "Do Not Track" (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. Many website operators, including Hawthorne, do not take action to respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com/.

Global Privacy Control (GPC). We recognize and honor the Global Privacy Control (GPC) signal as a valid opt-out of the sale and sharing of your personal information for cross-context behavioral advertising, as required under the California Consumer Privacy Act and other applicable state laws. If your browser or device is configured to send a GPC signal when you visit our Sites, we will treat that signal as a request to opt out of the sharing of your personal information for targeted advertising purposes. You can learn more about GPC and how to enable it at https://globalprivacycontrol.org/. Note that if you clear your cookies or use a different browser or device, you may need to reset your GPC preference.

Other Sites and Services

The Sites may contain links to other websites and services.  These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services may follow different rules regarding the use or disclosure of the information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

We Reserve the Right to Update and Revise this Privacy Policy at Any Time

We occasionally review this Privacy Policy to make sure it complies with applicable law and conforms to changes in our business. We may need to update this Privacy Policy, and we reserve the right to do so at any time. If we do revise this Privacy Policy, we will update the “Effective Date” at the bottom of this page so that you can tell if it has changed since your last visit and do our best to notify you. Please review this Privacy Policy regularly to ensure that you are aware of its terms. Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the new changes on the Sites (or as otherwise indicated at the time of posting).  In all cases, any use of the Sites after an amendment to our Privacy Policy constitutes your acceptance to the revised or amended Privacy Policy.

Your Rights as a California Resident

If you are a California resident, in addition to awesome weather, you have rights under the CCPA, as amended by the CPRA. These include the right to know what personal information we collect, use, and disclose about you; the right to request deletion of your personal information (subject to certain exceptions); the right to correct inaccurate personal information; the right to opt out of the sale or sharing of your personal information (we do not sell or share your personal information for cross-context behavioral advertising); and the right not to be discriminated against for exercising these rights. To exercise any of these rights, please submit a request to help@hawthorne.co. We'll respond within the timeframes required by law - and no, we won’t ask you to send us a bottle of Napa Valley chardonnay in return (but if you do, our team will happily accept).

Sensitive Personal Information in California. Some of the information we collect may qualify as "sensitive personal information" under the CCPA/CPRA, including account login credentials and certain questionnaire responses (such as information about your diet, smoking habits, or skin characteristics). We collect and use sensitive personal information only to the extent reasonably necessary to provide our Services to you. You have the right to limit our use and disclosure of your sensitive personal information to uses that are necessary to provide the Services or as otherwise permitted by law. To exercise this right, please contact us at help@hawthorne.co or click the "Limit the Use of My Sensitive Personal Information" link on our website.

Data Minimization and Purpose Limitation. We collect and use your personal information only to the extent reasonably necessary and proportionate for the purposes described in this Privacy Policy or for purposes that you would reasonably expect given the context in which the information was collected. We do not use your personal information for purposes that are incompatible with those disclosed here without first obtaining your consent.

Automated Decision-Making in California. To improve your experience on our Sites, we use automated tools and algorithms to help personalize your Hawthorne experience and provide product recommendations. If you are a California resident, you have the right to opt out of certain uses of automated decision-making that produce legal or similarly significant effects. To opt out or to request more information about how our automated tools work, please contact us at help@hawthorne.co.

Your Rights as a New York Resident

If you are a New York resident, your personal information is protected under the New York SHIELD Act (N.Y. Gen. Bus. Law §§ 899-aa and 899-bb) and other applicable New York law. We maintain reasonable administrative, technical, and physical safeguards for your personal information as described in the Data Security section above. "Private information" protected under the SHIELD Act includes, among other things, your name combined with financial account numbers, account credentials, biometric data, and, as of March 21, 2025, medical and health insurance information. In the event of a data breach affecting your private information, we will notify you within thirty (30) days of discovering the breach, in accordance with our obligations under the SHIELD Act as amended in December 2024, unless a law enforcement exception applies. We will also notify the New York Attorney General, the New York Department of State, the New York State Police, and, where applicable, the New York Department of Financial Services. If you have questions about how we handle your information or wish to request access to, correction of, or deletion of your personal information, please contact us at help@hawthorne.co.

International Users and Visitors

Hawthorne is operated and hosted in the United States. If you are visiting or using our Services from outside the United States, including from the European Economic Area (EEA), the United Kingdom, or Canada, please be aware that your information may be transferred to, stored, and processed in the United States. Data protection laws in the United States may differ from those in your country and may not provide the same level of protection. By providing us with your information, you acknowledge and consent to the transfer and processing of your information in the United States in accordance with this Privacy Policy. If you have questions about cross-border data transfers, please contact us at help@hawthorne.co.

U.S. Government Data Security Requirements. The U.S. Department of Justice's Data Security Program Rule, which took effect in 2025, restricts the transfer of certain categories of sensitive personal data to foreign countries or entities of concern. We do not knowingly transfer sensitive personal data (as defined under that Rule, including certain financial data, precise geolocation data, biometric data, health data, and certain government-issued identifiers) to covered foreign countries or persons in a manner that would violate those restrictions. If you have questions about our cross-border data transfer practices, please contact us at help@hawthorne.co.

Questions?

We’d be happy to answer them. Shoot us an email or send us a note:

Email: help@hawthorne.co

Mailing Address:

Hawthorne Lab Inc.
161 Water Street
New York, NY 10038

Effective Date: May 28, 2026

Thanks for reading our Privacy Policy.