Elora · Legal
Privacy Policy
for the body you're becoming
Last updated: July 13, 2026
1. Who We Are
MB Elora ("we," "us," or "our") collects, uses and protects your personal data when you visit our websites or purchase our digital products.
This Privacy Policy applies to both of our websites: goelora.com (our brand website and newsletter) and muscleandmicrobiome.com (our sales pages, checkout and course area), together referred to as the "Sites."
MB Elora (Registration No. 308053417), Perkunkiemio g. 19, LT-12120 Vilnius, Lithuania, is the data controller under the GDPR.
Contact: support@goelora.com
2. What Data We Collect
- Name, email address, billing address and phone number.
- Payment information is processed securely by Stripe. We never receive or store full payment card details.
- Customer support communications.
- Newsletter subscription details, including the email address you submit through the newsletter form on goelora.com.
- Automatically collected information: IP address, browser, device, approximate location, pages visited, referral source, time spent and cookies.
- We do not collect special categories of personal data such as health information.
3. Why We Use Your Data and Our Legal Basis
| Purpose | Why | Legal Basis |
|---|---|---|
| Process orders | Deliver purchased products | Performance of a contract |
| Transactional emails | Provide purchase access | Performance of a contract |
| Customer support | Assist customers | Performance of a contract / Legitimate interest |
| Marketing emails | Promotions and offers | Consent |
| Website analytics | Understand how the Sites are used and improve them | Consent |
| Advertising measurement | Measure the performance of our advertising | Consent |
| Accounting | Legal compliance | Legal obligation |
| Fraud prevention | Protect business and customers | Legitimate interest |
Our legitimate interests include customer support, fraud prevention, protecting our intellectual property, maintaining website security, enforcing our Terms & Conditions and improving our products and services.
4. Who We Share Your Data With
We do not sell your personal data.
- Systeme.io — funnel pages, checkout, email delivery and course hosting
- Stripe — payment processing
- Vimeo — video hosting
- Cloudflare — website hosting, DNS and security
- Google Workspace — business email
- Google Analytics — website analytics (with your consent)
- Meta — advertising measurement via the Meta Pixel (with your consent)
- Cookiebot (Usercentrics) — cookie consent management
All providers process personal data only on our behalf and under contractual obligations to protect it.
5. International Data Transfers
Where personal data is transferred outside the EEA, we rely on the EU–U.S. Data Privacy Framework where applicable, Standard Contractual Clauses (SCCs), or other lawful safeguards under the GDPR.
6. Cookies
We use cookies and similar technologies on both of our Sites. Cookies are grouped into the following categories:
- Necessary — required for the Sites to function, including checkout and security. These are set without consent as they are strictly necessary.
- Preferences — remember choices you make, such as your cookie settings.
- Statistics — help us understand how visitors use the Sites. We use Google Analytics 4 for this purpose. These cookies are set only with your consent.
- Marketing — used to measure the performance of our advertising. We use the Meta Pixel for this purpose. These cookies are set only with your consent.
Cookie consent is managed through Cookiebot. Statistics and marketing cookies are blocked until you give consent, and you may withdraw or change your consent at any time using the cookie settings link in the cookie banner. A detailed cookie declaration is available on our Sites.
7. How Long We Keep Your Data
Accounting records are generally retained for 10 years. Marketing data is retained until you unsubscribe. Support correspondence is retained for up to two years. Analytics data is retained for up to 14 months. We may retain data longer where necessary to establish, exercise or defend legal claims.
8. Your Rights
You may request access, correction, deletion, restriction, objection, data portability and withdrawal of consent. We do not use automated decision-making or profiling producing legal or similarly significant effects.
To exercise any of these rights, contact us at support@goelora.com. We will respond within one month.
If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (vdai.lrv.lt) or with the supervisory authority in your country of residence.
9. If You Are in the United States
Where applicable under U.S. privacy laws (including CCPA/CPRA), you may request access to or deletion of your personal information. We do not sell personal information.
10. Children
Our products are intended for adults aged 18 or older. If we discover we have collected children's personal data, we will delete it promptly.
11. Security
We use industry-standard security measures, HTTPS encryption and trusted service providers. Access to personal data is limited to authorized personnel. Payment information is processed directly by Stripe.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the 'Last updated' date.
13. Contact Us
Data Controller
MB Elora
Registration No. 308053417
Perkunkiemio g. 19, LT-12120 Vilnius, Lithuania
Email: support@goelora.com