Elora · Legal

Privacy Policy

for the body you're becoming

Last updated: July 13, 2026

1. Who We Are

MB Elora ("we," "us," or "our") collects, uses and protects your personal data when you visit our websites or purchase our digital products.

This Privacy Policy applies to both of our websites: goelora.com (our brand website and newsletter) and muscleandmicrobiome.com (our sales pages, checkout and course area), together referred to as the "Sites."

MB Elora (Registration No. 308053417), Perkunkiemio g. 19, LT-12120 Vilnius, Lithuania, is the data controller under the GDPR.

Contact: support@goelora.com

2. What Data We Collect

  • Name, email address, billing address and phone number.
  • Payment information is processed securely by Stripe. We never receive or store full payment card details.
  • Customer support communications.
  • Newsletter subscription details, including the email address you submit through the newsletter form on goelora.com.
  • Automatically collected information: IP address, browser, device, approximate location, pages visited, referral source, time spent and cookies.
  • We do not collect special categories of personal data such as health information.

3. Why We Use Your Data and Our Legal Basis

PurposeWhyLegal Basis
Process ordersDeliver purchased productsPerformance of a contract
Transactional emailsProvide purchase accessPerformance of a contract
Customer supportAssist customersPerformance of a contract / Legitimate interest
Marketing emailsPromotions and offersConsent
Website analyticsUnderstand how the Sites are used and improve themConsent
Advertising measurementMeasure the performance of our advertisingConsent
AccountingLegal complianceLegal obligation
Fraud preventionProtect business and customersLegitimate interest

Our legitimate interests include customer support, fraud prevention, protecting our intellectual property, maintaining website security, enforcing our Terms & Conditions and improving our products and services.

4. Who We Share Your Data With

We do not sell your personal data.

  • Systeme.io — funnel pages, checkout, email delivery and course hosting
  • Stripe — payment processing
  • Vimeo — video hosting
  • Cloudflare — website hosting, DNS and security
  • Google Workspace — business email
  • Google Analytics — website analytics (with your consent)
  • Meta — advertising measurement via the Meta Pixel (with your consent)
  • Cookiebot (Usercentrics) — cookie consent management

All providers process personal data only on our behalf and under contractual obligations to protect it.

5. International Data Transfers

Where personal data is transferred outside the EEA, we rely on the EU–U.S. Data Privacy Framework where applicable, Standard Contractual Clauses (SCCs), or other lawful safeguards under the GDPR.

6. Cookies

We use cookies and similar technologies on both of our Sites. Cookies are grouped into the following categories:

  • Necessary — required for the Sites to function, including checkout and security. These are set without consent as they are strictly necessary.
  • Preferences — remember choices you make, such as your cookie settings.
  • Statistics — help us understand how visitors use the Sites. We use Google Analytics 4 for this purpose. These cookies are set only with your consent.
  • Marketing — used to measure the performance of our advertising. We use the Meta Pixel for this purpose. These cookies are set only with your consent.

Cookie consent is managed through Cookiebot. Statistics and marketing cookies are blocked until you give consent, and you may withdraw or change your consent at any time using the cookie settings link in the cookie banner. A detailed cookie declaration is available on our Sites.

7. How Long We Keep Your Data

Accounting records are generally retained for 10 years. Marketing data is retained until you unsubscribe. Support correspondence is retained for up to two years. Analytics data is retained for up to 14 months. We may retain data longer where necessary to establish, exercise or defend legal claims.

8. Your Rights

You may request access, correction, deletion, restriction, objection, data portability and withdrawal of consent. We do not use automated decision-making or profiling producing legal or similarly significant effects.

To exercise any of these rights, contact us at support@goelora.com. We will respond within one month.

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (vdai.lrv.lt) or with the supervisory authority in your country of residence.

9. If You Are in the United States

Where applicable under U.S. privacy laws (including CCPA/CPRA), you may request access to or deletion of your personal information. We do not sell personal information.

10. Children

Our products are intended for adults aged 18 or older. If we discover we have collected children's personal data, we will delete it promptly.

11. Security

We use industry-standard security measures, HTTPS encryption and trusted service providers. Access to personal data is limited to authorized personnel. Payment information is processed directly by Stripe.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the 'Last updated' date.

13. Contact Us

Data Controller

MB Elora

Registration No. 308053417

Perkunkiemio g. 19, LT-12120 Vilnius, Lithuania

Email: support@goelora.com