BY LARK — PRIVACY POLICY (PART 1 OF FULL POLICY)

Last Updated: January 28, 2026

This Privacy Policy describes how Lark Los Angeles LLC, doing business as By Lark, Lark, The Lark Company, and Travel by Lark (“By Lark,” “we,” “us,” or “our”) collects, uses, shares, stores, safeguards, and processes personal information across all our brand divisions, websites, digital platforms, concierge services, travel services, memberships, and interactions.

This Policy applies to:

  • bylark.com

  • thelarkcompany.com

  • travelbylark.com

  • All related sites, subdomains, portals, platforms, forms, emails, mobile-responsive versions, and any other digital properties operated by Lark Los Angeles LLC

  • All service interactions, whether or not you become a paying client

By visiting our Website(s), providing information, or using our services, you consent to the practices described in this Privacy Policy.

If you do not agree with any part of this Policy, do not provide any personal information and discontinue using our Website.

1. WHO WE ARE

Lark Los Angeles LLC is a U.S.-based luxury services company operating under multiple brand expressions, including:

  • By Lark — umbrella brand

  • Lark Co. — concierge & lifestyle management

  • Travel by Lark — luxury travel advisory & planning

This Privacy Policy governs all divisions, all DBAs, and all digital and service operations under this single legal entity.

2. SCOPE OF THIS PRIVACY POLICY

This Policy governs:

2.1 Website Use

Your interactions with our websites, pages, portals, analytics tools, forms, digital platforms, cookies, and online communication channels.

2.2 Service Engagements

All data collected and processed when you:

  • request concierge services

  • request travel planning or booking services

  • inquire about membership

  • complete intake or consultation forms

  • email, message, or otherwise contact us

  • book reservations or provide personal information for travel

  • share household, lifestyle, or logistic preferences

  • participate in client experiences or submit documents

2.3 Marketing & Communications

Includes:

  • newsletters

  • email updates

  • special announcements

  • offers

  • brand communications

2.4 Offline Collection

Includes all data collected verbally, via phone, text messages, WhatsApp, surveys, forms, payment authorization, handwritten notes, or other direct communications.

3. TYPES OF PERSONAL INFORMATION WE COLLECT

We may collect the following categories of personal information. Because By Lark provides concierge and travel services, our data collection is broader and may include sensitive travel details.

3.1 Basic Personal Identifiers

  • Full legal name

  • Email address

  • Phone number

  • Mailing or billing address

  • Emergency contacts

  • Social media handles (if provided)

3.2 Identity Verification & Travel Document Information

  • Passport numbers

  • Passport scans or photos

  • Passport expiration dates

  • Visa information

  • Date of birth

  • Gender or salutation preferences

  • TSA PreCheck, Global Entry, Known Traveler Numbers

  • Residency or nationality (when needed for travel)

3.3 Travel, Lifestyle & Concierge Profile Information

Collected when designing travel, concierge, or lifestyle services:

  • Travel history

  • Travel preferences (e.g., room type, dietary requests, seating preferences, allergies, wellness preferences, accessibility needs)

  • Household preferences

  • Dining, wellness, retail, or entertainment preferences

  • Event needs and planning details

  • Family details relevant to the service

  • Special occasions, anniversaries, celebrations

  • Membership tier and service usage

3.4 Sensitive Personal Information (Collected Only When Provided)

This category is specific to travel + concierge businesses and includes:

  • Allergies or medical-related travel notes

  • Mobility or accessibility requirements

  • Doctor or health notes required for certain travel arrangements

  • Religious or cultural travel restrictions

  • Information about children traveling with adults

  • Identification documents

  • Payment card data (processed via secure partners)

  • Any personal details voluntarily disclosed in service conversations

We do not require or request sensitive information unless needed to fulfill a service.

3.5 Financial & Transactional Data

  • Payment methods (processed securely; we do not store full card numbers)

  • Payment authorization forms

  • Transaction history

  • Refund or dispute information

  • Vendor or Supplier receipts

  • Invoices and billing details

  • Tax information (if applicable)

3.6 Technical Information from Website Use

Collected via cookies, analytics, and standard web protocols:

  • IP address

  • Device type, browser type, operating system

  • Session information

  • Usage patterns

  • Website navigation paths

  • Clickstream data

  • Referring URLs

  • Time spent on each page

  • Page interaction details

  • Geolocation approximations

  • Heatmap or scroll data (if analytics tools are in use)

3.7 Communication Data

  • Emails

  • Text messages

  • WhatsApp messages

  • Call logs

  • Notes from service interactions

  • Attachments or documents you upload

3.8 Social Media Interaction Data

If you interact with us through platforms like Instagram, LinkedIn, Facebook, or others:

  • profile information (public)

  • messages sent to us

  • engagement insights

  • likes, comments, shares

3.9 Vendor & Supplier Communications

When coordinating bookings or services on your behalf, we collect:

  • Reservation details

  • Confirmation numbers

  • Correspondence with suppliers

  • Preferences sent to partners

4. HOW WE COLLECT PERSONAL INFORMATION

We collect information in the following ways:

4.1 Directly From You

  • online forms

  • consultation forms

  • email correspondence

  • messaging apps (SMS, WhatsApp, iMessage)

  • phone conversations

  • in-person interactions

  • intake documents

  • payment authorization forms

  • travel profile forms

  • lifestyle profile forms

4.2 Automatically via Website

  • cookies

  • analytics tools (such as Google Analytics)

  • session logs

  • IP address

  • browser/device metadata

  • behavior tracking

4.3 From Third-Party Suppliers (Only as Needed)

  • hotels

  • airlines

  • tour operators

  • concierge vendors

  • car services

  • travel partners

  • ticketing platforms

  • restaurants

These partners may provide us information such as itinerary confirmations, guest history (if applicable), or special requests you made directly to them.

4.4 From Public or Semi-Public Sources

  • publicly available social profiles

  • directory listings

  • reviews

  • material you tag or share

5. HOW WE USE PERSONAL INFORMATION

We use personal information for the following legitimate business purposes:

5.1 To Provide Concierge, Lifestyle & Household Services

  • Manage calendars

  • Coordinate vendors

  • Assist with gifting

  • Provide research, sourcing, and reservations

  • Support home or lifestyle needs

  • Coordinate experiences, appointments, or events

5.2 To Provide Luxury Travel Services

  • Create travel profiles

  • Book hotels, airlines, transfers, and activities

  • Manage room preferences, loyalty numbers, or wellness needs

  • Provide guidance and travel research

  • Coordinate with global suppliers

  • Handle special requests, upgrades, perks

  • Resolve issues during travel (as able)

5.3 Communication & Relationship Management

  • Respond to inquiries

  • Send confirmations and updates

  • Provide customer support

  • Maintain client history

  • Tailor travel or concierge recommendations

5.4 Payments, Billing & Accounting

  • Process payments

  • Issue invoices

  • Maintain transaction records

  • Handle disputes or refunds

  • Comply with tax and accounting obligations

5.5 Internal Operations & Optimization

  • Improve service delivery

  • Train staff

  • Improve Website performance

  • Maintain security and fraud prevention

  • Analyze usage patterns

5.6 Marketing & Communications

With consent or where permitted by law:

  • newsletters

  • travel/lifestyle inspiration

  • event invitations

  • promotions

  • editorial content

  • personalized recommendations

You may unsubscribe at any time.

5.7 Legal Compliance

  • Respond to legal requests

  • Comply with government or regulatory requirements

  • Protect our rights, personnel, and clients

6. HOW WE SHARE PERSONAL INFORMATION

By Lark shares personal information only when necessary to deliver services, operate our business, comply with legal requirements, or with your explicit consent. We do not sell personal information.

We may share information with the following categories of recipients:

6.1 Travel & Hospitality Partners (for Travel by Lark)

To fulfill travel requests, reservations, bookings, and special arrangements, we may share relevant information with:

  • Hotels, resorts, villas, and private stays

  • Airlines, rail companies, cruise lines

  • Chauffeur and transportation companies

  • Tour operators, guides, activity providers

  • Destination management companies

  • Travel consortia and preferred partner programs

  • Ticketing platforms and entertainment partners

  • Visa service companies or immigration-related agencies (only if requested by you)

  • Luxury travel networks (e.g., if needed for booking perks or amenities)

We share only the information required to complete your booking (e.g. names, dates, preferences, loyalty numbers, special requests).

6.2 Concierge Vendors & Lifestyle Service Providers (for Lark Co.)

Depending on the services you request, we may share information (only as needed) with:

  • Personal shopping or gifting vendors

  • Reservation partners

  • Event venues, florists, planners, photographers

  • Household vendors (e.g., service providers, stylists, appointments)

  • Wellness providers (spas, trainers, clinics—only with your consent)

  • Any vendor engaged on your behalf

We disclose only what is required to perform the service you request.

6.3 Payment Processors & Financial Institutions

We use secure third-party payment processing partners to handle payments and billing.
These providers may receive:

  • name

  • billing address

  • payment method

  • email/phone

  • transaction amount

We do not store full credit card details on our servers.
Payment information is encrypted and processed through PCI-compliant partners.

6.4 Technology, Hosting & Data Storage Providers

We partner with reputable third parties to operate our Website and business. These may include:

  • website hosting companies

  • cloud storage and document management tools

  • CRM systems

  • analytics platforms

  • email service providers

  • form submission tools

  • scheduling and calendar platforms

  • secure file-sharing systems

These providers may access limited personal data solely to perform services for By Lark.

They are contractually required to maintain confidentiality.

6.5 Professional Advisors

We may share information with professional advisors such as:

  • attorneys

  • accountants

  • auditors

  • insurance providers

This occurs only when necessary for business operations or legal compliance.

6.6 Business Transfers

If By Lark undergoes a merger, acquisition, restructuring, sale, or transfer of assets, personal information may be transferred as part of that transaction.

Any such transfer will respect this Policy and applicable laws.

6.7 Legal & Compliance Disclosures

We may disclose information if required to:

  • comply with law, subpoena, court order, or legal process

  • protect our rights, operations, property, clients, or staff

  • prevent fraud, harm, or illegal activity

  • ensure the safety of travelers or service recipients

  • respond to emergencies

We will limit the disclosure to what is legally required.

7. INTERNATIONAL DATA TRANSFERS

Because By Lark operates in the travel and hospitality space, your personal information may be transferred to:

  • foreign hotels and service providers

  • international airlines and travel operators

  • global vendors

  • international technology partners

This means your information may be processed outside the United States, including in regions that may not have the same level of data protection laws.

Wherever possible, we take reasonable measures to ensure your information is handled securely and in accordance with this Policy.

For EU/UK clients, we will rely on recognized transfer mechanisms where required.

8. DATA RETENTION

By Lark retains personal information only as long as necessary for the purposes described in this Policy, including:

8.1 Service Delivery

We retain travel and concierge data for as long as needed to deliver services, manage memberships, honor historical preferences, and resolve issues.

8.2 Legal, Accounting & Regulatory Requirements

Some information must be retained for specific periods (e.g. 3–7 years) for compliance with:

  • tax laws

  • accounting rules

  • regulatory obligations

  • proof of service

  • dispute resolution

8.3 Marketing & Relationship History

If you opt in to marketing communications, we may retain contact and preference information indefinitely, unless you unsubscribe.

8.4 Data We Delete

We routinely delete data that is:

  • outdated

  • no longer needed

  • no longer legally required

  • unnecessarily sensitive

  • voluntarily requested to be deleted (when permitted by law)

If you request deletion, we will comply unless retention is required by law or for legitimate business purposes (e.g. disputes, financial records).

9. HOW WE PROTECT PERSONAL INFORMATION

By Lark uses appropriate technical, physical, and administrative safeguards to protect personal information. These may include:

  • data encryption (in transit and/or at rest)

  • access controls and role-based restrictions

  • secure password management

  • staff confidentiality agreements

  • secure cloud hosting and storage providers

  • firewalls and intrusion detection

  • routine security reviews

  • two-factor authentication

  • data minimization principles

  • secure payment processing partners

  • training for staff on privacy and data protection

While we take strong measures to protect your data, no method of transmission or storage is 100% secure.
We cannot guarantee absolute security, but we are committed to industry-standard safeguards.

10. COOKIES, TRACKING TECHNOLOGIES & ANALYTICS TOOLS

10.1 Cookies & Similar Technologies

The Website may use:

  • cookies

  • tracking pixels

  • beacons

  • session tracking tools

  • analytics scripts

  • device fingerprinting technologies

These help us:

  • recognize returning users

  • optimize pages

  • analyze traffic

  • track marketing performance

  • personalize browsing experience

  • understand user behavior

  • maintain site security

10.2 Types of Cookies Used

  • Essential Cookies — required for functionality

  • Analytical Cookies — track usage (e.g., Google Analytics)

  • Performance Cookies — ensure smooth operation

  • Marketing Cookies — for advertising or retargeting (if applicable)

10.3 Your Choices

You may:

  • disable cookies in your browser settings

  • reject non-essential cookies (if cookie banner is active)

  • withdraw consent in jurisdictions where required (e.g. EU, UK, CA)

Note: Some site features may not function properly if cookies are disabled.

11. YOUR RIGHTS & CHOICES (U.S., CA, AND GLOBAL RIGHTS)

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information.

11.1 Right to Access

You may request:

  • a copy of the personal data we hold about you

  • a description of how we use it

  • details of categories of data collected

11.2 Right to Correction

You may request correction of inaccurate, outdated, or incomplete information.

11.3 Right to Deletion / “Right to Be Forgotten”

You may request deletion of your personal information, subject to legal, contractual, or operational retention requirements.

11.4 Right to Restrict Processing

You may request that we limit or cease certain uses of your personal data.

11.5 Right to Opt Out of Marketing

You may unsubscribe from:

  • newsletters

  • promotional emails

  • travel inspiration or offers

  • announcements or updates

11.6 Right to Opt Out of Sale or Sharing of Data

By Lark does not sell personal information.

If you live in CA or other jurisdictions requiring disclosure, we confirm:

  • We do not sell data.

  • We do not share personal data with third parties for their own marketing without your consent.

11.7 Right to Non-Discrimination

You will not be discriminated against for exercising privacy rights.

11.8 Right to Withdraw Consent

If you previously consented to processing, you may withdraw consent at any time (where applicable).

11.9 Right to Data Portability

Where applicable laws permit, you may request export of your personal information in a structured, commonly used format.

12. SENSITIVE PERSONAL INFORMATION

By Lark may collect certain Sensitive Personal Information only when voluntarily provided by you, and only when necessary to deliver concierge or travel services. Sensitive information may include:

  • Passport numbers or scans

  • Government ID numbers (for travel purposes)

  • Travel-related medical notes (e.g., allergies, mobility needs)

  • Accessibility requirements

  • Dietary restrictions with health implications

  • Information relating to minors in your household or travel party

  • Loyalty or membership numbers tied to identity documents

  • Payment information (processed securely through vendors)

  • Cultural or religious requirements that may affect travel planning

  • Emergency contact details

12.1 How We Use Sensitive Data

We use sensitive information strictly to:

  • complete bookings

  • coordinate travel accommodations

  • accommodate medical, mobility, or accessibility requests

  • ensure safety during travel

  • communicate preferences to vendors

  • verify identity (only when required)

12.2 Additional Safeguards

Sensitive data is:

  • accessed only by authorized personnel

  • encrypted or stored in secure cloud environments

  • shared only when necessary to fulfill your service requests

  • never sold or used for marketing

You may request deletion or restriction of sensitive data unless it is required to provide services or comply with legal obligations.

13. INFORMATION RELATING TO HOUSEHOLD MEMBERS, COMPANIONS & THIRD PARTIES

Because By Lark provides concierge and travel services, you may share information about:

  • family members

  • children

  • household contacts

  • assistants

  • partners or spouses

  • friends traveling with you

  • colleagues

  • guests or event attendees

You represent that you have the authority and consent to provide this information.

We treat all such third-party data with the same protections described in this Policy.

If any individual requests access, correction, or deletion of data you submitted on their behalf, we may ask for verification of identity before proceeding.

14. FINANCIAL INFORMATION & PAYMENT SECURITY

14.1 Payment Processing

By Lark uses third-party PCI-compliant payment processors to collect and process:

  • credit/debit card information

  • digital wallet information

  • bank transfer or ACH details (if applicable)

  • billing information

We do not store full credit card numbers on By Lark servers.

14.2 Payment Authorization Forms

If you complete a Payment Authorization Form:

  • forms may be stored in secure, encrypted environments

  • access is limited to authorized staff

  • only the last 4 digits of card numbers may be stored, when possible

  • payment processors receive the full card number securely

14.3 Fraud Prevention

We may use your information to:

  • verify transactions

  • prevent fraud

  • respond to disputed charges

  • validate identity where necessary

15. CHILDREN’S INFORMATION

15.1 Services

By Lark’s Website and general services are intended for adults (18+), but we understand children may be included in travel or household arrangements.

We may collect information about minors only when voluntarily provided by their parent or legal guardian, such as:

  • name

  • date of birth

  • passport details

  • travel preferences

  • dietary needs

  • emergency contacts

15.2 We Do NOT Knowingly Collect From Children Directly

We do not knowingly collect personal information from children without parental consent.

If we become aware that a child submitted data directly, we will delete it promptly.

16. YOUR RESPONSIBILITIES WHEN PROVIDING DATA

When you provide us with information about yourself or others, you agree that:

  • all information provided is accurate and complete

  • you have the legal right to provide information about third parties

  • you will notify us of updates or changes

  • you will not provide information unrelated to the service

  • you will not provide excessive or irrelevant sensitive data

  • you understand that travel planning often requires accurate legal documents

Failure to provide accurate information may limit our ability to deliver services.

17. THIRD-PARTY INTEGRATIONS & AUTOMATED TOOLS

The Website or Services may integrate with or link to third-party products, including:

  • Google Analytics

  • Scheduling or intake forms

  • Email service providers

  • Travel consortia systems

  • Social media platforms

  • Payment gateways

  • CRM and booking systems

  • AI-driven personalization tools

  • Hotel or airline management systems

These entities may collect information independently based on their own privacy practices.
We cannot control and are not responsible for how third parties collect or process your data.

You should review the privacy policies of any linked or integrated service.

18. LINKS TO OTHER WEBSITES

The Website may contain links to:

  • hotels and resorts

  • travel partners

  • restaurants

  • suppliers

  • blogs or editorial sites

  • external resources

  • third-party vendors

These links are provided for convenience.
By Lark is not responsible for:

  • privacy practices of external sites

  • their content

  • accuracy

  • security

  • practices or policies

Following external links is at your discretion.

19. CHANGES TO THIS PRIVACY POLICY

We may update or modify this Privacy Policy at any time, including to reflect:

  • changes in our services

  • new data practices

  • regulatory requirements

  • operational adjustments

  • new technologies or platforms

19.1 Notification

We may notify you of changes by:

  • updating the Policy on the Website

  • emailing clients (where required)

  • posting a notice on the Website

Your continued use of the Website or Services after changes means you accept the revised Policy.

20. HOW TO CONTACT US

If you have questions about this Privacy Policy, need to make a data request, or wish to exercise any privacy rights, please contact:

📧 hello@bylark.com
📍 Lark Los Angeles LLC

Please include the subject line: “Privacy Policy / Data Request.”

We will respond in accordance with applicable laws.

21. ADDITIONAL DISCLOSURES FOR U.S. STATE PRIVACY LAWS (INCLUDING CCPA-LIKE RIGHTS)

(Shortened version — can be expanded further if you want full CCPA Section formatting)

If you are a resident of certain U.S. states with specific privacy laws (including California, Colorado, Virginia, Connecticut, Utah, or others), you may have state-specific rights regarding personal information.

These may include:

  • Right to know categories of information collected

  • Right to request specific pieces of information

  • Right to request deletion

  • Right to request correction

  • Right to request information about data disclosures

  • Right to opt out of certain data sharing

  • Right to non-discrimination

To exercise these rights, email hello@bylark.com with your request.

We will verify your identity and may request additional information to confirm the request is legitimate.

22. INTERNATIONAL USERS (GDPR-INSPIRED LANGUAGE)

Although By Lark is a U.S.-based company, we may serve clients globally. If you reside in the EU, UK, Switzerland, or any jurisdiction with strong data protection regulation, the following may apply:

  • You may request data access, correction, deletion, portability, restriction, or objection.

  • When we rely on consent, you may withdraw consent at any time.

  • We process data only when we have a lawful basis (e.g., consent, contract performance, legitimate interest).

  • You may lodge a complaint with your local data authority.

We will respect these rights where applicable and feasible.