Privacy Policy for Vitalogent LLC

Effective Date: 10/29/2025
Last Updated: 01/01/2025

Introduction

Vitalogent LLC ("we," "us," "our," or "Vitalogent") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website www.vitalogent.com, make purchases, or interact with our services.

Our Business: Vitalogent LLC is a dietary supplement company headquartered in Texas, United States. We sell dietary supplements designed to support gut health and overall wellness.

Important Note About Health Data: We are NOT a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). We are a dietary supplement retailer, not a healthcare provider. However, we recognize the sensitive nature of health-related information and handle all such data with the utmost care and in compliance with applicable consumer privacy laws including the Federal Trade Commission Act, California Consumer Privacy Act (CCPA/CPRA), General Data Protection Regulation (GDPR), and other state privacy laws.

Your Rights: Depending on where you live, you have specific privacy rights including the right to access, delete, correct, and control how we use your personal information. These rights are detailed in the sections below.

Applicability: This Privacy Policy applies to all personal information we collect from:

Website visitors
Customers who purchase our products
Individuals who contact us or sign up for communications
Participants in surveys, quizzes, or questionnaires

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

We collect several types of information from and about users of our website and services. The information we collect depends on how you interact with us.

1. Personal Information You Provide Directly

This is information you voluntarily provide when interacting with our services:

Contact Information:

Full name (first and last name)
Email address
Phone number
Shipping address (street address, city, state, ZIP code, country)
Billing address (if different from shipping)

Account Information (if you create an account):

Username and password
Order history
Saved payment methods (tokenized - we don't store actual card numbers)
Shipping preferences
Communication preferences

Payment Information:

Credit/debit card information (processed securely through our payment processor - Shopify Payments/Stripe)
Billing address
Transaction history
We do NOT store your complete credit card numbers - only tokenized payment information through our secure payment processors

Health and Wellness Information (optional):

Responses to health questionnaires or quizzes
Information about dietary preferences, restrictions, or allergies
Wellness goals and health interests
Product reviews and experiences
Information provided in customer service interactions

Communications:

Email correspondence with customer service
Chat transcripts
Survey responses
Testimonials and reviews
Social media interactions

Marketing Preferences:

Newsletter subscription status
Email marketing consent
SMS marketing consent (if applicable)
Communication frequency preferences

2. Information Collected Automatically

When you visit our website, certain information is automatically collected through cookies and similar technologies:

Device and Browser Information:

IP address
Device type (computer, mobile, tablet)
Operating system
Browser type and version
Screen resolution
Device identifiers

Usage Information:

Pages visited and time spent on pages
Links clicked
Search queries on our site
Referral source (how you arrived at our site)
Exit pages
Date and time of visits
Navigation paths through our website

Location Information:

General geographic location based on IP address (city, state, country level)
We do NOT collect precise GPS location data

3. Information from Third-Party Sources

We may receive information about you from third-party sources:

Analytics and Advertising Partners:

Google Analytics data (anonymized when possible)
Facebook Pixel data
Advertising network information
Social media platform information (if you interact with our social media)

Payment Processors:

Transaction verification
Fraud prevention data
Payment confirmation

Third-Party Authentication Services:

If you sign in using third-party services (e.g., "Sign in with Google"), we receive basic profile information you authorize

Data Brokers and Marketing Partners:

We do NOT purchase personal information from data brokers
We do NOT sell your personal information to third parties

4. Sensitive Personal Information (Under CCPA/CPRA)

Under California law, certain categories of personal information are considered "sensitive." We may collect:

Account Credentials:

Username and password (encrypted)

Precise Geolocation:

We do NOT collect precise geolocation

Health Information:

Information you voluntarily provide about health conditions, symptoms, or wellness goals through questionnaires, quizzes, or communications
Dietary restrictions or allergies
Wellness objectives
Product effectiveness feedback

Important: We only collect sensitive personal information when you voluntarily provide it, and we use it solely for the purposes disclosed in this policy (e.g., product recommendations, customer service). You have the right to limit how we use your sensitive personal information - see Your Privacy Rights.

How We Use Your Information

We use your personal information for the following business and commercial purposes:

1. Order Fulfillment and Customer Service

Purpose: To process and deliver your orders

Processing and completing transactions
Charging your payment method
Arranging shipping and delivery
Sending order confirmations and shipping notifications
Managing returns, exchanges, and refunds
Providing customer support
Resolving disputes and troubleshooting problems

Legal Basis: Contract performance (necessary to fulfill your order)

2. Account Management

Purpose: To create and maintain your account

Creating and managing your customer account
Authenticating your identity
Saving your preferences and order history
Enabling quick checkout for repeat purchases
Providing personalized recommendations

Legal Basis: Contract performance and legitimate business interests

3. Communication and Marketing

Purpose: To communicate with you and send marketing (with your consent)

Sending promotional emails about new products, sales, and special offers
Sending newsletters with health and wellness content
Providing product recommendations based on your interests
Conducting customer satisfaction surveys
Sending abandoned cart reminders
Announcing website updates or policy changes
Responding to your inquiries and requests

Legal Basis: Consent (for marketing communications) and legitimate business interests (for transactional communications)

Your Control: You can opt out of marketing emails at any time using the "unsubscribe" link in any email or by contacting us at [privacy@vitalogent.com]

4. Personalization and Product Recommendations

Purpose: To personalize your experience

Recommending products based on your browsing and purchase history
Customizing website content to your interests
Tailoring email content to your preferences
Providing relevant health and wellness information
Creating personalized wellness profiles (if you use our quizzes/questionnaires)

Legal Basis: Consent and legitimate business interests

5. Website Improvement and Analytics

Purpose: To understand how our website is used and improve it

Analyzing website traffic and user behavior
Testing new features and designs
Identifying and fixing technical issues
Understanding which products are popular
Improving navigation and user experience
Optimizing website performance

Legal Basis: Legitimate business interests

6. Security and Fraud Prevention

Purpose: To protect our business and customers

Detecting and preventing fraud
Identifying suspicious activity
Protecting against security threats
Investigating violations of our Terms of Service
Ensuring payment security
Preventing unauthorized access to accounts

Legal Basis: Legitimate business interests and legal obligations

7. Legal Compliance

Purpose: To comply with legal requirements

Responding to legal requests (subpoenas, court orders, lawsuits)
Complying with FDA adverse event reporting requirements
Meeting tax and accounting obligations
Fulfilling regulatory requirements
Enforcing our Terms of Service
Protecting our legal rights

Legal Basis: Legal obligations and legitimate business interests

8. Business Operations

Purpose: To run our business effectively

Managing inventory and supply chain
Conducting business analytics
Quality control and product development
Training employees
Internal auditing and compliance
Business planning and forecasting

Legal Basis: Legitimate business interests

How We Share Your Information

We share your personal information only as described below. We do NOT sell your personal information to third parties for monetary consideration.

1. Service Providers and Business Partners

We share information with third-party service providers who perform services on our behalf:

E-Commerce Platform:

Shopify: Our website is hosted on Shopify. Shopify provides the e-commerce platform and stores order and customer data. Learn more: Shopify Privacy Policy

Payment Processors:

Shopify Payments / Stripe: Process payments securely. They receive payment information necessary to complete transactions. Learn more: Stripe Privacy Policy

Shipping and Fulfillment:

[Shipping Carriers]: USPS, UPS, FedEx, or other carriers receive shipping information (name, address, tracking data) to deliver your orders

Email Marketing:

[Email Service Provider]: Klaviyo, Mailchimp, or similar services receive email addresses and marketing preferences to send promotional emails on our behalf

Analytics and Advertising:

Google Analytics: Analyzes website traffic and user behavior (anonymized when possible). Learn more: Google Privacy Policy
Facebook Pixel: Tracks conversions and enables targeted advertising on Facebook and Instagram. Learn more: Facebook Data Policy
[Other advertising networks]: May receive limited information for targeted advertising

Customer Service:

[Help Desk Software]: Zendesk, Gorgias, or similar platforms receive customer communications to manage support requests

Data Security:

Cloud Storage Providers: AWS, Google Cloud, or similar services securely store data backups

Important Contractual Protections:

All service providers are bound by contracts requiring them to protect your information
They may only use your information to provide services to us
They cannot sell or share your information for their own purposes
We conduct due diligence on all service providers' security practices

2. Advertising and Marketing Partners

For CCPA Purposes, This May Constitute "Sharing" or "Sale":

Under California law, allowing advertising partners to collect information through cookies and pixels may constitute "sharing" personal information for cross-context behavioral advertising. This includes:

Facebook/Meta (Facebook Pixel)
Google (Google Ads, remarketing)
Other advertising networks

Your Opt-Out Rights: You can opt out of this "sharing" by:

Using our cookie consent banner to reject advertising cookies
Clicking "Do Not Sell or Share My Personal Information" in our footer
Visiting Your Privacy Choices

We do NOT sell personal information for money. Any "sale" or "sharing" under CCPA refers solely to allowing advertising partners to collect cookie data for targeted ads.

3. Legal Obligations and Safety

We may disclose information when required by law or to protect rights and safety:

Legal Compliance: Responding to subpoenas, court orders, legal processes, or government requests
Law Enforcement: Cooperating with law enforcement investigations
Rights Protection: Enforcing our Terms of Service or protecting our legal rights
Safety: Preventing harm to individuals or property
FDA Reporting: Reporting serious adverse events to the FDA as required by law
Fraud Prevention: Investigating suspected fraud or security incidents

4. Business Transfers

If Vitalogent is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

5. With Your Consent

We may share information for other purposes with your explicit consent.

6. Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably identify you:

Industry statistics and trends
Aggregated sales data
General demographic information
Anonymous usage statistics

This data is not considered "personal information" and is not subject to this Privacy Policy.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods by Category

Account Information:

Duration: As long as your account remains active, plus 3 years after account closure
Purpose: To provide ongoing service, maintain order history, and resolve disputes

Order and Transaction Data:

Duration: 7 years from date of transaction
Purpose: Tax compliance, accounting requirements, warranty claims, and dispute resolution
Legal Requirement: Required by federal and state tax laws

Marketing Communications Data:

Duration: Until you unsubscribe, plus 2 years to honor your opt-out preferences
Purpose: To ensure we don't inadvertently re-add you to marketing lists

Customer Service Records:

Duration: 3 years after last interaction
Purpose: Quality assurance, training, and dispute resolution

Health Questionnaire/Quiz Responses:

Duration: 2 years from submission or until account deletion
Purpose: Providing personalized recommendations and customer service

Website Analytics:

Duration: 26 months (Google Analytics default) or 14 months (shorter setting)
Purpose: Understanding website performance and user behavior

Security and Fraud Prevention:

Duration: As long as necessary to maintain security, typically 3-5 years
Purpose: Detecting patterns, preventing repeat fraud attempts

Cookie Data:

Duration: Varies by cookie type (session cookies expire when you close browser; persistent cookies last 1-24 months)
Purpose: Website functionality, analytics, advertising

Deletion Criteria

We delete or anonymize personal information when:

It's no longer needed for business purposes
Legal retention requirements expire
You request deletion (subject to legal exceptions)
Your account is closed and retention period ends

Legal Holds

In some cases, we may need to retain information longer than standard periods:

Active litigation or disputes
Regulatory investigations
Suspected fraud or security incidents
Legal obligations to preserve evidence

Your Privacy Rights

Depending on where you live, you have various rights regarding your personal information. We honor these rights for all customers to the greatest extent possible.

Universal Rights (All Users)

1. Right to Access

You can request a copy of the personal information we hold about you
We'll provide this in a portable, commonly used format

2. Right to Correction

You can request correction of inaccurate or incomplete information
You can update most information directly in your account settings

3. Right to Deletion

You can request deletion of your personal information (subject to legal exceptions)
We may need to retain some information for legal compliance, fraud prevention, or to complete transactions

4. Right to Opt-Out of Marketing

You can unsubscribe from marketing emails at any time
Use the "unsubscribe" link in any email or contact us directly

Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

1. Right to Know

Request disclosure of categories and specific pieces of personal information we collected
Request information about how we use and share your data
Request sources from which we collected your information

2. Right to Delete

Request deletion of personal information we collected (subject to exceptions)
We must delete information unless we need it for legal compliance or specific business purposes

3. Right to Correct

Request correction of inaccurate personal information

4. Right to Opt-Out of Sale/Sharing

Opt out of "sale" or "sharing" of personal information (primarily cookies for targeted advertising)
Click "Do Not Sell or Share My Personal Information" in our footer
We do NOT sell personal information for money

5. Right to Limit Use of Sensitive Personal Information

Request that we limit use of sensitive information to only what's necessary to provide services
Click "Limit the Use of My Sensitive Personal Information" in our footer

6. Right to Non-Discrimination

We will NOT discriminate against you for exercising your privacy rights
We will NOT:
- Deny goods or services
- Charge different prices or rates
- Provide different quality of service
- Suggest you'll receive different prices or services

7. Right to Opt-In (Ages 13-15)

If we have actual knowledge someone is 13-15 years old, we require opt-in consent before selling/sharing their information
We do not knowingly collect information from anyone under 13

Updated 2025 Thresholds:

CCPA revenue threshold: $26,625,000 annually (adjusted for inflation)
Fines: Up to $2,663 per unintentional violation; $7,988 per intentional violation

Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have these rights under the General Data Protection Regulation (GDPR):

1. Right to Access (Subject Access Request)

Receive confirmation of whether we process your data
Access your personal data and receive a copy

2. Right to Rectification

Correct inaccurate or incomplete personal data

3. Right to Erasure ("Right to be Forgotten")

Request deletion when data is no longer necessary, you withdraw consent, or we have no legitimate interest

4. Right to Restrict Processing

Request we limit how we use your data in certain circumstances

5. Right to Data Portability

Receive your personal data in a structured, machine-readable format
Transmit data to another controller

6. Right to Object

Object to processing based on legitimate interests
Object to direct marketing at any time

7. Right to Withdraw Consent

Withdraw consent for processing that requires consent (doesn't affect prior lawful processing)

8. Right to Lodge a Complaint

File a complaint with your local Data Protection Authority if you believe we violated GDPR

Legal Bases for Processing (GDPR):

Contract: Necessary to fulfill your order
Consent: You gave clear consent (e.g., marketing emails)
Legitimate Interests: Our business interests that don't override your rights
Legal Obligation: Required by law (e.g., tax records)

Additional Rights for Other U.S. States

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA):

Right to access personal data
Right to delete personal data
Right to correct inaccuracies
Right to opt out of targeted advertising
Right to opt out of sale of personal data
Right to opt out of profiling for decisions with legal effects

New York (pending legislation):

May have additional rights once legislation takes effect

How to Exercise Your Rights

Email Us: [privacy@vitalogent.com]

Mail Us: Vitalogent LLC
Attn: Privacy Rights Request
[Your Street Address]
[City, State ZIP]
United States

Online Form: Visit [www.vitalogent.com/privacy-request] (if available)

Phone: [Your Customer Service Phone Number]

What We Need to Verify Your Request: To protect your privacy, we must verify your identity before fulfilling rights requests:

Name and email address associated with your account
Order number (if applicable)
Additional information to confirm identity (date of birth, address)
For sensitive requests, we may require additional verification

Response Timeline:

CCPA: 45 days (may extend 45 days with notice)
GDPR: 30 days (may extend 60 days with notice)
We'll acknowledge your request within 10 business days

Authorized Agents (CCPA):

You may authorize someone to submit requests on your behalf
We require written authorization signed by you
We'll verify both your identity and the agent's authority

No Fee:

We provide the first two requests per year free of charge
We may charge a reasonable fee for excessive, repetitive, or unfounded requests

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and personalize your experience.

What Are Cookies?

Cookies are small text files stored on your device by your web browser. They allow websites to remember your actions and preferences over time.

Types of Cookies We Use

1. Strictly Necessary Cookies

Purpose: Essential for website functionality
Examples: Shopping cart, secure login, session management
Duration: Session (deleted when you close browser) or short-term
Can You Opt Out? No - these are required for the website to work
Legal Basis: Legitimate interest (website functionality)

2. Functional Cookies

Purpose: Remember your preferences and choices
Examples: Language preference, region selection, display settings
Duration: Persistent (up to 12 months)
Can You Opt Out? Yes, but functionality may be limited
Legal Basis: Consent or legitimate interest

3. Analytics and Performance Cookies

Purpose: Help us understand how visitors use our website
Examples: Google Analytics, page views, bounce rate, time on site
Duration: Persistent (up to 26 months)
Can You Opt Out? Yes, through our cookie banner or browser settings
Providers: Google Analytics, [other analytics tools]
Legal Basis: Consent (required in EEA/UK)

4. Advertising and Marketing Cookies

Purpose: Display relevant ads and measure ad effectiveness
Examples: Facebook Pixel, Google Ads remarketing, retargeting pixels
Duration: Persistent (typically 30-90 days, some up to 2 years)
Can You Opt Out? Yes, through cookie banner, Do Not Sell My Personal Information, or browser settings
Providers: Facebook/Meta, Google, [other ad networks]
Legal Basis: Consent

5. Social Media Cookies

Purpose: Enable sharing on social media platforms
Examples: Facebook "Like" button, Instagram feed widgets
Duration: Varies by platform
Can You Opt Out? Yes, by not interacting with social plugins or blocking in browser
Legal Basis: Consent

Other Tracking Technologies

Web Beacons (Pixels):

Tiny invisible images embedded in emails or web pages
Used to track whether emails are opened and to measure campaign effectiveness
Placed by us and our marketing partners (Facebook Pixel, Google Ads)

Local Storage:

Similar to cookies but can store more data
Used for website functionality and user preferences
Persists until manually deleted

Server Logs:

Automatically collect IP address, browser type, referring URLs
Used for security, debugging, and analytics
Not stored with other personal identifiers

Managing Your Cookie Preferences

Cookie Consent Banner:

When you first visit our site, a banner appears allowing you to accept or reject non-essential cookies
You can change preferences anytime by clicking "Cookie Settings" in our footer

Browser Settings:

Most browsers allow you to:
- Block all cookies
- Block third-party cookies only
- Delete cookies after each session
- See which cookies are stored and delete them individually
Note: Blocking all cookies may prevent website functionality

Opt-Out Tools:

Google Analytics Opt-Out: Install Google's browser add-on: https://tools.google.com/dlpage/gaoptout
Network Advertising Initiative: http://optout.networkadvertising.org/
Digital Advertising Alliance: http://optout.aboutads.info/
Facebook Ad Preferences: https://www.facebook.com/ads/preferences

Do Not Track (DNT):

We currently do not respond to Do Not Track browser signals
This is because there's no industry standard for how websites should respond to DNT

California "Do Not Sell or Share My Personal Information":

Click the link in our footer to opt out of cookie-based advertising
This prevents advertising cookies from being placed

Cookie Duration Details

Cookie Type	Provider	Duration	Purpose
_ga	Google Analytics	2 years	Distinguish users
_gid	Google Analytics	24 hours	Distinguish users
_fbp	Facebook Pixel	90 days	Track conversions
shopify_session	Shopify	Session	Shopping cart
[Add your specific cookies]

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures We Use

1. Encryption

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using industry-standard SSL/TLS protocols (HTTPS)
Payment Data Encryption: Payment information is encrypted during transmission using PCI-compliant encryption standards
Data at Rest: Sensitive data stored in our databases is encrypted

2. Access Controls

Limited Access: Only authorized employees and service providers have access to personal information
Role-Based Permissions: Staff access is limited to information necessary for their job functions
Multi-Factor Authentication: Required for administrative access to systems
Regular Access Reviews: We periodically review who has access to what data

3. Secure Infrastructure

Secure Hosting: Our website is hosted on Shopify's secure, PCI-compliant servers
Firewalls: Network firewalls protect against unauthorized access
Intrusion Detection: Monitoring systems detect and alert us to suspicious activity
Regular Security Updates: Software and systems are kept up-to-date with security patches

4. Payment Security

PCI DSS Compliance: Our payment processors (Shopify Payments/Stripe) are certified as PCI DSS Level 1 Service Providers (the highest level)
Tokenization: We store only tokenized payment information, never full credit card numbers
No Card Storage: Credit card details never touch our servers; they go directly to payment processors

5. Employee Training

All employees with access to personal information receive privacy and security training
Employees sign confidentiality agreements
Security awareness training covers phishing, social engineering, and data handling best practices

6. Vendor Management

Third-party service providers are required to maintain appropriate security measures
We conduct due diligence on vendors' security practices
Contracts include data protection and security requirements

7. Incident Response

We maintain an incident response plan for data breaches
Regular security audits and penetration testing (where appropriate)
Monitoring and logging of system access

Data Breach Notification

Despite our security measures, no system is 100% secure. In the unlikely event of a data breach:

We Will:

Investigate the breach immediately
Take steps to contain and mitigate the breach
Notify affected individuals within legally required timeframes:
- GDPR: Within 72 hours of becoming aware
- CCPA: Without unreasonable delay
- Other state laws: As required by specific state timelines
Notify relevant authorities as required by law
Provide information about:
- What happened
- What information was involved
- Steps we're taking to address the breach
- Steps you can take to protect yourself
- How to contact us for more information

Your Actions:

Change your password immediately if your account may be compromised
Monitor your accounts for suspicious activity
Consider placing a fraud alert with credit bureaus (if financial information was involved)
Report suspected identity theft to ftc.gov/identitytheft

Limitations

No Guarantee: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Third-Party Sites: We are not responsible for the security practices of third-party websites linked from our site. Always review third-party privacy policies.

Your Responsibility:

Keep your account password secure and confidential
Do not share your password with others
Log out of your account when using shared computers
Use strong, unique passwords
Report suspicious activity immediately to [security@vitalogent.com]

International Data Transfers

Vitalogent LLC is based in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States.

For European Economic Area (EEA) and UK Users

Transfer Mechanism: When you provide personal information to us, you acknowledge and agree that it may be transferred from your location to the United States. The United States may not have data protection laws equivalent to those in your country.

Safeguards for Data Transfers: We implement appropriate safeguards to protect your personal information, including:

Standard Contractual Clauses (SCCs): When transferring data from the EEA/UK to the US, we use European Commission-approved Standard Contractual Clauses (also called Model Clauses) with our service providers
Adequacy Decisions: Where available, we rely on adequacy decisions by the European Commission recognizing certain countries as providing adequate data protection
Supplementary Measures: We implement additional technical and organizational measures to protect data transfers, such as:
- Encryption of data in transit and at rest
- Pseudonymization where appropriate
- Access controls and authentication
- Regular security assessments

Your Rights Remain Protected: Regardless of where your data is processed, you maintain all rights described in the "Your Privacy Rights" section, including:

Right to access your data
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Right to lodge a complaint with your supervisory authority

EU-US Data Privacy Framework (if applicable): [If Vitalogent becomes certified under the EU-US Data Privacy Framework, include: "Vitalogent LLC is certified under the EU-US Data Privacy Framework regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Learn more: [dataprivacyframework.gov]"]

For Other International Users

If you are located in other countries outside the United States:

Your information will be transferred to and processed in the United States
By using our services, you consent to this transfer
We implement appropriate security measures as described in our "Data Security" section
Your local laws may provide different or additional privacy rights - please contact us for questions

Limitations for Non-US Orders

Please note:

We primarily ship to US addresses
International shipping may be limited or unavailable
International orders may be subject to customs duties, taxes, and fees not included in our prices
International shipping and customs policies vary by country

Children's Privacy

Protecting children's privacy is important to us. Our website and services are not directed to children under the age of 18.

Age Restrictions

We do NOT knowingly collect personal information from anyone under age 18 without verifiable parental consent, particularly:

We do not knowingly collect information from children under 13 (COPPA requirement)
We do not knowingly collect information from minors aged 13-17 without parental consent

Age Requirements for Purchase:

You must be at least 18 years old to create an account or make purchases
Our dietary supplements are intended for adult use only
By making a purchase, you represent that you are at least 18 years old

If We Learn We Have Collected Children's Information

If we become aware that we have collected personal information from someone under 18 without proper parental consent:

We will delete the information as quickly as possible
We will not use or disclose the information for any purpose
We will block the account from making future purchases

For Parents and Guardians

If you believe your child under 18 has provided personal information to us without your consent:

Contact us immediately at [privacy@vitalogent.com]
Provide the child's name, email address, and any other information that may help us locate the data
We will promptly delete the information upon verification

Age Verification

We do not actively verify the age of our users, but we rely on users to be truthful about their age when creating accounts or making purchases.

COPPA (Children's Online Privacy Protection Act)

We comply with the Children's Online Privacy Protection Act (COPPA), which requires parental consent before collecting, using, or disclosing personal information from children under 13.

International Considerations

GDPR (Europe): Children under 16 (or lower age set by member states) require parental consent for information processing
Other Countries: Age requirements may vary by jurisdiction

State-Specific Privacy Rights

In addition to the rights described earlier, residents of certain U.S. states have specific additional privacy rights under state laws.

California Residents (CCPA/CPRA)

Full details in "Your Privacy Rights" section above. Key points:

Disclosure Requirements: In the past 12 months, we have collected and disclosed the following categories of personal information:

Category	Collected	Sold	Shared for Advertising	Disclosed to Service Providers
Identifiers (name, email, address)	Yes	No	No	Yes
Payment information	Yes	No	No	Yes (payment processors only)
Internet activity (browsing, clicks)	Yes	No	Yes (cookies)	Yes
Geolocation (approximate)	Yes	No	Yes (cookies)	Yes
Health information (voluntary)	Yes	No	No	Yes (limited)
Commercial information (purchases)	Yes	No	No	Yes
Inferences (preferences)	Yes	No	Yes (cookies)	Yes

Categories of Third Parties:

Payment processors (Shopify, Stripe)
Shipping carriers
Email marketing platforms
Analytics providers (Google)
Advertising networks (Facebook, Google Ads)
Customer service platforms

Consumer Requests Metrics (Previous Calendar Year): [Update annually with actual metrics]

Requests to Know: [#] received, [#] complied with
Requests to Delete: [#] received, [#] complied with
Requests to Opt-Out: [#] received, [#] complied with
Average response time: [#] days
Requests denied: [#] (with reasons)

California-Specific Links:

California Shine the Light Law: Under California Civil Code Section 1798.83, California residents can request information about disclosure of personal information to third parties for direct marketing purposes. As stated, we do not sell or share personal information for third-party direct marketing.

Virginia Residents (VCDPA)

Effective January 1, 2023, Virginia residents have these rights:

Right to access personal data
Right to delete personal data
Right to correct inaccuracies in personal data
Right to obtain a copy of personal data (data portability)
Right to opt out of targeted advertising
Right to opt out of the sale of personal data
Right to opt out of profiling in furtherance of decisions with legal effects

To exercise rights: Email [privacy@vitalogent.com] or visit our Privacy Rights Request form

Appeal Process: If we deny your request, you have the right to appeal by contacting us at [privacy@vitalogent.com]. We will respond to appeals within 60 days.

Colorado Residents (CPA)

Effective July 1, 2023, Colorado residents have similar rights to Virginia residents:

Right to access personal data
Right to delete personal data
Right to correct inaccuracies
Right to data portability
Right to opt out of targeted advertising, sale, and profiling

To exercise rights: Email [privacy@vitalogent.com]

Appeal Process: Available upon request denial

Connecticut Residents (CTDPA)

Effective July 1, 2023, Connecticut residents have:

Right to access personal data
Right to delete personal data
Right to correct inaccuracies
Right to data portability
Right to opt out of targeted advertising, sale, and profiling

To exercise rights: Email [privacy@vitalogent.com]

Appeal Process: Available upon request denial

Utah Residents (UCPA)

Effective December 31, 2023, Utah residents have:

Right to access personal data
Right to delete personal data
Right to data portability
Right to opt out of targeted advertising and sale of personal data

To exercise rights: Email [privacy@vitalogent.com]

Nevada Residents

Nevada residents have the right to opt out of the "sale" of their personal information. While we do not sell personal information as traditionally defined, Nevada law has a broad definition of "sale."

To opt out: Email [privacy@vitalogent.com] with subject line "Nevada Do Not Sell Request" and include your name and email address.

Other States

As additional states enact privacy laws, we will update this section. Currently, several states have pending privacy legislation including:

New York
Massachusetts
Michigan
Pennsylvania
Others

We will comply with all applicable state privacy laws as they take effect.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes

Material Changes: For significant changes that materially affect your rights or how we use your personal information:

We will post a prominent notice on our website at least 30 days before changes take effect
We may send email notification to the email address associated with your account
For GDPR users, we may require re-consent for certain types of processing

Non-Material Changes: For minor updates (clarifications, formatting, contact information changes):

We will update the "Last Updated" date at the top of this policy
Changes will take effect immediately upon posting

Your Continued Use

Your continued use of our website and services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please stop using our services and contact us to delete your account.

Version History

You can request previous versions of our Privacy Policy by contacting [privacy@vitalogent.com].

Frequency of Updates

We review and update this Privacy Policy at least annually, and as needed when:

New privacy laws take effect
Our business practices change
We add new services or features
Industry best practices evolve
Regulatory guidance is issued

Last Review Date: [Insert Date] Next Scheduled Review: [Insert Date]

Contact Us

We take your privacy seriously. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Privacy Inquiries

Email:
[privacy@vitalogent.com]

Mail:
Vitalogent LLC
Attn: Privacy Officer
[Your Complete Street Address]
[City, State ZIP Code]
United States

Phone:
[Your Customer Service Phone Number]
Hours: [Business Hours and Time Zone]

Privacy Rights Requests

To exercise your privacy rights (access, deletion, correction, opt-out):

Online Form: [www.vitalogent.com/privacy-request] (if available)

Email: [privacy@vitalogent.com]
Subject line: "Privacy Rights Request - [Type of Request]"

Mail:
Vitalogent LLC
Attn: Privacy Rights Request
[Street Address]
[City, State ZIP]

Required Information:

Your full name
Email address associated with your account
Type of request (access, delete, correct, opt-out)
Sufficient information to verify your identity
Specific details about your request

Data Protection Officer (DPO)

For GDPR-related inquiries from EEA/UK users:

EU Representative (if applicable):
[Name of EU Representative or Service]
[Address]
[Email]

Supervisory Authority (GDPR)

If you are in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local supervisory authority:

EU: Find your data protection authority: https://edpb.europa.eu/about-edpb/board/members_en

UK: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

Response Times

General inquiries: We aim to respond within 3-5 business days
Privacy rights requests:
- CCPA: Within 45 days (may extend 45 days)
- GDPR: Within 30 days (may extend 60 days)
- Acknowledgment within 10 business days
Urgent security matters: Within 24-48 hours

Language

This Privacy Policy is written in English. If translations are provided for convenience, the English version will prevail in case of conflicts.

Additional Important Information

Third-Party Links

Our website may contain links to third-party websites, services, or resources not operated by Vitalogent. This Privacy Policy does not apply to third-party websites.

We are NOT responsible for:

Privacy practices of third-party sites
Content or accuracy of third-party sites
Third-party data collection or use
Security of third-party sites

Your responsibility:

Review privacy policies of any third-party sites you visit
Exercise caution when providing information to third parties
Understand that clicking third-party links leaves our website

Common third-party links on our site:

Social media platforms (Facebook, Instagram, Twitter)
Payment processors (visible branding during checkout)
Shipping carrier tracking
Product review platforms
Content delivery networks

User-Generated Content

If we allow customer reviews, testimonials, or other user-generated content:

What you post may be public:

Product reviews are typically visible to all website visitors
Testimonials may be featured on our website or marketing materials
Social media posts tagging us may be shared

Do NOT include sensitive information in public posts:

Don't share health conditions or medical information publicly
Don't include contact information or addresses
Don't share financial information

Our rights:

We may remove inappropriate content
We may use your testimonials in marketing (with permission)
We don't endorse user opinions

Social Media

When you interact with us on social media platforms (Facebook, Instagram, Twitter, etc.):

Their privacy policies apply: Each platform has its own privacy policy and data practices
We may collect information you publicly share: Posts, comments, messages to our accounts
Social media plugins: If our website includes social sharing buttons, those platforms may collect information about your visit
Messaging: Messages sent via social platforms are subject to those platforms' terms

Accessibility

We are committed to making our Privacy Policy accessible to all users:

If you need assistance:

Contact us for alternative formats (large print, audio, etc.)
We can explain our privacy practices over the phone
We offer assistance in understanding your privacy rights

Accessibility features:

Plain language where possible
Organized with clear headings
Table of contents for easy navigation

California "Shine the Light" Law Supplement

California Civil Code Section 1798.83 permits California residents to request certain information about disclosure of personal information to third parties for direct marketing purposes.

Our Practice: We do not share personal information with third parties for their direct marketing purposes unless you consent. Therefore, you can prevent such sharing by not providing consent.

To Request Information: Email [privacy@vitalogent.com] with "California Shine the Light Request" in the subject line.

Nevada Privacy Rights Supplement

Nevada S.B. 220 provides Nevada residents the right to opt out of the sale of personal information.

Our Practice: We do not sell personal information as defined under Nevada law. However, if you are a Nevada resident and wish to submit an opt-out request:

Email [privacy@vitalogent.com] with "Nevada Do Not Sell" in the subject line, and include:

Your name
Email address
Nevada residency confirmation

Marketing Communications

How We Use Your Information for Marketing:

Send promotional emails about products, sales, and offers
Share health and wellness content
Announce new products
Provide personalized product recommendations

Your Choices:

Opt out anytime: Click "Unsubscribe" in any marketing email
Customize preferences: Choose email frequency and topics
Transactional emails continue: Even if you opt out of marketing, we'll still send order confirmations, shipping updates, and customer service emails

Marketing Frequency:

[Specify typical frequency - e.g., "2-4 emails per week"]
May increase during promotional periods

Email Address Use:

We will NOT sell your email address
We will NOT spam you
We will honor opt-out requests within 10 business days

SMS/Text Marketing (if applicable)

If we offer SMS marketing:

Consent: By providing your phone number and opting in, you consent to receive promotional text messages

Frequency: [Specify frequency - e.g., "Up to 4 messages per month"]

Message and Data Rates: Message and data rates may apply

Opt-Out: Reply STOP to any message to opt out. Reply HELP for help.

Privacy: We do not sell your phone number

Do Not Sell My Personal Information (California)

If you are a California resident and wish to opt out of any "sale" or "sharing" of your personal information:

Click here: Do Not Sell or Share My Personal Information

Or:

Email [privacy@vitalogent.com] with "CCPA Opt-Out Request"
Call [phone number]

What this means:

Primarily affects advertising cookies
We do NOT sell personal information for money
Under CCPA, allowing advertising partners to collect data via cookies may constitute "sharing"

Limit the Use of My Sensitive Personal Information (California)

If you are a California resident and wish to limit our use of sensitive personal information:

Click here: Limit Use of Sensitive Personal Information

What this means:

We will limit use of sensitive information to what's necessary to provide services
This primarily affects health information you voluntarily provide
Does not affect essential business functions

Automated Decision-Making and Profiling

We do NOT use automated decision-making that produces legal or similarly significant effects.

Limited Profiling: We may create profiles about your preferences for:

Product recommendations
Personalized content
Marketing segmentation

GDPR Rights: If you are in the EEA/UK, you have the right to object to profiling and request human review of automated decisions with significant effects.

Biometric Data

We do NOT collect biometric data such as fingerprints, facial recognition, voiceprints, or retinal scans.

De-Identified Data

We may de-identify or aggregate data so it no longer identifies you personally. This de-identified data is not subject to this Privacy Policy and may be used and shared without restriction for:

Business analytics
Research and development
Industry reports
Marketing insights

Our commitment: Once data is de-identified, we maintain safeguards to prevent re-identification and do not attempt to re-identify de-identified data.

Effective Date and Acceptance

Effective Date: [Insert Date When Policy Goes Live]

Last Updated: [Insert Date of Last Modification]

Next Review Date: [Insert Date One Year From Now]

By using our website, creating an account, or making a purchase, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with any part of this Privacy Policy, please do not use our website or services.

Thank you for trusting Vitalogent LLC with your personal information. We are committed to protecting your privacy and using your data responsibly.

For questions or concerns, please contact us at [privacy@vitalogent.com]

Appendix: Definitions

Personal Information / Personal Data: Information that identifies, relates to, describes, or could reasonably be linked to you, directly or indirectly.

Sensitive Personal Information: Under CCPA, includes account credentials, precise geolocation, health information, and other specially protected categories.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.

Controller: The entity that determines the purposes and means of processing personal data (Vitalogent LLC for purposes of this policy).

Processor: An entity that processes personal data on behalf of a controller (our service providers).

Consent: Freely given, specific, informed, and unambiguous indication of your wishes by which you agree to processing of your personal data.

Legitimate Interest: Processing necessary for our legitimate business interests that do not override your fundamental rights and freedoms.

Opt-Out: Your choice to stop receiving certain communications or to stop certain types of data processing.

De-Identified Data: Data that cannot reasonably identify you and for which we maintain safeguards against re-identification.

Sale of Personal Information: Under CCPA, includes transferring personal information for monetary or other valuable consideration. We interpret this to potentially include cookie-based advertising.

Sharing: Under CCPA/CPRA, communicating personal information to third parties for cross-context behavioral advertising.

Covered Entity (HIPAA): Healthcare providers, health plans, and healthcare clearinghouses subject to HIPAA. We are NOT a HIPAA covered entity.

This Privacy Policy was last updated on [Date]. We reserve the right to modify this policy at any time in accordance with this section.

Privacy Policy for Vitalogent LLC

Table of Contents

Introduction

Information We Collect

1. Personal Information You Provide Directly

2. Information Collected Automatically

3. Information from Third-Party Sources

4. Sensitive Personal Information (Under CCPA/CPRA)

How We Use Your Information

1. Order Fulfillment and Customer Service

2. Account Management

3. Communication and Marketing

4. Personalization and Product Recommendations

5. Website Improvement and Analytics

6. Security and Fraud Prevention

7. Legal Compliance

8. Business Operations

How We Share Your Information

1. Service Providers and Business Partners

2. Advertising and Marketing Partners

3. Legal Obligations and Safety

4. Business Transfers

5. With Your Consent

6. Aggregated and De-Identified Data

Data Retention

Retention Periods by Category

Deletion Criteria

Legal Holds

Your Privacy Rights

Universal Rights (All Users)

Additional Rights for California Residents (CCPA/CPRA)

Additional Rights for EEA/UK Residents (GDPR)

Additional Rights for Other U.S. States

How to Exercise Your Rights

Cookies and Tracking Technologies

What Are Cookies?

Types of Cookies We Use

Other Tracking Technologies

Managing Your Cookie Preferences

Cookie Duration Details

Data Security

Security Measures We Use

Data Breach Notification

Limitations

International Data Transfers

For European Economic Area (EEA) and UK Users

For Other International Users

Limitations for Non-US Orders

Children's Privacy

Age Restrictions

If We Learn We Have Collected Children's Information

For Parents and Guardians

Age Verification

COPPA (Children's Online Privacy Protection Act)

International Considerations

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

Virginia Residents (VCDPA)

Colorado Residents (CPA)

Connecticut Residents (CTDPA)

Utah Residents (UCPA)

Nevada Residents

Other States

Changes to This Privacy Policy

How We Notify You of Changes

Your Continued Use

Version History

Frequency of Updates

Contact Us

General Privacy Inquiries

Privacy Rights Requests

Data Protection Officer (DPO)

Supervisory Authority (GDPR)

Response Times

Language

Additional Important Information

Third-Party Links

User-Generated Content

Social Media

Accessibility