Privacy policy

Effective Date: May 2026
Last Updated: May 2026

This Privacy Policy explains how Cofactor Health LLC (“Cofactor Health,” “Cofactor,” “Company,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal information in connection with our websites, Shopify storefront, online store, checkout experience, customer accounts, subscriptions, email and SMS communications, advertising, customer support, and related products and services (collectively, the “Services”).

Cofactor Health offers nutrition supplements designed to help support detoxification, energy, nutrition, and general wellness. Our Services may include one-time purchases, monthly subscriptions, every-three-month subscriptions, customer accounts, product education, newsletters, promotions, and other wellness-related content.

By accessing or using our Services, creating an account, placing an order, enrolling in a subscription, communicating with us, signing up for marketing, or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy does not replace our Terms of Service, Refund Policy, Shipping Policy, Subscription Terms, SMS Terms, Cookie Policy, Consumer Health Data Privacy Notice, or any other policy that may apply to your use of our Services.

Important health and medical notice: Cofactor Health sells dietary supplements and wellness products. We do not provide medical advice, diagnosis, or treatment through our website or Services. Our products are not intended to diagnose, treat, cure, or prevent any disease. Any health-related information you provide to us may be treated as sensitive information under certain laws, and we handle it as described in this Privacy Policy and any applicable Consumer Health Data Privacy Notice.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information we collect when you:

Visit or interact with our website or Shopify storefront;
Browse, search for, view, purchase, return, or review our products;
Create, access, or update a customer account;
Place a one-time order;
Enroll in, manage, pause, skip, modify, or cancel a subscription;
Subscribe to emails, SMS/text messages, newsletters, promotions, or other communications;
Communicate with us through customer support, email, chat, contact forms, social media, surveys, or other channels;
Participate in a quiz, questionnaire, survey, waitlist, promotion, giveaway, referral program, ambassador program, affiliate program, or loyalty program;
Interact with our advertisements or social media pages;
Apply for a job or contractor opportunity with us, if applicable; or
Otherwise use or engage with our Services.

This Privacy Policy does not apply to websites, platforms, applications, or services operated by third parties that we do not own or control, even if they are linked to, embedded in, or integrated with our Services.

2. Personal Information We Collect

We may collect personal information directly from you, automatically through your use of our Services, from service providers and business partners, and from other lawful sources.

2.1 Information You Provide to Us

Depending on how you interact with us, you may provide the following categories of personal information:

Contact information

Name;
Email address;
Phone number;
Billing address;
Shipping address;
Account address book information; and
Business or organization name, if applicable.

Account information

Customer account login credentials;
Account preferences;
Subscription preferences;
Saved addresses;
Order history;
Subscription history;
Customer support history; and
Account settings.

Order, subscription, and transaction information

Products viewed, added to cart, purchased, returned, exchanged, or subscribed to;
Order number;
Purchase date;
Subscription frequency, such as monthly or every three months;
Subscription status, such as active, paused, skipped, canceled, or modified;
Refill and renewal dates;
Shipping method;
Tracking information;
Discounts, gift cards, store credits, referral credits, or promotional codes used;
Returns, refunds, and chargeback information; and
Customer service notes related to your order or subscription.

Payment information

When you make a purchase, your payment information is processed by our payment processors and/or Shopify’s payment infrastructure. This may include payment card details, payment token, billing address, payment method type, payment authorization status, fraud-screening indicators, and related transaction data.

We generally do not store full payment card numbers. Payment information is handled by payment processors, payment gateways, banks, card networks, Shopify, subscription billing providers, and related service providers according to their own terms and privacy policies.

Communications and customer support information

Messages you send to us;
Customer service requests;
Questions, feedback, complaints, or product experience reports;
Email, chat, SMS, or phone communications;
Social media messages or comments directed to us;
Information you provide when responding to surveys or forms; and
Any other information you voluntarily provide to us.

Marketing and preference information

Email marketing preferences;
SMS/text marketing preferences;
Product interests;
Communication preferences;
Promotion, giveaway, referral, ambassador, affiliate, or loyalty program information;
Reviews, testimonials, survey responses, and feedback; and
Your interactions with our emails, texts, advertisements, and website content.

Health, wellness, and supplement-related information you choose to provide

Because our products relate to nutrition, detoxification support, energy support, and general wellness, you may choose to provide information that could be considered health-related or sensitive under certain laws. This may include:

Wellness goals;
Dietary preferences or restrictions;
Ingredient sensitivities;
Supplement preferences;
Product usage habits;
Health-adjacent survey or quiz responses;
Information about energy, digestion, detoxification, nutrition, lifestyle, sleep, or exercise goals;
Product experience reports, including adverse events or side effects you voluntarily report; and
Other wellness-related information you voluntarily provide.

You should not provide sensitive health, medical, genetic, biometric, or other highly sensitive information unless it is necessary for your interaction with us. We do not require you to submit medical records to purchase our products.

User-generated content

If you submit reviews, testimonials, photos, comments, social media tags, or other content, we may collect the content you provide, your name or username, ratings, images, and related information. If you post content publicly or authorize us to use it, other people may view, collect, or use that content.

Job applicant or contractor information

If you apply for a job, contractor role, ambassador role, affiliate relationship, or other business opportunity with us, we may collect contact details, resume information, work history, credentials, references, portfolio materials, compensation expectations, tax forms, and other information relevant to the opportunity.

2.2 Information Collected Automatically

When you access or use our Services, we, Shopify, and our service providers may automatically collect information about your device, browser, and online activity, including:

Device and technical information

IP address;
Browser type and version;
Device type;
Operating system;
Language settings;
Time zone;
Mobile carrier;
Screen resolution;
Referring and exit pages;
General location derived from IP address; and
Device identifiers or similar identifiers.

Website and online activity information

Pages viewed;
Products viewed;
Search queries;
Cart activity;
Checkout activity;
Clicks, scrolls, and navigation paths;
Date and time of visits;
Session duration;
Email opens and clicks;
SMS interactions;
Ad impressions and clicks;
Referral source; and
Interactions with website features, forms, pop-ups, quizzes, and embedded content.

Cookies and similar technologies

We and our service providers may use cookies, pixels, tags, SDKs, scripts, web beacons, local storage, session replay or analytics tools, and similar technologies to operate the website, remember preferences, enable checkout, manage subscriptions, analyze traffic, improve performance, detect fraud, personalize content, and deliver or measure advertising.

For more information, see the “Cookies, Analytics, and Advertising Technologies” section below and any separate Cookie Policy we may post.

2.3 Information From Third Parties

We may receive personal information from third parties, including:

Shopify and Shopify-related applications;
Payment processors and fraud-prevention providers;
Subscription management providers;
Shipping, fulfillment, logistics, and returns providers;
Email and SMS marketing platforms;
Customer support platforms;
Analytics providers;
Advertising networks and social media platforms;
Affiliate, influencer, ambassador, referral, or loyalty program partners;
Data enrichment providers, where permitted by law;
Publicly available sources;
Other customers, such as when someone sends you a gift or enters your shipping information; and
Other sources with your consent or as permitted by law.

3. How We Use Personal Information

We may use personal information for the purposes described below.

3.1 To Provide, Operate, and Improve the Services

We use personal information to:

Operate our website and Shopify storefront;
Create and manage customer accounts;
Process, confirm, fulfill, ship, deliver, and track orders;
Process payments, refunds, returns, exchanges, and chargebacks;
Manage subscriptions, including recurring billing, renewals, skips, pauses, cancellations, and reminders;
Provide customer support;
Respond to questions, requests, reviews, complaints, and feedback;
Maintain product quality, safety, and compliance records;
Personalize your experience with our Services;
Improve website functionality, product pages, checkout flow, subscriptions, and customer experience;
Develop new products, offers, services, and educational content;
Conduct internal analytics, testing, troubleshooting, and research; and
Maintain records of your transactions and interactions with us.

3.2 To Communicate With You

We use personal information to communicate with you about:

Orders;
Subscriptions;
Account activity;
Payment issues;
Shipping and delivery;
Returns, exchanges, and refunds;
Product availability;
Customer support inquiries;
Security notices;
Changes to policies or terms;
Promotions, newsletters, and offers; and
Other administrative or service-related messages.

You may continue to receive non-marketing service messages even if you opt out of marketing communications.

3.3 To Send Marketing and Promotional Communications

With your consent where required, or as otherwise permitted by law, we may use personal information to send you marketing communications, including:

Email newsletters;
SMS/text messages;
Product launches;
Subscription offers;
Discounts and promotions;
Educational content;
Referral, loyalty, affiliate, or ambassador program communications;
Abandoned cart or checkout reminders; and
Personalized recommendations.

You can opt out of marketing emails by using the unsubscribe link in our emails. You can opt out of SMS/text marketing by following the instructions in the applicable message, such as replying “STOP,” or as otherwise described in our SMS Terms.

3.4 To Personalize Content and Advertising

We may use personal information to:

Show you relevant products, content, promotions, and recommendations;
Remember your preferences;
Customize website features;
Deliver, measure, and improve advertising;
Build or use advertising audiences;
Conduct retargeting or remarketing;
Understand ad performance; and
Measure the effectiveness of campaigns.

Some of these activities may be considered “selling,” “sharing,” or “targeted advertising” under certain state privacy laws, even if no money is exchanged for your personal information. See the “U.S. State Privacy Rights” section below for more information.

3.5 To Protect Our Business, Customers, and Services

We use personal information to:

Detect, prevent, and investigate fraud;
Verify orders and payment activity;
Prevent abuse, spam, bots, and unauthorized activity;
Protect website, account, and payment security;
Enforce our terms, policies, and agreements;
Debug, repair, and improve the Services;
Protect the rights, safety, privacy, and property of Cofactor Health, our customers, and others; and
Maintain appropriate records for legal, tax, accounting, and compliance purposes.

3.6 To Comply With Law and Legal Obligations

We may use personal information to:

Comply with applicable laws, regulations, and industry standards;
Respond to lawful requests, subpoenas, court orders, and legal process;
Cooperate with law enforcement or government authorities when legally required or appropriate;
Maintain tax, accounting, and business records;
Investigate or defend legal claims;
Comply with product safety, recall, adverse event, and regulatory obligations where applicable; and
Fulfill other legal or compliance obligations.

3.7 With Your Consent

We may use personal information for other purposes with your consent or at your direction.

4. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients.

4.1 Service Providers and Vendors

We may disclose personal information to service providers and vendors that help us operate our business, including providers of:

Shopify e-commerce hosting and storefront services;
Checkout and payment processing;
Subscription management and recurring billing;
Fraud prevention and order verification;
Shipping, fulfillment, logistics, returns, and tracking;
Customer support and help desk tools;
Email marketing and SMS/text messaging;
Website hosting, security, and performance;
Data analytics and reporting;
Advertising and marketing technology;
Product reviews and user-generated content tools;
Loyalty, referral, affiliate, ambassador, or influencer programs;
Survey, quiz, and form tools;
Cloud storage and business operations software;
Professional services, such as accountants, attorneys, insurers, consultants, and auditors; and
Other business operations support.

These providers may access personal information only as needed to perform services for us, subject to contractual or legal obligations where required.

4.2 Payment Processors

When you make a purchase, payment information is collected and processed by payment processors, Shopify, banks, card networks, and other payment service providers. These parties may process your payment information according to their own terms and privacy policies.

4.3 Shopify and Shopify-Related Applications

Our store is powered by Shopify. Shopify may process personal information as a service provider to us and, in some circumstances, as an independent controller or business under its own privacy terms. Shopify and Shopify-related applications may process information related to storefront browsing, checkout, payments, fraud screening, order management, customer accounts, subscriptions, analytics, and other store functions.

4.4 Shipping and Fulfillment Partners

We disclose shipping and contact information to fulfillment centers, carriers, postal services, logistics providers, customs brokers where applicable, package protection providers, and returns providers to fulfill, deliver, track, and manage your orders.

4.5 Advertising, Analytics, and Marketing Partners

We may disclose information to advertising networks, analytics providers, social media platforms, and marketing partners to deliver ads, measure campaigns, create audiences, retarget visitors, personalize content, and understand customer engagement.

This may include identifiers, device information, contact information in hashed or pseudonymous form, purchase or cart activity, browsing activity, and other information. These disclosures may be considered “sale,” “sharing,” or “targeted advertising” under certain privacy laws.

4.6 Affiliates, Successors, and Business Transfers

We may disclose personal information to our affiliates, subsidiaries, parent companies, successors, assigns, or business partners as part of operating our business.

We may also disclose personal information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, transfer of ownership, or similar business transaction, including during negotiations or due diligence.

4.7 Legal, Compliance, and Safety Disclosures

We may disclose personal information to courts, regulators, law enforcement, government authorities, legal parties, or other third parties when we believe disclosure is necessary or appropriate to:

Comply with law or legal process;
Protect rights, privacy, safety, or property;
Enforce our terms, policies, and agreements;
Detect, prevent, or investigate fraud, security issues, or illegal activity;
Respond to disputes or legal claims; or
Protect customers, the public, or our business.

4.8 With Your Consent or Direction

We may disclose personal information with your consent or at your direction, including when you intentionally interact with third-party integrations or share content publicly.

5. Cookies, Analytics, and Advertising Technologies

We and our service providers may use cookies and similar technologies to collect information about your interactions with our Services. These technologies may be used for:

Strictly necessary purposes

Enabling website functionality;
Remembering cart contents;
Enabling checkout;
Processing orders;
Managing account login;
Preventing fraud; and
Maintaining security.

Functional purposes

Remembering preferences;
Personalizing content;
Improving website usability; and
Supporting customer service tools.

Analytics purposes

Understanding website traffic;
Measuring performance;
Identifying technical issues;
Improving pages, content, offers, and checkout flow; and
Understanding customer behavior in aggregate or pseudonymous form.

Advertising purposes

Delivering ads;
Measuring ad performance;
Retargeting visitors;
Building audiences;
Limiting ad frequency; and
Understanding whether ads lead to purchases.

You may be able to manage cookies through your browser settings, cookie banner, privacy preference center, Global Privacy Control signal, or other tools we provide. Blocking certain cookies may affect website functionality, including cart, checkout, account, or subscription features.

6. Email and SMS/Text Marketing

6.1 Email Marketing

If you provide your email address or sign up for marketing, we may send you promotional emails, newsletters, product updates, educational content, abandoned cart reminders, and other marketing communications.

You can opt out of marketing emails by clicking the unsubscribe link in the email or by contacting us. We may still send you transactional or administrative emails, such as order confirmations, subscription notices, shipping updates, payment notices, account notices, security alerts, and policy updates.

6.2 SMS/Text Messaging

If you opt in to SMS/text messages, we may send you text messages related to promotions, cart reminders, product updates, subscription notices, or other communications, depending on the consent you provide.

Message frequency may vary. Message and data rates may apply. You may opt out by replying “STOP” or following the instructions provided in the message. Consent to receive SMS marketing is not a condition of purchase.

Additional terms may apply in our SMS Terms or Mobile Messaging Terms.

7. Subscription Services

If you enroll in a monthly or every-three-month subscription, we may process personal information necessary to manage your subscription, including:

Subscription plan and frequency;
Product selection;
Renewal date;
Billing status;
Payment token or payment method reference;
Shipping address;
Order history;
Subscription modifications, skips, pauses, cancellations, and reactivations;
Subscription reminders and notices; and
Customer support communications.

We may send service-related subscription communications, including upcoming renewal notices, payment failure notices, shipment notices, cancellation confirmations, and account updates. These are transactional communications and are not marketing communications.

8. Health-Related and Sensitive Information

Cofactor Health is a supplement and wellness company. We are not a healthcare provider, health plan, or healthcare clearinghouse, and we generally are not subject to HIPAA solely by operating a supplement e-commerce website.

However, some information you voluntarily provide may be considered health-related, sensitive, or consumer health data under certain state privacy laws. Examples may include information about your wellness goals, supplement usage, nutrition preferences, ingredient sensitivities, product reactions, or other health-adjacent information.

We use such information only for appropriate purposes, such as:

Providing customer support;
Helping you use or evaluate our products;
Responding to product experience reports;
Improving products and services;
Maintaining quality and safety records;
Complying with legal or regulatory obligations;
Personalizing your experience where permitted; and
Other purposes disclosed at the time of collection or with your consent.

We do not sell consumer health data as that term is defined by applicable consumer health privacy laws. We do not use consumer health data for targeted advertising unless permitted by law and, where required, with your consent.

If we are required to provide a separate Consumer Health Data Privacy Notice under Washington’s My Health My Data Act, Nevada consumer health data laws, Connecticut privacy law, or similar laws, that notice will supplement this Privacy Policy and will describe additional rights and obligations related to consumer health data.

9. U.S. State Privacy Rights

Depending on where you live, you may have certain rights under applicable state privacy laws, including laws in California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, Virginia, and other states.

These rights may include the right to:

Confirm whether we process your personal information;
Access personal information we maintain about you;
Receive a copy of your personal information in a portable format;
Correct inaccurate personal information;
Delete personal information;
Opt out of targeted advertising;
Opt out of the sale or sharing of personal information;
Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects, where applicable;
Limit certain uses or disclosures of sensitive personal information, where applicable;
Withdraw consent, where processing is based on consent;
Appeal our decision regarding a privacy request, where applicable; and
Not be discriminated against for exercising your privacy rights.

9.1 How to Submit a Privacy Request

To exercise your privacy rights, you may contact us at:

Email: support@getcofactor.com

You may also use any privacy request form, privacy portal, or preference center we make available on our website.

We may need to verify your identity before fulfilling your request. Depending on the request, we may ask you to provide information such as your name, email address, order number, phone number, shipping address, or other information reasonably necessary to verify your identity.

9.2 Authorized Agents

Where permitted by law, you may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may require you to verify your identity directly with us.

9.3 Appeals

If we deny your request and applicable law gives you the right to appeal, you may appeal by contacting us at the same email address listed above and including “Privacy Appeal” in the subject line. We will respond as required by applicable law.

9.4 Global Privacy Control and Opt-Out Signals

Where required by applicable law, we will honor browser-based opt-out preference signals, such as Global Privacy Control, for the browser or device that sends the signal. Because these signals are browser- or device-specific, you may need to enable them separately on each browser or device you use.

9.5 Do Not Sell or Share / Targeted Advertising Choices

We may disclose certain personal information to advertising and analytics partners in a way that may be considered “sale,” “sharing,” or “targeted advertising” under certain state privacy laws.

You may opt out by:

Using our privacy preference center or cookie preference tool, if available;
Enabling Global Privacy Control in your browser, where legally required;
Clicking a “Do Not Sell or Share My Personal Information” or similar link, if posted on our website; or
Contacting us at support@getcofactor.com.

We do not knowingly sell or share the personal information of consumers under 16 years of age.

10. California Privacy Notice

This section supplements the rest of this Privacy Policy and applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA”), applies.

10.1 Categories of Personal Information We Collect

In the preceding 12 months, we may have collected the following categories of personal information:

Category	Examples	Sources	Purposes	Disclosures
Identifiers	Name, email, phone number, IP address, billing/shipping address, account ID	You, your device, service providers, Shopify, partners	Orders, subscriptions, accounts, support, marketing, security	Service providers, Shopify, payment processors, fulfillment partners, marketing partners
Customer records information	Contact details, payment-related information, purchase information	You, Shopify, payment processors	Processing purchases, billing, fulfillment, support, compliance	Service providers, payment processors, fulfillment partners
Commercial information	Products viewed, cart activity, purchase history, subscription history, returns	You, Shopify, website technologies	Fulfillment, subscriptions, analytics, personalization, marketing	Service providers, Shopify, analytics and advertising partners
Internet or network activity	Browsing activity, pages viewed, clicks, device/browser data, email interactions	Your device, cookies, pixels, analytics tools	Website operation, analytics, personalization, advertising, security	Service providers, analytics providers, advertising partners
Geolocation data	General location derived from IP address	Your device, analytics tools	Fraud prevention, localization, analytics, advertising	Service providers, analytics and advertising partners
Audio, electronic, or similar information	Customer service messages, chat records, call notes, voicemail, support recordings if used	You, support tools	Customer support, quality assurance, dispute resolution	Service providers, support platforms
Professional or employment information	Resume, work history, business contact details, contractor information	You, references, public sources	Recruiting, contractor management, business relationships	Service providers, professional advisors
Inferences	Preferences, product interests, marketing segments	Derived from activity, purchases, engagement	Personalization, analytics, marketing	Service providers, analytics and advertising partners
Sensitive personal information	Account login credentials, payment-related information, precise health-related information if voluntarily provided	You, service providers	Account security, payment processing, support, compliance	Service providers as needed

We do not use or disclose sensitive personal information for purposes that require a right to limit under the CCPA unless we provide that right.

10.2 Sale or Sharing of Personal Information

We may disclose identifiers, commercial information, internet or network activity, geolocation data, and inferences to advertising and analytics partners in a way that may be considered “selling” or “sharing” under California law.

We do not knowingly sell or share personal information of consumers under 16 years of age.

10.3 California Rights

California residents may have the right to request access, deletion, correction, portability, opt out of sale or sharing, limit use/disclosure of sensitive personal information where applicable, and not be discriminated against for exercising privacy rights.

To exercise these rights, contact us using the methods listed in the “How to Submit a Privacy Request” section.

10.4 Shine the Light

California residents may request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes, where applicable. To make such a request, contact us at support@getcofactor.com and include “California Shine the Light Request” in the subject line.

11. Consumer Health Data Notice

This section is intended to provide additional information for residents of states with consumer health data laws, including Washington, Nevada, Connecticut, and any other state with similar requirements, to the extent those laws apply to Cofactor Health.

11.1 Consumer Health Data We May Collect

Depending on your interactions with us, we may collect the following categories of consumer health data if you voluntarily provide them or if they are inferred from your interactions with our Services:

Wellness goals;
Nutrition interests;
Detoxification support interests;
Energy support interests;
Dietary restrictions or preferences;
Ingredient sensitivities or allergies;
Product usage information;
Product experience reports;
Responses to health-adjacent quizzes, forms, surveys, or customer support questions;
Information related to symptoms, side effects, adverse events, or product reactions that you choose to report; and
Other information that may be considered consumer health data under applicable law.

11.2 Sources of Consumer Health Data

We may collect consumer health data from:

You directly;
Your interactions with our website, forms, quizzes, customer support, or subscriptions;
Shopify and our e-commerce tools;
Customer support providers;
Survey, quiz, and form providers;
Product review tools; and
Other service providers you interact with at your direction.

11.3 Purposes for Collecting and Using Consumer Health Data

We may collect and use consumer health data to:

Provide products or Services you request;
Respond to customer support inquiries;
Help you manage orders and subscriptions;
Process product experience or adverse event reports;
Improve product quality and customer experience;
Maintain safety, compliance, and business records;
Personalize your experience where permitted by law;
Comply with legal obligations; and
Use information for other purposes with your consent.

11.4 Disclosure of Consumer Health Data

We may disclose consumer health data to:

Service providers who help operate our website, store, subscriptions, support, surveys, product reviews, analytics, shipping, and business operations;
Professional advisors;
Regulators, law enforcement, or legal parties where required or permitted by law;
Business transferees in connection with a merger, acquisition, or similar transaction; and
Other parties with your consent or at your direction.

We do not sell consumer health data as defined by applicable consumer health privacy laws. We do not share consumer health data for targeted advertising unless permitted by law and, where required, with your consent.

11.5 Consumer Health Data Rights

Depending on where you live, you may have rights to:

Confirm whether we collect, share, or sell consumer health data;
Access your consumer health data;
Receive a list of categories of consumer health data collected;
Receive a list of categories of sources of consumer health data;
Receive a list of categories of third parties and affiliates with whom consumer health data is shared;
Withdraw consent;
Delete consumer health data; and
Appeal a denied request, where applicable.

To exercise these rights, contact us at support@getcofactor.com.

12. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

The length of time we retain information depends on factors such as:

The nature of the information;
The purpose for which it was collected;
Whether you have an active account or subscription;
Whether retention is needed to complete transactions or provide customer support;
Legal, tax, accounting, fraud-prevention, chargeback, product safety, and regulatory obligations;
Dispute resolution and enforcement needs; and
Applicable statutes of limitations.

We may retain de-identified, aggregated, or anonymized information for lawful business purposes.

13. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. These may include access controls, secure hosting, encryption in transit where appropriate, vendor management, authentication controls, monitoring, and other security measures.

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of personal information. You are responsible for maintaining the confidentiality of your account credentials and for using secure networks and devices.

14. International Visitors and Data Transfers

Cofactor Health is based in the United States. If you access our Services from outside the United States, your personal information may be collected, processed, stored, and transferred in the United States and other countries where we or our service providers operate.

These countries may have privacy laws that differ from those in your jurisdiction. Where required, we use appropriate safeguards for international transfers of personal information.

If you are located in the European Economic Area, United Kingdom, or Switzerland, additional rights and disclosures may apply under GDPR, UK GDPR, or Swiss data protection laws. Contact us at support@getcofactor.com to exercise applicable rights.

15. Legal Bases for Processing for EEA, UK, and Swiss Users

If applicable data protection laws require a legal basis for processing personal information, we may rely on the following legal bases:

Contractual necessity: to provide products, process orders, manage subscriptions, fulfill transactions, and provide customer support;
Legitimate interests: to operate and improve our business, prevent fraud, secure the Services, conduct analytics, communicate with customers, and market products where permitted;
Consent: for certain cookies, marketing communications, SMS messages, sensitive information, or other processing where consent is required; and
Legal obligations: to comply with tax, accounting, regulatory, product safety, legal process, and other legal requirements.

You may have rights to access, correct, delete, restrict, object to processing, transfer your data, withdraw consent, and lodge a complaint with a supervisory authority.

16. Children’s Privacy

Our Services are intended for adults and are not directed to children under 13 years of age, or under 16 where applicable law provides a higher age threshold. We do not knowingly collect personal information from children without appropriate parental or guardian consent.

If you believe a child has provided personal information to us, please contact us at support@getcofactor.com, and we will take appropriate steps to delete the information where required.

17. Third-Party Websites, Platforms, and Integrations

Our Services may link to or integrate with third-party websites, platforms, applications, and services, including Shopify, payment processors, shipping carriers, social media platforms, advertising networks, analytics providers, review platforms, subscription tools, and other third parties.

We do not control third-party privacy practices and are not responsible for their actions. Your use of third-party services is governed by their own privacy policies and terms.

18. Product Reviews, Testimonials, Social Media, and Public Content

If you submit a product review, testimonial, photo, video, comment, social media tag, or other public content, we may display or use that content in connection with our Services, marketing, advertising, social media, or product pages, subject to applicable law and any terms you accepted.

Do not submit information you do not want made public. Public content may be viewed, collected, or used by others.

19. De-Identified and Aggregated Information

We may create de-identified, anonymized, or aggregated information from personal information. We may use and disclose such information for lawful business purposes, including analytics, research, product development, marketing insights, and improving our Services.

Where required by law, we will maintain and use de-identified information in de-identified form and will not attempt to re-identify it except as permitted by law.

20. Financial Incentives, Promotions, and Loyalty Programs

We may offer promotions, discounts, referral credits, loyalty rewards, ambassador programs, affiliate programs, or other incentives that involve the collection of personal information.

If a program is considered a “financial incentive” or “bona fide loyalty program” under applicable privacy law, we will provide any required notice at the time you enroll. You may opt out of such programs as described in the applicable program terms.

The value of any incentive is reasonably related to the value of the personal information you provide in connection with the program, such as your contact information, purchase history, referral activity, or marketing engagement.

21. Privacy Snapshot

The table below provides a high-level summary of our privacy practices. You should read the full Privacy Policy for complete information.

Data Category	Examples	Primary Sources	Primary Uses	Key Disclosures	Can You Limit Certain Sharing?
Identifiers	Name, email, phone, address, IP address	You, device, Shopify, providers	Orders, subscriptions, support, marketing, security	Service providers, Shopify, payment processors, fulfillment providers, marketing partners	Yes, for sale/sharing/targeted advertising where applicable
Customer records	Contact details, billing/shipping details, account information	You, Shopify, payment processors	Checkout, billing, fulfillment, support	Service providers, payment processors, fulfillment providers	Limited, depending on legal and transactional needs
Commercial information	Products viewed/purchased, cart, order history, subscription history	You, website activity, Shopify	Fulfillment, subscriptions, analytics, personalization, marketing	Service providers, Shopify, analytics/advertising partners	Yes, for targeted advertising where applicable
Internet/network activity	Browsing, clicks, device/browser data, email engagement	Cookies, pixels, analytics tools	Website operation, analytics, advertising, security	Service providers, analytics/advertising partners	Yes, through cookie tools/GPC where applicable
General geolocation	City/state/region from IP address	Device/browser	Fraud prevention, analytics, localization, advertising	Service providers, analytics/advertising partners	Yes, for certain uses where applicable
Communications	Support messages, chats, emails, feedback	You, support tools	Customer service, quality, compliance	Service providers, professional advisors	Limited, depending on request and legal needs
Health-adjacent information	Wellness goals, supplement preferences, ingredient sensitivities, product experience reports	You, forms, quizzes, support, reviews	Support, product quality, personalization where permitted, compliance	Service providers, professional advisors, legal/regulatory parties where needed	Yes, where applicable law provides rights
Inferences	Product interests, preferences, marketing segments	Derived from activity and purchases	Personalization, analytics, marketing	Service providers, advertising/analytics partners	Yes, for targeted advertising where applicable

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will update the “Last Updated” date above. If changes are material, we may provide additional notice, such as by posting a notice on our website, sending an email, or taking other steps required by law.

Your continued use of the Services after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.

23. How to Contact Us

If you have questions about this Privacy Policy, our privacy practices, or your privacy rights, contact us at:

Cofactor Health LLC
Email: support@getcofactor.com