How we collect, store, and protect your data.

vyos Life LLC, a Delaware limited liability company with registered office at 1209 Orange Street, Wilmington, DE 19801, USA, acts as the data controller for personal information collected on vyoslife.com.

For EU and UK residents, our data protection officer is reachable at privacy@vyoslife.com.

We collect only the minimum data required to deliver your order and improve clinical support:

• Account: email, name, hashed password.
• Orders: shipping address, billing address, order history, payment tokens (never card numbers).
• Communication: email threads you open with our support team.
• Analytics: anonymized page views, device type, approximate region. IP addresses are truncated within 24 hours.

We do not collect biometric data, health records, or location beyond country level.

Under GDPR Article 6, we process your data under the following bases:

• Contract: order fulfillment, subscription management, refund processing.
• Legitimate interest: fraud prevention, customer support quality, aggregate analytics.
• Consent: marketing emails, optional surveys. You can withdraw consent at any time.
• Legal obligation: tax records, health product traceability (batch lot tracking).

We use a minimal set of processors, all bound by GDPR-compliant data processing agreements:

• Shopify Inc.: e-commerce platform and checkout.
• Stripe Inc.: payment processing.
• Klaviyo Inc.: transactional and marketing email (opt-in only).
• DHL · FedEx · USPS · UPS: carriers, receive shipping address only.
• Cloudflare Inc.: DDoS protection and edge caching.

We never sell personal data. We never share data with advertising brokers.

If you reside in the European Union, United Kingdom, or European Economic Area, you have the right to:

• Access: request a copy of all data we hold about you.
• Rectification: correct inaccurate data.
• Erasure: delete your account and associated data.
• Restriction: limit how we process your data.
• Portability: receive your data in a machine-readable format.
• Objection: opt out of processing based on legitimate interest.
• Complaint: file with your national data protection authority.

Email privacy@vyoslife.com and we respond within 30 days.

If you are a California resident, the California Consumer Privacy Act grants you the right to know, delete, and opt out of the sale of personal information. We do not sell personal information as defined by CCPA. You may exercise any right by emailing privacy@vyoslife.com. We verify identity by matching two of the following: email, order number, shipping address.

We use essential cookies for cart, session, and checkout. These cannot be disabled without breaking the site. Analytics cookies are opt-in in the EU and UK through a consent banner on first visit. We do not use advertising cookies, remarketing pixels, or cross-site trackers.

Order records are retained for 7 years to comply with US and EU tax regulations. Account data is deleted within 30 days of account closure. Marketing preferences are retained until you opt out or request deletion. Backups are encrypted and rotated every 90 days.

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed with Argon2id. Payment information never touches our servers, processed directly by Stripe under PCI-DSS Level 1. Access to personal data is limited to support and engineering staff under a strict audit trail.

For any privacy question, data request, or concern, email privacy@vyoslife.com or write to vyos Life LLC, Data Protection Officer, 1209 Orange Street, Wilmington, DE 19801, USA. We reply within one business day for urgent requests and within 30 days for formal GDPR or CCPA requests.