Research use only. Not for human consumption.
Vivaprime
Legal

Privacy Policy

Last revised 2026-04-23 · Draft pending counsel review

Vivaprime ("we," "us") operates vivaprime.bio and respects your privacy. This Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have under applicable law, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. What we collect

  • Identity: email address, name, shipping address.
  • Order history: products ordered, prices, order status, tracking information.
  • Account: if you create an account via magic-link, we store the associated email and session tokens.
  • Technical: IP address, browser, device type, referrer (via server logs and error-monitoring).
  • Usage: page views and session data via privacy-friendly analytics (no cookies, no personal profiles).

2. How we use your data

  • To process and fulfill your orders.
  • To communicate order status, shipping updates, and support responses.
  • To maintain security and detect fraud or abuse.
  • To comply with legal obligations.
  • To improve the Site and our service (aggregate, non-personal analytics only).

3. Legal basis (GDPR)

For EU visitors, we rely on the following lawful bases: (a) contractual necessity for order processing and account management; (b) legitimate interest for security, fraud prevention, and aggregate analytics; (c) legal obligation where retention is required by law; (d) consent where you have explicitly provided it (e.g., marketing emails, if we ever send any).

4. Cookies and local storage

We use minimal browser storage: a session cookie issued by our authentication provider when you sign in, and a localStorage entry that holds your shopping cart between visits. We do not use third-party tracking cookies or behavioral advertising cookies. We use Plausible Analytics for aggregate, privacy-friendly traffic measurement; Plausible does not set any cookies and does not collect personally identifying information, so no consent banner is required.

5. Third parties

We share data only with processors necessary to operate the service:
  • Resend — transactional email delivery (order confirmations, sign-in links).
  • PaymentCloud / Coinbase Commerce — payment processing (card and cryptocurrency). Payment credentials never touch our servers.
  • 3PL warehouse provider — receives name, shipping address, and order contents to fulfill shipments.
  • Sentry — error and performance monitoring (sampled, no sensitive content).
  • UptimeRobot — availability monitoring (no personal data).
We do not sell or rent personal data. We never share data with advertising networks.

6. Data retention

Order records are retained for 7 years to meet accounting and tax obligations. Account records are retained while the account is active and for 12 months after deletion requests to enable dispute resolution. Server logs are rotated within 90 days.

7. Your rights

Depending on your jurisdiction, you may have the right to:
  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to retention obligations).
  • Request a portable export of your data.
  • Object to processing based on legitimate interest, or withdraw consent.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@vivaprime.com. We respond within 30 days.

8. International transfers

Vivaprime operates from Canada with manufacturing partners in the European Union and fulfillment in the United States. Your data may be transferred to, and processed in, these jurisdictions. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Security

We use encrypted connections (TLS), encrypted database backups, access controls, and secret rotation procedures. No system is perfectly secure; if we become aware of a breach that affects your data, we will notify you in accordance with applicable law.

10. Children

The Site is not directed to individuals under 21. We do not knowingly collect data from minors.

11. Changes to this Policy

We may revise this Policy. The "Last revised" date at the top reflects the effective date of changes. We will notify account holders by email of any material changes before they take effect.

12. Contact

Data Protection questions: privacy@vivaprime.com. General support: support@vivaprime.com.
This document is a working draft prepared internally and has not yet been reviewed by legal counsel. It may be revised before it becomes the definitive Privacy Policy. For the most current version visit /legal/privacy.