The short version
We collect your name, address, email, and payment info so we can ship supplements to you and process your order. We use cookies to remember your cart and improve the site. We don't sell your data. You can delete your account any time by emailing privacy@health-vital.com.
1. What we collect
When you buy from Vital, subscribe to our newsletter, or create an account, we collect:
- Contact information — name, email address, shipping address, and phone number.
- Order information — what you ordered, when, billing address, and your subscription preferences.
- Payment information — handled entirely by Stripe. We never see or store your full card number.
- Account information — if you create an account, we store your email and a one-way hashed password (we cannot see your password even internally).
- Usage data — pages you viewed on our site, device type, and general location (city-level). We use this to make the site work better, not to track you across the web.
- Quiz and Dose Diary data — only if you choose to use those features. This stays on your device unless you create an account.
2. What we don't collect
We don't ask for Social Security numbers, passport details, health insurance info, medical records, or anything we don't need to ship you a bottle of multivitamins. If a form anywhere on health-vital.com asks for that, it's a scam — please report it to security@health-vital.com.
3. How we use your information
- Ship your orders and handle returns
- Send transactional emails (order confirmation, shipping updates)
- Send the Vital Weekly newsletter — only if you subscribed
- Answer your support questions
- Prevent fraud and keep the site secure
- Improve products based on what people are actually buying
4. Who we share it with
We share the minimum amount of data required with trusted service providers who help us run the business:
- Stripe — payment processing
- ShipStation / USPS / UPS / FedEx — to physically deliver your order
- Cloudflare — to host and protect the website
- Klaviyo — to send transactional and newsletter emails
- Our third-party testing labs — only anonymized batch data, never customer data
We never sell your personal information. We never share your data with advertisers or data brokers.
5. Cookies and tracking
We use essential cookies to keep you logged in and remember what's in your cart. We also use analytics cookies (Google Analytics 4 with IP anonymization) to understand which products people are browsing. You can opt out of non-essential cookies via the banner that appears on your first visit.
We may run Meta Pixel or X Pixel for advertising measurement once paid campaigns go live. These fire only if you accepted the cookie banner.
6. Your rights
You have the right to:
- Access a copy of the personal information we hold about you
- Correct inaccurate information
- Delete your account and data (subject to legal retention requirements for tax records)
- Export your data in a portable format
- Opt out of marketing emails (every email has an unsubscribe link)
- Opt out of the sale of personal information — which we don't do anyway
If you're a California resident, these rights are guaranteed under the California Consumer Privacy Act (CCPA). If you're in the EU or UK, they're guaranteed under the GDPR. We honor all of them regardless of where you live.
7. How we protect your data
- All traffic is encrypted in transit with TLS 1.3
- Payment information never touches our servers — it goes directly to Stripe
- Account passwords are hashed with PBKDF2 (100,000 rounds)
- The site enforces a strict Content-Security-Policy, HSTS, and rate-limiting on sign-in
- Access to customer data is limited to a small number of authorized people
8. Retention
We keep order records for seven years to comply with tax law. After that, or when you request deletion, we purge personal identifiers and keep only anonymized totals for our own internal statistics.
9. Children
Vital is not sold to, and not intended for, anyone under 18. We do not knowingly collect information from minors. If you believe a minor has given us their information, email privacy@health-vital.com and we'll delete it.
10. Changes to this policy
If we update this policy in a way that meaningfully changes your rights, we'll email anyone with an active account and post a banner on the homepage for at least 30 days. Minor edits (typos, clarifications) will simply be reflected in the "Effective" date above.