Your privacy, handled with the same care as the bottle.

We collect personal information that identifies, relates to, or could reasonably be linked to you. Categories below are the maximum we may collect — what we actually hold depends on how you interact with us.

• Contact details: name, shipping address, billing address, email, phone number.
• Payment information: handled directly by our payment processor (Stripe / Shop Pay). We never see or store your full card number.
• Account information: username, encrypted password, subscription settings, saved addresses.
• Transaction information: items viewed, added to cart, purchased, returned, refunded; subscription history; order timestamps.
• Communications: emails, chat messages, contact-form submissions, product reviews.
• Device & browser data: IP address, browser type, OS, device identifiers, referring URL.
• Usage information: pages visited, time spent, navigation paths, on-site searches.

We do NOT collect: health conditions, medical history, current medications, diagnoses, biometric data, government ID numbers, race, religion, sexual orientation, political views, or precise geolocation.

• Directly from you — when you place an order, create an account, sign up for emails, write a review, or contact us.
• Automatically from your device — through your browser and through cookies and similar technologies.
• From our service providers — Shopify, payment processor, email service provider, shipping carriers, analytics provider, customer-support tools.
• From advertising partners — limited info on how you arrived at our site (e.g. clicked a Meta or Google ad) if you've given those platforms permission to share that.

To provide the Services

• Process your order, charge payment, send confirmations, ship and track.
• Manage your account and subscription orders.
• Handle returns, refunds, and the 30-day Satisfaction Guarantee.
• Respond to customer-support requests.
• Personalise product recommendations.

Marketing (only with your consent)

• Send promotional emails and SMS when you've opted in. Every marketing email includes a one-click unsubscribe link.
• Show relevant ads on Meta, Google, and other platforms based on your interactions. You can opt out — see Your Rights.

Security & fraud prevention

• Authenticate logins, detect suspicious activity, prevent fraud.

Legal & operational

• Comply with applicable laws, maintain tax records, defend ourselves in disputes.

We share personal information only with the categories below, and only as needed. We don't sell your data, and we don't share it for any other party's independent marketing purposes.

• Shopify — our e-commerce platform.
• Payment processors — Stripe, Shop Pay, PayPal, processing card details directly.
• Shipping carriers — USPS, UPS, FedEx, DHL, international equivalents.
• Email service provider — for transactional and (with consent) marketing emails.
• Analytics & advertising partners — Meta, Google, similar, receiving pseudonymised activity for ad performance.
• Customer-support tools — our helpdesk stores message contents.
• Professional advisors — lawyers, accountants, auditors, under confidentiality.
• Authorities — when required by valid legal process.
• Successor entities — in a merger, acquisition, financing, or bankruptcy, subject to this policy.

The Services are hosted by Shopify. When you place an order, Shopify processes your personal information on our behalf. Shopify also uses aggregated, de-identified data across its merchant network to improve its platform — governed by Shopify's own Privacy Policy.

You can exercise rights related to Shopify's processing of your data via the Shopify Privacy Portal.

We and our partners use cookies and similar technologies (web beacons, pixels, local storage) to operate the site, remember preferences, understand usage, and serve relevant advertising.

Categories of cookies:

• Strictly necessary — required for cart, checkout, login (cannot be disabled).
• Functional — remember language and currency.
• Analytics — Shopify Analytics, Google Analytics.
• Marketing — Meta Pixel, Google Ads, TikTok Pixel.

Manage preferences through the cookie banner, your browser settings, or the opt-out methods in Your Privacy Rights.

The Services are intended for adults aged 18 and older. Crocea is a dietary supplement targeted at adults and is not formulated, marketed to, or appropriate for children.

We do not knowingly collect personal information from anyone under 18. We do not "sell" or "share" (as defined in applicable US state privacy laws) the personal information of any individual under 16. If you believe a child has provided us with personal information, email privacy@trycrocea.com and we will delete it.

We use reasonable administrative, technical, and physical safeguards to protect personal information. Payment data is encrypted end-to-end and never reaches our servers. Account passwords are stored as one-way hashes.

No system is impenetrable. Use a strong unique password for your Crocea account and never share it.

We retain personal information only as long as needed to provide the Services, comply with legal obligations (e.g. tax records — typically 7 years), resolve disputes, and enforce our agreements. When information is no longer needed, we delete or anonymise it.

Depending on where you live, you may have some or all of these rights. We honour them for all customers regardless of residence, where operationally feasible.

• Right to know / access — request a copy of personal information we hold about you.
• Right to correct — fix inaccurate information.
• Right to delete — subject to legal exceptions (e.g. tax records).
• Right to portability — get a machine-readable copy of your data.
• Right to opt out of sale or sharing — we don't sell, but you can opt out of "sharing" for cross-context behavioural ads.
• Right to opt out of marketing — unsubscribe from any marketing email.
• Right to non-discrimination — we won't charge more or deny service because you exercise these rights.

How to exercise:

Email privacy@trycrocea.com with the right you want to exercise. We respond within 30 days, with one possible 30-day extension if the request is complex.

Global Privacy Control: if you visit our site with GPC enabled, we treat it as an opt-out for your browser and device. Learn more at globalprivacycontrol.org.

Crocea is based in the United States. Our service providers may process your data in the US, Canada, Ireland, or other countries.

If we transfer your personal information out of the European Economic Area, the UK, or Switzerland, we rely on recognised transfer mechanisms — most often the European Commission's Standard Contractual Clauses (SCCs) or the equivalent UK and Swiss versions — unless the destination country has been determined to provide an adequate level of data protection.

If you have a complaint about how we process your data, email us first at privacy@trycrocea.com. We take complaints seriously and aim to resolve them within 30 days.

You also have the right to lodge a complaint with your local data protection authority:

• EU: find your authority at edpb.europa.eu
• UK: Information Commissioner's Office — ico.org.uk
• California: California Privacy Protection Agency — cppa.ca.gov

Our site may link to third-party websites — clinical studies on our blog, social-media profiles, partner sites. We are not responsible for their privacy practices. Review their privacy policies before submitting personal information.

We may update this policy from time to time to reflect changes in our practices, new product launches, or legal requirements. Material changes will be communicated by email to active customers at least 30 days before they take effect, and we'll always post the revised policy here with an updated date. Continuing to use the Services after a change takes effect constitutes acceptance.