Consumer Health Data Privacy Policy

SuppleStack, Inc. (“SuppCo,” “we”, “us” or “our”) is an online platform that allows people motivated by health and wellness to track and share their supplement regimen and preferred products with a like-minded community to help achieve health goals.

This Consumer Health Data Privacy Policy (“Consumer Health Data Privacy Policy”) applies to the extent that the Washington My Health My Data Act and other applicable U.S. state laws (“Consumer Health Data Laws”) apply to SuppCo in respect of consumer health data (“Consumer Health Data”) as the Consumer Health Data Laws define that or similar terms. This Consumer Health Data Privacy Policy supplements our general Privacy Policy. In the event of a conflict between our Privacy Policy and the Consumer Health Data Privacy Policy, the Consumer Health Data Privacy Policy applies to the extent that it is consistent with the Consumer Health Data Laws.

This Consumer Health Data Privacy Policy describes how SuppCo processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our website, mobile application, and social media pages) as well as our marketing activities, and other activities described in this Consumer Health Data Privacy Policy (collectively, the “Service”)).

Consumer Health Data we collect

Consumer Health Data you may provide to us through the Service or otherwise includes:

• Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.
• Demographic data, such as your city, state, country of residence, postal code, gender, and age.
• Profile data, such as the username and password that you may set to establish an online account on the Service, date of birth, redemption code, biographical details, photograph or picture, links to your profiles on social networks, interests, preferences, information about your participation in our contests, promotions, or surveys, and any other information that you add to your account profile. 
• Communications data based on our exchanges with you, including when you contact us through the Service, communicate with us via chat features, social media, or otherwise.
• Transactional data, such as information relating to or needed to complete your orders on or through the Service, including order numbers and transaction history.
• Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
• Supplement-related data, such as your supplement use, supplement names or categories, self-reported health conditions, or self-reported health goals.
• User-generated content data, such as descriptions of your photos, images, music, videos, comments, questions, messages, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
• Payment data needed to complete transactions, including payment card information or bank account number.
• Other data not specifically listed here, which we will use as described in this Consumer Health Data Policy or as otherwise disclosed at the time of collection.

How we may collect your Consumer Health Data

In addition to Consumer Health Data that you may provide to us directly, we may collect your Consumer Health Data through other means.

• Consumer Health Data we collect automatically. When you visit our Services, we (and certain of our service providers) automatically collect certain information about you through tracking technologies that may be considered Consumer Health Data. For example,
  • Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
  • Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
• Consumer Health Data we create, infer or generate. We may also create, infer or generate Consumer Health Data from other data we collect, including using automated means to generate information about your likely preferences or other characteristics.
• Consumer Health Data we obtain from third-party sources. We also obtain the types of Consumer Health Data described above from third parties. These third-party sources may include, for example:
  • Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
  • Private sources, such as data providers, social media platforms and data licensors.
  • Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.
  • Marketing partners, such as joint marketing partners and event co-sponsors.
  • Service providers, such as those that provide services on our behalf or help us operate our business.
  • Third-party services, such as social media services, that you use to log into, or otherwise link to, your Service account (such as Google).

How we use your Consumer Health Data

We use Consumer Health Data for purposes described in this Consumer Health Data Privacy Policy or as otherwise disclosed to you. For example, we use Consumer Health Data for the following purposes:

Purpose of Use	Categories of Consumer Health Data
Service delivery and operations: providing the Service, enabling security features of the Service, establishing and maintaining your user profile on the Service, communicating with you about the Service, providing support for the Service and responding to your requests/questions/feedback.	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data
Research and development: to analyze and improve the Service and our business and to develop new products and services.	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data
Service personalization: understanding your needs and interests, personalizing your experience with the Service and our Service-related communications, remembering your selections and preferences as you navigate webpages	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data
Service improvement and analytics: analyzing your usage of the Service, improving the Service, improving the rest of our business, helping us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and developing new products and services.	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data
Direct marketing: communicating with you about new services, upcoming events, and other information	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data
Compliance and protection: complying with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; protecting our, your or others’ rights, privacy, safety or property; auditing our internal processes for compliance with legal and contractual requirements or our internal policies; enforcing the terms and conditions that govern the Service; preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.	Contact data, demographic data, profile data, communications data, marketing data, user-generated content data, payment data, transaction data, device data, online activity data, location data, communications interaction data

How we share your Consumer Health Data

We may “share” (as the Consumer Health Data Laws define that term) Consumer Health Data with your consent or as we determine necessary to provide the Website to you, or as otherwise permitted or required by law. For example, we may share your Consumer Health Data to:

Affiliates. As applicable, our corporate parent, subsidiaries, and affiliates.

Partners. We may sometimes share your Consumer Health Data with partners or enable partners to collect information directly via our Service.

Business and marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.

Legal and law enforcement. We will access, share, and preserve Consumer Health Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. We will also share Consumer Health Data if we believe it is necessary to protect our customers and/or the rights or property of ourselves or others.

Your Consumer Health Data choices

You may have certain rights to your Consumer Health Data under applicable Consumer Health Data Laws. Any of the rights discussed below may be subject to certain limitations (for example, a monetary charge).

If you wish to exercise these rights, please email us at privacy@supp.co.

Withdraw consent. To the extent we rely upon your consent for either our collection or sharing of your Consumer Health Data, you have the right to withdraw such consent from any future collection or sharing.

Access and confirm. You have the right to ask us to confirm whether we have collected, shared or sold your Consumer Health Data. Further, you have the right to access (in other words, request a copy of) the Consumer Health Data that we have collected, shared or sold. You also have a right to access a list of all “third parties” (as Consumer Health Data Laws define that term) and affiliates with whom we have shared or sold your Consumer Health Data and receive certain corresponding information.

Correction. You have the right to ask us to correct inaccuracies in your Consumer Health Data.

Deletion. You have the right to ask us to delete your Consumer Health Data.

Appeal. You have the right to appeal our denying a Consumer Health Data Law right you have attempted to exercise. We will provide details on how to appeal our denial in connection with such action.

To exercise your rights above and make a Consumer Health Data rights request, please email us at privacy@supp.co. We may need to verify your identity in order to process your request. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you (such as government identification), which we will only use to verify your identity, and for security or fraud-prevention purposes.

Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Changes to this Consumer Health Data Privacy Policy

We reserve the right to modify this Consumer Health Data Privacy Policy at any time. If we make material changes to this Consumer Health Data Privacy Policy, we will notify you by updating the date of this Consumer Health Data Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Consumer Health Data Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Consumer Health Data Privacy Policy indicates your acknowledging that the modified Consumer Health Data Privacy Policy applies to your interactions with the Service and our business.

How to contact us

• Email: privacy@supp.co