Effective Date: April 16, 2026
We collect two categories of information: (1) information you provide directly — name, shipping address, billing address, email, phone, and payment information when you place an order; (2) information collected automatically — browser type, IP address, device information, referring URL, pages viewed, and clickstream through our site.
Order information is used to process and ship your order, provide customer support, honor the 60-day guarantee if you request a refund, and send transactional emails (shipping notifications, order confirmations). We may also send educational emails about prostate health and occasional product updates — you can unsubscribe at any time using the link in any such email.
Automatically collected information is used to maintain and improve the website, understand how visitors use the site, prevent fraud, and enforce our Terms of Service.
We use cookies for site functionality (cart state, login sessions), analytics (understanding how the site is used in aggregate), and affiliate attribution (when you arrive via an affiliate link). You can disable cookies in your browser, though some site functionality may be reduced.
We share data only with service providers necessary to fulfill your order and operate the business: payment processors, shipping carriers, email service providers, and hosting providers. These providers are contractually bound to protect your data. We do not sell your personal information to third parties.
Order records are retained for at least 7 years for tax, accounting, and legal compliance. Email subscription data is retained until you unsubscribe. Website analytics are retained for 24 months.
California residents have the right to: know what personal information we collect about them, request deletion of their personal information, opt out of the sale of their personal information (we don't sell it in the first place), and not face discrimination for exercising these rights. To exercise these rights, email privacy@vireflow.us.
If you reside in the EU or UK, you have the right to: access your personal data, correct inaccuracies, request erasure, restrict processing, object to processing, and data portability. Email privacy@vireflow.us to exercise these rights.
We use industry-standard security measures including encryption in transit (HTTPS/TLS), encrypted database storage, and access controls for personnel. No system is perfectly secure; we cannot guarantee absolute security but maintain reasonable safeguards appropriate for our size and the sensitivity of the data.
Our website and product are not intended for persons under 18. We do not knowingly collect information from minors. If we learn a minor has submitted information, we will delete it promptly.
We may update this Privacy Policy to reflect changes in practices or law. The revised policy will post to this page with a new Effective Date. Material changes will be communicated by email to registered customers where feasible.
Privacy questions: privacy@vireflow.us