Privacy policy

NutraMD® — Privacy Policy

Last Updated: April 6, 2026

Your privacy matters to us. This Privacy Policy explains, in plain terms, what personal information NutraMD® ("NutraMD," "we," "our," or "us") collects, how we use and protect it, and the choices you have. It applies to all of the following (together, the "Services"):

NutraMD websites and online stores that link to this policy
Our official social media pages
Emails, text messages, and other electronic communications we send
The systems we use to process one-time and recurring (subscription) orders, checkout, and accounts
Customer support and other product-related interactions, including offline

BY USING OUR SERVICES, YOU CONFIRM THAT YOU HAVE READ, UNDERSTOOD, AND AGREED TO THE PRACTICES DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT USE OUR SERVICES.

1. Information We Collect

We collect only the information we need to run our business: to fulfill your orders and subscriptions, communicate with you, improve our Services, prevent fraud, and meet our legal obligations. "Personal information" means information that identifies you or could reasonably be linked to you. It does not include data that has been anonymized or de-identified.

A. Information You Give Us

Contact details: Name, email address, phone number, and billing and shipping addresses.
Payment details: Payment card and billing information. Full card numbers are handled securely by our third-party payment processors—NutraMD never stores them.
Account and subscription details: Login credentials, plan selections, renewal dates, cancellation requests, preferences, and settings.
Order details: Purchase history, products selected, order frequency, items viewed, cart contents, returns, and exchanges.
Communications: Emails, text replies, support inquiries, reviews, survey responses, and anything else you choose to share.

B. Information We Collect Automatically

Device and browser data: Device type, operating system, browser version, screen resolution, and unique device identifiers.
Usage data: Pages visited, time spent, clicks, referring URLs, and how you move through our Services.
IP address and location: An approximate location based on your IP address.
Engagement data: Email and text opens, link clicks, and ad interactions.
Account activity: Login history, subscription changes, and preference updates.

C. Information from Other Sources

Service providers: Data from the platforms we use to run our technology and process information for us.
Partners and ad networks: Audience data and insights from our marketing and advertising partners.

We do not intentionally collect sensitive information such as medical records, government ID numbers, biometric data, or precise geolocation.

2. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, tags, scripts, and similar tools (including those from Shopify, Google Analytics, Meta, TikTok, Klaviyo, and SMS platforms) to:

Operate and secure our website
Process orders and subscriptions
Analyze traffic, performance, and how people use our site
Personalize content and messages
Deliver relevant advertising
Prevent fraud and abuse

You can manage or disable cookies through your browser settings or industry opt-out tools such as the Digital Advertising Alliance (aboutads.info) or the Network Advertising Initiative (optout.networkadvertising.org). Keep in mind that turning off cookies may limit some features.

We honor Global Privacy Control (GPC) signals. If you visit our site with a GPC opt-out signal enabled, we treat it as an opt-out request for that browser and device. If we can match the signal to your account, we apply the opt-out to your account as well. Apart from GPC, we do not currently respond to other "Do Not Track" signals.

3. How We Use Your Information

We use personal information for the following legitimate business purposes:

Fulfilling your orders: Processing purchases and subscriptions, managing recurring billing, shipping products, providing support, sending order-related messages (confirmations, shipping updates, renewal notices), handling returns and exchanges, and personalizing your shopping experience.
Marketing and advertising: Sending promotional emails or texts (with your consent or as the law allows), showing you relevant ads, and tailoring content based on your purchases and engagement—including ads on other websites.
Security and fraud prevention: Verifying your account, keeping payments and shopping secure, and detecting and investigating suspicious, illegal, or harmful activity.
Communicating with you: Answering your questions, providing great customer service, and maintaining our relationship with you.
Running our business: Site maintenance and analytics, quality assurance, testing, internal reporting, and product and service improvement.
Legal and compliance: Following applicable laws, responding to lawful government and law-enforcement requests, enforcing our Terms of Service, handling legal proceedings, and keeping required records.

4. How We Share Information

We do not sell your personal information in the traditional sense. However, some data sharing for targeted advertising may count as a "sale" or "sharing" under California law (see Section 10).

We may share information with these types of recipients:

Service providers: Shopify (our ecommerce and payments platform), PayPal and other payment processors, email and SMS providers (such as Klaviyo), analytics and advertising partners (such as Google, Meta, and TikTok), shipping carriers, fraud-prevention vendors, and support tools. These providers are contractually required to use your information only to perform services for us and in line with this policy.
Business and marketing partners: We use Shopify to support personalized advertising with third-party services based on your online activity. These partners handle your information according to their own privacy notices.
Affiliates: Other companies within our corporate group.
Legal and business transfers: When required by law or legal process (such as subpoenas or warrants), or in connection with a merger, acquisition, bankruptcy, or sale of assets. We may also share information to enforce our terms, protect our rights, and protect public safety.
With your permission: When you ask us to share information with a third party, such as for shipping or social media integrations.

5. Our Relationship with Shopify

Our Services are hosted by Shopify, which collects and processes information about how you access and use them. Information you submit is transmitted to and shared with Shopify, as well as third parties in other countries, to provide and improve the Services.

Shopify may use information about your interactions with our store—together with data from other merchants and from Shopify itself—to provide enhanced features. In those cases, Shopify is responsible for processing your personal information, including responding to requests to exercise your rights. To learn more, see the Shopify Consumer Privacy Policy at privacy.shopify.com/en.

6. How Long We Keep Your Information

We keep personal information only as long as reasonably necessary for the purposes described in this policy:

Active accounts and subscriptions: For the life of the account, plus up to 7 years for legal, tax, and audit purposes.
Canceled or inactive accounts: Up to 7 years, in line with U.S. tax rules and to resolve any disputes.
Transaction records: As required by federal and state tax rules (generally 7 years).
Marketing data: Deleted when you opt out, or after 24 months of inactivity.
Support records: Up to 3 years after your last interaction.
Cookies and tracking data: Varies by provider; generally about 13 months for analytics data.

7. How We Protect Your Information

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption of data in transit (TLS/SSL), secure payment processing through PCI-DSS compliant providers, access controls, and regular security assessments. That said, no system is perfectly secure, so we can't guarantee absolute security. Please avoid sending sensitive or confidential information to us through unsecured channels.

If you create an account, you're responsible for keeping your login details safe. We strongly recommend never sharing your username, password, or other credentials with anyone.

8. Data Breach Notification

If a data breach compromises the security of your personal information, we will notify affected individuals and the appropriate regulators as required by federal and state law (including Utah's data breach notification statute, Utah Code §13-44-202, and similar laws in other states where affected individuals live). We will provide notice within the timeframes the law requires, including a description of the breach, the types of information involved, and the steps we're taking in response.

9. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights. These rights aren't absolute and may apply only in certain situations:

Access / know: Request the personal information we hold about you, including the categories we collect, their sources, why we use them, and who we share them with.
Delete: Ask us to delete personal information we hold about you, subject to certain exceptions.
Correct: Ask us to fix inaccurate personal information.
Portability: Request a copy of your information in a portable format, and in some cases ask us to transfer it to a third party.
Opt out of sale or sharing for targeted advertising: Opt out of the "sale" or "sharing" of your information for targeted advertising (see Section 10).
Manage communication preferences: Unsubscribe from promotional emails anytime using the unsubscribe link, or opt out of texts by replying STOP. We may still send non-promotional messages about your account or orders.

To exercise your rights, email us at support@nutramdwellness.com or write to the address in Section 24. We'll respond within the timeframes the law requires (generally 45 days for California requests), and we will never discriminate against you for exercising your rights.

You may also appoint an authorized agent to make requests for you. We'll ask for proof of authorization and may need to verify your identity directly.

10. Additional Information for California Residents (CCPA/CPRA)

If you live in California, this section applies to you in addition to the rest of this policy, as required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA").

Categories collected: In the past 12 months, we've collected identifiers (name, email, phone, IP address); commercial information (purchase history, products viewed); internet activity (browsing and search history, interaction data); approximate geolocation (from IP); and inferences drawn from the above.
Why we collect it: As described in Section 3.
Who we share it with: Service providers, advertising networks, analytics providers, and Shopify (see Sections 4 and 5).
Sale / sharing: We don't "sell" personal information for money, but our use of certain advertising and tracking technologies may count as "sharing" or "selling" under the CCPA. You can opt out of this.
Sensitive information: We don't collect or process sensitive personal information as defined under the CCPA.
Children under 16: We have no actual knowledge that we sell or share the personal information of anyone under 16.
Retention: As described in Section 6.

To exercise your rights to know, delete, correct, or opt out of sale/sharing, email support@nutramdwellness.com. We'll verify your identity before acting on a request, and you won't be treated differently for exercising your rights.

11. Text Messaging and TCPA Compliance

By giving us your phone number and opting in to receive texts from NutraMD, you agree to receive recurring automated marketing and transactional messages at that number. Consent is not a condition of any purchase.

Message frequency: Varies; you may receive up to 10 messages per month.
Message and data rates: Standard rates may apply, depending on your carrier.
Opting out: Reply STOP to any message at any time. You'll get a one-time confirmation, then stop receiving promotional texts (you may still receive order-related messages).
Help: Reply HELP for assistance, or contact support@nutramdwellness.com.
Carriers: Carriers are not liable for delayed or undelivered messages.
No sharing: We won't share your phone number or SMS consent data with third parties for their own marketing.

12. Children's Privacy

Our Services aren't intended for children, and we don't knowingly collect personal information from anyone under the age of majority in their jurisdiction (and never under age 13). If you're a parent or guardian and believe your child has given us personal information, please contact us using the details in Section 24 and we'll delete it. We have no actual knowledge that we sell or share the personal information of anyone under 16.

13. International Transfers

We operate our Services in the United States. If you access them from elsewhere, your information may be transferred to, stored in, and processed in the U.S. or other countries whose data protection laws may differ from your own.

If we transfer personal information out of the European Economic Area (EEA) or the United Kingdom, we rely on recognized transfer mechanisms—such as the European Commission's Standard Contractual Clauses or equivalent contracts—unless the destination country is deemed to offer adequate protection.

14. Third-Party Websites and Links

Our Services may link to websites or platforms run by others. We're not responsible for the privacy practices, content, accuracy, or security of those sites, and including a link doesn't mean we endorse them. We encourage you to review the privacy policy of any third-party site you visit.

15. Dispute Resolution, Binding Arbitration, and Class Action Waiver

PLEASE READ THIS SECTION CAREFULLY. IT AFFECTS YOUR LEGAL RIGHTS, INCLUDING YOUR RIGHT TO FILE A LAWSUIT IN COURT AND TO HAVE A JURY TRIAL.

A. Informal Resolution First. Before starting any formal dispute, you agree to first contact us at support@nutramdwellness.com and try to resolve the matter informally for at least 30 days.

B. Binding Arbitration. If we can't resolve a dispute informally, any dispute or claim arising out of or relating to this policy or the Services—including questions about the scope or applicability of this agreement to arbitrate—will be settled by binding arbitration administered by the American Arbitration Association ("AAA") under its Consumer Arbitration Rules. Arbitration will take place in Utah County, Utah, unless the parties agree otherwise or the arbitrator finds that venue would be unreasonably burdensome. The arbitrator's award is final and binding and may be entered as a judgment in any court of competent jurisdiction.

C. Class Action Waiver. TO THE FULLEST EXTENT PERMITTED BY LAW, YOU AND NUTRAMD EACH WAIVE THE RIGHT TO A JURY TRIAL AND THE RIGHT TO PARTICIPATE IN A CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, OR OTHER REPRESENTATIVE PROCEEDING. ALL CLAIMS MUST BE BROUGHT INDIVIDUALLY, NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR MAY NOT COMBINE MORE THAN ONE PERSON'S CLAIMS OR PRESIDE OVER ANY CLASS OR REPRESENTATIVE PROCEEDING.

D. Exceptions. Nothing here stops you from reporting issues to federal, state, or local agencies, which may (where the law allows) seek relief against us on your behalf. You may also bring qualifying claims in small claims court without arbitration.

E. Opting Out. You may opt out of this arbitration and class action waiver by sending written notice to the address in Section 24 within 30 days of first using our Services. If you opt out, the rest of this policy still applies.

16. Governing Law and Venue

This policy, and any dispute relating to it, is governed by the laws of the State of Utah, without regard to its conflict-of-law rules. For any disputes not subject to arbitration, you consent to the exclusive jurisdiction of the state and federal courts in Utah County, Utah.

17. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NUTRAMD'S TOTAL LIABILITY FOR ANY CLAIM RELATING TO THIS POLICY OR OUR HANDLING OF YOUR PERSONAL INFORMATION WILL NOT EXCEED THE GREATER OF (A) THE TOTAL AMOUNT YOU PAID NUTRAMD IN THE 12 MONTHS BEFORE THE CLAIM, OR (B) ONE HUNDRED U.S. DOLLARS ($100.00). NUTRAMD WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, REGARDLESS OF THE LEGAL THEORY.

18. Indemnification

You agree to indemnify, defend, and hold harmless NutraMD and its officers, directors, employees, agents, and affiliates from any claims, damages, losses, liabilities, costs, or expenses (including reasonable attorneys' fees) arising from: (a) your use of or access to the Services; (b) your violation of this policy or any applicable law; (c) inaccurate or incomplete information you provide; or (d) any third-party claim related to your use of the Services.

19. Force Majeure

NutraMD is not liable for any failure or delay in meeting its obligations under this policy caused by events beyond its reasonable control, including natural disasters, cyberattacks, war or terrorism, pandemics, government actions, power failures, or internet or telecommunications failures.

20. Severability

If any part of this policy is found to be invalid, illegal, or unenforceable, the rest stays in full effect. The invalid part will be modified only as much as needed to make it valid and enforceable while preserving its original intent.

21. Entire Agreement

This policy, together with our Terms of Service, is the entire agreement between you and NutraMD on this subject and replaces all prior or contemporaneous communications—whether electronic, oral, or written—about it.

22. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. When we do, we'll post the updated policy here, revise the "Last Updated" date, and provide any notice the law requires. Continuing to use the Services after changes take effect means you accept the updated policy, so we encourage you to review it periodically.

23. Complaints and Appeals

If you have concerns about how we handle your personal information, please contact us using the details below. Depending on where you live, you may have the right to appeal our decision by contacting us, or to file a complaint with your local data protection authority. In the EEA, you can find the relevant supervisory authorities at edpb.europa.eu.

24. Contact Us

If you have questions about this policy or want to exercise your rights:

Email: support@nutramdwellness.com Mail: NutraMD®, 2575 W 400 N, Suite 300, Lindon, UT 84042

For the purposes of applicable data protection laws, NutraMD is the data controller of your personal information.

Your cart is empty

Cart • 0 items