Legal
Privacy policy
Last updated: May 4, 2026
This Privacy Policy describes how Onyx Vitals (Onyx Holding LLC, "we," "us") collects, uses, and shares personal information when you visit our website or purchase through our online store.
1. Scope
This policy applies to information collected through this website, email correspondence with us, and transactions processed via our store (including WooCommerce and integrated payment gateways).
2. Information we collect
- Identifiers: name, email address, billing and delivery addresses, and order identifiers.
- Commercial information: products purchased, order history, and approximate order value.
- Payment data: card transactions are processed by our PCI-DSS compliant payment processor. We do not store complete card numbers or CVV on our servers.
- Internet activity: IP address, browser type, device type, and pages viewed, via server logs or analytics tools.
- Communications: messages you send via contact forms or email.
3. How we use information
- To process, fulfill, and deliver orders and communicate about logistics (cutoffs, delays, pickup).
- To process payments, prevent fraud, and respond to payment disputes in accordance with card network rules.
- To provide customer support and enforce our Terms, Refund policy, and safety requirements.
- To improve our menu, operations, and website (including aggregated analytics).
- To comply with legal obligations and cooperate with lawful requests.
4. Legal bases (EEA/UK visitors)
If GDPR applies, we rely on performance of a contract (orders), legitimate interests (fraud prevention, site security, analytics), consent where required, and legal obligation where applicable.
5. Sharing & subprocessors
We share information with service providers who assist our business, including: payment processors, hosting / WordPress host, email delivery, delivery routing or logistics tools, and analytics. They may process data only under contractual terms consistent with this policy and applicable law.
6. Cookies & similar technologies
We use cookies and local storage necessary for the shopping cart, login sessions, and security. We do not use third-party advertising cookies unless we later disclose that here and obtain consent where required.
7. Retention
We retain order and customer records as needed to fulfill orders, meet tax and accounting obligations, resolve disputes, and enforce agreements — typically at least the period required by applicable law (often multiple years for transactional records).
8. Security
We use commercially reasonable technical and organizational measures appropriate to the nature of our business. No online transmission is completely secure; you use the site at your own risk.
9. Children
Our services are not directed to children under thirteen (13). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
10. U.S. state privacy rights (including California)
Depending on your state of residence, you may have rights to know, access, delete, or correct certain personal information, or to opt out of certain processing. To submit a request, email us using the address below. We will verify your request consistent with applicable law and respond within the timeframe required by law.
We do not "sell" personal information for money. We may share limited data with analytics or advertising partners only if we enable such tools and disclose them here.
11. International users
If you access the site from outside the United States, you consent to transfer of information to the United States where our servers and processors may operate.
12. Changes
We may update this Privacy Policy from time to time. The "Last updated" date reflects the latest version.
13. Contact
Privacy inquiries: [email protected]