Legal
Privacy Policy
Last updated: January 1, 2026 · GDPR & CCPA compliant
Data We Collect
We collect: name, email address, phone number (if provided), shipping address, payment method (tokenized — we never store raw card numbers), and order history. We also collect analytics data (page views, conversion events) via GA4, Meta Pixel, and PostHog.
How We Use Your Data
We use your data to: process and fulfill orders, manage your subscription, send transactional emails and SMS (if opted in), serve relevant ads (via Meta Conversions API with hashed PII), and analyze platform performance.
Data Sharing
We share data only with: Stripe/Square (payment processing), Supliful (fulfillment), Resend/Postmark (email), Twilio (SMS), and analytics providers. We do not sell your personal data to third parties.
Your Rights (GDPR)
EU residents have the right to access, rectify, erase, restrict, and port their personal data. To exercise these rights, contact privacy@aeon.health. We respond within 30 days.
Your Rights (CCPA)
California residents have the right to know, delete, and opt-out of sale of their personal information. We do not sell personal information. Submit requests to privacy@aeon.health.
Cookies
We use essential cookies (session management) and analytics cookies (GA4, PostHog). You can opt out of analytics cookies by declining in the cookie banner. We do not use cookies for ad targeting without your consent.
Data Retention
We retain your data for as long as your subscription is active, plus 7 years for financial records (legal requirement). Analytics data is retained for 14 months.
Contact
Data Controller: sitemap.xml. Contact us via the contact page.