Privacy Policy

Last Updated: November 1, 2024

1. Introduction

This Privacy Policy outlines how “Gut Vitality” (“we”, “us”, “our”) collects, uses, and protects your personal information.

We'll only retain your personal data for as long as necessary.

We'll never share your information with third parties without your consent.

We'll ensure that all personal information supplied is held securely.

At Gut Vitality (“we”, “our”, or “us”), protecting your privacy is paramount to our business operations. This comprehensive privacy policy outlines our commitment to safeguarding your personal information and ensuring transparent data practices. As an e-commerce business utilizing Amazon's Selling Partner API (SP-API), we maintain stringent standards for data protection while providing high-quality service.

This policy details how we collect, process, store, and protect your information, with particular attention to data received through our direct operations and Amazon's services. We are committed to compliance with all relevant data protection regulations and Amazon's data handling requirements.

2. Data Collection

Our data collection practices are designed to gather only the information necessary to process your orders and provide excellent customer service. We maintain strict controls over how this information is collected and used.

2.1 Types of Data Collected

We collect and process specific categories of information essential for our business operations:

  • Order Information

    This includes purchase details, order numbers, and transaction records necessary for processing your orders and maintaining accurate business records.

  • Shipping Information

    Delivery addresses and contact details are collected solely for the purpose of ensuring accurate delivery of your products. This information is handled with particular care as it contains personal identifiers.

  • Customer Contact Information

    Names and email addresses are collected to facilitate communication about your orders and provide customer support. This information is essential for maintaining our relationship with you and ensuring effective service delivery.

  • Transaction Records

    We maintain records of your purchases and interactions with our service for business administration, legal compliance, and service improvement purposes.

2.2 Collection Methods

We employ secure and transparent methods for collecting your information through various channels:

  • Direct Website Purchases

    When you make purchases through our website, information is collected through secure, encrypted forms and payment processing systems.

  • Amazon SP-API Integration

    For orders placed through Amazon, we receive information via Amazon's secure SP-API, following strict protocols for data handling and protection.

  • Customer Support Interactions

    Information shared during support interactions is collected and stored securely to maintain service quality and address your needs effectively.

3. Data Storage and Security

We implement robust security measures to protect your information throughout its lifecycle in our systems. Our infrastructure is designed with security as a primary consideration.

3.1 Infrastructure

Our data storage infrastructure is built on AWS (Amazon Web Services), providing enterprise-grade security and reliability:

  • Encrypted Databases

    All data is stored using AES-256 encryption, ensuring that your information remains secure even in the unlikely event of unauthorized access.

  • Secure Private Networks

    Our infrastructure operates within Virtual Private Clouds (VPC), isolating our systems from unauthorized access and providing multiple layers of network security.

  • Advanced Access Controls

    We implement role-based access control (RBAC) ensuring that data access is strictly limited to authorized personnel based on their specific job requirements.

  • Regular Security Audits

    Our systems undergo regular security assessments and audits to identify and address potential vulnerabilities promptly.

3.2 Security Measures

We employ multiple layers of security controls to protect your data:

  • Data Encryption

    All data transfers are protected using industry-standard SSL/TLS encryption, ensuring secure communication between your browser and our servers.

  • Authentication Systems

    Multi-factor authentication is required for system access, adding an extra layer of security beyond password protection.

  • System Updates

    Regular security updates and patches are applied to maintain system security and address potential vulnerabilities.

  • Monitoring Systems

    Continuous monitoring and threat detection systems alert us to any suspicious activity or potential security issues.

4. Data Retention

Our data retention policies balance business needs, legal requirements, and privacy considerations. We maintain strict controls over how long different types of data are retained.

  • Amazon Customer PII

    Information received through Amazon's SP-API is retained for no more than 30 days after order delivery, after which it is securely deleted from our systems.

  • Direct Customer Data

    Information for customers who purchase directly through our website is retained as long as the account remains active, or as required by law.

  • Transaction Records

    Basic transaction records are retained for legal and tax compliance purposes, with personal identifiers removed after the retention period.

  • Backup Data

    System backups are encrypted and retained for 30 days to ensure business continuity while maintaining data security.

5. Data Sharing

We maintain strict controls over data sharing, ensuring your information is protected at all times. Our policy is to minimize data sharing to only what is absolutely necessary for business operations.

We do not share customer information with third parties except in the following limited circumstances:

  • Order Fulfillment

    When necessary for order fulfillment through Amazon FBA, following strict data protection protocols and Amazon's requirements.

  • Legal Requirements

    When required to comply with legal obligations, court orders, or official investigations.

  • Regulatory Compliance

    When necessary to meet regulatory requirements or respond to regulatory inquiries.

6. Your Rights

We respect and uphold your rights regarding your personal information. You have specific rights concerning your data, and we are committed to honoring these rights promptly and efficiently.

  • Access Rights

    You have the right to request access to the personal data we hold about you. We will provide this information in a structured, commonly used format.

  • Correction Rights

    If you believe any information we hold about you is incorrect, you have the right to request corrections or updates to ensure accuracy.

  • Deletion Rights

    You may request the deletion of your personal information from our systems, subject to legal retention requirements and legitimate business needs.

  • Consent Withdrawal

    You have the right to withdraw any previously given consent for data processing, and we will honor such requests promptly.

7. Contact Information

We take your privacy concerns seriously and are committed to responding promptly to any questions or concerns you may have about your personal information.

For any privacy-related inquiries, please contact our Data Protection Officer:

Dr. Adam Dalton
Gut Vitality
Email: privacy@gut-vitality.com

We aim to respond to all privacy-related inquiries within 48 hours of receipt.