Optimix Compounds

Privacy Policy

Effective date: May 2026 Last updated: May 2026

Optimix Compounds ("Optimix", "we", "us") respects your privacy and protects personal information collected through optimixcompounds.com (the "Site"). This policy describes what we collect, why, who we share it with, and your rights. Using the Site constitutes agreement with the practices below.

1. Information we collect

Information you provide

| Category | Examples | |---|---| | Identifiers | Name, email address, phone number, shipping and billing address | | Account data | Username, password (hashed), saved addresses, order history | | Communications | Messages you send to support, replies to outreach, feedback | | Payment data | We do not store full card numbers. Crypto invoice references are stored. Concierge-rail proof-of-payment (Zelle, wire receipt, CashApp screenshot, Venmo screenshot) is stored encrypted in our records system for fraud and compliance review. | | Quiz / research-fit answers | Goal, experience level, preferred administration route, cycle length, constraint flags (if you take our protocol-finder quiz) |

Information we collect automatically

| Category | Examples | |---|---| | Device + browser | IP address, user-agent, OS, screen size, language | | Site usage | Pages viewed, time on page, click events, referral source, session duration | | Cookies + storage | Session cookies, anonymous-visitor identifier (opx_anon), cart token, age-gate acknowledgement | | Carrier metadata | Tracking events sourced from shipping carriers for delivered orders |

We do not collect government-issued IDs, financial-account credentials, biometric data, precise GPS location, or special categories of data (race, religion, health diagnoses, etc.).

2. How we use information

We use your information to:

  • Process orders, reservations, and refunds
  • Ship products and provide tracking
  • Authenticate accounts and detect/prevent fraud or abuse
  • Send transactional communications (order updates, payment instructions, shipping notifications)
  • Send marketing communications only with your opt-in consent (you can unsubscribe any time)
  • Support customer-service interactions
  • Improve the Site, analyze usage patterns, and develop new features
  • Comply with applicable laws (research-supply recordkeeping, tax reporting, response to lawful requests)

3. Legal bases (EEA / UK visitors)

If you are a visitor from the European Economic Area or United Kingdom, we rely on the following legal bases:

  • Contract performance — to process and fulfill your order
  • Legitimate interests — site security, fraud prevention, basic analytics, customer service
  • Consent — marketing communications, non-essential cookies
  • Legal obligation — recordkeeping, tax reporting, regulatory compliance

You may withdraw consent at any time without affecting prior processing.

4. Sharing and sub-processors

We do not sell personal information. We share data only with the following categories of recipients:

| Recipient | Purpose | |---|---| | Supabase | Database, authentication, file storage (US infrastructure) | | Vercel | Hosting and edge delivery | | Resend | Transactional and marketing email | | Twilio | Transactional SMS | | NOWPayments | Crypto-payment processing (when used) | | Easy Pay Direct / NMI | Card-payment processing (when launched) | | Sentry | Error monitoring (no PII in error payloads where avoidable) | | Plausible Analytics | Privacy-friendly analytics (no third-party cookies, no IP storage) | | Shipping carriers | Delivery and tracking | | Legal authorities | Only when required by law (subpoena, court order, regulatory request) |

Each sub-processor is contractually bound to use your data only for the purposes we direct.

5. Data retention

We retain personal information only as long as needed for the purposes described above, or longer if required by law.

| Data category | Retention | |---|---| | Order records and invoices | 7 years (tax + compliance) | | Account profile | Until account deletion request + 90-day grace period | | Marketing-opt-in records | Until you unsubscribe + 12 months for unsubscribe-suppression list | | Support communications | 3 years from last interaction | | Anonymous-visitor session data | 13 months | | Server / access logs | 30–90 days | | Payment-proof artifacts | 7 years (fraud and chargeback defense) |

6. Your rights

Subject to applicable law, you have the following rights:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to update inaccurate or incomplete data
  • Deletion — request that we delete your personal information ("right to be forgotten")
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — withdraw any consent you previously gave

To exercise any right, email support@optimixcompounds.com from the email address associated with your account. We may need to verify your identity before responding. We aim to respond within 30 days.

California residents (CCPA / CPRA)

You have the additional right to:

  • Know the categories of personal information we collect and share (see Section 1 and Section 4)
  • Opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising — we do not sell or share for behavioral advertising
  • Limit use of sensitive personal information — we do not process sensitive personal information beyond what's necessary for the requested service
  • Non-discrimination for exercising your rights

To submit a CCPA request, email support@optimixcompounds.com with subject line "CCPA Request."

Do Not Track / Global Privacy Control

We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of "sale" or "sharing" for California residents and as a withdrawal of analytics consent for visitors in the EEA / UK.

7. Cookies and similar technologies

We use cookies sparingly. Categories used on this Site:

| Cookie | Purpose | Provider | Duration | |---|---|---|---| | opx_anon | Pre-account visitor identifier (CRM stitching) | Optimix | 13 months | | opx_cart | Cart token for the active cart | Optimix | 30 days | | opx_age_gate | Records that you've acknowledged the 21+ age gate | Optimix | 30 days | | theme | Light / dark mode preference | Optimix | 1 year | | Plausible | Aggregate analytics (no third-party cookies) | Plausible | Session | | Supabase auth | Session token for logged-in accounts | Supabase | 7 days |

You can manage cookies through your browser. Disabling cookies may impact site functionality (cart persistence, login).

8. Children's privacy

The Site is intended for adults 21 years of age or older. We do not knowingly collect personal information from anyone under 21. If you believe a child has provided information, please contact us so we can delete it.

9. International transfers

Data is stored in the United States. If you access the Site from outside the U.S., you understand that your information will be transferred to and processed in the U.S., which may have different data-protection laws than your country. By using the Site, you consent to this transfer.

10. Security

We use commercially reasonable safeguards including encrypted transactions (TLS in transit, at-rest encryption for sensitive fields), access controls, audit logging, and ongoing dependency-vulnerability monitoring. No system guarantees absolute security; you accept this residual risk by using the Site.

If we discover a security incident affecting your personal information, we will notify you in accordance with applicable law.

11. Third-party links

The Site may link to third-party websites (study citations, supplier references). We are not responsible for the privacy practices of those sites; consult their policies before sharing data with them.

12. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be highlighted on the Site or in an email to recent customers. Continued use of the Site after an update constitutes acceptance.

13. Contact

Privacy questions, complaints, or data-rights requests: support@optimixcompounds.com, subject line "Privacy."

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data-protection authority.

This document is a working draft prepared in good faith based on current product behavior. Operator should review with a qualified privacy attorney before launching paid acquisition, expanding to EU markets, or adding new data-processing partners.