Legal
Privacy Policy Terms & Conditions Accessibility

Privacy policy

Last Updated: 10 November 2025

1. WHO WE ARE AND SCOPE

This Privacy Policy explains how Vita Patch LLC and its affiliates (“Vita,” “we,” “us,” “our”) collect, use, disclose, and protect personal information when you:

  • access or use byvita.co, byvita.eu, byvita.ca, or any other site or page that links to this Privacy Policy (the “Sites”);
  • purchase or use our products and services;
  • interact with us via customer support, email, SMS, social media, or other channels that reference this Policy.

By accessing or using the Sites, creating an account, or purchasing our products, you acknowledge that you have read and understood this Privacy Policy and agree that we will handle your information as described here, to the extent permitted by applicable law. If you do not agree, you should not use the Sites or provide personal information.

Where applicable law requires explicit consent (for example, for certain cookies, marketing, or wellness-related uses), we will ask you for it separately. Nothing in this Policy waives your non-negotiable legal rights.

2. CONTROLLER

Unless stated otherwise in a jurisdiction-specific notice, the controller of your personal information is:

Vita Patch LLC
Attn: Privacy
Email: hi@byvita.co

If required by law, we may appoint EU/UK representatives or additional entities. Details will be provided in updated versions of this Policy or supplemental notices.

3. INFORMATION WE COLLECT

We collect information directly from you, automatically when you use the Sites, and from third parties.

3.1 Information you provide to us

  • Identification and contact information: name, email, phone number, billing and shipping address.
  • Account information: login details and preferences, if you create an account.
  • Order and payment information: products purchased, transaction details, and limited payment card details (processed by PCI-compliant providers; we do not store full card numbers).
  • Communications: inquiries, support requests, survey responses, product reviews, and other information you choose to provide.
  • Marketing preferences: your choices about receiving communications from us.

3.2 Information collected automatically

When you access or use the Sites, we automatically collect:

  • IP address and general location (e.g., country/region);
  • browser type, device type, operating system, language, time zone;
  • pages viewed, links clicked, time spent, referring pages, session identifiers;
  • interactions with our emails and ads (e.g., opens, clicks), where permitted;
  • information collected through cookies, pixels, SDKs, and similar technologies (see Section 7).

3.3 Information from third parties

We may receive information about you from:

  • e-commerce, payment, and fulfillment providers (e.g., transaction status, fraud checks);
  • analytics, advertising, and anti-fraud partners;
  • customer support platforms;
  • social media platforms when you interact with our official pages.

We use this information in line with this Policy and applicable law.

3A. WELLNESS-RELATED AND HEALTH-RELATED INFORMATION

Our products are wellness patches applied to the skin (for example, products marketed for areas such as energy, sleep, focus, or recovery). Because of this, some information we collect may allow inferences about your health, habits, or lifestyle, such as:

  • which Vita products you purchase or subscribe to;
  • frequency or timing of purchases;
  • information you choose to share about your experience with our products.

We do not request or maintain your clinical medical records, diagnostic results, or information from your healthcare providers through the Sites. Our products and content are not a substitute for professional medical advice or treatment.

In some jurisdictions, this type of information may, in context, be considered “data concerning health” or similar sensitive information. Where applicable law treats such information as health or sensitive data, we will process it only:

  1. as necessary to provide the products or services you request (for example, to fulfill your order, manage your account, or handle product quality or safety issues);
  2. to comply with legal and regulatory obligations (for example, tax, accounting, safety notifications, or recalls);
  3. with your consent where required (for example, for certain personalized marketing or analytics); and
  4. in aggregated, de-identified, or anonymized form for analytics and research as described in Section 16.

We apply appropriate (not “medical-grade”) technical and organizational measures to wellness-related information, proportionate to our business, the data we hold, and applicable legal requirements.

3B. HEALTH LAW STATUS (INCLUDING HIPAA)

Vita is a direct-to-consumer wellness company. Based on current U.S. law and guidance:

  • we are not a health plan, health care clearinghouse, or health care provider conducting standard electronic transactions as defined by HIPAA;
  • we do not act as a Business Associate processing Protected Health Information (PHI) on behalf of a Covered Entity.

Information we collect via the Sites and in connection with your purchases is therefore generally not PHI under HIPAA, and HIPAA does not directly govern our handling of that information.

This does not limit any protections you have under other applicable privacy, consumer protection, or health-related laws.

4. HOW WE USE YOUR INFORMATION

We process personal information where we have a valid legal basis (such as performing a contract with you, pursuing our legitimate interests, complying with legal obligations, or relying on your consent where required).

We use your information to:

Provide products and services

  • Process and fulfill orders, payments, and deliveries.
  • Manage accounts, subscriptions, returns, and customer support.

Communicate with you

  • Respond to inquiries and support requests.
  • Send transactional messages such as order confirmations and shipping updates.

Improve and secure our business

  • Monitor performance and usage of the Sites.
  • Maintain, troubleshoot, and improve our products, services, and user experience.
  • Detect, prevent, and investigate fraud, abuse, or security incidents.

Marketing and personalization

  • Send newsletters, promotions, and product updates where permitted by law and your preferences.
  • Show relevant content and advertising based on your interactions, where allowed.

Where required, we rely on your consent for marketing and certain profiling activities. You can withdraw consent at any time.

Compliance and risk management

  • Maintain records for tax, accounting, and regulatory purposes.
  • Respond to lawful requests and enforce our terms and rights.

We do not use your personal information in a way that is materially incompatible with these purposes without informing you or obtaining consent where required.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information for money. Some laws may treat certain targeted advertising or analytics uses as a “sale” or “sharing”; where that is the case, you may have additional rights described in Section 10 and any regional supplements.

We may share your information with:

Service providers

  • E-commerce platforms, payment processors, fraud prevention tools, fulfillment centers, shipping carriers, communications providers, analytics and advertising vendors, and IT/security providers.
  • They may use personal information only to provide services to us and must handle it in line with applicable law and contractual safeguards.

Affiliates and corporate transactions

  • Within the Vita group of companies, where relevant.
  • With third parties in connection with a merger, acquisition, financing, or sale of all or part of our business. Any successor may continue to use your information consistent with this Policy.

Legal and safety

  • To comply with applicable laws, regulations, legal processes, or enforceable government requests.
  • To protect the rights, property, or safety of Vita, our customers, or others, as permitted by law.

With your direction or consent

  • For example, when you submit public reviews, participate in referral programs, or activate integrations you choose.

We do not permit third parties to use your wellness-related information for their own independent marketing without your consent where required.

6. INTERNATIONAL TRANSFERS

Your information may be processed in countries other than your country of residence. These countries may have different data protection laws.

Where required, we implement appropriate safeguards (such as Standard Contractual Clauses or other lawful transfer mechanisms) and take steps to help ensure an adequate level of protection consistent with applicable law.

7. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies, pixels, tags, and similar technologies to:

  • enable core Site features and checkout;
  • remember your preferences;
  • understand usage and improve performance;
  • support security and fraud prevention;
  • deliver and measure advertising.

Types include:

  • Strictly Necessary Cookies;
  • Functional Cookies;
  • Performance/Analytics Cookies;
  • Advertising/Targeting Cookies.

Where required by law, we will:

  • request your consent before setting non-essential cookies;
  • provide options to manage your cookie preferences;
  • respect applicable opt-out or preference signals where technically and commercially feasible.

You can also control cookies via your browser or device settings. Disabling some cookies may affect Site functionality.

8. DATA RETENTION

We retain personal information only as long as reasonably necessary for the purposes described in this Policy and to meet legal, accounting, or reporting requirements. Factors include:

  • the type and sensitivity of the information;
  • the purposes for which it is processed;
  • applicable legal, regulatory, and contractual obligations;
  • our need to resolve disputes and enforce our agreements.

Examples (subject to applicable law):

  • Order and transaction data: typically up to 7–10 years.
  • Account and marketing data: while your account is active or until you opt out or request deletion, subject to legal retention.
  • Security and fraud logs: for a period reasonably necessary for security and compliance.

When data is no longer needed, we will delete it or irreversibly de-identify it in a reasonable manner.

9. SECURITY

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration. These measures are:

  • proportionate to the type and sensitivity of the data;
  • aligned with the risks presented by our processing activities;
  • appropriate for the size and resources of our organization;
  • designed to meet applicable legal requirements.

No system is perfectly secure, and we do not guarantee absolute security. Where required by law, we will notify you and/or regulators of certain data breaches.

10. YOUR PRIVACY RIGHTS

Your rights depend on where you live. We will handle rights requests in accordance with applicable laws and, where appropriate, may apply similar standards more broadly as a matter of policy.

Subject to conditions and exceptions, you may have the right to:

  • access the personal information we hold about you;
  • correct inaccurate or incomplete information;
  • request deletion of your information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • receive your information in a portable format;
  • opt out of marketing communications at any time;
  • in some jurisdictions, opt out of certain profiling, targeted advertising, or uses of sensitive personal information.

California and other U.S. states

Residents of California and certain other U.S. states may have additional rights regarding access, deletion, correction, opting out of the “sale” or “sharing” of personal information, and limiting certain uses of sensitive personal information.

Where we are subject to these laws and engage in covered activities, we will provide appropriate mechanisms (such as “Do Not Sell or Share My Personal Information” and, where required, “Limit the Use of My Sensitive Personal Information”) and will honor valid requests and applicable preference signals as required.

EU/EEA, UK, Switzerland

You may have rights under the GDPR/UK GDPR, including to access, rectify, erase, restrict, or object to processing, to data portability, and to lodge a complaint with your local supervisory authority.

Canada

You may have rights under applicable federal and provincial privacy laws, including to access and request correction of your personal information and to withdraw consent, subject to legal limits.

To exercise your rights, contact hi@byvita.co with “Privacy Request” in the subject line. We may need to verify your identity. We may decline or limit requests where the law permits or requires us to do so.

We will not unlawfully discriminate against you for exercising your privacy rights.

11. CHILDREN’S PRIVACY

Our Sites and products are not directed to individuals under 18. We do not knowingly collect personal information from children under 18.

If you believe a child has provided us information, contact hi@byvita.co. If we confirm such collection, we will delete it as required by law.

12. THIRD-PARTY SITES AND SERVICES

The Sites may contain links to third-party websites, apps, or services. Their privacy practices are governed by their own policies, not this one.

We are not responsible for how those third parties handle your information. We encourage you to review their privacy policies before providing information.

13. AGREEMENT BY USE AND CONSENT

By accessing or using the Sites, creating an account, or submitting information to us, you acknowledge that you have had an opportunity to review this Privacy Policy and that we may process your information as described, subject to applicable law.

However:

  • where explicit consent is legally required (for example, for certain cookies, electronic marketing in some jurisdictions, or certain uses of wellness-related information), we will request it through clear, specific mechanisms; and
  • your use of the Sites alone does not override any requirement for explicit consent imposed by applicable law.

You may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

14. NO MEDICAL RECORDS OR DIAGNOSTIC USE

Our products and content are intended for general wellness and consumer use. They are not intended to diagnose, treat, cure, or prevent any disease and do not replace professional medical advice.

Information we collect:

  • does not constitute a formal medical record or clinical chart;
  • is not intended for use by healthcare providers, insurers, employers, or other third parties as the sole basis for medical or employment decisions;
  • should not be interpreted as confirmation of any specific medical condition.

To the maximum extent permitted by law:

  • Vita is not responsible for how you or any third party interpret or use your purchase history or interactions with us as health or medical evidence; and
  • Vita is not liable for decisions made by third parties (such as insurers, employers, or data brokers) based on your use of our products or Sites.

Nothing in this Section limits rights or protections that cannot be excluded under applicable law.

15. LIMITATION OF SCOPE AND RELATION TO OTHER TERMS

This Privacy Policy:

  • explains how we handle personal information;
  • does not create contractual guarantees that exceed applicable legal requirements;
  • does not require us to implement “medical-grade” or HIPAA-level controls where those laws do not apply;
  • must be read together with our Terms of Use, which include important provisions on limitations of liability, disclaimers, and dispute resolution.

If any part of this Policy conflicts with non-waivable legal rights in your jurisdiction, those rights prevail and the remainder of the Policy remains in effect.

16. RESEARCH, ANALYTICS, AND PRODUCT DEVELOPMENT

We may create and use aggregated and de-identified information derived from personal information.

Where such data can no longer reasonably be used to identify an individual (directly or indirectly), we treat it as anonymized and no longer as personal information.

We may use aggregated, de-identified, and (where applicable) anonymized data for:

  • statistical analyses and reporting;
  • improving and developing our products, formulations, technologies, and services;
  • safety and quality monitoring;
  • scientific, market, and business research;
  • other lawful purposes.

When we create or share de-identified or anonymized information, we use reasonable measures designed to reduce the risk of re-identification and require any recipients not to attempt to re-identify individuals.

17. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

When we make changes, we will update the “Last Updated” date above. For material changes, we will provide additional notice as required (for example, via banner or email). Where permitted by law, your continued use of the Sites after the effective date of an updated Policy constitutes your acknowledgment of the changes.

18. CONTACT US

If you have questions, concerns, or requests relating to this Privacy Policy or our handling of personal information, contact:

Vita Privacy Team
Email: hi@byvita.co