Privacy Policy

Glass of hot chocolate with chocolate bars and caramels on a white surface

Assorted cookies on a gray surface with a spoon

Stack of granola bars with scattered nuts on a beige background

White mug filled with a brown liquid surrounded by dark chocolate pieces on a light background

LAST UPDATED: February 23, 2025

This privacy policy (the "Privacy Policy") explains how Diet Direct, Inc. ("Company", "we", or "us") collects, uses, shares, and protects information of the users of Company's websites and mobile or other software applications where this Privacy Policy is posted (collectively, the "Website"). This Privacy Policy is designed to fulfill our legal obligations in the places where we operate—including, without limitation and where applicable, the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and Canada's Personal Informatoin Protection and Electornic Documents Act (PIPEDA).

Please note that this Privacy Policy only applies to the Website, and not to websites, applications, operating systems, or other platforms of third parties (collectively, "Third-Party Platforms"), even if such Third-Party Platforms are linked to or accesible from the Website.

Who we are

Any information or other data provided to or gathered by Company is controlled by:

Diet Direct, Inc.
1001 Military Cutoff Rd
Suite 350
Wilmington, NC 28405
UNITED STATES
hello@dietdirect.com

THIRD PARTIES

“Third Parties” include any person or entity other than you and our companies and employees. Third Parties include, but are not limited to, our marketing partners and the suppliers, service providers, and other vendors that help us provide the Services.The Website may include links to Third Party Platforms.

Unless otherwise expressly stated, this Privacy Policy does not apply to any Third-Party practices, websites, mobile apps, or services. Each Third-Party Platform will have its own data collection and usage practices, and may use their own cookies, web beacons, and other technology to collect information from you. Company is not responsible for the content or practices of any Third-Party Platforms and, if you choose to visit or use them, you do so at your own risk.

OUR COLLECTION OF PERSONAL DATA

How We Collect Personal Data

We collect personal data directly from you at various points during your interactions with us. We primarily collect personal data when you engage with us, whether through the Website, in person, or other means, such as:

When you browse or complete a form on the Website;
When you register a suer account on the Website;
When you order Products or other goods or services from Company;
When you click on a link in a Company advertisement;
When you make payments to us;
When you communicate with us, such as by speaking to one of our customer service agents;
When you post content to the Website, such as a review ("your Content");
When you sign up to receive email, text/SMS, or other communications from us;
When you participate in a survey, contest, or sweepstakes administered by Company; and/or
When you apply for a job with Company.

We collect personal data from Third Parties, such as:

When you enroll in the Diet Direct obesity telemedicine program (the “Telemedicine Program”), which is
powered by Third-Party CareValidate Inc., as discussed more fully below;
When you make payments to us through a Third-Party payment provider or have your payment information saved in your web browser; and/or
When you use Third-Party internet or communications services to connect with our Website or customer service team.

Like most websites and apps, we also collect data through automated technologies on our Website, such as cookies, web beacons and pixels. These practices are discussed more fully in the section below entitled Cookies and Other Data Technologies.

Categories of Personal Data Collected

Through the methods identified herein, we collect the following categories of personal data:

Identifiers
We collect basic contact information, such as name, address, phone number, mobile number, email addres, date of birth, and gender.
We also collect account information, such as your account name and number, your username and password.

Commerical Data
We collect transaction information, such as details about Products and Services you have purchased or considered, your Subscription Plan (if any), and your purchasing tendencies. When you click on Product links or place items in your shopping cart, we may collect or create records regarding your shopping preferences or other purchasing or consuming history or tendencies.
We collect financial information, such as name, bank account number, credit or debit card number, billing address, and payment history.
We may collect or create inferences, such as creating a consumer profile for you or a group of customers relating to consumer preferences and trends.

Personal Background
We collect certain protected class information, such as sex, disability (e.q., when you request health accomodations, such as gluten-free food), and age.
We collect employment information when you apply for a job with Company, including your contact information, government-issued identification, professional licenses and credentials, union membership, employment history, educational background, citzenship and immigration status, military service, and references.

Audio and Visual Data
We create and store certain call recordings. When you call our customer service agents, your call may be recorded or monitored for quality assurance purposes and/or for legal compliance.
We may collect audio and visual data from you if you upload it to the Website as part of your Content, or if you authorize us to use or share Content posted to your Third-Party social media accoun(s).

Health Data
Because we sell dietary Products, we may collect health data when you provide it to us, such as your weight, height, food allergies, whether you are a candidate for or have had bariatric surgery, and informaton about whether you are pregnant or nursing.
If you are a Washington Resident, see below for our Consumer Health Data Privacy Policy.

Communications
We collect any information you communicate to us, such as to customer service agents, or via a feedback form, regardless of whether it fits into one of the other categories of personal data outliend herein. Such information is volunteered by you and we do not collect it surreptitiously.
When you communicate with us via any live chat feature on our Website, your live chat transcripts may be monitored or reviewed by the Third-Party live chat service provider.
We also collect information you communicate to Third Parties through the Website, such as information submitted by you to the Telemedicine Program, which is powered by Third-Party CareValidate Inc., and/or the contents of messages where we are not a recipient.

Geolocation
We collect general geolocation data from users of the Website by ascertaining approximate location (e.g., city or country) from the user's IP address. We do not collect or track precise geolocation data.

Other Personalized Data
We may collect other personalized data on a case-by-case basis, but only when you expressly consent to the same before it is collected.

Non-Personalized Data
We collect device, internet, and network data, such as the type of device (e.g., computer, smart phone, tablet), device ID, MAC address, mobile carrier, phone number, operating system, IP address, internet service provider, browser language, browsing history, search history, advertising ID, and any other information regarding your interaction with the Website or Company advertisement. See below for more information about cookies and other tracking technologies.
We may collect or create aggregate information or de-identified data from the personal data collected. For example, we may combine the personal data of multiple users of the Website to create data that no longer identifies the users on an individual basis but speaks to behavioral or consuming patterns. If we combine aggregate information or de-identified data with personal data, we will treat it as personal data in accordance with the provisions of this Privacy Policy.

OUR USE OF PERSONAL DATA

We use personal data for the same reasons we collect it. Specifically, we process personal data for the following purposes:

Categories of Personal Data	Purpose for Collection and Use	Lgeal Basis
Identifiers Commerical Data Communications Geolocation Data Non-Personalized Data	We use this data for business purposes, including providing, improving, and securing the Website. We use information to debug and identify and repair errors that impair existing intended functionality of the Website. As explained below, we use Cookies, including those placed by Third Parties, to gather statistical information that helps us understand how you and other users engage with the Website and helps us improve its performance via technological development.	We process this data on the basis of our legitimate interest of maintaining a functional and secure Website (Article 6.1(f) GDPR).
Identifiers Commercial Data Communications Audio or Visual Data Health Data Geolocation Data Non-Personalized Data	We use this data for business purposes, including responding to communications by providing you with informaton regarding your requests about Products made via the Website, our call center, email, or other channels. We will only use this information to respond to your request.	This processing is carried out to take steps at the request of the data subject prior to entering into a contract (Article 6.1(b) GDPR).
	We also use this data for commercial purposes, including marketing our offerings to you through email, phone, and SMS. Where you indicate your express and specific consent, we will use your contact details to send you newsletters and marketing communications via email or SMS about our products and Services that may interest you.	This processing is based on your consent, pursuant to Art. 6.1(a) GDPR).
	We also use this data for commercial purposes, including to build a profile and create inferences. Company creates new information about you by drawing inferences from the information identified in the categories listed above, such as to create a profile about you reflecting your preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Such information and profile may be used by Company for advertising purposes.	This processing is based on your consent, pursuant to Art. 6.1(a) GDPR).
Identifiers Commerical Data Personal Background Health Data Communications Geolocation Data Non-Personalized Data	We use this data for business purposes, including completing and handling your purchases, collecting payment from you, and providing all related Products and Services. We use the information we collect from you to process your payments, fulfill your orders, and ship your purchases.	We process this data on the basis of our contract with you (Article 6.1(b) GDPR).
	We also use this data for the business purpose of addressing your special needs. During the transaction process, you may communicate data revealing information about your health or other preferences.	We process this data only on the basis of your informed and specific consent (Art. 9.2(a) GDPR).
	We also use this data for the business purposes of maintaing records of incidents, facilitating investigations and remedies, and preventing and detecting fraud.	We process this data on the basis of our legitimate interest of maintaining records of incidents and investigations. (Article 6.1(f) GDPR).
	We use this data for business purposes, including handling requests, complaints and comments. We keep track of the comments and complaints that you make on so we can respond to your requests.	We process this data in connection with our provision of Services to you, therefore on the basis of the Terms of Service (Article 6.1(b) GDPR).
	We also use this data for the business purpose of improving our Products, Website, and Services. Company uses the information we collect from you and other users to improve our product offerings and services. For example, we may consider analytics, demographics, and user feedback collected via the Website in determining whether there is sufficient demand for a new Product, Subscription Plan, or Service.	This processing is carried out on the basis of our legitimate interests of ensuring our customers are satisfied with the Services (Article 6.1(f) GDPR).
Audio or Visual Data	We use this data for business purposes, including to document commitments made by phone or live chat, and for quality assurance and training purposes. If the call is being recorded, you will be notified at the beginning of the call.	The processing is based on the legitimate interest of the data controller.
	We also use this data for the business purpose of complying with regulatory requirements, such as where the recording of phone calls or consent is required by law.	The processing is carried out for compliance with a legal obligation to which the data controller is subject (Article 6.1(c) GDPR).
Identifiers Commerical Data Communications Geolocation Non-Personalized Data	We use this data for business and commerical purposes, such as sending you personalized advertising communications and newsletters according to your preferences. If you submit any form or otherwise consent, whether via the Website, online, on paper, in person, or through a Third Party, indicating you wish to receive information about our Products, products and Services, we will contact you according to your preferences (e.g., email, phone, SMS/text) to inform you of our latest offers that we think might be of interest to you. See below for more information on personalized advertising and hwo to revoke consent.	The processing is based on your specific consent (Article 6.1(a) GDPR).
	We also use this data for the business and commercial purposes of sending you information about products and Services similar to your previous Products and other transactions. See below for more information on marketing communications and how to unsubscribe.	This processing is based on our legitimate interests in informing you of similar or related products and Services that we offer and that may enhance your customer experience (Article 6.1(f) GDPR.
	We also use this data for the business and commerical purposes of creating deidentified aggregate information. Company may combine your information with that of other users to create "Aggregate Information"—namely, statistical information about all users or a subset therof. Aggregate Information is pseudonymized and deidentified. In other words, Aggregate Information cannot be used to identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, including you. In turn, Aggregate Information may be used by Company for the Business and Commerical Purposes listed herein.
Identifiers Personal Background Audio or Visual Data Communications Geolocation Non-Personalized Data	We collect this data for business purposes, including receiving and reviewing applications for employment.	This process is based on our legitimate interests in staffing our Company (Article 6.1(f) GDPR).

SENSITIVE PERSONAL DATA

Certain categories of personal data collected—such as Health Data, financial account access information, protected class information, and some of your communications with Third Parties (e.g., email, text, or direct messages where we are not a recipient)—may qualify as "Sensitive Personal data" under applicable law.

Limited Purposes

We only collect and use Sensitive Personal Data when reasonably necessary for and proportionate to one of the following business purposes: (a) to perform certain Services, such as verifying information or for analytics; (b) to verify or maintain the quality or safety of our Services, including our Website; (c) to perform Services reasonably expected by you; (d) for short-term use where there is no disclosure or profiling; and/or (e) to resist malicious, fraudulent, or illegal actions or to ensure physical safety.

Our Retention Policy for Sensitive Data

All other Sensitive Personal Data will be retained in compliance with any legislation governing the retention and deletion of such data. Unless otherwise required by law, Sensitive Personal Data will not be retained longer than two (2) years after fulfillment of the business purposes for which it was collected.

Data Security

We employ industry-standard security measures to protect the Sensitive Personal Data we collect, including encryption, access controls, and regular security assessments to prevent unauthorized access, disclosure, or alteration of the data.

DISCLOSURE OF PERSONAL DATA TO OTHERS

As part of our business, we disclose information to Third Parties as follows and for the outlined purposes, which include business purposes to provide safeguard, and improve our Products, Website, and related Services and to comply with legal and contractual obligations, as well as commercial purposes, such as to promote our Products and other offerings.

Service Providers and Contractors

Some Services that you obtain through us are provided by Third-Party service providers and contractors. For example, the Telemedicine Program is managed by Third-Party CareValidate Inc. We need to communicate your name to such partners in order to provide you with the Concierge Services you booked. Accordingly, such disclosure is for business purposes, including to provide you with Services that you have requested, and for commercial purposes, such as to advertise our Services to you and others.

These Third-Party service providers and contractors operate in several industries, including the following:

Advertising partners (e.g., social media, web, streaming, and broadcast television platforms);
Health and wellness providers (e.g., CareValidate Inc. and its Vendors responsible for managing the Telemedicine Program);
Payment processors (e.g., banks and other financial institutions that collect payments);
Software and technology (e.g.; providers of hosting, security, email, and live chat Services for the Website).

When we provide your personal data to Third-Party service providers and contractors, we only communicate data that is strictly necessary. We also have agreements in place with our Third-Party service providers and contractors to ensure that the data we communicate to them is used only for specific purposes related to the fulfillment of your request.

Personal data of European residents may be transferred to a non-EU/EEA country if a specific Third-Party service provider or contractor is based outside the EU/EEA.

Legal Process and Protection

We may disclose information necessary to comply with our legal obligations, such as to respond to government requests, law enforcement inquiries, legal processes, subpoenas, and court orders.

We may disclose information when we believe it is necessary to investigate, prevent, or respond to illegal, fraudulent, or injurious actions, property damage, or other security incidents that may cause harm to us, our Products, guests, or others. We may also disclose information in good faith where necessary to investigate or enforce a violation of this Privacy Policy, our terms, or any legal rights.

Merger or Sale

We may share information with a buyer and/or its representatives for business purposes as part of a sale, merger, acquisition, or other change in control or entity status, either in whole or in part, of any company within the Company group. We reserve the right to transfer or assign your information as part of any such transaction or investigation.

Consent

We may disclose information to Third Parties as requested or consented to by you. Such disclosure may be for any business or commercial purpose as described by you.

Other Consumers

We may disclose your information for the commercial purpose of advertising our Products and Services to others by sharing your reviews, comments, and other content uploaded by you to advertise and market our Website and the Services, including by reposting your reviews on the Website, in our advertising, or through our social media platform.

Telemedicine Program

The Telemedicine Program is powered by the CareGLP™ platform by CareValidate Inc. CareGLP™ is a patient management platform that collaborates with independent physicians and practitioners providing services through the SOC2 and HIPAA Compliant Care360 platform. CareValidate Inc. does not directly offer medical or pharmacy services, and payment does not guarantee the prescription writing or dispensing process. Medical services are facilitated by independent providers. The information presented on this website is for informational purposes only and should not be considered a substitute for professional medical advice, diagnosis, or treatment. If you have questions or concerns about your health, please consult with your doctor.

The CareValidate Privacy Policy is available at https://www.carevalidate.com/privacy.

COOKIES AND OTHER DATA TECHNOLOGIES

Use of Data and Tracking Technologies and the Website

As with many companies, we use cookies, pixels, gifs, web beacons, log files, and/or similar technologies to automatically collect certain information, including device, internet, and network data, general geolocation data, inferences, and aggregate information or de-identified data, when you use the Website or interact with our digital advertising content, such as when you click on an advertisement or a link to the Website within an email. This allows us to track individual users, determine when content is accessed, and customize user experiences.

Unless you have opted out of cookies or changed your cookie settings in your internet browser, your browser automatically sends us certain device, browser, internet connection, and general geolocation information and certain internet activity information. For instance, we may collect your mobile device identifier or MAC address, ISP carrier information, date and time you access the Service, the pages you visit, and whether you click on ads.

Cookies

Cookies are small text files sent by websites to users' browsers for the purpose of automatic authentication, session tracking and storing of specfic information regarding users. There are essentially three types of cookies used on the Website:

"Technical cookies" (sometimes called "strictly necessary cookies") are required for navigation within the Website and to use some of its functions (e.g. timing the display of certain pages in so-called "pop-up" mode etc.).

"Statistical cookies" (e.g., Google Analytics) are supplied and managed by Google to provide statistical analysis of access to the Website. The data collected is Non-Personalized Data, is solely collected anonymously and in aggregate form, and no personal user data is retained. You can decide not to use Google Analytics cookies by following the instructions at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

"Profiling cookies" (sometimes called "marketing cookies" and/or "preference cookies") are supplied and managed by Third Parties to generate specific advertising messages based on browsing habits and the interests of individual users. These cookies do not, however, use Sensitive Personal Data. Please see below for more information on personalized advertising.

You can change your cookie settings in your internet browser and use settings on your device to manage your privacy controls. For more information and ways to opt out, see https://www.allaboutcookies.org/, and learn how to disable these tools by opting-out of third-party cookies and mobile device ID practices.

Please note that disabling cookies may impair the correct functioning of certain Website features.

Pixels

Pixels are small pieces of code embedded on a website that allows website owners and third parties to track user behavior and gather information about how users interact with the website. Pixels can track actions like page views, clicks, and other related activities and are often used for Personalized Ads and website analytics.

We may use pixels on the Website to associate personal data with your device or IP address and to track and measure your engagement with the Website and Personalized Ads.

Third-Party Cookies and Pixels

As explained above, Company uses pixels, tags, and Cookies set by Third Party partners to provide, manage, and protect the Website and to track your online behavior and provide Personalized Ads to you, including as follows:

Third Party	Description	Privacy Policy
CareValidate	Company uses CareValidate cookies to facilitate the promotion and provision of the Telemedicine Program to participants and potential participants	https://www.carevalidate.com/privacy
Impact	Company uses Impact cookies to attribute sales back to the affiliate referral source.	https://impact.com/privacy-policy/
Cloudflare	Company may use the Cloudflare cookie as a security tool for managing user access to the Website.	https://www.cloudflare.com/privacypolicy/
Google Ads	Company uses Google Ads to deliver personalized ads to you and other website users.	https://policies.google.com/technologies/ads
Google Analytics	Company uses Google Analytics to track website performance, purchase behaviour, and other financial insights.	https://policies.google.com/privacy
Google reCAPTCHA	Company uses Google reCAPTCHA v3 to prevent SPAM and fraudulent form submissions.	https://policies.google.com/privacy https://policies.google.com/terms
Meta (Facebook & Instagram)	Company may also use the Facebook Cookie to deliver Personalized Ads to you on Facebook. Company may also use the Meta Pixel, which allows us to track and analyze the effectiveness of our advertising compaigns on Facebook and Instagram. This pixel enables us to measure the success of our advertisements by understanding the actions users take on our Website after viewing our Facebook and Instagram ads. The data collected through the Meta Pixel may be used for marketing and analytical purposes to enhance our understanding of user preferences and to improve our advertising strategies.	https://www.facebook.com/policies/cookies/ You can manage Meta Pixel data sharing settings within the Settings section of the Facebook and Instagram apps.
Levo.ai	Company may use Levo.ai cookies to identify and mitigate security threats to the Website.	https://www.levo.ai/privacy-policy
Klaviyo	Company uses Klaviyo to send marketing communications. Information collected may be used to create demographic profiles for personalization purposes. Klaviyo utilizes cookies or similiar tracking technologies to collect information about your interactions with our website. This enables them to personalize your experience, for instance by sending shopping cart reminders via SMS message if you have opted into our SMS service.	https://privacy.klaviyo.com/policies/en/
Microsoft(Bing)	Company uses Microsoft cookies to deliver to deliver personalized advertisements to you and other website users on the Bing search engine.Company may also use Microsoft cookies to validate user identity and authenticate other cookies.	https://privacy.microsoft.com/en-ca/privacystatement
Okendo	Company uses Okendo for post purchase follow up review collection - both product & seller feedback.	https://okendo.io/legal-end-users/privacy/
Shopify	Company uses Shopify for on-site chat, purchase tracking, and to improve overall customer service.	https://www.shopify.com/legal/privacy
TikTok	Company may use TikTok Ad Pixel, which allows us to track and analyze the effectiveness of our advertising campaigns on TikTok. The data collected through the TikTok Ad Pixel may be used for marketing and analytical purposes to enhance our understanding of user preferences and to improve our advertising strategies	https://www.tiktok.com/legal/page/us/privacy-policy/en
Gorgias	Company uses Gorgias as a customer support platform to manage and respond to customer inquiries across channels such as email, chat, and social media.	https://www.gorgias.com/privacy
Triple Whale	Company uses Triple Whale for analytics and attribution to measure marketing performance and better understand customer interactions across channels.	https://www.triplewhale.com/privacy-policy
Recharge	Company uses Recharge to manage subscription services, including recurring orders, billing, and customer subscription preferences.	https://rechargepayments.com/privacy-policy/
Rebuy	Company uses Rebuy as a personalization engine to deliver product recommendations, upsells, and customized shopping experiences based on customer behavior.	https://rebuyengine.com/privacy
Rokt AfterSell	Company uses Rokt AfterSell to present post-purchase offers and upsell opportunities to customers after checkout.	https://www.rokt.com/privacy-policy/

MARKETING

Personalized Advertising

We may work with Third-Party advertising companies to process personal data (but not Sensitive Personal Data) for the commerical purpose of displaying ads tailored to your individual interests based on your online and transactional activity and to provide ad-related services such as analytics and market research (collectively, "Personalized Ads"). Third parties, in turn, may use cookie, web beacon, pixel or other similiar technology to collect personal data from you and/or associate it with other personal data collected.

We may also send you Personalized Ads in the form of email, phone, and SMS/text communications and newsletters tailored to your preferences and purchase tendencies.

Other Marketing Communications

When you provide us your email address via the Website (e.g., when you register your account or create a Booking), you will receive emails about your account, Products, and related Services that may include non-personalized marketing messages.

Simliarly, when you provide us your phone number and consent to receive our SMS/text messages, you may receive non-personalized marketing communications.

Revoking Consent

To opt-out of cross-devivce linking and Personalized Ads, visit www.aboutads.info/choices or perform a global opt-out on each browser and device.

You can opt-out of receiving Personalized Ads and other marketing communications by email by clicking the unsubscribe link and following any subsequent instructions.

You can opt-out of receiving Personalized Ads and other marketing communications by SMS/text message by replying STOP.

You can opt-out of receiving Personalized Ads and other marketing communications by phone by asking to be placed on Company's internal Do Not Call list.

To opt-out of Personalized Ads and other marketing communications and notifications on Third-Party platforms, such as Meta (Facebook, Instagram), Google, Android, and iOS, you can change your user serttings on such platforms.

Please note that we may still contact you regarding your Products and other transactions, even after you have opted out of marketing communications. For example, if you unsubscribe from marketing emails and subsequently complete a Booking, we will still email you a receipt and instructions specific to your Booking.

SALE OF PERSONAL DATA

Company does not sell personal data..

As discussed above, Company participates in targeted advertising or Personalized Ads, which is also called interest-based or online behavioral advertising and may include cross-contextual advertising. Under some privacy legislation, Personalized Ads may constitute the “sale” or “sharing” of personal data, such as for business purposes (e.g., providing Products and related Services) and commercial purposes (e.g., marketing). To opt out of these practices, please see the section above about revoking consent or visit our Do Not Sell or Share My Personal Information

FINANCIAL INCENTIVES

We may offer incentives related to the collection, retention, or sharing of information that may be deemed a "financial incentive" or "price or service difference". If you opt in to such an offering pursuant to the terms described at the time of signup, we may collect information such as contact information, transactional information and inferences, internet or other network activity, and device information. Any difference in price or rate, such as a discount, will be reasonably related to the value of the data. If you want to withdraw from the offering, please contact us as instructed below.

CHILDREN’S INFORMATION

Company does not solicit or knowingly collect personally identifiable information from children under the age of 13. If Company obtains actual knowledge that it has been collected such as information, that information will be immediately deleted from our database. Because Company does not collect such information it has no such information to use or disclose to third parties. Company has designed this Privacy Policy in order to comply with the Children's Online Privacy Protection Act (COPPA).

PROTECTION OF PERSONAL DATA

Consistent with others in our industry, we take efforts to employ technical, administrative, and physical security measures for our personal data, taking into account reasonable security procedures and accessible technology. However, no system can be completely secure; and we cannot promise, and you should not expect, that your personal data will always remain secure. Your provision of personal data is at your own risk. The safety and security of your information also depends on you. Take steps to safeguard your passwords and other data and notify us as soon as possible if you believe your account security has been breached.

TRACKING AND PRIVACY CONTROLS

Our Website does not currently respond to Do Not Track, or "DNT" requests. DNT is a feature that, when enabled, sends a signal to websites to request that your browsing not be tracked.

GPC” is short for Global Privacy Control settings in your browser or extension. Our Website recognizes GPC signals. This means that if your browser has GPC enabled, our Website will automatically recognize your GPC signal and opt you out of the sale of your personal information, if any. For more information about GPC, please click here: https://globalprivacycontrol.org/

YOUR PRIVACY RIGHTS

Company is committed to giving you the appropriate control of your own personal data. Dependent upon the laws of jurisdiction where you reside, you may have the following rights in connection to your personal data:

The right to access your personal data and obtain specific information about how we process it. Please be aware that you can only exercise this right in relation to your own data or to the data of a minor or another vulnerable person, where you have provided such data as a holder of parental authority or legal responsibility. Company reserves the right to ask for proof of identity, as well as to refuse to provide the personal data if the identity or relevant connection to the data subject cannot be proven.
The right to rectify your personal data, including by means of providing a supplementary statement.
The right to obtain the erasure/deletion of personal data concerning you, subject to certain legal limitations depending upon the laws of your jurisdiction of residence.
The right to limit or restrict the processing of your personal data, in particular, any Sensitive Personal Data and the use of automated decision making, such as profiling.
The right to data portability. You may exercise this right in cases where the processing is based on your consent or on your contractual relationship with Company and the processing is carried out by automated means.
The right to object, at any time, to the processing of personal data concerning you. You may exercise this right where the processing is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in us, or where the processing is based on our legitimate interests.
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or which simliarly significantly affects you. You may exercise this right unless the processing is necessary for entering into, or performance of, a contract between you and Company, or is authorized by applicable law that lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or if the processing is based on your explicit consent.
The right to opt-out of certain data practices, such as by unsubscribing from marketing communications by following the opt-out instructions in each message or by contacting us as outlined in this Privacy Policy.
The right to lodge a complaint with a supervisory authority in your jurisdiction of residence, place of work or place of the alleged infringement. Similary, you have the right to not be discriminated against for asserting your privacy right, and your exercise of these rights will have no adverse effect on the price and quality of our goods or Services.
Other Rights. If certain other privacy laws apply to you that provide you with additional rights, please contact us to make a request, as we strive to comply with all privacy rights.

To exercise your data subject rights, please email us at hello@dietdirect.com.

JURISDICTION-SPECIFIC RIGHTS

In addition to the foregoing Privacy Rights, if you are a resident of any of the following jurisdictions within the United States, the corresponding privacy rights apply to you:

For California Residents

The "right to access your personal data" includes the right to request the following:

what personal data we have collected, used, or disclosed and "sold" about you, including the categories of personal data;
the categories of sources from which the personal data is collected;
the business or commercial purpose(s) for collecting, selling, or sharing personal data;
the categories of Third Parties to which personal
the specific pieces of personal data we have collected about you.

Please note that we are only required to honor "right to access" requests twice in a 12-month period.

The "right to rectify your personal data" includes the right to correct inaccuracies, considering the nature of the personal data and the purposes of the processing.

The "right to obtain erasure/deletion of your personal data" is not absolute and we will, in some cases, retain personal data as allowed by applicable laws and to support essential functionality, such as maintaining your subscription.

You may also designate an authorized agent to make a privacy rights request on your behalf.

In addition, California law requires us to identify, for the 12-month period prior to the date of this Privacy Policy, what information we may have "sold" or "shared" about you. For the 12-month period prior to the date of this Privacy Policy, Company has only sold or shared personal data about its customers as expressly described in this Privacy Policy.

The Shine the Light law permits you to request and obtain from us, once per calendar year, information about any of your personal data shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this informaton and for any other questions about our privacy practices and compliance with California law, please contact us as described above.

For Virginia, Colorado, Connecticut, and Utah Residents

The "right to access your personal data" means you have the right to confirm whether we process your personal data and access your personal data.

Please note that we are only required to honor "right to access" requests twice in a 12-month period.

The "right to rectify your personal data" includes the right to correct inaccuracies, considering the nature of the personal data and the purposes of the processing.

The "right to obtain erasure/deletion of your personal data" is not absolute and we will, in some cases, retain personal data as allowed by applicable laws and to support essential functionality, such as maintaining your subscription.

You have the right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, and/or profiling in furtherance of decisions that produce legal or similarly significant effects. Please see our Do Not Sell or Share My Personal Information page for information on exercising this right.

Please note that we do not process your personal data using machine learning and/or profiling methods in ways that would impact you in a legal or similarly significant manner.

If we deny your privacy request, you have the right to appeal our decision. To appeal a decision we have made regarding your request, you may contact us using our contact details provided above. We will repsond to appeals within 45 days.

You may also designate an authorized agent to make a privacy rights request on our behalf.

UPDATES

We reserve the right to update, modify, add or remove portions of this information notice at any time. Significant changes to the processing of your personal data will require your approval, in accordance with the applicable legislation. If you would like to obtain a copy of the current or a previous version of the informaton notice, please contact us using our contact details provided above.