Privacy
policy.

This Privacy Policy describes how Biovexia LLC, doing business as Biovexia Labs (“Company”, “we”, “us”, “our”), collects, uses, and discloses personal information when you visit biovexia.co (the “Site”), create an account, contact us, or place an order. This Policy applies to information we collect online and does not cover information practices of third parties we do not control.

Information you provide when creating an account

• First name and last name
• Email address
• Password (stored in hashed form; we do not have access to the plain-text password)
• Date of birth (used to confirm you are at least 21 years of age)
• Phone number
• Researcher role (academic, industry, graduate or postdoctoral student, clinical or medical, government or regulatory)
• Institution or organization name
• Stated research focus or application
• Compliance acknowledgments (age, professional-capacity, research-use, Terms and Privacy agreement), with the date, time, and IP address at which each was submitted

Information you provide when purchasing or contacting us

• Shipping and billing address
• Order details (products, quantities, dates)
• Messages or questions you send us through the contact form or by email

Information collected automatically

• IP address at the time of account creation and at the time of each order (for compliance and fraud prevention)
• Browser type, device information, referring URL, and pages visited (via standard web server logs)
• Authentication cookies that keep you logged in while you browse
• WooCommerce session cookies used to remember your cart and recent views

• To confirm that account holders are at least 21 years of age and are registering in a professional or research capacity;
• To create, manage, and authenticate your account;
• To process, fulfill, and ship your orders, and to respond to support inquiries;
• To send transactional communications (order confirmations, shipping notifications, account notifications, security alerts);
• To send optional catalog updates and new-compound notifications, only if you have opted in;
• To maintain records of compliance acknowledgments as part of our research-use framework;
• To detect, prevent, and investigate fraud, abuse of the Site, and violations of our Terms;
• To comply with legal obligations and respond to lawful requests from courts and regulators;
• To improve the Site and our services through aggregate, non-identifying analytics.

If you are located in the European Economic Area or the United Kingdom, we process your personal information on one or more of the following legal bases: (a) performance of a contract with you (for account and order fulfillment); (b) compliance with our legal obligations; (c) our legitimate interests (in operating, protecting, and improving the Site); and (d) your consent (for optional marketing communications, which you may withdraw at any time).

Because products are sold exclusively for in-vitro laboratory research, we retain records of each compliance acknowledgment submitted during account creation and order placement, including the date, time, and IP address of each acknowledgment. These records may be produced in response to lawful requests from regulatory authorities.

Transactional emails (order confirmations, shipping updates, password resets, account notifications) are sent automatically and are not subject to opt-out while you maintain an active account. Marketing and catalog-update emails require a separate opt-in and can be unsubscribed from at any time using the link in any such email. We do not sell or rent email addresses or other personal information.

Payments are processed exclusively in cryptocurrency through our third-party payment processor, NOWPayments. Cryptocurrency transactions are completed on the relevant blockchain and are not processed on our servers. We do not collect, store, or have access to any cryptocurrency wallet credentials, private keys, or seed phrases.

From NOWPayments, we receive limited transaction confirmation data (such as the order identifier, transaction hash, payment status, amount paid, and currency used) to associate the payment with your order. We collect your billing address as part of the order so that we can issue a valid receipt and meet recordkeeping obligations.

NOWPayments operates as an independent service and processes information in accordance with its own privacy policy.

We use third-party service providers to operate the Site and fulfill orders. Each provider receives only the information necessary to perform its function. Categories include:

• Hosting and platform: Hostinger (web hosting), WordPress / WooCommerce (e-commerce platform).
• Payment processing: NOWPayments (cryptocurrency payment processor).
• Shipping carriers: USPS, UPS, FedEx, or equivalent — receive recipient name and shipping address only.
• Transactional email delivery: our transactional email service, used to send order confirmations and account notifications.
• Marketing email delivery: Brevo (formerly Sendinblue) — used for opt-in newsletter and catalog-update messages only. Receives email address (and first name where provided) for subscribers who have opted in.

We do not sell personal information to third parties. We may disclose information when required by law, valid legal process, or a lawful government or regulatory request.

We use the following categories of cookies:

• Authentication cookies (set by WordPress) to keep you logged in.
• Research-use acknowledgment cookie set when you acknowledge the research-use notice, so you are not re-prompted on every visit.
• WooCommerce session cookies used to remember your cart and recent product views.

We do not use advertising cookies, third-party tracking pixels, or cross-site advertising networks.

We retain personal information only for as long as is necessary for the purposes described in this Policy or as required by law:

• Account records and order history: retained for the duration of the account and for at least seven (7) years after account closure, to meet tax, accounting, and product-traceability obligations.
• Compliance acknowledgment records: retained for at least ten (10) years following the last order, as part of our research-use records.
• Marketing subscriptions: retained until you unsubscribe or request deletion.
• Server logs: retained for a limited operational period (generally no longer than 12 months).

Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal information:

• Right to access — request a copy of the personal information we hold about you.
• Right to correct — request that inaccurate information be corrected.
• Right to delete — request deletion of your account and associated personal information, subject to legal and compliance retention obligations described in Section 10.
• Right to portability — request a machine-readable copy of the personal information you have provided.
• Right to opt out of marketing — unsubscribe from any marketing communication at any time.
• Right to non-discrimination — we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.
• Right to lodge a complaint — with a data protection authority, if you are in a jurisdiction that provides for such an authority.

California residents. Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents may request disclosure of the categories and specific pieces of personal information collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information; may request deletion; may request correction; and may opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under California law.

To exercise any of these rights, contact us at info@biovexia.co or through the contact page. We will respond within 30 days (or as otherwise required by applicable law) and may verify your identity before responding.

We use commercially reasonable technical and organizational measures to protect personal information, including TLS/SSL encryption for data transmitted to and from the Site, password hashing, and access controls. No security measure is perfect, and we cannot guarantee the absolute security of any information.

The Site is intended for adult researchers aged 21 and over. We do not knowingly collect personal information from anyone under 21. If we learn we have collected information from a person under 21, we will delete it.

Biovexia LLC is based in the United States. If you access the Site from outside the United States, your information may be transferred to, stored in, and processed in the United States and in other countries where our service providers operate. Data protection laws in those jurisdictions may differ from those of your country.

We may update this Policy from time to time by posting a revised version to this page and updating the “Last updated” date above. For material changes, we will provide additional notice (for example, by email or by a prominent notice on the Site). Your continued use of the Site after a revised Policy is posted constitutes acceptance of the revised Policy.