Legal
Privacy Policy
Effective June 13, 2026 · Last updated June 13, 2026
Crystal Clear Wellness (“we,” “us,” or “our”), respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access our websites that link to it (the “Sites”) and our related services (“Services”). Please read this Policy carefully and periodically.
Table of contents
- 1. Who we are
- 2. Information we collect
- 3. How we use your personal data
- 4. How we share your personal data
- 5. Data security
- 6. Your state privacy rights and additional disclosures
- 7. Data retention
- 8. Third party links
- 9. Children’s privacy
- 10. International data transfers
- 11. Accessibility
- 12. Contact us
Who we are
Depending on how you interact with our Sites and Services, we may act in one of two roles: (1) as a “data controller,” where we determine the purposes and means of processing your personal data; or (2) in a processing capacity on behalf of another entity, which may be referred to as a “data processor” depending on the context.
When you interact directly with our Sites and Services, we generally act as a data controller. We act as a processor when collecting and processing your personal data on behalf of another business entity. When acting in a processing capacity, our collection and processing of your personal data is at the direction of the business entity to whom you provided the personal data. You should consult the privacy policies and notices of the business entity to whom you provided the personal data for information on how they handle your personal data and direct any queries and requests to exercise your rights with respect to your personal data to them.
Similarly, when we act as a business associate under HIPAA, we process Protected Health Information (“PHI”) at the direction of the applicable covered entity, and the covered entity’s Notice of Privacy Practices governs the handling of your PHI and your rights with respect thereto. This Privacy Policy is not a HIPAA Notice of Privacy Practices. You should consult the covered entity’s Notice of Privacy Practices for information on how they handle your PHI and direct any queries and requests to exercise your rights with respect to your PHI to them. Where we maintain a HIPAA Notice of Privacy Practices for PHI we hold, it is available here.
Information we collect
We collect personal data from you through your use of the Sites and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data:
Personal data that you give us
We collect the following types of personal data that you provide through the Sites or Services for the following purposes:
- Account information. When you create an account with us, you will provide us with your name, email address, password (which we store in hashed form, not in the clear), date of birth, and your shipping and billing address.
- Arranging a Consult. When you seek to arrange a consult, you may provide us with your state of residence, basic health questionnaire responses, current medications, allergies, relevant medical history, photos you upload (where applicable), and other health information you share as part of requesting or attending a consult or obtaining a service through us.
- Membership and order information. When you select a membership plan or make an order, you may provide us with your plan information, order history, the status of your consults and shipments, your tracking numbers, the Independent Business Owner (IBO) who referred you (if any), and any information you provide in customer-service correspondence.
- Payment information. When you pay for a membership or product, you may provide your credit or debit card information, bank account information, and billing information. Our payment processing is carried out by PayMatrix. PayMatrix may collect, record, and store the payment information you provide.
- Contact Us. If you email or call us using one of our contact methods, you will provide your contact information, and any additional information you choose to provide in your message to us.
- Marketing. We may use your contact information to market our Services to you or to make you aware of changes to this Privacy Policy, our Terms and Conditions, or any other agreement between you and us.
Information collected automatically
When you visit the Sites, certain technical and behavioral information is collected automatically by us, our hosting providers, our analytics tools, and the advertising platforms we use, as described further below. This may include:
- Usage Information. For example, the pages on the Sites you access, the frequency of access, and what you click on while on the Sites.
- Device Information. For example, hardware model, operating system, application version number, and browser.
- Mobile Device Information. Aggregated information about whether the Sites are accessed via a mobile device or tablet, the device type, and the carrier.
- Location Information. Location information from visitors to the Sites on a city-regional basis.
Cookies and other tracking technologies
How We Use Cookies. Like many other companies, we use cookies and other tracking technologies (collectively, “Cookies”). Cookies are small files of information that are stored by your web browser software on your computer hard drive, mobile or other devices (e.g., smartphones or tablets).
We use Cookies to:
- Estimate audience size and usage patterns;
- Understand and save your preferences for future visits, allowing us to customize the Sites and Services to your individual needs;
- Advertise new content and services that relate to your interests;
- Keep track of advertisements and search engine results;
- Compile aggregate data about site traffic and site interactions to resolve issues and offer better site experiences and tools in the future; and
- Recognize when you return to the Sites.
We set some Cookies ourselves, while separate entities set other Cookies. We use Cookies other entities set to provide us with useful information, to help us improve our Sites and Services, to conduct advertising, and to analyze the effectiveness of advertising. For example, we use Cookies from Google, Facebook, Tiktok and other similar companies.
How You Can Opt-Out of Cookies. When you first visit our Sites, you may be presented with a banner which offers you choices about whether to accept or reject cookies or tracking technologies of different types. If you wish to change your Cookie preferences, you can do so through the Browser Settings described below.
You can find out more about Cookies and how to manage them by visiting www.AboutCookies.org or www.allaboutcookies.org.
Platform Controls. You can opt out of Cookies set by specific entities by following the instructions found at these links:
- Facebook: https://www.facebook.com/about/ads
- Google: https://adssettings.google.com
Advertising Industry Resources. You can understand which entities have currently enabled Cookies for your browser or mobile device and how to opt out of some of those Cookies by accessing the Network Advertising Initiative’s website or the Digital Advertising Alliance’s website. For more information on mobile specific opt-out choices, visit the Network Advertising Initiative’s Mobile Choices website. Please note these opt-out mechanisms are specific to the device or browser on which they are exercised. Therefore, you will need to opt out on every browser and device that you use.
Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies to help us analyze how users interact with the Sites and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google, click here.
Other Types of Collecting Activities. The Sites and Services may use Cookies third-party vendors provide to collect information on user behavior (e.g., screens and pages visited, buttons and links clicked, limited information entered, and user taps and mouse movements). This information enables us to monitor and improve the user experience.
Global Privacy Control. Some browsers and browser extensions transmit a Global Privacy Control (GPC) signal. If we receive one from your browser, we treat it as a valid request to opt out of (i) the “sale” of personal data, (ii) the “sharing” of personal data for cross-context behavioral advertising, and (iii) the use of non-essential advertising cookies on that device, in each case to the extent applicable under state law. GPC is the established opt-out signal today, the Sites do not separately respond to or alter their practices when they receive “Do Not Track” signals.
How we use your personal data
In addition to the purposes stated above, we use the personal data we collect in accordance with applicable law such as to:
- Run, maintain, and improve our Sites and Services.
- Protect the security and integrity of our Sites and Services.
- Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms and Conditions, and to fulfill our legal obligations.
- To deliver, measure, and optimize advertising and attribution campaigns, and run analytics.
- Monitor compliance with and enforce this Privacy Policy and any applicable agreements and policies.
- Defend our legal rights and the rights of others.
- Fulfill any other purposes for which you provide it.
- For any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal data as disclosed to you.
- Comply with applicable law, court orders, or other legal processes.
How we share your personal data
We may share the personal data that we collect about you in the following ways:
- With vendors that provide data, Site- and Service-related processes to us or on our behalf (e.g., email, hosting, maintenance, analysis, communication, etc.), including:
- Application hosting and infrastructure providers.
- Database providers.
- Email service providers.
- Telehealth technology platforms that you utilize in conjunction with our Services.
- Payment processing providers.
- Healthcare providers, including pharmacies, that you utilize in connection with our Services.
- Our marketing email platform, used only for non-PHI marketing communications.
- Customer-support tooling and team communications platforms.
- Our professional advisors (legal, accounting, audit).
- With vendors to deploy and analyze advertising content.
- With healthcare providers or IBOs as necessary to provide you with the Services.
- With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of the personal data.
- To the extent we are required to do so by law, regulation, court order, subpoena, or other legal process.
- In connection with any legal proceedings or prospective legal proceedings.
- Investigate or prevent suspected illegal activity, fraud, security or technical issues, or violations of our Terms and Conditions.
- To establish, exercise, or defend our or a third party’s (including other users, our partners, or the public’s) legal rights, property, or safety.
- With any other person or entity as part of any merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or anything similar, proceeding or in preparation for any of these events and that person may use your personal data for their own purposes.
- With any other person or entity where you consent to or direct the disclosure.
- For any other purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary.
For more information on how we sell personal data with third parties, see our “Your state privacy rights and additional disclosures” section below.
Data security
We use commercially reasonable administrative, technical, and physical safeguards to protect the personal data we hold from loss, misuse, destruction, or unauthorized access. However, no method of transmission or storage over the Internet is 100% secure, and we cannot guarantee absolute security.
Your state privacy rights and additional disclosures
Depending on the state in which you reside, you may have certain privacy rights regarding your personal data. How and to whom you exercise those rights depends on the capacity in which we are acting.
Where we act in a processing capacity on behalf of another entity, you must direct any requests to access your personal data or to exercise any other privacy right to the entity to whom you provided your personal data. We will assist them in responding to your request and will act on their instructions.
Where we act as a data controller, you may exercise your rights directly with us. If you are a California resident, please see our “Notice to California residents” section below. For other state residents, your privacy rights may include (if applicable):
- The right to confirm whether or not we are processing your personal data and to access such personal data;
- The right to obtain a copy of your personal data that we collected from and/or about you in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another controller without hindrance, where the processing is carried out by automated means;
- The right to obtain a list of specific third parties to which we have sold your personal data (unless we do not maintain this information in a format specific to you, in which case, we will provide a list of specific third parties to which we have sold any consumers’ personal data);
- The right to delete personal data that we collected from and/or about you, subject to certain exceptions;
- The right to correct inaccurate personal data that we maintain about you, subject to certain exceptions;
- The right, if applicable, to opt-out of the processing of your personal data for purposes of (1) targeted advertising; (2) the “sale” of your personal data (as that term is defined by applicable law); and (3) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you;
- If your personal data is profiled in furtherance of decisions that produce legal or similarly significant effects concerning you, you have the right to question the result of the profiling, to be informed of the reason that the profiling resulted in the decision, and, if feasible, to be informed of what actions you might have taken to secure a different decision (and the actions that you might take to secure a different decision in the future). If applicable, you also have the right to review the personal data used in the profiling and, if the decision is determined to have been based upon inaccurate personal data, the right to have the data corrected and the profiling decision reevaluated based upon the corrected data;
- If we are required by applicable law to obtain your consent to process sensitive personal data, the right to withdraw your consent; and
- The right not to receive discriminatory treatment by us for the exercise of your privacy rights.
Depending on how the applicable privacy law defines a “sale,” we may sell personal data to third parties. For instance, if you are a resident of Connecticut, our use of cookies and tracking technologies constitutes a sale of personal data to third-party advertisers. We also use cookies and other tracking technologies to display advertisements about our products to you on nonaffiliated websites, applications, and online services. This is “targeted advertising” under applicable privacy laws.
Washington and Nevada residents looking for information relating to our collecting and processing of their consumer health data should refer to our Consumer Health Data Privacy Notice.
How to exercise your rights
To exercise your rights, please submit a request by emailing us at support@ccrxpharm.com, with the subject line “Privacy Rights Request.” If legally required, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the individual on whose behalf you are making such request. To prevent misuse, we may need to verify your identity before processing a request based on information we have in our records. If you are submitting an opt-out request on behalf of another individual, please use the same contact methods described above. We will process authorized agent requests in accordance with applicable law. If we refuse to take action regarding your request, you may appeal our decision by replying to the email you received from us in response to your request. If you would like to opt-out of targeted advertising, you may alter your cookie preferences through the Browser Settings described above.
Notice to California Residents
Shine the Light Law. We do not disclose personal information obtained through our Sites or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.
Data retention
We keep personal data for as long as necessary to fulfill the purposes for which we collected it, such as to provide the Services you have requested, comply with our contractual, legal and regulatory obligations, resolve disputes, enforce our agreements, and protect our legal rights. Where we are acting solely as a data processor or business associate on behalf of a data controller, we will return your personal data to such data controller once our processing is completed, in accordance with its instructions.
Third party links
The Sites may contain links that will let you leave the Sites and access another website. Linked websites are not under our control. We accept no responsibility or liability for these other websites.
Children’s privacy
The Services are intended for adults 18 and older. We do not knowingly collect, use, or disclose personal data from children under 13.
International data transfers
For individuals located outside the United States (US), in particular in Switzerland, the United Kingdom (UK) and the European Economic Area (EEA), please note that we are based in the US and the Services are run from, and only intended for, residents of the US. We do not market to or solicit customers from outside the US via the Sites, and users of the Sites should not expect to avail themselves of the rights provided under international privacy laws. If you access the Services from outside the US, be aware that we transfer personal data to the US for purposes described in this Privacy Policy and the US may have privacy and data protection laws that differ from and are potentially less protective than, the laws of your country.
Changes to this Policy
We may change this Privacy Policy from time to time. If we do, we will post an amended version on this webpage and update the “Last Updated” date. For material changes, we will provide you with additional notice, such as a statement on the homepages of the Sites, or notification by email or by other reasonable means.
Accessibility
We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.
Contact us
To contact us for questions or concerns about our privacy policies or practices, please use the contact methods provided below: