Last Updated: October 30, 2025

1. INTRODUCTION

Onewell ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, or interact with our services (collectively, the "Services"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our Services.

We reserve the right to make changes to this Privacy Policy at any time. We will notify you of any changes by updating the "Last Updated" date. Your continued use of our Services following the posting of changes constitutes your acceptance of such changes.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide to Us

We collect personal information that you voluntarily provide to us when you:

• Create an account
• Make a purchase
• Subscribe to our newsletter
• Contact customer support
• Participate in surveys or promotions
• Interact with our social media
• Apply for a job
• Otherwise communicate with us

This information may include:

• Identity Information: Name, username, date of birth, gender
• Contact Information: Email address, postal address, phone number
• Account Information: Username, password, and other account credentials
• Payment Information: Credit card details, billing address, and payment history
• Order Information: Purchase history, shipping address, product preferences
• Communication Information: Information contained in messages you send us, customer service inquiries, reviews, and feedback
• Marketing Information: Your preferences for receiving marketing communications and your communication preferences

2.2 Information Automatically Collected

When you access our Services, we automatically collect certain information about your device and browsing behavior:

• Device Information: IP address, browser type and version, operating system, device type, unique device identifiers
• Usage Information: Pages viewed, time spent on pages, links clicked, search queries, referral URLs, exit pages
• Location Information: General geographic location based on IP address
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 6)

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Advertising Partners: Meta (Facebook/Instagram), TikTok, Google Ads, Snapchat, Twitter/X, Pinterest, Reddit, YouTube, and other advertising platforms
• Analytics Providers: Google Analytics, Shopify Analytics, and other analytics services
• Social Media Platforms: When you interact with our social media accounts or use social login features
• Payment Processors: Payment information from Shopify Payments, PayPal, Stripe, or other payment providers
• Data Brokers: Demographic and interest information from third-party data providers
• Marketing Partners: Information from marketing and advertising networks
• Public Databases: Publicly available information to verify your identity or prevent fraud

2.4 Information from Cookies and Similar Technologies

We and our third-party partners use cookies, web beacons, pixels, and similar technologies to collect information about your browsing behavior. This includes:

• First-Party Cookies: Set by us to remember your preferences and enable functionality
• Third-Party Cookies: Set by advertising and analytics partners including:
  • Meta Pixel (Facebook Pixel)
  • TikTok Pixel
  • Google Analytics
  • Google Ads conversion tracking
  • Snapchat Pixel
  • Pinterest Tag
  • Twitter/X conversion tracking
  • Reddit Pixel
  • Other advertising and retargeting pixels

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 To Provide and Manage Our Services

• Process and fulfill your orders
• Manage your account
• Process payments and prevent fraud
• Communicate with you about your orders and account
• Provide customer support
• Send transactional emails (order confirmations, shipping notifications, etc.)

3.2 To Improve and Optimize Our Services

• Analyze how you use our Services
• Conduct research and analysis
• Test new features and functionality
• Monitor and improve website performance
• Understand customer preferences and trends
• Develop new products and services

3.3 For Marketing and Advertising

• Send promotional emails and newsletters (with your consent)
• Display personalized advertisements on our website and third-party platforms
• Create and serve targeted advertising campaigns on:
  • Meta platforms (Facebook, Instagram)
  • TikTok
  • Google (Search, Display, YouTube)
  • Snapchat
  • Twitter/X
  • Pinterest
  • Reddit
  • Other advertising networks
• Measure advertising effectiveness and ROI
• Create lookalike audiences and custom audiences
• Retarget visitors who have viewed our products
• Track conversions and attribution across platforms
• Send abandoned cart reminders
• Conduct A/B testing of marketing campaigns

3.4 For Legal and Security Purposes

• Comply with legal obligations
• Enforce our Terms of Service and other policies
• Protect against fraud, abuse, and security threats
• Investigate and prevent illegal activities
• Respond to legal requests and prevent harm
• Protect our rights, property, and safety

3.5 For Business Operations

• Manage our business relationships
• Conduct internal business operations
• Maintain records and accounts
• Analyze business performance
• Plan for business continuity

4. HOW WE SHARE YOUR INFORMATION

We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• E-commerce Platform: Shopify (hosting, payments, order management)
• Payment Processors: Shopify Payments, PayPal, Stripe, and other payment gateways
• Shipping Carriers: USPS, FedEx, UPS, DHL, and other shipping providers
• Email Service Providers: For sending marketing and transactional emails
• Customer Support Tools: For managing customer inquiries and support tickets
• Cloud Storage Providers: For data storage and backup
• Analytics Providers: For website analytics and performance monitoring
• Security Services: For fraud detection and prevention

4.2 Advertising and Marketing Partners

We share information with advertising partners to display targeted advertisements:

• Meta (Facebook/Instagram): We share customer lists, website visitor data, and conversion events through Meta Pixel and Conversions API
• TikTok: We share data through TikTok Pixel for ad targeting and measurement
• Google: We share data through Google Ads, Google Analytics, and conversion tracking
• Snapchat: We share data through Snapchat Pixel for advertising
• Twitter/X: We share data for targeted advertising and conversion tracking
• Pinterest: We share data through Pinterest Tag for advertising
• Reddit: We share data through Reddit Pixel for advertising
• Other Advertising Networks: Various retargeting and display advertising platforms

These partners may use cookies, pixels, and similar technologies to collect information about your browsing activity and serve personalized ads across the internet.

4.3 Analytics Partners

We share information with analytics providers to understand how users interact with our Services:

• Google Analytics
• Shopify Analytics
• Hotjar or similar heatmapping tools
• Other analytics and optimization platforms

4.4 Social Media Platforms

When you interact with our social media accounts or use social sharing features, information may be shared with:

• Facebook
• Instagram
• TikTok
• Twitter/X
• Pinterest
• YouTube
• LinkedIn
• Other social media platforms

4.5 Business Transfers

If we are involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your information may be transferred as part of that transaction.

4.6 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Legal processes (subpoenas, court orders, warrants)
• Requests from government authorities
• Legal claims or disputes
• Protection of our rights and property
• Public safety concerns

4.7 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

4.8 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. ADVERTISING AND TRACKING

5.1 Interest-Based Advertising

We use third-party advertising companies to serve personalized advertisements based on your browsing behavior and interests. These companies may use cookies, pixels, and other tracking technologies to:

• Display ads on third-party websites and apps
• Track your interactions with our ads
• Measure ad performance and conversions
• Create audience segments for targeting
• Build lookalike audiences
• Retarget website visitors
• Prevent you from seeing the same ad repeatedly

5.2 Advertising Platforms We Use

We advertise on the following platforms, which may collect information about you:

• Meta (Facebook & Instagram): Meta Pixel collects data about your website visits, actions taken, and device information to show you personalized ads on Facebook and Instagram
• TikTok: TikTok Pixel tracks your interactions with our website to display targeted ads on TikTok
• Google: Google Ads and Analytics collect data to show you ads across Google Search, YouTube, and millions of partner websites
• Snapchat: Snapchat Pixel enables us to measure ad performance and show you ads on Snapchat
• Twitter/X: Conversion tracking enables targeted advertising on Twitter/X
• Pinterest: Pinterest Tag helps us show you relevant ads on Pinterest
• Reddit: Reddit Pixel enables advertising on Reddit
• Programmatic Advertising Networks: We may use demand-side platforms and ad exchanges to display ads across the internet

5.3 Cross-Device Tracking

Advertising partners may link your activity across multiple devices to provide a seamless advertising experience and improve targeting accuracy.

5.4 Custom Audiences and Lookalike Audiences

We may upload customer lists (email addresses or phone numbers) to advertising platforms to:

• Show ads to our existing customers
• Create lookalike audiences of users with similar characteristics
• Exclude existing customers from certain campaigns
• Measure campaign effectiveness

5.5 Conversion Tracking

We use conversion tracking pixels and APIs to measure the effectiveness of our advertising campaigns, including:

• Meta Conversions API
• TikTok Events API
• Google Enhanced Conversions
• Server-side tracking implementations

5.6 Retargeting

We use retargeting pixels to show ads to people who have previously visited our website or viewed specific products. This may include:

• Abandoned cart reminders
• Product recommendations
• Special offers for previous visitors
• Dynamic product ads

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality (shopping cart, checkout, account login)
• Analytics Cookies: Help us understand how visitors use our website
• Advertising Cookies: Used to deliver personalized ads and measure campaign performance
• Preference Cookies: Remember your settings and preferences
• Social Media Cookies: Enable social sharing and track social media interactions

6.2 Third-Party Cookies

Third-party advertising and analytics partners set cookies on our website, including:

• Meta Pixel
• TikTok Pixel
• Google Analytics
• Google Ads
• Snapchat Pixel
• Pinterest Tag
• Twitter/X conversion tracking
• Reddit Pixel
• Other advertising and analytics cookies

6.3 Cookie Management

Most browsers allow you to control cookies through their settings. You can:

• Block all cookies
• Block third-party cookies
• Delete existing cookies
• Receive alerts when cookies are being sent

Note that blocking or deleting cookies may impact your ability to use certain features of our Services.

6.4 Other Tracking Technologies

In addition to cookies, we use:

• Web Beacons: Small graphics embedded in emails and web pages
• Pixels: Code snippets that track user behavior
• Local Storage: Data stored in your browser
• SDKs: Software development kits in mobile apps (if applicable)
• Server Logs: Records of your interactions with our servers

7. YOUR PRIVACY CHOICES AND RIGHTS

7.1 Marketing Communications

You can opt out of marketing emails by:

• Clicking the "unsubscribe" link in our emails
• Updating your email preferences in your account settings
• Contacting us directly

Note that you will still receive transactional emails related to your orders even if you opt out of marketing communications.

7.2 Cookie Preferences

You can manage cookie preferences through:

• Browser settings
• Our cookie consent tool (if available)
• Third-party opt-out tools

7.3 Advertising Opt-Out

You can opt out of personalized advertising through:

• Meta: Visit Facebook Ad Preferences and Instagram Ad Preferences
• TikTok: Visit TikTok Settings > Privacy > Ads
• Google: Visit Google Ads Settings or install the Google Analytics Opt-out Browser Add-on
• Industry Opt-Out Tools:
  • Digital Advertising Alliance: www.aboutads.info/choices
  • Network Advertising Initiative: www.networkadvertising.org/choices
  • European Interactive Digital Advertising Alliance: www.youronlinechoices.eu
• Mobile Device Settings:
  • iOS: Settings > Privacy > Advertising > Limit Ad Tracking
  • Android: Settings > Google > Ads > Opt out of Ads Personalization

7.4 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, but you can use the opt-out methods described above.

7.5 Account Information

You can access and update your account information by logging into your account or contacting us.

7.6 Data Subject Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a machine-readable format
• Restriction: Request that we limit how we use your information
• Objection: Object to our processing of your information
• Withdraw Consent: Withdraw consent for data processing (where consent is the legal basis)
• Complaint: Lodge a complaint with a data protection authority

To exercise these rights, please contact us using the information in Section 14.

7.7 California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or shared
• Right to opt out of the sale/sharing of personal information
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising your rights

California "Shine the Light" Law: California residents can request information about how we share certain personal information with third parties for their direct marketing purposes.

To exercise your California privacy rights, contact us at [your email] or call [your phone number].

7.8 Nevada Privacy Rights

Nevada residents may opt out of the sale of certain personal information. We do not currently sell personal information as defined by Nevada law. If this changes, we will update this Privacy Policy.

7.9 Virginia, Colorado, Connecticut, and Utah Privacy Rights

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have rights under your state's privacy law, including the right to confirm whether we process your personal information, access your personal information, correct inaccuracies, delete your personal information, obtain a copy of your personal information, and opt out of targeted advertising.

7.10 UK and European Economic Area (EEA) Rights

UK Residents: If you are located in the United Kingdom, you have rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, including those listed in Section 7.6.

Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

• Website: https://ico.org.uk
• Phone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

EEA Residents: If you are located in the EEA, you have rights under the General Data Protection Regulation (GDPR), including those listed in Section 7.6. You also have the right to lodge a complaint with your local data protection authority.

Legal Basis for Processing: We process your personal information based on:

• Contract performance: To fulfill orders and provide our services
• Legitimate interests: To improve our services, prevent fraud, and conduct marketing (where not overridden by your rights)
• Consent: For marketing communications and certain cookies
• Legal obligations: To comply with UK and international laws

Special Category Data: We do not intentionally collect special category data (sensitive personal data) such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. If we need to process such data, we will obtain your explicit consent or ensure another legal basis applies.

8. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Factors we consider when determining retention periods include:

• The nature and sensitivity of the information
• Legal, accounting, or regulatory requirements
• Fraud prevention and security purposes
• The purposes for which we collected the information
• Whether we can achieve those purposes through other means

Typical retention periods:

• Account Information: Until you delete your account, plus a reasonable period for legal compliance
• Order Information: 7 years for tax and accounting purposes
• Marketing Data: Until you opt out, plus a reasonable period to process your request
• Analytics Data: Typically 26-38 months
• Customer Support Records: 3-7 years depending on jurisdiction

9. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (SSL/TLS)
• Encryption of sensitive data at rest
• Secure authentication and access controls
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. INTERNATIONAL DATA TRANSFERS

As a UK-based business, your information is primarily processed in the United Kingdom. However, your information may be transferred to and processed in countries other than the UK, including:

• United States (for services like Shopify, Meta, Google, TikTok)
• European Economic Area countries
• Other countries where our service providers operate

These countries may have data protection laws different from UK law.

When we transfer information internationally, we use appropriate safeguards such as:

• Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) and/or European Commission
• Adequacy decisions by the UK government or European Commission
• Other legally valid transfer mechanisms under UK GDPR

Transfers to the US: Many of our service providers (including Shopify, Meta, Google, TikTok) are based in the United States. We ensure these transfers comply with UK GDPR requirements through appropriate safeguards.

Transfers to the EEA: The UK government has recognized the EEA as providing adequate data protection, facilitating transfers between the UK and EEA.

11. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information.

12. THIRD-PARTY WEBSITES AND SERVICES

Our Services may contain links to third-party websites, applications, and services, including:

• Social media platforms
• Payment processors
• Advertising networks
• Partner websites
• Content providers

This Privacy Policy does not apply to these third-party services. We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing your information.

12.1 Social Media Plugins and Widgets

Our website may include social media features such as Facebook Like buttons, Instagram feeds, TikTok embeds, or Twitter/X feeds. These features may collect your IP address, track which pages you visit, and set cookies. Your interactions with these features are governed by the privacy policy of the company providing them.

12.2 Third-Party Advertising Partners

Our advertising partners, including Meta, TikTok, Google, Snapchat, Twitter/X, Pinterest, and Reddit, have their own privacy policies governing how they collect and use information. We recommend reviewing their privacy policies:

• Meta: https://www.facebook.com/privacy/explanation
• TikTok: https://www.tiktok.com/legal/privacy-policy
• Google: https://policies.google.com/privacy
• Snapchat: https://www.snap.com/privacy/privacy-policy
• Twitter/X: https://twitter.com/privacy
• Pinterest: https://policy.pinterest.com/privacy-policy
• Reddit: https://www.reddit.com/policies/privacy-policy

13. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy
• Posting a notice on our website
• Sending an email notification (for significant changes)

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Onewell
Email: [Your privacy/contact email]
Address: [Your business address]
Phone: [Your phone number]

For Data Subject Rights Requests: [Specific email for privacy requests]

For California Privacy Rights: [California-specific contact if different]

Data Protection Officer (if applicable): [DPO contact information]

We will respond to your inquiry within a reasonable timeframe as required by applicable law.

15. SPECIFIC JURISDICTIONAL PROVISIONS

15.1 For UK Residents

Data Controller: Onewell, located in the United Kingdom, is the data controller for your personal information.

Legal Basis: We process personal information based on contract performance, legitimate interests, consent, and legal obligations as described in Section 7.10.

UK GDPR Compliance: We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Your Rights: You have the rights described in Sections 7.6 and 7.10, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and withdraw consent.

ICO Registration: We are registered with the Information Commissioner's Office (ICO) [add your ICO registration number if applicable].

Retention: We retain data as described in Section 8, in accordance with UK law.

International Transfers: We transfer data outside the UK using appropriate safeguards as described in Section 10.

Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk

Marketing: We will only send you marketing communications if you have consented or if we have a legitimate interest (for existing customers regarding similar products). You can opt out at any time.

Cookies: We use cookies as described in Section 6. Under the Privacy and Electronic Communications Regulations (PECR), we obtain consent for non-essential cookies.

15.2 For EEA Residents

Data Controller: Onewell is the data controller for your personal information.

Legal Basis: We process personal information based on contract performance, legitimate interests, consent, and legal obligations.

GDPR Compliance: We comply with the General Data Protection Regulation (GDPR).

International Transfers: We transfer data outside the EEA using appropriate safeguards.

Retention: We retain data as described in Section 8.

Your Rights: You have the rights described in Section 7.6 and 7.10.

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

15.3 For California Residents

Categories of Personal Information Collected: We collect identifiers, commercial information, internet activity, geolocation data, and inferences.

Categories of Sources: We collect information from you, your devices, third-party advertising partners, analytics providers, and public sources.

Business Purposes: We use information for fulfilling orders, security, advertising, analytics, and legal compliance.

Categories of Third Parties: We share information with service providers, advertising partners, payment processors, shipping carriers, and analytics providers.

Sale/Sharing of Personal Information: We may "share" personal information with advertising partners for cross-context behavioral advertising as defined by CCPA. You have the right to opt out.

Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted under CCPA.

Opt-Out Preference Signals: We will process Global Privacy Control (GPC) signals for California residents.

15.4 For Other US States

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy laws, you may have additional rights as described in Section 7.9.

Effective Date: This Privacy Policy is effective as of the date listed at the top of this document.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.