Privacy policy

Privacy Policy

Last updated: May 19, 2026

This Privacy Policy explains how CELLSHE, operated by IRONVALE OÜ, collects, uses, shares, and protects personal information.

1. Scope

This Privacy Policy applies to the CELLSHE website, checkout, customer accounts, subscriptions, marketing communications, customer support, adverse event reporting, and related services.

2. Personal Information We Collect

We may collect identity information, contact information, order information, subscription information, payment status, shipping details, returns and refund history, customer support history, technical information, marketing information, and adverse event information where voluntarily provided.

Payment information is processed by payment providers. We do not store full card numbers.

Technical information may include IP address, device information, browser type, operating system, pages viewed, referring URLs, session data, cookie identifiers, approximate location derived from technical data, and interaction data.

Marketing information may include email consent status, marketing preferences, campaign interactions, ad interactions, coupon usage, and engagement data.

If you report an adverse event, we may collect health-related details that you choose to provide, such as symptoms, product use, medication use, medical care, and relevant health context.

3. Categories of Personal Information

Depending on how you interact with us, we may collect the following categories of personal information:

Category

Examples

Sources

Business or commercial purposes

Disclosures to service providers / partners

Identifiers

Name, email address, phone number, billing address, shipping address, account identifiers, order identifiers

You, Shopify, payment tools, support tools

Orders, accounts, shipping, customer support, fraud prevention, legal notices

Shopify, payment processors, shipping partners, customer support tools, fraud prevention tools

Commercial information

Products purchased, order history, subscription status, refunds, disputes, return history, customer service records

You, Shopify, subscription tools, support tools

Fulfillment, subscription management, refunds, disputes, analytics, accounting

Shopify, subscription app, fulfillment partners, accountants, payment processors

Internet or network activity

IP address, device data, browser type, pages viewed, cookie identifiers, email interactions, referral URLs

Website, cookies, analytics, email tools

Site operation, security, analytics, advertising measurement, consent management

Shopify, analytics providers, advertising platforms, cookie/CMP tools, Klaviyo

Approximate geolocation

Approximate location derived from IP address or shipping address

Website, shipping details, payment tools

Shipping eligibility, fraud prevention, tax and compliance review, analytics

Shopify, payment processors, fraud tools, shipping partners

Payment and transaction status

Payment authorization, payment status, transaction identifiers, fraud-screening status

Payment processors, Shopify

Processing transactions, fraud prevention, dispute management, accounting

Shopify Payments, Stripe, PayPal, Shop Pay, Apple Pay, Google Pay, fraud tools

Inferences

Preferences, purchase behavior, marketing engagement, likely product interests

Website activity, order history, email engagement

Personalization where permitted, marketing measurement, customer experience

Shopify, analytics providers, advertising platforms, Klaviyo

Sensitive personal information

Health-related adverse event details voluntarily provided by you, such as symptoms, product use, medication use, medical care, relevant health context

You, healthcare provider if you authorize it, customer support communications

Safety review, adverse event reporting, legal compliance, product quality, recordkeeping, defense

Compliance consultants, legal advisors, insurers, supplier/manufacturer quality teams, regulators where required

 

We do not require customers to provide health information to purchase products.

4. How We Use Personal Information

We use personal information to operate the website, process orders, process payments, fulfill and ship orders, manage subscriptions, provide customer support, handle returns, refunds, claims, and disputes, send transactional emails, send marketing communications where permitted, prevent fraud and abuse, comply with legal, tax, accounting, regulatory, and safety obligations, review adverse events, maintain product quality and compliance records, improve website performance, measure marketing effectiveness, and personalize user experience where permitted.

5. Legal Bases Under GDPR

Because IRONVALE OÜ is established in the European Union, the General Data Protection Regulation may apply to certain processing activities even though CELLSHE markets only to the United States.

Where GDPR applies, we rely on the following legal bases under Article 6 GDPR: contract performance for order processing, payment, shipping, subscriptions, and customer support; legal obligation for tax, accounting, regulatory, safety, adverse event, and compliance records; legitimate interests for fraud prevention, website security, business operations, customer service, dispute defense, analytics, non-sensitive marketing measurement, chargeback defense, and product quality management; and consent for email marketing, certain cookies, optional marketing preferences, and other processing where consent is required.

Where GDPR applies and health-related information is voluntarily provided in an adverse event report or similar safety communication, we may process that information under Article 9 GDPR where one or more conditions apply, including explicit consent where requested, establishment, exercise, or defense of legal claims, reasons of public interest in the area of public health or product safety, legal obligations related to dietary supplement safety reporting and recordkeeping, or another applicable lawful condition.

We do not use adverse event health information for targeted advertising.

We have not appointed a Data Protection Officer because we do not currently believe one is required based on our intended launch activities. We will reassess this at least annually and sooner if our processing activities, scale, product safety obligations, advertising stack, or regulatory obligations materially change.

Where GDPR applies, the competent supervisory authority may include the Estonian Data Protection Inspectorate. You may also have rights to lodge a complaint with a supervisory authority.

6. Service Providers and Data Sharing

We may share personal information with service providers and partners who help us operate our business, including Shopify, payment processors, subscription management tools, fulfillment and shipping partners, email marketing providers including Klaviyo, analytics providers, advertising platforms including Google Ads and future social media advertising platforms, customer support tools, fraud prevention providers, accountants, legal advisors, tax advisors, compliance consultants, insurers, and regulatory, safety, or government authorities where required.

We do not sell personal information in the ordinary sense of selling customer lists for money.

Some advertising or analytics technologies may be considered "selling," "sharing," "targeted advertising," or similar terms under certain privacy laws. Where required, we provide choices through cookie or privacy preference tools.

7. International Data Transfers

We may transfer, store, or process personal information in countries outside your state or country of residence, including the United States and the European Economic Area.

Where GDPR applies and data is transferred outside the EEA, we use appropriate safeguards where required, such as contractual protections, service provider agreements, standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

8. Email Marketing

If you subscribe to marketing emails, we may send you product updates, educational content, offers, and brand communications.

You can unsubscribe at any time by using the unsubscribe link in our emails or by contacting hello@cellshe.com.

Transactional emails related to orders, subscriptions, safety, accounts, or customer service may still be sent where necessary.

9. SMS Marketing

If SMS marketing is enabled in the future and you opt in, we may send text messages according to the consent and terms presented at signup.

Message frequency may vary. Message and data rates may apply. You will be able to opt out by replying STOP where supported, or by following instructions provided in the SMS program.

We will not activate SMS marketing until the relevant SMS consent language, TCPA workflow, sender identification, opt-out process, and service-provider terms are configured.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the website, remember preferences, support checkout, prevent fraud, analyze performance, and support advertising where enabled.

More details are available in our Cookie Policy.

11. Advertising and Analytics

We may use analytics and advertising tools, including Google Ads and future social media advertising pixels or similar technologies, to measure website performance, understand customer interactions, improve marketing, and deliver or measure ads.

Where required, such tools may depend on your consent or privacy settings.

12. U.S. State Privacy Rights

Depending on your state of residence and applicable law, you may have additional privacy rights, including the right to know or access personal information we process about you; request deletion of personal information; request correction of inaccurate personal information; receive a copy of personal information in a portable format; opt out of the sale or sharing of personal information; opt out of targeted advertising; opt out of certain profiling where applicable; limit the use or disclosure of sensitive personal information where applicable; appeal a privacy rights decision where applicable; and not be discriminated against for exercising privacy rights.

These rights may vary by state and may be subject to thresholds, exceptions, identity verification, legal retention requirements, and other limitations.

We will respond to a verifiable privacy request within 45 days of receipt where applicable law requires that timeline. Where reasonably necessary, we may extend the response period by up to an additional 45 days, with notice of the extension within the initial period. Where applicable law requires a shorter period, the shorter period applies.

13. Notice for California Residents

Although CELLSHE does not currently sell or ship products to California, California residents may visit our website and we may collect personal information through cookies, analytics tools, advertising tools, and email interactions.

To the extent CCPA/CPRA applies to such collection, California residents may exercise the rights described in this Privacy Policy, including access, deletion, correction, opt-out of sale or sharing, opt-out of targeted advertising, limit use of sensitive personal information, and non-discrimination, by contacting hello@cellshe.com or using the privacy choices tools available on our website.

CELLSHE does not knowingly sell or share for cross-context behavioral advertising the personal information of California residents under 16 years old. Our website and products are intended for adults 18 and older.

14. Do Not Sell or Share / Targeted Advertising

CELLSHE does not sell customer lists for money.

However, certain analytics, advertising, retargeting, pixel, cookie, or Shopify-enabled data uses may be considered a "sale," "sharing," or "targeted advertising" under some U.S. state privacy laws.

Where required, you may opt out through our cookie banner, privacy choices page, Shopify data sharing opt-out page, browser-based privacy signals where supported, or by contacting hello@cellshe.com.

15. Global Privacy Control

Where required by applicable law and technically supported, we will treat a valid Global Privacy Control signal as a request to opt out of sale, sharing, or targeted advertising for the browser or device sending the signal.

16. Sensitive Personal Information

We do not require customers to provide health information to purchase products.

If you voluntarily provide health-related information in an adverse event report, customer support request, review, survey, or communication, we process it only for safety, regulatory, legal, quality, compliance, insurance, supplier-coordination, recordkeeping, and support purposes.

We do not use adverse event health information for targeted advertising, retargeting, lookalike audiences, or marketing personalization.

If you wish to limit our use of sensitive personal information you have voluntarily provided, such as adverse event details, you may submit a request by emailing hello@cellshe.com with the subject line "Limit Sensitive PI." Your request will be honored to the extent reasonably feasible while preserving the safety, regulatory, recordkeeping, legal, insurance, supplier-coordination, and defense purposes for which we may be required or permitted to retain such information.

17. Verification of Privacy Requests

To protect your privacy and security, we may verify your identity before fulfilling a privacy request.

Verification may include confirming access to the email address associated with your order or account, matching information you provide to our records, requesting order information, or requesting additional information where the request is sensitive, high-risk, or submitted by an authorized agent.

We will not request more information than reasonably necessary for verification.

18. Authorized Agents

Where applicable law allows an authorized agent to submit a request on your behalf, we may require proof of authorization and may also require you to verify your identity directly with us.

19. Appeals

Where applicable law gives you the right to appeal a privacy rights decision, you may appeal by replying to our decision email or contacting hello@cellshe.com with the subject line "Privacy Appeal."

20. Adverse Event Reports

Adverse event information may be used to review safety concerns, respond to your report, investigate product quality issues, document safety information, comply with reporting and recordkeeping duties, communicate with manufacturing, quality, legal, compliance, insurance, or regulatory partners, and preserve records for legal defense or regulatory inspection.

Where GDPR applies, health-related adverse event information may be processed under the GDPR bases described in Section 5 of this Privacy Policy.

Adverse event information may be retained for legally required periods, including at least six years where dietary supplement adverse event recordkeeping obligations apply.

21. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including order fulfillment, customer service, subscription management, tax and accounting records, fraud prevention, legal compliance, adverse event reporting and recordkeeping, dispute resolution, and legitimate business operations.

Adverse event records may be retained for at least 6 years where required or appropriate for dietary supplement safety and regulatory purposes.

22. Security

We use reasonable technical, organizational, and administrative measures to protect personal information.

No online system is completely secure. You are responsible for keeping your account credentials confidential.

23. Your GDPR Rights

Where GDPR applies, you may have rights to access, rectify, erase, restrict, object, request portability, withdraw consent, and lodge a complaint with a supervisory authority.

To exercise rights, contact hello@cellshe.com.

24. Children and Minors

Our website and products are intended for adults 18 and older.

We do not knowingly collect personal information from anyone under 18, and we do not knowingly collect personal information from children under 13.

If you believe a minor has provided personal information to us, contact hello@cellshe.com.

25. Third-Party Links

Our website may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices of third parties.

26. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date. Where required, we may provide additional notice of material changes.

27. Contact

For privacy questions or requests, contact:

CELLSHE / IRONVALE OÜ

Sepapaja tn 6

Tallinn 11515

Estonia

Email: hello@cellshe.com

 

Cookie Policy

Last updated: May 19, 2026

This Cookie Policy explains how CELLSHE uses cookies and similar technologies.

1. What Are Cookies?

Cookies are small files stored on your browser or device. Similar technologies include pixels, tags, local storage, software development kits, and tracking identifiers.

2. Types of Cookies We May Use

We may use strictly necessary cookies for website operation, checkout, security, fraud prevention, cart functionality, account login, and subscription management.

We may use preference cookies to remember settings and improve your browsing experience.

We may use analytics cookies to understand website performance, page views, traffic sources, and user interactions.

We may use advertising or marketing cookies, pixels, or similar technologies to measure ads, build audiences, limit ad frequency, and support retargeting where permitted.

3. Consent

Where consent is required, we will request consent through a cookie banner, privacy settings tool, Shopify customer privacy settings, or similar mechanism.

You can change your cookie preferences where the relevant privacy tool is available.

4. Managing Cookies

You can manage cookies through your browser settings. Blocking certain cookies may affect website functionality, checkout, account access, subscription management, or fraud prevention.

5. Global Privacy Control

Where required by applicable law and technically supported, we will treat a valid Global Privacy Control signal as a request to opt out of sale, sharing, or targeted advertising for the browser or device sending the signal.

6. Advertising and Analytics

Advertising and analytics tools may include Shopify tools, Google Ads, Google Analytics, Meta or other future social media pixels, Klaviyo, or similar providers.

The exact tools used may change over time.

7. Changes

We may update this Cookie Policy from time to time. The updated version will be posted with a revised "Last updated" date.

8. Contact

For cookie questions, contact hello@cellshe.com.

 

Accessibility Statement

Last updated: May 19, 2026

CELLSHE strives to make its website accessible to all customers and references the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA as a benchmark for ongoing accessibility improvements.

We are continuously working to enhance the accessibility, usability, and readability of our website.

If you experience difficulty accessing any portion of our website, product information, checkout, policies, or customer support resources, please contact us at hello@cellshe.com with the subject line "Accessibility."

Please describe the issue, the page or feature involved, your browser and assistive technology if relevant, and the accommodation you need. We will make reasonable efforts to assist you and to provide an accessible alternative where feasible.