Privacy Policy

Optides LLC — optidesxi.com Effective Date: March 27, 2026 | Last Updated: March 27, 2026

This Privacy Policy is designed to comply with applicable United States federal and state privacy laws — including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the California Online Privacy Protection Act (CalOPPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), the Delaware Personal Data Privacy Act (DPDPA), the Oregon Consumer Privacy Act (OCPA), the Montana Consumer Data Privacy Act (MTCDPA), the Iowa Consumer Data Protection Act (ICDPA), the Indiana Consumer Data Protection Act (ICDPA-IN), the Tennessee Information Protection Act (TIPA), the Utah Consumer Privacy Act (UCPA), the New Jersey Data Privacy Act (NJDPA), the New Hampshire Privacy Act (NHPA), the Nebraska Data Privacy Act (NDPA), the Kentucky Consumer Data Protection Act (KCDPA), the Maryland Online Data Privacy Act (MODPA), the Minnesota Consumer Data Privacy Act (MCDPA), and the Florida Digital Bill of Rights (FDBR) — as well as the European Union General Data Protection Regulation (EU GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Law 25 (Act respecting the protection of personal information in the private sector), Brazil's Lei Geral de Proteção de Dados (LGPD), Australia's Privacy Act 1988, New Zealand's Privacy Act 2020, Japan's Act on the Protection of Personal Information (APPI), South Korea's Personal Information Protection Act (PIPA), India's Digital Personal Data Protection Act 2023, Singapore's Personal Data Protection Act (PDPA), South Africa's Protection of Personal Information Act (POPIA), Saudi Arabia's Personal Data Protection Law (PDPL), and other applicable international data protection laws.

Introduction & Scope
Data Controller Information
Definitions
Information We Collect
Notice at Collection (CCPA/CPRA)
Sources of Personal Information
How We Use Your Information
Legal Bases for Processing (GDPR / UK GDPR / LGPD)
How We Share & Disclose Information
Sale & Sharing of Personal Information
Cookies, Tracking Technologies & Advertising
Do Not Track & Global Privacy Control
Third-Party Services & Links
Data Security
Data Retention
International Data Transfers
Your Privacy Rights — All Jurisdictions
California Residents — Additional Rights (CCPA/CPRA)
Virginia Residents — Additional Rights (VCDPA)
Colorado Residents — Additional Rights (CPA)
Connecticut Residents — Additional Rights (CTDPA)
Texas Residents — Additional Rights (TDPSA)
Other U.S. State Residents — Additional Rights
EEA, UK & Swiss Residents (GDPR / UK GDPR)
Canadian Residents (PIPEDA)
Brazilian Residents (LGPD)
Australian & New Zealand Residents
Other International Jurisdictions
Children's Privacy
Sensitive Personal Information
Automated Decision-Making & Profiling
Data Breach Notification
Non-Discrimination
Authorized Agents
Identity Verification
Accessibility
Changes to This Privacy Policy
Contact Us

1. Introduction & Scope

Optides LLC ("Company," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains in detail how we collect, use, store, share, disclose, and protect personal information when you:

Visit, browse, or interact with our website at optidesxi.com (the "Site");
Create an account or register on the Site;
Purchase products from us;
Subscribe to our newsletter, emails, or SMS/text message communications;
Contact us via email, phone, live chat, social media, or any other channel;
Interact with our advertisements or marketing content on third-party platforms;
Engage with us in any other manner.

This Privacy Policy applies to all personal information collected through the Site, our communications, and any related services, sales, marketing, or events (collectively, the "Services"). It does not apply to information collected by third parties, including through any third-party website, application, or content that may link to or be accessible from our Site.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our Services or provide us with any personal information.

Important: Our Site and all products sold through it are intended exclusively for qualified researchers, laboratory professionals, and authorized entities for lawful in vitro research purposes only. Products are NOT for human or animal consumption. This context informs the types of data we collect and how we process it.

2. Data Controller Information

For the purposes of the GDPR, UK GDPR, LGPD, POPIA, PDPA, and other applicable data protection laws, the data controller responsible for your personal information is:

Optides LLC

Website: optidesxi.com
Email: optidesxi@gmail.com
Phone: (239) 453-3737
Mailing address: 3250 Bonita Beach Rd, Bonita Springs, FL 34134

Data Protection / Privacy Inquiries:

Email: optidesxi@gmail.com
Subject line: "Privacy Inquiry"

If you are located in the EEA, UK, or Switzerland and we do not maintain a local representative, you may contact us at the address above for all data protection inquiries. We will respond in accordance with applicable law.

3. Definitions

For the purposes of this Privacy Policy:

"Personal Information" / "Personal Data" — Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, household, or device. Includes names, email addresses, postal addresses, phone numbers, IP addresses, device identifiers, cookies, browsing history, purchase history, geolocation data, and account credentials.
"Sensitive Personal Information" — A subset of personal information requiring heightened protection: Social Security numbers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, health information, sexual orientation, biometric data, genetic data, and contents of mail, email, or text messages (where the business is not the intended recipient).
"Processing" — Any operation performed on personal data, whether by automated means or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
"Controller" / "Data Controller" — The entity that determines the purposes and means of processing personal data (Optides LLC).
"Processor" / "Data Processor" — An entity that processes personal data on behalf of the controller.
"Consumer" — A natural person who is a resident of a jurisdiction with applicable privacy laws, acting in an individual or household capacity.
"Sale" / "Sell" — Disclosing, making available, or transferring personal information to a third party for monetary or other valuable consideration, as defined under applicable state laws.
"Share" / "Sharing" — Under CCPA/CPRA, making personal information available to a third party for cross-context behavioral advertising purposes.
"Targeted Advertising" — Displaying advertisements selected based on personal data obtained from a consumer's activities over time and across nonaffiliated websites or applications.
"Profiling" — Any form of automated processing to evaluate, analyze, or predict aspects concerning an individual's behavior, preferences, interests, reliability, location, movements, health, or economic situation.
"De-identified Data" — Data that cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable individual, household, or device, provided that we maintain technical safeguards prohibiting re-identification.
"Pseudonymous Data" — Personal data that can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to prevent attribution.

4. Information We Collect

4.1 Information You Provide Directly

Data Category	Examples	When Collected
Identifiers & Contact Info	Full name, email, phone, mailing/billing/shipping address	Account creation, checkout, contact forms
Account Credentials	Username, password (stored encrypted/hashed & salted), security questions	Account registration
Commercial / Order Info	Products purchased, order numbers, dates, amounts, shipping preferences, coupon codes	Order placement
Payment Information	Credit/debit card number, expiration, CVV, PayPal, Venmo, Zelle, crypto wallet addresses. Full card numbers processed & stored exclusively by third-party processors — we do not store complete card numbers.	Checkout/payment
Professional / Institutional Info	Company or institution name, job title, credentials, research area (if voluntarily provided)	Account creation, order placement
Communication Content	Emails, chats (including AI chatbot transcripts where applicable), phone call records/transcripts, support tickets, surveys, reviews, feedback	Customer support, inquiries
Marketing Preferences	Email opt-in/out status, SMS consent, communication preferences, subscription preferences	Newsletter signup, preference center
User-Generated Content	Product reviews, testimonials, social media posts directed at us	Voluntary submission

4.2 Information Collected Automatically

Data Category	Examples	Collection Method
Device & Browser Info	IP address, browser type/version, OS, device type, device identifiers, screen resolution, language, time zone	Server logs, JavaScript
Usage Data / Internet Activity	Pages visited, products viewed, time on pages, clicks, scroll depth, on-site search terms, referring URL, exit pages, timestamps, visit frequency/duration	Analytics, server logs
Geolocation Data	Approximate location from IP (city/state/country). We do NOT collect precise GPS.	IP geolocation
Cookie & Tracking IDs	Cookie IDs, session IDs, pixel tags, web beacons, clear GIFs, ad identifiers, local/session storage IDs	Cookies, pixels, beacons
Inferences	Consumer profiles reflecting preferences, characteristics, behavior, attitudes, abilities, or aptitudes	Analytics, internal algorithms
Connection & Network Info	ISP name, connection type (broadband/mobile), bandwidth	Server logs
AI Chatbot Interactions	Chat transcripts, messages sent and received, timestamps, topics discussed, session identifiers	AI chatbot system
Calculator Usage	Values entered into reconstitution calculator, calculated results, timestamps, session identifiers	Calculator tool

4.3 Information from Third-Party Sources

Data Category	Source	Purpose
Payment Verification	Payment processors (Stripe, PayPal, etc.)	Order verification, fraud prevention
Fraud & Risk Signals	Fraud detection, identity verification providers	Preventing fraudulent transactions
Advertising & Analytics	Google Ads, Meta/Facebook, analytics providers	Ad effectiveness, traffic source attribution
Publicly Available Info	Public databases, government records, public social media	Identity verification, account validation

5. Notice at Collection (CCPA/CPRA)

Per the CCPA/CPRA, the following table discloses the categories of personal information collected in the preceding 12 months, purposes, and whether each is sold or shared:

CCPA Category	Collected?	Business Purpose	Sold?	Shared?
A. Identifiers	Yes	Orders, accounts, communications, security	No	No
B. Cal. Civ. Code §1798.80(e)	Yes	Payment, shipping	No	No
C. Protected Classifications (age 18+)	Limited	Age verification / compliance	No	No
D. Commercial Info	Yes	Fulfillment, analytics	No	No
E. Biometric Info	No	N/A	No	No
F. Internet/Network Activity	Yes	Analytics, security	No	No
G. Geolocation (approximate)	Yes	Analytics, fraud prevention	No	No
H. Sensory Data (call recordings)	Limited	QA, dispute resolution	No	No
I. Professional/Employment Info	Limited	Buyer qualification	No	No
J. Education Info	No	N/A	No	No
K. Inferences	Yes	Analytics, personalization	No	No
L. Sensitive PI (credentials only)	Limited	Account security	No	No

We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA without your explicit consent.

6. Sources of Personal Information

We collect personal information from the following categories of sources:

Directly from you — account creation, orders, forms, customer support, surveys, voluntary submissions.
Automatically from your devices — cookies, pixel tags, web beacons, server logs, JavaScript, and similar technologies when you interact with the Site.
Third-party service providers — payment processors, shipping carriers, fraud detection, analytics providers, advertising networks, identity verification services.
Publicly available sources — government databases, public records, publicly accessible social media profiles.

7. How We Use Your Information

7.1 Order Fulfillment & Service Delivery

Processing and fulfilling orders; managing payments and refunds; arranging shipping, delivery, and tracking; providing order confirmations and updates; managing your account; providing customer support.

7.2 Communication

Sending transactional messages (order confirmations, shipping updates, account alerts, password resets); responding to inquiries; and, where you have opted in, sending promotional communications via email, SMS, or other channels.

7.3 Site Operations, Analytics & Improvement

Operating, maintaining, and improving the Site; analyzing usage trends; monitoring performance and stability; diagnosing issues; A/B testing; personalizing your experience; developing new features.

7.4 Security, Fraud Prevention & Legal Compliance

Detecting, investigating, and preventing fraud, unauthorized access, and illegal activities; verifying identity and age; enforcing our Terms of Service; protecting rights, property, and safety; complying with laws, regulations, legal processes, and governmental requests including tax, regulatory, and record-keeping requirements.

7.5 Marketing & Advertising

Delivering and measuring ad campaigns on third-party platforms; creating lookalike/custom audiences; retargeting; analyzing marketing performance. All subject to your opt-out rights.

7.6 Research & Development

Internal analysis to improve products, services, and operations, using aggregated and/or de-identified data where possible.

7.7 Legal Obligations & Dispute Resolution

Complying with legal obligations; establishing, exercising, or defending legal claims; resolving disputes.

7.8 AI & Tool Improvement

Analyzing AI chatbot interactions and calculator usage data to improve the accuracy, relevance, and safety of our automated tools; identifying patterns of misuse; training and refining AI models; and enhancing the user experience. Chatbot interactions may be reviewed by human staff for quality assurance purposes.

If you are in the EEA, UK, Switzerland, Brazil, or a jurisdiction requiring a legal basis:

Legal Basis	Applies To
Performance of a Contract (Art. 6(1)(b))	Fulfilling orders, managing accounts, processing payments, arranging shipping, customer support.
Legal Obligation (Art. 6(1)(c))	Tax reporting, fraud prevention, regulatory record-keeping, responding to lawful government requests.
Legitimate Interests (Art. 6(1)(f))	Site security, fraud detection, analytics, marketing to existing customers, quality assurance, business operations. Balanced against your rights.
Consent (Art. 6(1)(a))	Marketing to non-customers, non-essential cookies/tracking, processing sensitive data. Withdrawable at any time.

9.1 Service Providers / Processors

Service	Examples	Data Shared
Payment Processing	Stripe, PayPal, Venmo, Zelle, crypto processors	Payment info, billing address, order details
Shipping & Fulfillment	USPS, UPS, FedEx, 3PL providers	Name, shipping address, phone, order details
Hosting & Infrastructure	Cloud hosting, CDN services	All data processed through the Site
Analytics	Google Analytics, Meta Pixel	Device info, usage data, cookie identifiers
Email & SMS Marketing	Email/SMS service providers	Name, email, phone, marketing preferences
Customer Support	Helpdesk, live chat providers	Name, email, communication content
Fraud Prevention	Fraud screening, bot detection	IP, device info, transaction details
Advertising	Google Ads, Meta/Facebook Ads	Cookie IDs, usage data, hashed email

All service providers are contractually bound to process data only for specified purposes, maintain confidentiality, and comply with applicable data protection laws. Under CCPA/CPRA they are classified as "service providers" or "contractors" and are prohibited from selling or sharing data received from us.

9.2 Legal & Regulatory Disclosures

We may disclose personal information when required by law, regulation, legal process, or governmental request; to enforce our agreements; to protect rights, property, or safety; to detect and prevent fraud; or in emergencies involving danger of death or serious injury.

9.3 Business Transfers

In mergers, acquisitions, reorganizations, asset sales, or bankruptcy, personal information may be transferred. We will notify you via email and/or Site notice.

We may share personal information for purposes not described here with your explicit consent.

9.5 Aggregated & De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot identify you, without restriction.

We do not sell your personal information. We have not sold personal information in the preceding 12 months and do not intend to. "Selling" is defined broadly under CCPA/CPRA, VCDPA, CPA, CTDPA, TDPSA, and other state laws to include disclosure for monetary or other valuable consideration.

We do not share your personal information for cross-context behavioral advertising as defined under the CCPA/CPRA.

If our practices change, we will update this policy, provide notice, and ensure you can opt out as required by law.

11. Cookies, Tracking Technologies & Advertising

11.1 Types of Cookies

Type	Description	Duration
Essential / Strictly Necessary	Required for core Site function: cart, authentication, session management, security, load balancing. Cannot be disabled.	Session – 1 year
Analytics / Performance	How visitors use the Site: pages visited, time spent, errors, traffic sources. Aggregated and anonymous (e.g., Google Analytics).	Up to 2 years
Functional / Preference	Enhanced functionality: login state, language, region, display settings.	Up to 1 year
Marketing / Advertising	Track visitors across websites for targeted ads (Google Ads, Meta Pixel). Measure ad campaign effectiveness.	Up to 2 years
Pixel Tags / Web Beacons	Tiny transparent images recording email opens, link clicks, page views. Analytics & attribution.	N/A
Local / Session Storage	Browser-based storage for non-sensitive preferences and temporary data.	Varies

11.2 Specific Third-Party Technologies

Google Analytics — Privacy: policies.google.com/privacy. Opt-out: tools.google.com/dlpage/gaoptout
Meta / Facebook Pixel — Privacy: facebook.com/privacy/policy
Google Ads / Tag Manager — Privacy: policies.google.com/privacy

We reserve the right to add or remove third-party technologies at any time and will update this section accordingly.

Browser settings: Refuse all/some cookies or get alerts. Consult your browser's help docs.
Cookie consent banner: If displayed, manage preferences anytime.
Opt-out links: Service-specific links above.
Industry tools: DAA (optout.aboutads.info), NAI (optout.networkadvertising.org), EDAA (youronlinechoices.eu).

Disabling cookies may affect functionality. Essential cookies cannot be disabled.

12. Do Not Track & Global Privacy Control

Do Not Track (DNT): No universal standard exists. We do not currently respond to DNT signals, but honor all legally required opt-out mechanisms.

Global Privacy Control (GPC): We recognize and honor Global Privacy Control signals as valid opt-out requests for the sale and sharing of personal information, as required by CCPA/CPRA, CPA, CTDPA, and other applicable laws. When we detect a GPC signal from your browser, we will treat it as an opt-out of the sale and sharing of personal information associated with that browser and device.

13. Third-Party Services & Links

Our Site may link to third-party services not operated by us. This Privacy Policy does not apply to them. We are not responsible for their practices. Review their policies before providing personal information. Links do not imply endorsement.

14. Data Security

We implement reasonable administrative, technical, and physical safeguards:

Encryption in transit: SSL/TLS (HTTPS) for all data transmission.
Encryption at rest: Sensitive data encrypted on servers.
Access controls: Need-to-know basis, strong authentication, role-based access.
Password security: Hashed and salted; never stored in plain text.
Firewalls & intrusion detection: Network security, IDS/IPS.
Regular assessments: Security reviews, vulnerability scans, penetration testing.
Employee training: Data security and privacy training for personnel.
Vendor security: Service providers required to implement appropriate security.
Incident response: Documented breach response plan with defined roles and procedures.

No method of Internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. You provide information at your own risk. If you believe your interaction with us is no longer secure, contact us immediately.

15. Data Retention

Data Category	Retention Period	Basis
Order & transaction records	7 years from transaction date	IRS/state tax requirements
Account information	Active account + 2 years after last activity, or until deletion requested	Contract, legitimate interests
Customer support communications	3 years from last communication	Dispute resolution, QA
Marketing preferences & consent records	Duration of consent + 3 years after withdrawal	Proof of consent, compliance
Website analytics data	26 months (Google Analytics default) or anonymized indefinitely	Site improvement
Server logs	12 months	Security, troubleshooting
Cookie data	Varies (see Section 11)	Functional, analytics, marketing
Fraud investigation records	5 years or as required by law	Legal obligation, security

When no longer needed, data is securely deleted, anonymized, or de-identified. De-identified data may be retained indefinitely.

16. International Data Transfers

Optides LLC is based in the United States. If you access the Site from outside the U.S., your data may be transferred to and processed in the U.S. and other countries with different data protection laws.

Where required by law (GDPR, UK GDPR, LGPD, POPIA, etc.), we implement appropriate safeguards:

Standard Contractual Clauses (SCCs) — EU Commission-approved and UK-equivalent International Data Transfer Agreements.
Adequacy Decisions — Where applicable.
Supplementary Measures — Additional technical/organizational protections as needed.
EU-U.S. Data Privacy Framework — Including UK Extension and Swiss-U.S. DPF, where applicable.
Binding Corporate Rules — If adopted in the future.

17. Your Privacy Rights — All Jurisdictions

Depending on your location, you may have the following rights (not all available in all jurisdictions):

Right	Description
Access / Know	Confirm whether we process your data and obtain a copy.
Correction / Rectification	Correct inaccurate or incomplete data.
Deletion / Erasure	Request deletion, subject to legal exceptions.
Portability	Receive data in structured, machine-readable format.
Opt-Out of Sale	Opt out of sale. (We don't sell data.)
Opt-Out of Sharing	Opt out of sharing for cross-context behavioral ads. (We don't share.)
Opt-Out of Targeted Advertising	Opt out of targeted ad processing.
Opt-Out of Profiling	Opt out of profiling with legal/significant effects.
Limit Sensitive Data Use	Limit use of sensitive PI to what's necessary.
Restrict Processing	Restrict processing under certain circumstances.
Object	Object to processing based on legitimate interests or direct marketing.
Withdraw Consent	Withdraw at any time; doesn't affect prior lawful processing.
Non-Discrimination	Exercise rights without being penalized.
Appeal	Appeal if your request is denied.
Lodge Complaint	File complaints with your supervisory authority.

How to Exercise Your Rights

Email: optidesxi@gmail.com (Subject: "Privacy Rights Request")
Phone: (239) 453-3737
Website: optidesxi.com (privacy request form, if available)

Include your full name, email associated with your account, and the right(s) you wish to exercise. We verify identity before processing (see Section 35). Response within timeframes required by law (generally 30–45 days, with extensions as permitted).

18. California Residents — Additional Rights (CCPA/CPRA)

If you are a California resident, the CCPA/CPRA grants you additional specific rights:

Right to Know: Disclose categories, sources, purposes, third parties, and specific pieces of PI collected in past 12 months.
Right to Delete: Delete PI, subject to exceptions.
Right to Correct: Correct inaccurate PI.
Right to Opt-Out of Sale/Sharing: We do not sell or share PI.
Right to Limit Sensitive PI: Limit use to what's necessary.
Right to Non-Discrimination.

Financial Incentives: We do not offer incentives in exchange for PI retention or sale. If we offer such incentives in the future, we will provide a separate notice explaining the material terms and your right to opt in or opt out.

California Shine the Light (Cal. Civ. Code §1798.83): We do not disclose PI to third parties for their direct marketing purposes.

CalOPPA Compliance: Users can visit anonymously; this policy is linked conspicuously from our homepage with the word "Privacy"; we notify of changes on this page.

Response time: 45 days, with one 45-day extension. Up to 2 requests per 12-month period.

19. Virginia Residents — Additional Rights (VCDPA)

If you are a Virginia resident, the VCDPA grants you the right to: confirm processing; access; correct; delete; portability; opt out of targeted advertising, sale, and profiling with legal/significant effects.

Right to Appeal: Email optidesxi@gmail.com with "Privacy Appeal — Virginia." Response within 60 days. If denied, contact the Virginia Attorney General at oag.state.va.us/consumer-protection/index.php/file-a-complaint.

Response time: 45 days + 45-day extension.

20. Colorado Residents — Additional Rights (CPA)

If you are a Colorado resident, the CPA grants you the right to: confirm; access; correct; delete; portability; opt out of targeted advertising, sale, and profiling.

Universal Opt-Out: We honor GPC signals under the CPA.

Right to Appeal: Email with "Privacy Appeal — Colorado." Response within 45 days. If denied, contact the Colorado Attorney General at coag.gov/file-complaint.

21. Connecticut Residents — Additional Rights (CTDPA)

If you are a Connecticut resident, the CTDPA grants you the right to: confirm; access; correct; delete; portability; opt out of targeted advertising, sale, and profiling.

Universal Opt-Out: We honor GPC signals.

Sensitive Data: Consent obtained before processing.

Right to Appeal: Email with "Privacy Appeal — Connecticut." Response within 60 days.

22. Texas Residents — Additional Rights (TDPSA)

If you are a Texas resident, the TDPSA grants you the right to: confirm; access; correct; delete; portability; opt out of targeted advertising, sale, and profiling. Also applies to pseudonymous data that could be linked to an individual.

Right to Appeal: Email with "Privacy Appeal — Texas." Response within 60 days. If denied, contact the Texas Attorney General at texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.

Penalties: The TDPSA carries per-violation penalties of up to $25,000, enforced by the Texas Attorney General.

23. Other U.S. State Residents — Additional Rights

Residents of these states may have similar rights under their comprehensive privacy laws. We honor all valid requests:

Delaware — DPDPA (eff. Jan 1, 2025)
Florida — FDBR (eff. Jul 1, 2024)
Indiana — ICDPA-IN (eff. Jan 1, 2026)
Iowa — ICDPA (eff. Jan 1, 2025)
Kentucky — KCDPA (eff. Jan 1, 2026)
Maryland — MODPA (eff. Oct 1, 2025)
Minnesota — MCDPA (eff. Jul 31, 2025)
Montana — MTCDPA (eff. Oct 1, 2024)
Nebraska — NDPA (eff. Jan 1, 2025)
New Hampshire — NHPA (eff. Jan 1, 2025)
New Jersey — NJDPA (eff. Jan 15, 2025)
Oregon — OCPA (eff. Jul 1, 2024)
Tennessee — TIPA (eff. Jul 1, 2025)
Utah — UCPA (eff. Dec 31, 2023)

General rights: access, correct, delete, port data, opt out of targeted ads/sale/profiling. Right to appeal if denied. Contact us per Section 38.

As new state laws take effect, we will honor those rights and update this section.

If you are located in the EEA, UK, or Switzerland, the GDPR and/or UK GDPR provide you with the following rights:

Right of Access (Art. 15) — Obtain confirmation and access to your personal data and processing details.
Right to Rectification (Art. 16) — Correct inaccurate or incomplete data.
Right to Erasure / Right to Be Forgotten (Art. 17) — Request deletion under certain conditions.
Right to Restriction of Processing (Art. 18) — Restrict processing under certain circumstances.
Right to Data Portability (Art. 20) — Receive data in structured, machine-readable format.
Right to Object (Art. 21) — Object to processing based on legitimate interests or direct marketing (ceased immediately upon objection).
Right Not to Be Subject to Automated Decision-Making (Art. 22) — Not be subject to solely automated decisions with legal/significant effects.
Right to Withdraw Consent (Art. 7(3)) — Withdraw at any time without affecting prior lawful processing.
Right to Lodge a Complaint — With your local supervisory authority. EU/EEA list: edpb.europa.eu/about-edpb/about-edpb/members_en. UK: ico.org.uk.

Response: 1 month, extendable by 2 months for complex requests. See Section 16 for transfer safeguards.

25. Canadian Residents (PIPEDA)

If you are a Canadian resident, PIPEDA and applicable provincial privacy laws provide you with the right to: access PI we hold about you; challenge accuracy and request amendment; withdraw consent (subject to legal restrictions).

Response: Within 30 days.

Complaints: Office of the Privacy Commissioner of Canada at priv.gc.ca.

We also comply with Quebec's Law 25, Alberta's PIPA, and BC's PIPA where applicable.

26. Brazilian Residents (LGPD)

If you are a Brazilian resident, the LGPD provides you with the right to: confirmation of processing; access; correction; anonymization/blocking/deletion of unnecessary data; portability; deletion of consent-based data; information about shared entities; information about consent denial consequences; revocation of consent.

Complaints: Brazil's ANPD at gov.br/anpd.

27. Australian & New Zealand Residents

Australia (Privacy Act 1988 / APPs): You have the right to access and correct your personal information. We will take reasonable steps to ensure data accuracy. Complaints: Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

New Zealand (Privacy Act 2020): Similar rights to access and correct. Complaints: Office of the Privacy Commissioner at privacy.org.nz.

28. Other International Jurisdictions

We respect privacy rights worldwide. If you reside in a jurisdiction not specifically listed — including Japan (APPI), South Korea (PIPA), India (DPDP Act 2023), Singapore (PDPA), South Africa (POPIA), Saudi Arabia (PDPL), UAE, Israel, Argentina, or any other jurisdiction — we will honor your rights under applicable local law. Contact us per Section 38. We will respond within the timeframe your local law requires.

By using our Site from outside the U.S., you consent to data transfer to the U.S. (see Section 16 for transfer safeguards).

29. Children's Privacy

Our Site is not intended for individuals under 18. We do not knowingly collect from anyone under 18. If discovered, we will immediately delete the data. Parents/guardians: contact optidesxi@gmail.com immediately.

We comply with COPPA (under 13), the California Age-Appropriate Design Code Act, and similar state/international legislation protecting minors' data.

30. Sensitive Personal Information

We collect only account login credentials (hashed passwords) as sensitive PI, used solely for account security.

We do not collect: SSN, driver's license numbers, passport numbers, financial account numbers (handled by processors), precise geolocation, race/ethnicity, religion, union membership, genetic data, biometric data, health info, sexual orientation, or private communications content (except communications directed to us).

We do not use sensitive PI beyond purposes permitted by applicable law. Where consent is required (GDPR, CTDPA, VCDPA), we obtain it before processing.

31. Automated Decision-Making & Profiling

We do not engage in automated decision-making producing legal or similarly significant effects. We do not use AI/algorithms for pricing, eligibility, creditworthiness, employment, housing, insurance, or essential services decisions based on personal data.

Basic profiling for analytics/personalization (e.g., product recommendations) does not produce legal effects. You can opt out of profiling for targeted advertising per Sections 17–23.

32. Data Breach Notification

If a breach involving your PI poses risk, we notify you and authorities per applicable law:

GDPR: Authority within 72 hours; individuals without undue delay if high risk.
U.S. States: Individuals and AGs within state-specific deadlines (generally 30–60 days; Florida requires 30 days).
PIPEDA: Privacy Commissioner and individuals as soon as feasible if real risk of significant harm.
LGPD: ANPD and individuals within reasonable time.

Notifications include: breach description, categories/numbers affected, likely consequences, and measures taken.

33. Non-Discrimination

We will not discriminate for exercising privacy rights under any applicable law. We will not: deny services; charge different prices; provide different quality; or suggest differential treatment based on exercising rights.

34. Authorized Agents

You may designate an authorized agent. We may require: (a) signed written authorization; (b) direct identity verification; (c) confirmation of agent's permission. Exceptions for valid powers of attorney.

35. Identity Verification

Before processing requests, we verify identity via: matching info on file; requesting additional info; sending verification links/codes; or requiring login. Verification level matches request sensitivity. If unverifiable, we explain and provide instructions. We will not provide PI to unverified requestors.

36. Accessibility

If you have difficulty accessing this policy due to a disability or need an alternative format, contact optidesxi@gmail.com or call (239) 453-3737.

37. Changes to This Privacy Policy

We may update this policy at any time. For material changes, we will: update the "Last Updated" date; post the revised policy; and where required, notify you by email or prominent Site notice before changes take effect. Previous versions available upon request.

Continued use after modifications constitutes acceptance of the revised policy.

38. Contact Us

Questions, concerns, complaints, or requests regarding this Privacy Policy or your privacy rights: