Privacy Policy

This Privacy Policy describes how Ryxanordvap.world (“we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal data when you visit https://ryxanordvap.world, communicate with our team, or purchase Ovrica dietary supplement products. We drafted this statement to align with the EU General Data Protection Regulation (“GDPR”), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA, and other U.S. state privacy statutes where they apply.

By continuing to use the Site after the effective date shown beside this document, you acknowledge the practices below unless a stricter rule applies in your jurisdiction and cannot be waived.

Identity of the controller

The data controller responsible for this Policy is Ryxanordvap.world, located at 29200 Six Mile Rd, Livonia, MI 48152, United States. For privacy requests, email chat@ryxanordvap.world and include enough detail for us to verify your identity proportionate to the risk of the request.

Scope, audience, and age limitations

This Policy covers personal data processed through our websites, landing experiences, email inboxes operated by us, SMS where you opt in, paper forms you voluntarily send, and telephonic conversations recorded only where notice and consent are provided. It does not govern third-party platforms that merely link to us unless those platforms act as our processor under contract.

Ovrica products and the Site are intended for adults at least eighteen (18) years old. We do not knowingly collect personal data from minors. If you are a parent or guardian who believes we received a child’s information, contact us immediately so we can delete it and adjust our records.

Categories of personal data we process

Depending on how you engage with us, we may process some or all of the following categories:

Contact and identity details

Full name, salutation, billing and shipping addresses, email address, telephone number, company name if you represent an organization, and communication preferences.

Transactional and account information

Order identifiers, SKUs, quantities, currency, tax details, shipment tracking numbers, returns history, loyalty identifiers if applicable, and notes you add to orders.

Payment-related data

Payment instruments are processed by PCI-DSS compliant payment partners. We typically receive a tokenized reference, partial card digits, expiration metadata, and payment status—not full primary account numbers stored on our own servers.

Support and content submissions

Messages you send through contact forms, email threads, chat transcripts if offered, uploaded attachments, and survey answers you choose to provide.

Technical, device, and usage data

Internet protocol address, approximate geographic region derived from IP, browser type and version, operating system, device identifiers, referring URL, pages viewed, time on page, click paths, diagnostics, and cookie or pixel identifiers as described in our Cookie Policy.

Marketing and audience data

Consent logs, suppression lists, campaign engagement metrics, hashed identifiers used for modeled audiences where permitted, and partner-provided segments only when you have consented or applicable law allows.

Sensitive or special categories

We do not intentionally collect health records, genetic data, or government identifiers. If you voluntarily disclose health context in a support message, we restrict access and retain it only as long as needed to respond unless law requires otherwise.

Sources of personal data

We obtain personal data directly from you, automatically through cookies and similar technologies, from payment processors and shipping carriers in the course of performing services, from fraud prevention vendors, and occasionally from referral partners when you explicitly consent to a handoff.

Purposes and lawful bases under GDPR

Where GDPR applies, we rely on the following bases:

Performance of a contract

Processing orders, delivering Ovrica products, processing payments, providing receipts, and offering warranty-related support.

Legitimate interests

Securing the Site, detecting fraud, improving user experience through aggregated analytics, training staff, enforcing our Terms, documenting compliance, and sending service communications that are reasonably expected.

Legal obligations

Tax, customs, accounting, product safety, and regulatory inquiries from authorities with proper jurisdiction.

Consent

Non-essential cookies, marketing emails, SMS, international data transfers that require consent, and certain sensitive processing if ever needed.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal, except where an overriding law applies.

U.S. state privacy disclosures

Residents of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia may have rights to confirm processing, access, delete, correct, obtain a portable copy, opt out of targeted advertising, profiling in furtherance of decisions that produce legal or similarly significant effects, and/or the sale or sharing of personal data as defined locally. We do not discriminate based on the exercise of privacy rights.

To submit a request, email chat@ryxanordvap.world from the address associated with your account or order and describe the right you wish to exercise. We verify requests commensurate with risk and respond within the timeframe required by your state, including an appeal process where mandated.

How we share personal data

We disclose personal data to infrastructure and hosting providers, email delivery services, customer support platforms, analytics partners when you enable analytics cookies, advertising networks when you enable marketing cookies, professional advisers, potential acquirers during a merger subject to confidentiality obligations, and law enforcement when legally compelled or to protect vital interests.

Processors are bound by written agreements requiring appropriate safeguards and assisting with data subject requests.

International transfers

We are headquartered in the United States. If you access the Site from the EEA, UK, or Switzerland, your data may be transferred to the U.S. or other countries. Where required, we implement Standard Contractual Clauses, supplementary technical measures such as encryption in transit, and transfer impact assessments.

Retention periods

We retain personal data only as long as necessary for the purposes collected, including legal, accounting, and reporting requirements:

Orders and finance

Up to seven (7) years from the transaction date unless a shorter period is permitted in your jurisdiction.

Marketing consents and suppression files

Until you withdraw consent or object, after which we retain minimal identifiers to honor your choice.

Support tickets

Thirty-six (36) months after closure unless a dispute extends the need.

Security logs

Between twelve (12) and twenty-four (24) months unless an active investigation requires longer retention.

Cookie identifiers

According to the lifespan described in the Cookie Policy, typically not exceeding twenty-four (24) months for optional categories.

Security measures

We implement administrative, technical, and organizational measures including role-based access controls, least-privilege credentials, encryption for data in transit, malware scanning, vendor due diligence, incident response playbooks, employee confidentiality commitments, and periodic reviews of retention and access logs.

No security program is perfect; if we become aware of a breach that affects your rights, we will notify regulators and you as required by law.

Your GDPR rights

If GDPR applies, you may request access, rectification, erasure, restriction of processing, data portability, and object to processing based on legitimate interests or direct marketing. You may lodge a complaint with your supervisory authority. We respond within one month, extendable by two further months where complexity warrants, and explain any refusal with legal reasoning.

Automated decision-making

We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning you.

Third-party links

The Site may reference social networks or partner pages. Their privacy policies govern data you provide after you leave our environment.

Changes to this Policy

We may update this Policy to reflect new products, laws, or technical realities. Material changes will be highlighted on the Site with a revised “as of” date adjacent to this document.

Contact

Questions about this Privacy Policy may be directed to chat@ryxanordvap.world or the postal address listed in the sidebar. For EU-based individuals, you may also contact your local supervisory authority.