Wrizelonshun.world

Lenoa data stewardship

Privacy Policy

Wrizelonshun.world maintains this Privacy Policy so you can understand how Lenoa storefront data moves through our systems, which laws we harmonize with, and how to exercise rights regardless of whether you shop from California, Cologne, or Calgary.

Document refreshed

Introduction

Privacy is a design constraint for Lenoa, not an afterthought. We document flows in plain language, separate strictly necessary processing from optional analytics, and provide verifiable contact channels for regulatory correspondence. Supplement marketing is sensitive: we refuse to infer health conditions from browsing behavior for promotional use.

Summary promise: we collect the minimum data needed to fulfill orders, keep the website dependable, and respect lawful rights requests without imposing unnecessary friction.

Controller identity

Legal name: Wrizelonshun.world
Registered address: 350 Parnassus Ave Ste 100, San Francisco, CA 94117, United States
Contact email: ask@wrizelonshun.world
Product brand: Lenoa (dietary supplement labeling)

For GDPR purposes we act as a controller when determining why and how personal data is processed. When you interact solely with a payment processor’s hosted fields, that processor also acts as an independent controller for fraud signals it generates under its own policies.

Scope

This Policy applies to personal data processed through https://wrizelonshun.world, associated landing pages, email threads initiated through published addresses, and offline intake that is digitized into the same case management tools. It does not govern employees, prospective employees, or business-to-business negotiations covered under separate agreements.

Data categories

The table below is representative; exact fields depend on how you engage with us.

Category Examples
Identifiers Name, email, postal address, phone, IP address, device identifiers
Commercial information Products viewed, carts, purchase history, refund requests
Internet activity Referrer URLs, page sequence, approximate region from IP
Communications Messages you send, support tickets, survey responses you volunteer
Inferences Merchandising preferences derived from consented browsing—not health inferences

Purposes and legal bases

Under GDPR Article 6 we rely on multiple lawful bases. Under CPRA and parallel state statutes we disclose the business or commercial purpose for each processing cluster.

  • Contract necessity: checkout, fulfillment, warranty administration, transactional email.
  • Legitimate interests: cybersecurity monitoring, duplicate-order detection, aggregated analytics without singling out individuals, knowledge-base improvement—balanced with opt-outs.
  • Consent: non-essential cookies, SMS or promotional email where double opt-in applies, innovative pilots clearly flagged at enrollment.
  • Legal obligation: tax archives, customs declarations, responses to lawful subpoenas after jurisdictional review.

Collection sources

Most data arrives directly from you. We also receive limited attributes from payment gateways (authorization status, card brand, risk score), logistics carriers (delivery scans), and fraud intelligence vendors bound by confidentiality clauses. We do not purchase email lists that contain health-related segmentation.

Processors and onward recipients

We appoint subprocessors under Article 28 GDPR-style clauses mirroring the strictest duty of care available. Categories include secure hosting, transactional email, payment tokenization, warehouse management, and translation for multilingual policies. Sale of personal information is not a revenue stream for Lenoa; any sharing that could be characterized as a “sale” under U.S. state law is disclosed at collection with granular opt-outs.

International transfers

Primary infrastructure resides in the United States. When data originating in the EEA, UK, or Switzerland crosses borders, we implement Standard Contractual Clauses (2021 versions) with supplementary technical measures such as pseudonymized logging keys. Copies of transfer impact assessments are available upon request to enterprise partners; consumers may request a summary referencing the SCC modules in effect.

Retention schedule

Retention aims to meet legal, accounting, and evidentiary requirements without hoarding.

Record type Default retention
Completed orders and invoices Seven years unless a longer statute applies
Marketing consents and unsubscribe logs Three years after last interaction
Cookie consent receipts Thirteen months rolling
Contact form archives Twenty-four months unless linked to legal matter
Security logs Ninety days unless investigation extends

Security measures

Controls include TLS 1.2+ across public endpoints, segregated admin VPN requirements, hashed password storage for internal tools, quarterly access reviews, encryption at rest for database snapshots, and immutable backups with defined restoration drills. No control eliminates risk entirely; report suspected vulnerabilities to the email listed below with “Security” in the subject line.

Your privacy rights

European Economic Area and United Kingdom

You may request access, rectification, erasure, restriction, portability, objection, and human review of automated decisions with legal effect. Submit requests via email with reasonable identity validation. We respond within one month, extendable by two months for complex bundles with explanation.

United States state residents

Depending on your state of residence you may request access, deletion, correction, opt-out of sales/sharing, and limits on certain uses of sensitive data. Authorized agents must provide signed permissions unless non-commercial tools recognized by law suffice.

Sensitive personal information

We do not intend to collect health diagnoses through the Lenoa storefront. If you voluntarily disclose medical context in a support email, we minimize retention and never use it for advertising algorithms. Californians may limit use of sensitive personal information to those uses permitted under CPRA.

Marketing preferences

Every promotional email contains a one-click unsubscribe honoring applicable grace periods. Postal catalogs ship only after explicit opt-in where required. We do not send Lenoa offers through unsolicited fax or automated dialers.

Automated decision-making

Checkout fraud scoring may block a transaction automatically, but you may appeal by contacting support with order references. We do not employ solely automated decisions that deny essential services without escalation paths.

Children

Lenoa is not directed at individuals under sixteen. Guardians who believe a minor submitted data should notify us promptly for deletion unless law mandates retention.

Third-party links

Educational references may link to botanical research portals. Those destinations maintain independent notices; review them before submitting personal data.

California privacy notice addendum

California residents may exercise rights free of discrimination. Financial incentives tied to loyalty programs, if introduced, will disclose material terms. We maintain metrics on consumer requests as required by CPRA regulations and publish annual summaries when thresholds trigger.

Supervisory authorities and regulators

EU/UK residents may lodge complaints with local supervisory authorities. U.S. residents may contact state attorneys general for unresolved disputes concerning deceptive practices, though we prefer direct resolution first.

Changes to this Policy

Material updates receive a revised “Document refreshed” stamp at the top of this page, generated dynamically when you load it. Historic snapshots are available upon regulatory request. Significant changes affecting optional processing prompt renewed consent banners.

Contact

Privacy requests and regulatory correspondence: ask@wrizelonshun.world
Postal service: Wrizelonshun.world, Attn: Privacy Desk, 350 Parnassus Ave Ste 100, San Francisco, CA 94117, USA.