Privacy policy

Privacy & Data Use Policy

Last Updated: 2026-05-27

This Privacy & Data Use Policy describes how Toleric ("Company," "we," "us," or "our") collects, uses, shares, and protects information when you visit toleric.com, purchase products, subscribe, or interact with us. Toleric is operated by Mediants Solutions LLC.

By using our website or purchasing from us, you consent to the practices described in this Policy.

1. Information We Collect

Information you provide

  • Account & purchase data: name, email, shipping address, billing address, phone number
  • Payment data: processed by our payment processors (Shopify Payments, Stripe, PayPal, Apple Pay, Google Pay, Shop Pay) — we receive a tokenized payment method, not your full card number
  • Subscription preferences: product, frequency, delivery schedule
  • Support communications: emails, chat messages, customer service interactions
  • User-generated content: reviews, photos, videos, social media tags, content submitted to our creator portal
  • Survey responses, quiz answers, marketing preferences

Information we collect automatically

  • Device & browser data: IP address, browser type, device type, operating system
  • Usage data: pages visited, time on site, click patterns, referral source, search terms
  • Cookies & tracking technologies: see §3 below
  • Session recordings: we may use session-replay tools (such as Hotjar, Microsoft Clarity) to understand how visitors interact with our site
  • Geolocation: approximate location based on IP address

Information from third parties

  • Marketing partners: ad platform impression data, attribution signals
  • Social media: if you tag us or interact with us on Instagram, TikTok, Facebook, YouTube, X, Reddit, etc.
  • Analytics providers: aggregated audience demographics and interests

2. How We Use Your Information

We use your information to:

  • Process orders, ship products, and handle returns
  • Operate subscriptions and recurring billing
  • Provide customer support
  • Send transactional emails (order confirmations, shipping updates, refund notifications)
  • Send marketing communications (when you opt in)
  • Improve our products, website, and customer experience
  • Personalize content and recommendations
  • Run advertising campaigns and measure their performance
  • Detect and prevent fraud
  • Comply with legal obligations
  • Enforce our Terms of Service

3. Cookies & Tracking Technologies

We and our partners use cookies, pixels, web beacons, and similar technologies to:

  • Keep you logged in across pages
  • Remember your shopping cart contents
  • Measure site performance and traffic
  • Track conversions and ad performance
  • Personalize advertising
  • Run A/B tests and improve site experience
  • Record sessions to identify usability issues

Examples of tracking partners we use:

  • Analytics: Google Analytics, Shopify Analytics
  • Advertising: Meta (Facebook/Instagram) Pixel, TikTok Pixel, Google Ads conversion tracking, Pinterest Tag
  • Email & SMS: Klaviyo, Postscript
  • Reviews: Judge.me, Loox, or equivalent
  • Session replay: Hotjar, Microsoft Clarity, or equivalent
  • Customer support: Gorgias, Zendesk, or equivalent chat widgets

Managing cookies:

You can control cookies via your browser settings. Most browsers allow you to:

  • Block all cookies
  • Block third-party cookies only
  • Delete existing cookies
  • Set "Do Not Track" preferences

Blocking cookies may affect site functionality (cart persistence, login, checkout).

4. SMS & Email Marketing

Email marketing

If you opt in (at checkout, in the email signup form, or in your account), we may send you:

  • Product launches and announcements
  • Promotional offers
  • Educational content about histamine, DAO enzymes, and digestive health
  • Recipe and lifestyle content
  • Customer stories and reviews

You can unsubscribe anytime via the link in any marketing email, or by emailing support@toleric.com. Transactional emails (order confirmations, shipping updates) will continue even if you unsubscribe from marketing.

SMS marketing

If you opt in to SMS (separately from email), we may send:

  • Cart abandonment reminders
  • Order status updates
  • Promotional offers
  • Subscription notifications

Message frequency: Up to 8 messages per month.
Message & data rates may apply. Reply STOP to unsubscribe. Reply HELP for help.

Your phone number is shared only with our SMS platform (Postscript or equivalent) for delivery purposes.

5. How We Share Information

We share your information with:

Service providers (process data on our behalf)

  • Payment processors: Shopify Payments, Stripe, PayPal, Apple Pay, Google Pay
  • Shipping carriers: USPS, UPS, FedEx
  • Fulfillment partners: the 3PL or warehouse that ships your order
  • Email/SMS platforms: Klaviyo, Postscript, or equivalent
  • Analytics providers: Google Analytics, Shopify Analytics
  • Advertising platforms: Meta, TikTok, Google, Pinterest (for advertising and audience measurement)
  • Customer support tools: Gorgias, Zendesk, or equivalent
  • Review platforms: Judge.me, Loox, or equivalent

These partners process your data only on our instructions and per their own privacy policies.

Legal & safety

We may share information when required by law, court order, or government request, or to:

  • Investigate fraud, abuse, or security incidents
  • Enforce our Terms of Service
  • Protect the rights, property, or safety of Toleric, our customers, or the public

Business transfers

If Toleric is involved in a merger, acquisition, asset sale, or financing transaction, your information may be transferred as part of that transaction. We'll notify you via email and on toleric.com if such a transfer changes how your data is handled.

Aggregated or de-identified data

We may share aggregated or de-identified data (information that doesn't identify you) for analytics, research, or marketing purposes without restriction.

6. Your Privacy Rights

All customers

You can:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (subject to legal retention requirements)
  • Opt out of marketing communications
  • Opt out of cookies and tracking
  • Request a copy of your data in portable format

To exercise any of these rights, email support@toleric.com with the subject line "Privacy Request" and your order email address. We'll respond within 30 days.

California residents (CCPA / CPRA)

In addition to the rights above, California residents have the right to:

  • Know what categories of personal information we collect, the sources, and the purposes
  • Know which third parties we share data with
  • Opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising
  • Limit the use of sensitive personal information
  • Non-discrimination for exercising privacy rights

To exercise CCPA/CPRA rights: email support@toleric.com with the subject line "California Privacy Request."

We do not knowingly sell personal information in the traditional sense, but our use of advertising pixels (Meta, TikTok, Google) may be considered "sharing" under CCPA. To opt out, email support@toleric.com.

EU/EEA/UK residents (GDPR / UK GDPR)

If you're in the EU, EEA, or UK, you have rights under the GDPR including:

  • Access, rectification, erasure
  • Restriction of processing
  • Data portability
  • Objection to processing (including direct marketing)
  • Lodging a complaint with your local Data Protection Authority

Legal basis for processing: consent (for marketing), contract performance (for orders/subscriptions), legitimate interests (for fraud prevention, analytics, business operations), legal obligation (for tax/regulatory compliance).

International data transfers: your data is processed in the United States. We rely on Standard Contractual Clauses or equivalent safeguards for transfers from the EU/UK to the US.

7. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected:

  • Account & purchase records: retained while your account is active + 7 years after for tax, accounting, and legal compliance
  • Marketing data: retained until you unsubscribe
  • Support communications: retained for 2 years
  • Anonymous analytics: retained indefinitely (does not identify you)

After retention periods expire, we securely delete or anonymize your data.

8. Data Security

We use industry-standard security measures to protect your personal data:

  • TLS/SSL encryption on all data transmitted between your browser and our servers
  • Tokenized payment processing (we never store full credit card numbers)
  • Restricted access to personal data on a need-to-know basis
  • Regular security audits of our hosting (Shopify) and third-party processors

No system is 100% secure. If a data breach affects your personal information, we'll notify you and the relevant authorities as required by law.

9. Children's Privacy

Toleric is intended for adults 18 years of age or older. We do not knowingly collect personal information from children under 13 (or under 16 in the EU).

If you believe a child has provided us with personal data, email support@toleric.com and we'll delete it.

10. Do Not Track Signals

Some browsers send "Do Not Track" (DNT) signals. There's no industry standard for how to respond. At this time, we do not change our practices based on DNT signals, but you can opt out of specific tracking via the methods described in §3 and §6.

11. Global Privacy Control (GPC)

We honor Global Privacy Control browser signals where applicable as an opt-out of "sale" or "sharing" under CCPA/CPRA.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be:

  • Posted at toleric.com/policies/privacy-policy with a new "Last Updated" date
  • Emailed to active customers when changes substantially affect how we handle data

Continued use of our website after changes constitutes acceptance of the updated policy.

13. Contact Information

For privacy questions or to exercise your privacy rights:

Email: support@toleric.com
Subject line: "Privacy Request" (or "California Privacy Request" for CCPA, or "GDPR Request" for EU/UK)

Mailing Address:
Mediants Solutions LLC
30 N Gould St Ste R
Sheridan, WY 82801
United States

We respond to privacy requests within 30 days.

These statements have not been evaluated by the Food and Drug Administration. This product is not intended to diagnose, treat, cure, or prevent any disease.