Privacy Policy

Shyft Labs LLC (“Shyft Labs,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit shyftlabs.bio (the “Site”) or place an order with us. By using the Site, you agree to the practices described in this policy. This policy is drafted to comply with applicable U.S. privacy laws including the Florida Digital Bill of Rights, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the California Online Privacy Protection Act (CalOPPA).

We use the information we collect solely for the following business purposes: (1) Order Fulfillment — to process payments, ship products, and send order confirmations and tracking. (2) Customer Support — to respond to inquiries, process COA requests, and resolve disputes. (3) Legal Compliance — to comply with applicable laws including tax obligations and record-keeping requirements. (4) Security & Fraud Prevention — to detect and prevent fraudulent transactions, product misuse, and unauthorized Site access. (5) Age & Buyer Verification — to verify buyers are 21 or older and represent themselves as qualified researchers per our Terms of Service. (6) Site Improvement — to analyze usage patterns and improve Site functionality. (7) Communications — to send transactional emails and, with your consent, occasional product updates. We do not use your information for automated profiling, behavioral advertising, or AI-based decision-making.

We do not sell your personal information to any third party. We may share your information only in these limited circumstances: (1) Service Providers — trusted vendors who help us operate the Site and fulfill orders (payment processor, shipping carriers, hosting provider). These parties are contractually required to protect your data and may only use it to provide services to us. (2) Legal Obligations — if required by law, subpoena, court order, or government authority, or to protect our legal rights or public safety. (3) Business Transfers — in the event of a merger, acquisition, or asset sale, your information may transfer as part of that transaction. We will notify you prior to any such transfer. (4) With Your Consent — for any other purpose with your explicit prior consent.

Our Site uses cookies to improve your browsing experience, analyze Site traffic, and maintain session state. Essential Cookies: required for the Site to function (session management, cart, checkout) — cannot be disabled without impairing functionality. Analytics Cookies: used to understand how visitors interact with the Site — data is aggregated and not linked to individual identities. Preference Cookies: remember your settings for future visits. You may control cookie settings through your browser. We do not respond to Do Not Track (DNT) signals, but we do not engage in cross-site behavioral tracking.

We retain personal information only as long as necessary to fulfill the purposes for which it was collected. Typical retention periods: Order and transaction records: 7 years (tax and legal compliance). Customer support communications: 2 years. Technical/analytics data: 13 months rolling. Age verification records: duration of account plus 3 years. We implement reasonable security measures including SSL/TLS encryption, access controls, and PCI-DSS compliant payment processing. No method of internet transmission is 100% secure and we cannot guarantee absolute security.

Depending on your state of residence, you may have the following rights: Right to Know — request details about what personal information we collect, use, and share. Right to Access — request a copy of the personal information we hold about you. Right to Delete — request deletion of your personal information, subject to legal retention obligations. Right to Correct — request correction of inaccurate personal information. Right to Opt-Out — opt out of the sharing of your data for cross-context behavioral advertising (we do not currently engage in this practice). Right to Non-Discrimination — we will not deny you services or treat you differently for exercising any privacy right. To exercise any of these rights, email info@shyftlabs.bio with the subject line “Privacy Rights Request.” We will verify your identity and respond within 45 days. California Residents (Shine the Light — Cal. Civ. Code § 1798.83): You may request a list of third parties to whom we have disclosed personal information for direct marketing purposes in the preceding calendar year. We do not share data for third-party direct marketing.

This Site may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any site you visit through a link from ours.

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated effective date. Your continued use of the Site after any change constitutes acceptance of the revised policy. For material changes, we will provide notice via email or a prominent Site announcement where feasible.