Privacy policy


    R12 HEALTH INC.

    PRIVACY POLICY

    Last Updated: June 24, 2026

    Effective Date: June 24, 2026

    Our Commitment to Privacy

    At R12 Health Inc. (“R12 Health”, “we”, “our”, or “us”), we believe trust is earned through transparency. We are committed to protecting your personal information responsibly and securely, in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25).This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you access or use our website, store, and related services (collectively, the “Services”).By using the Services, you acknowledge that you have read and understood this Privacy Policy.R12 Health collects, uses, and discloses personal information with your knowledge and consent, except where otherwise permitted or required by applicable law.

    Designated Privacy Officer

    R12 Health has designated a Privacy Officer responsible for overseeing our compliance with applicable privacy laws. To reach our Privacy Officer:

    • Email: privacy@r12health.com

    • Mail: R12 Health Inc., Oshawa Ontario, Canada


    Quebec residents: Pursuant to Law 25, R12 Health has designated a Privacy Officer responsible for the protection of personal information. You may contact this officer to exercise your rights or submit a complaint.

    Personal Information We Collect

    We may collect the following categories of personal information:

    Contact and Account Information

    • Name, email address, phone number

    • Billing and shipping address

    • Account username, password, and preferences


    Transaction Information

    • Products viewed, added to cart, and purchased

    • Order history, returns, and subscription details



    • Payment confirmations (payment card details are processed by our secure third-party payment processor and are not stored by R12 Health)


    Device and Technical Information

    • IP address, browser type, operating system, and device identifiers

    • Website usage data, referral sources, and analytics information collected via cookies and similar technologies


    Communications

    • Information you submit through customer support, surveys, product reviews, waitlist sign-ups, newsletter subscriptions, and social media interactions


    Wellness and Health-Related Information

    R12 Health is a wellness and dietary supplement company. We do not intentionally collect medical records, diagnostic information, or protected health information.

    If you voluntarily provide wellness-related information — such as dietary preferences, allergies, sensitivities, or product experiences — through customer support, surveys, or reviews, we process that information solely for:

    • Customer support and product safety monitoring

    • Product improvement and quality assurance

    • Regulatory compliance


    We treat health-related information with heightened care. It is not used for advertising profiling or shared with advertising partners.

    How We Collect Personal Information

    Directly From You

    When you create an account, place an order, join a waitlist, subscribe to communications, contact customer support, or submit a review.

    Automatically

    Through cookies, website analytics tools, and tracking technologies when you interact with our website.

    Through Service Providers and Third Parties

    Including e-commerce platforms (Shopify), payment processors, shipping providers, analytics providers, and marketing platforms. These providers collect and process information on our behalf under written agreements that restrict their use of your data.

    R12 Health remains accountable for personal information transferred to third-party service providers under PIPEDA. We require all service providers to handle your information in a manner consistent with this Privacy Policy.

    How We Use Your Information

    To Provide Products and Services

    • Process and fulfill orders

    • Manage accounts and subscriptions

    • Deliver customer support


    To Improve Customer Experience

    • Personalize content and product recommendations

    • Analyze website performance and usage

    • Develop and improve product offerings


    For Security and Fraud Prevention

    • Verify transactions and detect fraudulent activity

    • Protect customer accounts and system integrity


    For Marketing Communications

    With your consent where required by law, we may send newsletters, product announcements, promotions, and wellness content. You may unsubscribe at any time using the link in our emails or by contacting us directly.

    Subscription Services and Recurring Orders

    If R12 Health offers subscription-based products or recurring delivery services, we may collect and process information necessary to:

    1. Create and manage subscriptions

    2. Process recurring payments

    3. Manage billing preferences

    4. Send renewal reminders and subscription-related communications

    5. Administer cancellations and modifications

    6. Prevent fraud and unauthorized account activity

    Subscription records, recurring billing information, renewal preferences, cancellation requests, and related communications may be retained as necessary to administer subscription services and comply with legal obligations.

    For Legal Compliance

    • Comply with applicable laws and regulations

    • Respond to lawful requests from government authorities

    • Enforce our agreements and protect our legal rights


    Automated Decision-Making

    R12 Health does not use fully automated decision-making systems that produce legal or similarly significant effects on individuals. Any automated tools used for analytics, personalization, fraud prevention, or marketing support human review and oversight.

    How We Disclose Personal Information

    Our Commitment to Data ProtectionR12 Health does not sell personal information and does not disclose health-related or wellness-related information for advertising purposes. We are committed to limiting the disclosure of personal information to only those situations necessary to operate our business, fulfil customer orders, provide services, comply with legal obligations, or where you have provided consent. We do not sell your personal information to third parties

    Service Providers

    We share information with service providers who assist us in operating our business, including Shopify (e-commerce platform), payment processors, shipping carriers, analytics providers, and customer service platforms. These providers are contractually restricted from using your information for any purpose other than providing services to R12 Health.

    Shopify processes certain customer information as part of our e-commerce operations. For details on Shopify’s data practices, see Shopify’s Privacy Policy at shopify.com/legal/privacy. R12 Health remains accountable for information processed by Shopify on our behalf.

    Advertising and Marketing Partners

    We may share limited, non-health-related personal information (such as email addresses or purchase history) with advertising and analytics partners to deliver relevant communications and measure campaign performance, only where permitted by law and consistent with your consent preferences.

    We do not share health-related or wellness-related information with any advertising or marketing partner under any circumstances.

    Legal Requirements

    We may disclose personal information where required by law, court order, or governmental authority, or where necessary to protect the rights, safety, and property of R12 Health or others. Where legally permitted, we will notify you of such a request before disclosing.

    Business Transactions

    In the event of a merger, acquisition, reorganization, or asset sale, personal information may be transferred as part of that transaction. We will notify you of any such change and any material differences in how your information will be handled.

    Data Retention

    We retain personal information only as long as necessary for the purposes for which it was collected. Our general retention guidelines are:

    • Account and transaction records: 7 years following your last transaction, to comply with CRA and applicable tax law requirements

    • Customer support communications: 3 years from the date of the interaction

    • Marketing consent records: Duration of the marketing relationship plus 3 years

    • Website analytics data: 26 months from collection

    • Health-related information provided voluntarily: Deleted or anonymized within 12 months of collection unless retention is required for active regulatory compliance


    When retention periods expire, personal information is securely deleted or anonymized.

    Cookies and Tracking Technologies

    We use cookies, pixels, tags, and similar technologies to maintain website functionality, understand how visitors use our site, measure advertising performance, and personalize content.

    Types of Cookies We Use

    • Essential cookies: Required for security and core website functionality. Cannot be disabled.

    • Analytics cookies: Help us understand how visitors interact with our website. You may opt out.

    • Advertising cookies: Used to deliver relevant advertising and evaluate campaign performance. You may opt out.


    Cookie consent options will be presented when you visit our website, consistent with applicable law.

    Quebec Residents — Additional Rights (Law 25)

    If you are a Quebec resident, you have the following additional rights under Quebec’s Act Respecting the Protection of Personal Information in the Private Sector (Law 25):

    • Right to access your personal information held by R12 Health

    • Right to rectification of inaccurate, incomplete, or ambiguous personal information

    • Right to erasure of personal information collected without legal basis or where the purpose for which it was collected has been fulfilled

    • Right to data portability — to receive your personal information in a structured, commonly used format

    • Right to withdraw consent at any time, subject to legal and contractual restrictions

    • Right to lodge a complaint with the Commission d’accès à l’information (CAI)


    To exercise any of these rights, contact our Privacy Officer at privacy@r12health.com. We will respond within 30 days of receiving your request.

    Canadian Privacy Rights (PIPEDA)

    Under PIPEDA, Canadian residents may request:

    • Access to personal information R12 Health holds about them

    • Correction of inaccurate or incomplete information

    • Information about how their personal information has been used or disclosed

    • Withdrawal of consent where permitted by law


    Submit requests to privacy@r12health.com. We will respond within 30 days. In some cases, we may need to verify your identity before processing a request.

    International Transfers

    Your personal information may be processed, stored, or transferred outside Canada, including to the United States (for example, by Shopify and other service providers). Where personal information is transferred internationally, we require the recipient to provide a comparable level of protection to that required under PIPEDA and applicable Canadian law.

    Security

    We employ reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, disclosure, or destruction. These include secure hosting, encryption in transit and at rest, access controls, and fraud monitoring.

    No security system is completely secure. In the event of a data breach that poses a real risk of significant harm to individuals, R12 Health will notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC) as required by law, and the Commission d’accès à l’information (CAI) where Quebec residents are affected.

    If you believe your account, personal information, or communications with R12 Health may have been compromised, please contact our Privacy Officer immediately at [privacy@r12health.com](mailto:privacy@r12health.com) so that we can investigate and take appropriate action.

    Children’s Privacy

    The Services are not directed to individuals under the age of majority in their jurisdiction. R12 Health does not knowingly collect personal information from minors. If you believe a minor has provided personal information through our Services, please contact us immediately at privacy@r12health.com and we will promptly delete it.

    SMS Communications

    If you provide a mobile phone number and opt in to SMS communications, we may send order updates, shipping notifications, and promotional offers. Message and data rates may apply. You may opt out at any time by replying STOP to any message or contacting us directly.

    Third-Party Links

    Our Services may contain links to third-party websites. R12 Health is not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party services you visit.

    Changes to This Privacy Policy

    We may update this Privacy Policy from time to time. Material changes will be communicated to you by email (if you have an account) and by posting a notice on our website with a revised “Last Updated” date. Continued use of the Services after the effective date of any update constitutes acceptance of the revised Privacy Policy.

    Complaints

    If you have concerns about our privacy practices that we have not resolved to your satisfaction, you may contact:

    • Office of the Privacy Commissioner of Canada (OPC): priv.gc.ca | 1-800-282-1376

    • Commission d’accès à l’information (CAI, for Quebec residents): cai.gouv.qc.ca | 1-888-528-7741


    Contact Us

    R12 Health Inc.

    Privacy Officer: privacy@r12health.com

    General Inquiries: info@r12health.com

    Website: www.r12health.com

    Oshawa, Ontario, Canada.