Privacy Policy

1. Overview

22EXO Laboratories (“22EXO,” “we,” “us”) operates 22exo.com. This Privacy Policy explains what information we collect from visitors and customers, how we use it, who we share it with, how long we keep it, and the choices and rights you have. By using the site or placing an order, you agree to this policy. If you do not agree, please do not use the site.

2. Information We Collect

Information you provide directly: name, email, shipping and billing address, phone number (optional), payment details (handled by our payment processors and never stored on our servers), and any messages you send through support tickets, the wholesale application, or the contact form.

Account and order data: order history, order totals, items purchased, shipping selections, refund or replacement records, and any notes you attach to an order.

Automatically collected: IP address, browser type, device identifiers, referring URL, pages visited, timestamps, and interactions with the cart and checkout. This is captured through standard server logs and analytics tools.

3. Cookies and Analytics

We use cookies and similar technologies to keep you logged in, remember your cart, measure site performance, and understand how visitors find us. The main tools we use are Google Tag Manager, Google Analytics 4 (measurement ID G-KD0TV3KEV3), and Microsoft Clarity. These services may set their own cookies and process limited data on our behalf under their respective privacy terms.

You can disable cookies in your browser settings. Doing so will not break the site, but features such as the cart and login may behave unpredictably.

4. Payment Processing

Card payments are processed by Stripe. Stripe receives your card details directly through a hosted, PCI-compliant element on our checkout page; 22EXO never sees, stores, or transmits your full card number. Cryptocurrency payments are processed through our crypto provider, which receives your wallet address and on-chain transaction details. We retain only the transaction reference, the amount paid, and the order it applies to.

5. How We Use Your Information

• To process and ship your orders, send order confirmations, and provide shipment tracking.
• To provide customer support, respond to tickets, and resolve disputes.
• To send marketing emails (newsletters, restock notifications, and promotional content) only where you have opted in or where permitted by law for existing customers.
• To prevent fraud, abuse, chargebacks, and policy violations.
• To improve site functionality, navigation, and conversion paths.
• To comply with legal obligations including tax, accounting, and law-enforcement requests.

6. Email Marketing

We send promotional emails only to customers who have opted in through the newsletter form, an exit-intent popup, or by purchasing from us. Every promotional email includes an unsubscribe link. Unsubscribing applies only to marketing — transactional emails such as order confirmations and shipment notices will continue.

7. Sharing Your Information

We do not sell, rent, or trade personal information. We share data only with vendors required to operate the business, and only the minimum needed:

• Stripe and our crypto provider (payment processing).
• USPS, UPS, FedEx, and similar carriers (shipping and tracking).
• Google (analytics and tag management).
• Microsoft Clarity (session-level analytics).
• Email service providers (transactional and marketing email delivery).
• Legal counsel, accountants, and regulators where required by law.

8. Data Retention

Order records are retained for at least seven years to satisfy tax, accounting, and consumer-protection obligations. Support correspondence is retained for two years from the last message. Marketing email lists are retained until you unsubscribe. Server logs are typically retained for ninety days.

9. Your Rights

Depending on where you live, you may have rights to access the data we hold about you, correct it, request deletion, request a copy in a portable format, object to certain processing, or withdraw consent. To exercise these rights, email privacy@22exo.com from the email associated with your account. We may need to verify your identity before responding. We respond within thirty days.

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of information we collect and the right to opt out of any “sale” or “share” of personal information. We do not sell or share personal information as those terms are defined.

10. Security

We protect data in transit with HTTPS and HSTS, restrict administrative access to authorized personnel, and apply standard infrastructure security controls including rate limiting, input sanitization, and helmet-style HTTP security headers. No system is perfectly secure; if we become aware of a breach affecting your data we will notify you and any required regulators in line with applicable law.

11. Children

22exo.com is not directed to anyone under eighteen. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it.

12. International Visitors

22EXO is based in the United States and our servers are located in the United States. If you access the site from outside the U.S., your information will be transferred to and processed in the United States, which may have different data-protection rules than your home country.

13. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. Continued use of the site after a change constitutes acceptance of the updated policy.

14. Contact

For questions about this Privacy Policy or to exercise your rights, email privacy@22exo.com or visit our Support Center. See also our Terms of Service, Shipping Policy, and Refund & Returns Policy.