ZEN LABS

Privacy Policy

Last Updated: January 7, 2026

1. Introduction

ZenLabs Wholesale ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wholesale platform and services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and professional credentials
  • National Provider Identifier (NPI) number
  • Medical license information
  • Business name and address
  • Email address and phone number
  • Payment information (processed securely through third-party payment processors)

2.2 Order Information

When you place orders, we collect:

  • Product selections and quantities
  • Shipping and billing addresses
  • Order history and preferences
  • Communication records related to orders

2.3 Usage Information

We automatically collect certain information when you use our platform:

  • IP address and device information
  • Browser type and operating system
  • Pages viewed and features used
  • Access times and dates
  • Referring website addresses

2.4 Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze platform usage, and provide personalized content. You can control cookie preferences through your browser settings.

3. How We Use Your Information

We use collected information to:

  • Verify professional credentials and maintain account security
  • Process and fulfill orders
  • Provide customer support and respond to inquiries
  • Send order confirmations, shipping notifications, and account updates
  • Improve our platform and develop new features
  • Detect and prevent fraud or unauthorized activity
  • Comply with legal obligations and regulatory requirements
  • Send marketing communications (with your consent)

4. Information Sharing & Disclosure

4.1 Service Providers

We share information with trusted third-party service providers who assist with:

  • Payment processing (Stripe)
  • Shipping and fulfillment (3PL partners)
  • Email communications (Resend)
  • Analytics and platform monitoring
  • Cloud infrastructure (Vercel, Supabase)

4.2 Medical Director Program

For practices enrolled in our Medical Director Program, we share necessary information with network physicians to facilitate physician oversight and compliance.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 Legal Requirements

We may disclose information when required by law, such as:

  • In response to subpoenas or court orders
  • To comply with regulatory investigations
  • To protect our rights and safety or that of others
  • To detect, prevent, or address fraud or security issues

4.5 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your information:

  • AES-256 encryption for data at rest and in transit
  • PCI DSS Level 1 compliance for payment processing
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Access controls and employee training
  • Automated backup and disaster recovery systems

While we strive to protect your information, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (e.g., tax records, audit trails)
  • Resolve disputes and enforce our agreements

Order records are retained for 7 years to comply with regulatory requirements. Account information is deleted within 90 days of account closure, except where longer retention is required by law.

7. Your Privacy Rights

7.1 Access & Correction

You may access and update your account information at any time through your account dashboard or by contacting support.

7.2 Data Portability

You may request a copy of your data in a structured, machine-readable format.

7.3 Deletion

You may request deletion of your account and personal data, subject to legal retention requirements.

7.4 Marketing Opt-Out

You may opt out of marketing communications by clicking "unsubscribe" in emails or adjusting your account preferences. Transactional emails (order confirmations, shipping updates) cannot be disabled.

7.5 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising privacy rights

7.6 European Privacy Rights (GDPR)

While we primarily serve U.S.-based healthcare providers, European users have rights under GDPR:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

8. Children's Privacy

Our platform is intended solely for licensed healthcare professionals. We do not knowingly collect information from individuals under 18 years of age.

9. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of external sites. Please review their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions, requests, or concerns, contact us at:

Privacy Team: privacy@zenlabswholesale.com

Support: support@zenlabswholesale.com

For data subject access requests, please include "Privacy Request" in the subject line and provide sufficient detail to verify your identity.

Provider Use Only (PUO): ZenLabs Wholesale is exclusively for licensed healthcare providers. All products require appropriate physician oversight and are not for direct consumer use.