At Clean Body Biotics, Inc. (dba Winnow and Winnow Labs) (“Winnow”, “we”, “our”), we are committed to protecting the privacy and personal data of our customers and site visitors. This statement outlines how we comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable U.S. state privacy laws.

1. GDPR (General Data Protection Regulation)

If you are located in the European Union (EU) or United Kingdom (UK), the GDPR provides you with specific rights regarding your personal data. We act as a data controller for the information you provide to us.

We collect and process your data under the following lawful bases:
• To fulfill contractual obligations (e.g., shipping an order)
• With your consent (e.g., for marketing communications)
• For our legitimate interests (e.g., improving services, preventing fraud)
• To comply with legal obligations

Data may be transferred outside of the EU/UK, including to the United States, using Standard Contractual Clauses (SCCs) as approved by the European Commission or UK ICO. We rely on third-party platforms (e.g., Shopify, Klaviyo, Recharge) that have adopted these clauses.

Under the GDPR, you have the right to:
• Access the personal data we hold about you
• Request correction or deletion of your data
• Object to or restrict processing of your data
• Withdraw consent at any time
• Lodge a complaint with your local data protection authority

2. CCPA/CPRA (California and U.S. State Privacy Laws)

If you are a California resident (or reside in a state with a similar law), you may have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:
• The right to know what personal information we collect, use, and share
• The right to request deletion of your personal information
• The right to opt out of the “sale” or “sharing” of your personal information
• The right to non-discrimination for exercising your rights

For your protection, we will verify your identity before fulfilling any request to access, correct, or delete your data. This may involve confirming details of your recent orders or account information.

3. How to Exercise Your Rights

To make a request under GDPR, CCPA, or other applicable privacy laws, please contact us at:

support@winnowlabs.com 
Subject line: CCPR or GDPR Privacy Request

We aim to respond to all verified requests within the timeframe required by applicable law.

4. “Do Not Sell or Share My Personal Information”

We may share certain personal data with advertising partners and data enrichment services in ways that could be considered a “sale” or “sharing” under U.S. privacy laws. You may opt out by contacting us at the email above or by enabling the Global Privacy Control (GPC) signal in your browser.

5. Updates to This Statement

We may update this compliance statement from time to time. Any changes will be reflected on this page with a revised effective date.