Privacy policy

Privacy Policy

Last updated: June 3, 2026

MiTO operates this store and website, including all related information, content, features, tools, products, and services, in order to provide you, the customer, with a curated shopping experience. These services are referred to in this Privacy Policy as the “Services.”

MiTO is powered by Shopify, which enables us to provide the Services to you.

This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information when you visit, use, or make a purchase or other transaction through the Services, communicate with us, sign up for marketing, submit a product review, report a product issue, or otherwise interact with MiTO.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, use, retention, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using or accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand how we collect, use, and disclose your information.

Important supplement, health, and safety notice

MiTO sells dietary supplements and wellness products. Our products are not intended to diagnose, treat, cure, or prevent any disease. Information provided through the Services is for general informational purposes only and is not medical advice.

MiTO is not a healthcare provider, health plan, pharmacy, or health insurance company. Unless otherwise stated, MiTO is not intended to be a “covered entity” or “business associate” under the U.S. Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA. HIPAA generally applies to certain healthcare providers, health plans, healthcare clearinghouses, and their business associates.

Please do not submit medical, health, or sensitive personal information to us unless it is necessary to report a product complaint, adverse event, allergy concern, safety issue, or other product-related concern.

If you choose to provide health-related information, such as information about symptoms, medical conditions, medications, allergies, pregnancy, breastfeeding, supplement use, or adverse reactions, we may process that information to respond to you, investigate the issue, comply with legal and regulatory obligations, support product safety, and report or maintain records as required by law.

Personal information we collect or process

When we use the term “personal information,” we mean information that identifies, relates to, describes, can reasonably be linked to, or could reasonably be associated with you or another individual. Personal information does not include information that has been anonymized or de-identified so that it cannot reasonably identify you.

Depending on how you interact with the Services, where you live, and what laws apply, we may collect or process the following categories of personal information:

Contact details, including your name, billing address, shipping address, email address, phone number, and other contact information.

Order and transaction information, including products you view, add to cart, purchase, return, exchange, cancel, or review; order numbers; transaction history; subscription details; delivery status; and customer service history.

Payment information, including payment method details, billing information, payment confirmation, and transaction details. Payment information is processed by Shopify and/or our payment processors. We do not intentionally store your full payment card number.

Account information, including username, password, preferences, saved addresses, account settings, and login information.

Communications with us, including information you provide when contacting customer support, submitting forms, responding to surveys, leaving reviews, engaging with us on social media, or making inquiries.

Product safety and supplement-related information, including product complaints, adverse-event reports, allergic reactions, symptoms, health or medication information you voluntarily provide, product lot or batch information, photos of product packaging, and other information needed to investigate safety, quality, or regulatory matters.

Marketing and advertising information, including your marketing preferences, email and SMS consent status, coupon usage, referral information, and interactions with our advertisements.

Device and technical information, including IP address, browser type, device type, operating system, network connection information, time zone, cookies, pixels, identifiers, and similar technologies.

Usage information, including how you interact with the Services, pages viewed, products viewed, links clicked, search activity, cart activity, session activity, and referring websites.

User-generated content, including reviews, testimonials, images, comments, survey responses, and other content you submit to us.

Inferences, including preferences or interests we may infer from your purchases, browsing activity, interactions, or marketing engagement.

Sources of personal information

We may collect personal information from the following sources:

Directly from you, including when you place an order, create an account, subscribe to emails or SMS messages, contact customer support, submit a review, report a product concern, or otherwise provide information to us.

Automatically through the Services, including through cookies, pixels, tags, analytics tools, log files, and similar technologies.

From Shopify and service providers, including payment processors, fulfilment partners, shipping carriers, customer support tools, analytics providers, fraud-prevention services, email/SMS platforms, and advertising partners.

From business and marketing partners, including advertising platforms, affiliate partners, social media platforms, and other third parties that help us market or operate the Services.

From regulators, professional advisers, or other third parties, where needed for safety, legal, regulatory, fraud-prevention, or business purposes.

How we use your personal information

We may use your personal information for the following purposes:

Providing, tailoring, and improving the Services

We use your personal information to operate the Services, process orders, process payments, fulfil purchases, arrange shipping, provide tracking, manage returns and exchanges, create and manage accounts, remember preferences, provide customer support, display product recommendations, and improve your shopping experience.

Product safety, adverse events, and regulatory compliance

We may use personal information, including product safety and supplement-related information you voluntarily provide, to:

  • investigate product complaints;
  • respond to safety concerns;
  • identify product quality issues;
  • assess adverse-event reports;
  • communicate with manufacturers, fulfilment partners, labs, insurers, professional advisers, or regulators;
  • support recalls, withdrawals, or safety notices;
  • comply with FDA, FTC, state, federal, or international legal obligations;
  • maintain required product safety and complaint records.

Dietary supplement companies may be required to report serious adverse events to FDA and maintain adverse-event records for a required period.

Marketing and advertising

We may use your personal information to send marketing emails, promotional messages, product updates, offers, abandoned-cart reminders, and advertisements.

We may also use personal information to show you ads on our website, Shopify services, social media platforms, search engines, and other websites. This may include ads based on your purchases, cart activity, browsing activity, or interactions with MiTO.

We do not knowingly use product complaint, adverse-event, or sensitive health-related information for targeted advertising.

Commercial emails must follow applicable marketing email rules, including opt-out requirements under the CAN-SPAM Act. If we send marketing text messages, we will do so in accordance with applicable consent and opt-out requirements, including requirements that may apply to automated marketing texts.

Security and fraud prevention

We use personal information to authenticate users, protect accounts, detect fraud, prevent unauthorized transactions, secure the Services, investigate suspicious activity, and protect MiTO, our customers, and others.

Communicating with you

We use personal information to respond to inquiries, provide customer service, send order updates, provide shipping notifications, process returns, respond to complaints, and maintain our relationship with you.

Reviews, testimonials, and user content

If you submit a review, testimonial, photo, comment, or other content, we may use that content to operate and promote MiTO, subject to applicable law. We may moderate or remove reviews that contain unlawful content, misleading claims, offensive material, personal medical claims, or unauthorized disease-treatment claims.

FTC endorsement guidance requires advertisers and endorsers to avoid misleading endorsements and disclose material connections where applicable.

Legal reasons

We may use personal information to comply with applicable law, respond to legal process, cooperate with law enforcement or regulators, enforce our terms and policies, protect rights and safety, investigate disputes, and participate in legal proceedings.

How we disclose personal information

We may disclose personal information in the following circumstances:

With Shopify, which hosts and powers our online store and provides services that help us operate, improve, and secure the Services.

With service providers, including payment processors, fulfilment providers, shipping carriers, customer support platforms, cloud storage providers, fraud-prevention vendors, IT providers, analytics providers, email/SMS platforms, and professional advisers.

With manufacturers, fulfilment partners, laboratories, insurers, regulators, or professional advisers, where needed to investigate product complaints, adverse events, quality issues, recalls, safety concerns, or legal obligations.

With business and marketing partners, including advertising networks, analytics providers, affiliate partners, and social media platforms, to market our products and measure advertising performance.

When you direct us to disclose information, such as when you use third-party integrations, social media features, payment methods, or shipping services.

Within our corporate group, including affiliates, subsidiaries, parent companies, or related entities, if applicable.

In connection with business transactions, including a merger, acquisition, financing, sale of assets, restructuring, bankruptcy, or similar transaction.

For legal, regulatory, or safety reasons, including to comply with subpoenas, court orders, lawful requests, FDA or other regulatory obligations, law enforcement requests, or to protect rights, safety, and security.

Relationship with Shopify

The Services are hosted by Shopify. Shopify collects and processes personal information about your access to and use of the Services in order to provide and improve the Services.

Information you submit through the Services may be transmitted to and shared with Shopify and third parties that may be located in countries other than where you reside.

We may use Shopify features that incorporate data from your interactions with our store, other merchants, and Shopify. In some circumstances, Shopify may be independently responsible for processing your personal information, including responding to certain privacy requests.

To learn more about Shopify’s privacy practices, please review Shopify’s Consumer Privacy Policy and Shopify Privacy Portal.

Cookies, analytics, and targeted advertising

We and our service providers may use cookies, pixels, tags, scripts, SDKs, local storage, and similar technologies to operate the Services, remember your preferences, understand how visitors use the Services, improve performance, prevent fraud, personalize content, and measure marketing campaigns.

These technologies may collect device information, browsing activity, IP address, pages viewed, products viewed, cart activity, referring URLs, and interactions with advertisements.

Depending on where you live, certain uses of cookies, pixels, and advertising technologies may be considered “sharing,” “selling,” or “targeted advertising” under applicable privacy laws, even if we do not sell your personal information for money.

You may be able to manage cookies through your browser settings, device settings, cookie banner, Shopify privacy settings, or privacy links provided on our website.

Where required, we will honour applicable opt-out rights, including rights to opt out of sale, sharing, or targeted advertising.

Email and SMS marketing choices

You may opt out of marketing emails by clicking the unsubscribe link in our emails.

You may opt out of SMS marketing by following the instructions in the message, such as replying STOP, where applicable.

Even if you opt out of marketing messages, we may still send non-promotional messages, such as order confirmations, shipping updates, account notices, safety notices, recall notices, or responses to customer service inquiries.

Sensitive personal information

We ask that you do not provide sensitive personal information unless necessary.

Sensitive personal information may include health information, medical conditions, pregnancy or breastfeeding status, medication use, allergies, supplement reactions, government identification numbers, precise geolocation, biometric data, or other information considered sensitive under applicable law.

If you voluntarily provide health-related or sensitive information in connection with a product complaint, adverse event, refund request, support inquiry, or safety concern, we will use it only for appropriate business, legal, safety, regulatory, customer service, or compliance purposes.

We do not knowingly use adverse-event information or sensitive health-related information for targeted advertising.

Product claims, health information, and advertising compliance

MiTO does not use customer personal information to provide medical diagnosis, treatment, or medical advice.

Any health, nutrition, or structure/function information associated with MiTO products is intended to comply with applicable laws. Dietary supplement structure/function claims must be truthful and not misleading, and certain claims require a disclaimer that FDA has not evaluated the claim and that the product is not intended to diagnose, treat, cure, or prevent disease.

We may review customer reviews, testimonials, social media posts, influencer content, and other user-generated content for compliance with applicable advertising, endorsement, and supplement-claim rules.

Third-party websites and links

The Services may include links to websites, platforms, apps, payment providers, or services operated by third parties.

We are not responsible for the privacy, security, content, or practices of third-party websites or services. If you visit third-party websites or use third-party services, you should review their privacy policies and terms.

Children’s privacy

The Services are not intended for children.

We do not knowingly collect personal information from children under the age of 13. We also do not knowingly sell or share personal information of individuals under 16 years of age.

If you are a parent or guardian and believe that a child has provided personal information to us, please contact us using the contact details below so we can take appropriate steps.

Security of your information

We use reasonable administrative, technical, and physical safeguards designed to protect personal information.

However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee perfect security.

We recommend that you use strong passwords, keep account credentials confidential, avoid using unsecured channels to send sensitive information, and contact us immediately if you believe your account or information has been compromised.

Retention of personal information

We retain personal information for as long as reasonably necessary to provide the Services, fulfil orders, maintain accounts, comply with legal and regulatory obligations, resolve disputes, enforce agreements, prevent fraud, maintain business records, and support product safety.

Retention periods vary depending on the type of information and the purpose for which it is used.

For example:

  • order and transaction records may be retained for accounting, tax, fraud-prevention, and legal purposes;
  • customer service records may be retained to resolve disputes and provide support;
  • marketing records may be retained until you opt out or the information is no longer needed;
  • adverse-event, product complaint, safety, and regulatory records may be retained for the period required by FDA or other applicable law.

U.S. dietary supplement adverse-event records may need to be retained for six years.

Your privacy rights and choices

Depending on where you live, you may have some or all of the following rights in relation to your personal information:

Right to access or know the personal information we collect, use, disclose, sell, or share about you.

Right to delete personal information we maintain about you, subject to legal exceptions.

Right to correct inaccurate personal information.

Right to portability, meaning you may request a copy of certain personal information in a portable format.

Right to opt out of sale, sharing, or targeted advertising, where applicable.

Right to limit the use or disclosure of sensitive personal information, where applicable.

Right to withdraw consent, where processing is based on consent.

Right to appeal, where applicable, if we deny your privacy request.

Right to non-discrimination, meaning we will not unlawfully discriminate against you for exercising privacy rights.

These rights are not absolute and may apply only in certain circumstances. We may decline a request where permitted or required by law, including where we need to retain information for legal, safety, fraud-prevention, accounting, regulatory, product complaint, adverse-event, or transactional purposes.

The California CCPA/CPRA requires covered businesses to provide notices describing categories of personal information collected and purposes for use.

California and U.S. state privacy notice

If you are a resident of California or another U.S. state with an applicable consumer privacy law, this section provides additional information.

In the past 12 months, we may have collected the following categories of personal information:

  • identifiers, such as name, email, phone number, address, IP address, and account identifiers;
  • commercial information, such as products purchased, viewed, added to cart, returned, or reviewed;
  • payment and transaction information;
  • internet or electronic network activity, such as browsing activity, cookie data, and interactions with the Services;
  • geolocation information, such as approximate location based on IP address;
  • audio, visual, or electronic information, if you submit photos, videos, calls, messages, or reviews;
  • sensitive personal information, if voluntarily provided in connection with a product complaint, adverse event, allergy concern, safety concern, or similar matter;
  • inferences, such as product preferences or shopping interests.

We collect these categories from you, your device, Shopify, service providers, marketing partners, fulfilment partners, and other sources described in this Privacy Policy.

We use these categories for the business and commercial purposes described in this Privacy Policy.

We may disclose these categories to service providers, Shopify, payment processors, fulfilment partners, shipping carriers, marketing partners, analytics providers, regulators, professional advisers, and other parties described in this Privacy Policy.

We do not sell personal information for money. However, our use of advertising cookies, pixels, and similar technologies may be considered “sharing,” “selling,” or “targeted advertising” under some U.S. state privacy laws.

Where required, you may opt out by using our Do Not Sell or Share My Personal Information link, cookie settings, Shopify privacy controls, or by contacting us.

How to submit a privacy request

You may submit a privacy request by contacting us at:

Email: [Insert privacy or customer support email]
Mailing address: [Insert business mailing address]

Please include your name, email address, request type, and enough information for us to verify and process your request.

We may need to verify your identity before responding. If you use an authorized agent, we may require proof that the agent is authorized to act on your behalf.

We will respond within the time required by applicable law.

Complaints

If you have a complaint about how we process your personal information, please contact us using the details above.

Depending on where you live, you may also have the right to contact your local privacy, consumer protection, or data protection authority.

Health data breach notice

If we are required by applicable law to notify you of a breach involving unsecured health-related information, we will provide notice as required.

The FTC Health Breach Notification Rule may apply to certain businesses that are not covered by HIPAA but handle identifiable health information through health apps, connected devices, or similar services.

International transfers

We may transfer, store, and process personal information outside the country, state, or region where you live, including in the United States and other countries where Shopify, our service providers, or partners operate.

Where required, we use appropriate transfer mechanisms or safeguards.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technologies, legal requirements, Shopify services, supplement compliance obligations, or other operational reasons.

When we update this Privacy Policy, we will post the revised version on this page and update the “Last updated” date.

Contact us

If you have questions about this Privacy Policy, your personal information, product safety, or privacy rights, please contact us:

MiTO
Email: [Insert customer support/privacy email]
Address: [Insert business address]
Website: [Insert website URL]

For product complaints, adverse events, allergic reactions, or safety concerns, please contact us immediately at:

Product Safety Email: [Insert product safety email]
Order Number: [Include if available]
Product Name and Lot/Batch Number: [Include if available]