Privacy Policy

WeHealthy ("we", "us", "our") operates the website wehealthy.co (the "Site"). We are committed to protecting and respecting your privacy in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), and, where applicable, the European Union General Data Protection Regulation (GDPR).

This Privacy Policy explains what personal information we collect, how we use and share it, how we protect it, and what rights you have regarding your data. By using the Site or placing an order, you acknowledge that you have read and understood this policy.

2.1 Information You Provide Directly

• Account information: name, email address, phone number, and password when you create an account.
• Order information: shipping address, billing address, and order details when you make a purchase.
• Payment information: payment card details are processed securely by Shopify Payments and are never stored on our servers.
• Communications: any information you provide when contacting us via email or our contact form.
• Phone number for SMS verification: used solely to verify your identity during account creation or order confirmation.

2.2 Information Collected Automatically

• Device and browser data: IP address, browser type and version, operating system, device identifiers, and referring URL.
• Usage data: pages viewed, time spent on pages, clicks, scroll depth, and navigation paths.
• Session recordings: we use Lucky Orange to record anonymized browsing sessions (mouse movements, clicks, scrolls) to improve site usability. Lucky Orange does not capture keystrokes in password or payment fields.
• Cookies and tracking pixels: we use cookies and the Meta (Facebook) Pixel to measure advertising effectiveness, deliver relevant ads, and analyze site traffic. See Section 6 for details.

We use your personal information for the following purposes:

• To process and fulfill your orders, including shipping and delivery notifications.
• To create and manage your customer account.
• To verify your identity via SMS (processed through Amazon Web Services Simple Notification Service).
• To send transactional emails such as order confirmations, shipping updates, and receipts (processed through Resend).
• To send marketing emails, newsletters, and promotional offers (only with your express consent; you may unsubscribe at any time).
• To improve our website, products, and customer experience through analytics and session recordings.
• To measure the effectiveness of our advertising campaigns via Meta Pixel.
• To detect, prevent, and address fraud or other illegal activities.
• To comply with legal obligations and respond to lawful requests from authorities.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contractual necessity: to fulfill orders and provide our services.
• Consent: for marketing communications, analytics cookies, session recordings, and advertising pixels. You may withdraw consent at any time.
• Legitimate interest: to improve our website, prevent fraud, and ensure security.
• Legal obligation: to comply with applicable laws and regulations.

We do not sell your personal information. We share your data only with the following categories of third-party service providers, each of which is contractually obligated to protect your information:

• Shopify: e-commerce platform, payment processing, and order management.
• Resend: transactional and marketing email delivery.
• Amazon Web Services (AWS): SMS verification via AWS SNS; cloud infrastructure and hosting.
• Meta (Facebook): advertising measurement and optimization via Meta Pixel.
• Lucky Orange: website analytics and session recording.
• Shipping carriers: Canada Post, UPS, FedEx, or other carriers as needed to deliver your orders.

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Our Site uses the following categories of cookies and trackers:

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect your ability to browse or purchase from the Site, but may limit certain personalization features.

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, including:

• Order data: retained for a minimum of 7 years to comply with Canadian tax and accounting requirements.
• Account data: retained for as long as your account is active. You may request deletion at any time.
• Marketing data: retained until you unsubscribe or request deletion.
• Session recordings: automatically deleted by Lucky Orange after 40 days.

8.1 Under PIPEDA and Quebec Law 25

As a Canadian resident, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Withdraw consent for the collection, use, or disclosure of your information (subject to legal or contractual restrictions).
• Request deletion of your personal information, subject to legal retention requirements.
• File a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'acces a l'information du Quebec.

8.2 Under the GDPR (EEA/UK Residents)

If you are located in the EEA or UK, you additionally have the right to:

• Data portability (receive your data in a structured, machine-readable format).
• Restrict processing of your personal data.
• Object to processing based on legitimate interest.
• Lodge a complaint with your local supervisory authority.

To exercise any of these rights, please contact us at info@wehealthy.co. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your personal information, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers.
• PCI-DSS compliant payment processing through Shopify Payments.
• Access controls limiting employee access to personal data on a need-to-know basis.
• Regular security reviews of our third-party service providers.

While we take commercially reasonable steps to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your personal information may be transferred to and processed in countries outside of Canada, including the United States, where our service providers (Shopify, AWS, Resend, Meta, Lucky Orange) operate. These transfers are made in accordance with applicable data protection laws, and we ensure that adequate safeguards are in place, including standard contractual clauses where required.

Our Site is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at info@wehealthy.co.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the revised policy on this page with an updated "Last updated" date. If we make material changes, we will notify you by email or through a prominent notice on the Site. Your continued use of the Site after any changes constitutes your acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: