Effective Date: 6/8/2026
DR BARRON ("we," "us," "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have. It applies to drbarron.com and any related services we offer.By using our site, you acknowledge the practices described here. Where required by applicable law, we obtain consent before collecting or processing certain categories of information.
Information you provide directly: name, email, mailing and shipping address, phone number, payment information (processed by our payment provider — we do not store full card numbers), order history, account credentials, communications you send us, and product reviews, and the responses you submit to our online hair quiz (which may include health-adjacent information such as hair concerns, age range, and life-stage factors), along with any email you provide there.
Information collected automatically:IP address, browser type, operating system, device type, pages visited, referring URL, click and scroll behavior, date and time of visit, and general geographic location derived from IP address (not precise GPS).
Information from third parties: analytics data from Google Analytics, advertising data from Meta, Google, and TikTok if you interact with our ads, and payment verification data from our payment processor.We collect only the personal information reasonably necessary for the purposes described in this policy, consistent with the data minimization requirements of Maryland, Minnesota, and other states.
We do not sell your personal information for monetary consideration. See Section 12 for the broader definition of "sale" and "sharing" under California and other state laws.
Service providers: Shopify (e-commerce platform), Stripe / Shopify Payments (payments), shipping carriers, Klaviyo (email and SMS), Google Analytics (analytics), customer support tools, and cloud hosting. These providers are contractually limited to using your information for our purposes only.
Advertising partners: We share limited data (such as hashed email addresses or device identifiers) with Meta, Google, and TikTok to measure ad performance and reach relevant audiences. See Section 12 to opt out.
Legal requirements: We may disclose information if required by law or in response to valid legal process.
Business transfers: If DR BARRON is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
Sensitive personal information: Where required by applicable law, we obtain consent before processing sensitive personal information beyond what is necessary to provide the services you requested. We collect limited sensitive data (account login credentials and general location from IP). We do not collect precise GPS, biometric, racial, religious, sexual orientation, or immigration status data.
We do not sell your personal information to data brokers or list marketers.
We use cookies and similar technologies for site functionality, analytics, and advertising. Non-essential cookies do not load until you have made a choice in our cookie consent banner. You can change your preferences at any time through the Cookie Preferences link in our footer.
For full details — categories, inventory, third parties, and opt-out mechanisms — see our Cookie Policy
| Service | Purpose | Privacy Policy |
|---|---|---|
| Shopify | E-commerce platform | shopify.com/legal/privacy || Stripe / Shopify Payments | Payment processing | stripe.com/privacy || Google Analytics | Site analytics | policies.google.com/privacy || Klaviyo | Email and SMS marketing | klaviyo.com/legal/privacy || Meta | Advertising and conversion tracking | facebook.com/privacy/policy || Google Ads | Advertising and conversion tracking | policies.google.com/privacy || TikTok | Advertising and conversion tracking | tiktok.com/legal/privacy-policy |
When information is no longer needed, we delete or de-identify it.
We use SSL/TLS encryption, PCI-DSS compliant payment processing, access controls, and ongoing monitoring. No method of transmission or storage is fully secure. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.
Depending on where you live, you may have some or all of the following rights:
Access request a copy of the personal information we hold about you
Delete request deletion of your personal information, subject to legal exceptions
Correct request correction of inaccurate personal information
Opt out of sale or sharing see Section 12
Opt out of targeted advertising see Section 12
Opt out of profiling that produces legal or similarly significant effects we do not engage in this profiling
Limit use of sensitive personal information see Section 12
Data portability request your data in a structured, commonly used, machine-readable format
Appeal appeal a denied privacy request
Non-discrimination exercising your rights will not result in denial of service or different pricing
To exercise your rights: email hello@drbarron.com with the subject "Privacy Request." Include your full name, the email tied to your account, your state of residence, and a description of your request. We verify your identity and respond within the timeframe required by applicable law (generally 45 days, with a possible 45-day extension).
You may designate an authorized agent. The agent must provide written authorization from you and verify their own identity.
Appeals: If we deny your request, email hello@drbarron.com with the subject "Privacy Appeal." We respond within 45 to 60 days depending on your state's law. If denied, we will provide information about contacting your state's Attorney General.
Categories of personal information collected in the past 12 months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email, address, IP address | Yes || B. Civil Code 1798.80(e) | Name, address, phone, payment info | Yes || C. Protected classifications | Age (18+ verification) | Yes || D. Commercial information | Purchase history | Yes || E. Biometric | None | No || F. Internet activity | Browsing on our site | Yes || G. Geolocation | General (from IP) | Yes || H. Sensory | None | No || I. Professional / employment | None | No || J. Education | None | No || K. Inferences | Product interests for marketing | Yes || L. Sensitive PI | Account credentials | Yes |
Sale and sharing: We do not sell your personal information for monetary consideration. Our use of the Meta Pixel, Google Ads, and TikTok Pixel may constitute "sharing" under California's broad definition. See Section 12 to opt out.
Right to limit sensitive PI: You may request that we limit our use of sensitive personal information to what is necessary to provide the services you requested. Email hello@drbarron.com.
Profiling: We do not process personal information for profiling that produces legal or similarly significant effects. Inferences are used only for marketing audience segmentation.
Financial incentives: We do not offer financial incentives in exchange for the retention or sale of personal information.
Shine the Light (Cal. Civ. Code 1798.83): We do not disclose personal information to third parties for their own direct marketing purposes.
California Delete Act (SB 362): DR BARRON is not a data broker. We do not collect and sell the personal information of consumers with whom we do not have a direct relationship.
California Consumer Health Data (AB 45): We do not engage in geofencing around health care facilities. Product purchase data is not shared with advertising platforms in a manner that would create individual health profiles.
States with applicable comprehensive privacy laws: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. Florida's FDBR has revenue thresholds that do not apply to DR BARRON at this time.
Selected state-specific notes:-
Colorado, Connecticut, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Delaware: we honor universal opt-out mechanisms including Global Privacy Control. See Section 15.
Maryland (MODPA): we apply strict data minimization and do not sell sensitive personal data.
Minnesota (MCDPA): our designated privacy contact is reachable at hello@drbarron.com
Delaware (DPDPA): sensitive data includes data of known children under 18 and pregnancy-related data. We do not collect pregnancy-related data.
New Jersey (NJDPA): we obtain opt-in consent for processing sensitive personal data of known children.
Oregon (OCPA): we do not sell personal data when we have actual knowledge that the consumer is under 16.
Nevada (SB 220): Nevada residents may opt out of the sale of covered information. See Section 12.
Washington (MHMDA): we do not sell or share consumer health data for advertising. See Section 14.To exercise rights, email hello@drbarron.com with subject "Privacy Request."
You may opt out of the sale or sharing of your personal information for targeted advertising. We do not sell for monetary consideration, but our use of advertising pixels may constitute "sharing" under state law.
Three ways to opt out:
1. Use our Your Privacy Choices page
2. Click Cookie Preferences in the footer and turn off Marketing/Advertising and Analytics
3. Enable Global Privacy Control in your browser — we honor it automatically
You may also email hello@drbarron.com with subject "Do Not Sell or Share." We process within 15 business days.
After you opt out, you may still see DR BARRON ads, but they will not be personalized based on your activity on our site. Your ability to browse, purchase, and access your account is not affected.
Our website and products are not intended for individuals under 18. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions with broader minor protections). If we learn that a child has provided us with personal information, we will delete it. Contact hello@drbarron.com if you believe a child has provided information.
DR BARRON sells dietary supplements and topical cosmetics. Product purchases may indicate health interests, and customer service inquiries may include health-related details.
We are not a healthcare provider and are not a HIPAA-covered entity.
Washington My Health My Data Act: Product purchase data may qualify as "consumer health data" under MHMDA's broad definition. We do not sell or share consumer health data for advertising. Where we collect such data, we do so only with your consent and only for the purposes described here.
Global Privacy Control (GPC): We honor GPC signals as required by California, Colorado, Connecticut, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, and Delaware. If your browser sends a GPC signal, we treat it as a valid opt-out of sale and sharing for that browser and device. Visit globalprivacycontrol.org to enable GPC.
Do Not Track (DNT): There is no industry standard for responding to DNT, and we do not respond to DNT signals. We honor GPC instead.
Our website is operated in the United States and is intended for U.S. users. If you access our site from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ.
We do not currently ship outside the United States. If we expand internationally, this policy will be updated to address applicable laws.
We may update this Privacy Policy. When we make material changes, we will post the updated policy with a new effective date and make reasonable efforts to notify registered users by email. Your continued use after the update constitutes acceptance.
DR BARRON
Email: hello@drbarron.com
Subject line: "Privacy Request" for rights requests; "Privacy Appeal" for appeals
Website: drbarron.com