PRIVACY POLICY
The Stomach Doc  and Liver-Health Newsletter
Last updated: 29 April 2025

1. WHO WE ARE

• Owner/Controller: Dr. Joseph Salhab TM
• Address: 100 S. Ashley Drive, Suite 600, Tampa, FL 33602, USA
• Email: privacy@thestomachdoc.com
• This Policy covers all websites, landing pages, Shopify stores, and emails operated under thestomachdoc.com and newsletter.thestomachdoc.com that link to or reference this document.

2. WHAT DATA WE COLLECT

• Identification: name, email address, postal address, phone (optional)
• Transactional: product(s) purchased, payment method (tokenised), order value, refund and charge-back history
• Newsletter Interaction: open and click rates, preferred topics, replies
• Device & Usage: IP address, browser type, operating system, referral URL, time-stamps, cookies, web beacons
• Support Records: messages you send to support or in comments

We do not knowingly collect sensitive personal data (health records, race, religious beliefs) and do not market to children under 13. If you are a parent who believes your child provided personal data, email us and we will delete it.

3. HOW WE USE DATA (LAWFUL BASES)

Contractual necessity – deliver the Newsletter, fulfill Shopify orders, process payments, provide customer support.
Legitimate interests – improve content, prevent fraud, maintain the security of our sites, gather aggregate analytics.
Consent – send promotional emails, drop non-essential cookies, or deliver SMS messages. You may withdraw consent at any time.
Legal obligations – maintain tax and accounting records, comply with court orders and data-protection laws.

4. SHARING AND DISCLOSURE

We do not sell or rent your personal data. We share it only with:
• Shopify – e-commerce platform and payment gateways (PCI DSS-compliant).
• ConvertKit – email service provider that stores your subscriber profile and delivers newsletters.
• Cloud hosting, analytics, and security partners (e.g., Cloudflare, Google Analytics) bound by data-processing agreements.
• Law-enforcement or regulators when legally required.

All vendors must:
– process data only on our instructions,
– implement industry-standard security, and
– agree to GDPR-compliant Standard Contractual Clauses for data transferred outside the U.S./EEA.

5. COOKIES & TRACKING

• Essential cookies keep the site functional (shopping-cart, login).
• Analytics cookies measure traffic and improve content.
• Email tracking pixels record opens and clicks to tailor future emails.
You can reject or delete non-essential cookies in your browser settings; the site will still function, but certain features (e.g., saved cart) may not.

6. INTERNATIONAL TRANSFERS

Our servers and third-party vendors may reside in the United States or other jurisdictions lacking an EU adequacy decision. Transfers are protected by:
• Standard Contractual Clauses (SCCs) adopted by the European Commission, or
• Vendor certification under the EU-U.S. Data Privacy Framework, where applicable.

7. DATA RETENTION

• Newsletter data: kept until you unsubscribe or remain inactive for 24 months.
• Order records: retained seven (7) years to satisfy U.S. tax and accounting laws.
• Support tickets: retained three (3) years after last correspondence.

When retention expires, we either delete or anonymise the data.

8. YOUR RIGHTS

EU/UK (GDPR) – right to access, rectify, erase, restrict, object, portability, and lodge a complaint with a Supervisory Authority.
California (CCPA/CPRA) – right to know, delete, correct, opt out of “sale” or “sharing,” and non-discrimination for exercising rights.
Canada (PIPEDA), Australia (APPs), and other regions – equivalent access and correction rights.

To exercise any right, email privacy@thestomachdoc.com with your request and the email address you used to subscribe. We will respond within 30 days (or 45 days for California).

9. SECURITY

• TLS/SSL encryption on all pages that collect data.
• Tokenised payments—full card numbers never touch our servers.
• Two-factor authentication for admin accounts.
• Regular security audits and least-privilege access controls.

Despite best efforts, no system is 100 % secure; you acknowledge this risk when submitting data online.

10. THIRD-PARTY LINKS

Newsletter issues and shop pages may link to external sites. We are not responsible for their privacy practices; consult their policies separately.

11. POLICY CHANGES

We may update this Policy to reflect legal or operational changes. Any material change will be announced via email or a prominent banner and will take effect 14 days after notice. Continued use after that constitutes acceptance.

12. CONTACT

For privacy questions, data‐subject requests, or complaints, contact:

Data-Protection Officer
Dr. Joseph Salhab, PLLC
Email: privacy@thestomachdoc.com
Mail: 100 S. Ashley Drive, Suite 600, Tampa, FL 33602, USA
If you reside in the EEA/UK, you may also contact your local Supervisory Authority.

By using our sites, subscribing to the Newsletter, or making a purchase, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.