Privacy policy

PRIVACY POLICY
Effective Date: June 2, 2025
Hilltop BioSciences, Inc. ("Hilltop Bio", "we", "us", or "our")
Website: www.hilltopbio.com

Hilltop Bio respects your privacy and is committed to protecting the personal information of our customers, including veterinary professionals and the general public. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase products, or contact us.

This policy complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

  1. NOTICE AT COLLECTION (CPRA REQUIREMENT)

We collect the following categories of personal information for the business purposes described below:

Category: Identifiers (name, email, phone number, shipping/billing address)
Purpose: Account creation, order fulfillment, customer support
Retention: 5 years after last transaction
Sold/Shared: No

Category: Commercial information (purchase history, transaction details)
Purpose: Process orders, manage returns, maintain purchase records
Retention: 5 years
Sold/Shared: No

Category: Professional information (veterinary license, clinic affiliation)
Purpose: Verify eligibility and professional use
Retention: Duration of account
Sold/Shared: No

Category: Internet activity (IP address, browser type, cookies, analytics data)
Purpose: Site security, analytics, performance tracking
Retention: 2 years
Sold/Shared: No

Category: Payment information (processed by Shopify Payments or Stripe)
Purpose: Process payments securely
Retention: Retained by payment processor only
Sold/Shared: No

Category: Correspondence or inquiries
Purpose: Customer support, order follow-up
Retention: 3 years
Sold/Shared: No

We do not collect or store sensitive personal information such as health or biometric data from consumers.

  1. INFORMATION WE COLLECT

We collect:

  • Personal information you provide directly, such as name, email, phone, address, or veterinary license information.

  • Payment data processed securely through third-party platforms such as Shopify Payments or Stripe.

  • Information automatically collected through cookies, analytics, and web beacons, such as IP address, browser, time on site, and pages viewed.

You may also provide data through contact forms, account registration, or support requests.

  1. HOW WE USE YOUR INFORMATION

We use personal data to:

  • Process and fulfill orders and shipments.

  • Provide product support and respond to inquiries.

  • Verify veterinary credentials.

  • Send transactional or service-related communications.

  • Improve website functionality and user experience.

  • Maintain compliance with legal and regulatory requirements including USDA and CVM.

  • Detect, prevent, and respond to fraud, abuse, or security incidents.

We do not use your data for automated decision-making or profiling.

  1. LEGAL BASES FOR PROCESSING (GDPR)

If you are located in the EEA, we process your personal data under one or more of these legal bases:

  • Performance of a contract, such as fulfilling your order or registration.

  • Legitimate interests, such as improving our services or preventing fraud.

  • Consent, when you subscribe to marketing communications (you may withdraw consent at any time).

  • Legal obligation, such as meeting record-keeping or regulatory duties.

  1. YOUR RIGHTS (GDPR AND CCPA/CPRA)

You have the right to:

  • Access, correct, or update your personal information.

  • Request deletion (Right to be Forgotten).

  • Object to or restrict processing of your data.

  • Withdraw consent where applicable.

  • Request data portability.

  • Opt out of sale or sharing of personal data.

  • Limit use of sensitive information (if ever collected).

  • Not be discriminated against for exercising these rights.

To exercise these rights, email privacy at hilltopbio dot com with the subject "Privacy Request" or write to the address below. We will verify your identity before fulfilling your request. Authorized agents may submit requests on behalf of California residents by providing proof of authorization.

  1. COOKIES AND TRACKING

We use cookies and similar technologies to:

  • Recognize returning visitors.

  • Analyze traffic patterns and site performance.

  • Maintain secure sessions during checkout.

  • Deliver relevant advertising if consented.

You can manage cookies through your browser settings or global opt-out tools such as Global Privacy Control or Do Not Track. Essential cookies cannot be disabled as they are required for site operation.

  1. DO NOT SELL OR SHARE MY PERSONAL INFORMATION

Hilltop Bio does not sell personal data and does not share data with third parties for cross-context behavioral advertising without consent.

To opt out of any future sale or sharing of your data, email info@hilltopbio.com with "Do Not Sell or Share" in the subject line.

  1. DATA RETENTION

We retain personal information only as long as necessary for:

  • Order and transaction history (5 years).

  • Regulatory, accounting, or tax purposes.

  • Resolving disputes or enforcing agreements.

After the retention period, data is securely deleted or anonymized.

  1. DATA SECURITY AND BREACH NOTIFICATION

We maintain administrative, technical, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, or destruction. These include encryption, firewalls, and restricted employee access.

If we become aware of a data breach that may compromise your information, we will notify affected individuals and authorities as required by law.

  1. INTERNATIONAL DATA TRANSFERS

If you are outside the United States, your data may be transferred to and processed in the United States or other countries where we or our vendors operate.
When required, we use EU-approved Standard Contractual Clauses or equivalent safeguards to protect transferred data.
By using our services, you consent to this transfer.

  1. CHILDREN’S PRIVACY

Our website and products are not directed toward children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If we learn that such data has been collected, it will be deleted promptly.

  1. THIRD-PARTY SERVICES AND DATA PROCESSORS

We use trusted third-party service providers that act as data processors under strict confidentiality agreements. These include:

  • Shopify Inc. for e-commerce and checkout platform.

  • Shopify Payments or Stripe for payment processing.

  • ShipStation, UPS, and FedEx for shipping and logistics.

  • Google Analytics for website analytics.

  • HubSpot for CRM and customer communication.

  • Klaviyo for email notifications if enabled.

These vendors are contractually obligated to protect your data and use it only for authorized purposes.

  1. SENSITIVE INFORMATION

We do not request or retain sensitive personal data such as medical history, genetic data, or government-issued identifiers. Any information related to animal treatment remains de-identified and is not linked to individuals.

  1. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. Updated versions will be posted on www.hilltopbio.com with a new effective date. We encourage you to review this policy periodically.

  1. CONTACT US

To ask questions, request access, or exercise privacy rights, contact us at:

Hilltop BioSciences, Inc.
320 Norwood Park S., Suite 202
Norwood, MA 02062
Email: info@hilltopbio.com
Privacy Requests: info@hilltopbio.com
Phone: 617-237-0636
Website: www.hilltopbio.com

Updated: June 2, 2025
Version: v2 – CPRA Notice at Collection, Data Rights, Breach Notification, and Vendor List added.