Privacy Policy

How Pure Grade Labs collects, uses, and protects your personal data.

Effective: April 2026 | puregradelabs.com | legal@puregradelabs.com

This Privacy Policy explains how Pure Grade Labs ('we', 'us', 'our') collects, uses, stores, and shares your personal data when you visit puregradelabs.com or make a purchase. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are and How to Contact Us

Data Controller: Pure Grade Labs LLC

Website: puregradelabs.com

Email: legal@puregradelabs.com

If you have any questions about how we handle your data, or wish to exercise your rights under UK GDPR, contact us at the email above.

2. What Data We Collect and Why

2.1 Order and Account Data

When you place an order, Shopify - our e-commerce platform - collects and stores the following on our behalf:

Full name and delivery address
Email address and telephone number
Order details, product purchased, and order value
Payment method type (we do not store card numbers - these are handled by our payment processor)
IP address and device information at time of order

Legal basis: Performance of a contract. We need this data to process, fulfil, and support your order.

Retention: Order data is retained for 7 years to comply with UK tax and financial record-keeping requirements.

2.2 Email Marketing Data

If you subscribe to our email list - via checkout, a pop-up sign-up, or the website footer - we collect:

Your email address
Your first name (if provided)
Subscription source and date
Email engagement data: open rates, click rates, and email activity

We use Klaviyo to store and manage this data, and to send you research updates, new product notifications, and promotional emails.

Legal basis: Consent. You can withdraw consent at any time by clicking 'Unsubscribe' in any of our emails. Unsubscribing does not affect the processing of your order data.

Retention: Email subscriber data is retained until you unsubscribe or request deletion. Inactive subscribers (no engagement for 12 months) are reviewed and purged annually.

2.3 Live Chat Data

We use Tidio to provide live chat support on our website. If you use the chat function, Tidio may collect:

Your name and email address (if you provide them in the chat)
The content of your chat messages
Your IP address and browser information
Chat session timestamps

Legal basis: Legitimate interests (providing customer support). Chat logs are used solely for support and quality purposes.

Retention: Chat logs are retained for 12 months then deleted.

2.4 Website Analytics

We may use analytics tools to understand how visitors use our website. This data is aggregated and anonymised and does not identify individual users. You can opt out of analytics cookies via our cookie banner.

2.5 Age Verification

When you access our website, we log your confirmation of the age gate (18+) with a timestamp and anonymised IP reference. This is retained as a compliance record for regulatory purposes.

3. How We Share Your Data

We do not sell your personal data. We share your data only with the third parties necessary to run our business:

Shopify Inc - e-commerce platform and order management. Data processed in the USA under Standard Contractual Clauses.
Klaviyo Inc - email marketing platform. Data processed in the USA under Standard Contractual Clauses.
Tidio LLC - live chat platform. Data processed in the EU/USA under Standard Contractual Clauses.
Our UK third-party logistics (3PL) partner - receives name and delivery address for fulfilment purposes only.
Payment processors - receive payment details for transaction processing. We do not store card data.
Legal and regulatory authorities - if required by law or court order.

All third-party processors are contractually required to handle your data in compliance with UK GDPR.

4. International Data Transfers

Some of our service providers are based outside the UK. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

5. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access - request a copy of the data we hold about you
Right to rectification - ask us to correct inaccurate data
Right to erasure - request deletion of your data (subject to legal retention obligations)
Right to restrict processing - ask us to limit how we use your data
Right to data portability - receive your data in a portable format
Right to object - object to processing based on legitimate interests
Right to withdraw consent - withdraw email marketing consent at any time

To exercise any of these rights, email: privacy@puregradelabs.com

We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

6. Cookies

Our website uses cookies to function correctly and to provide analytics. We use a cookie consent banner to obtain your consent before placing non-essential cookies. You can manage your cookie preferences at any time via the banner or your browser settings.

7. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, or disclosure. Our website uses SSL encryption. Our third-party processors maintain their own security standards in line with industry practice.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The current version will always be published at puregradelabs.com/privacy-policy. Material changes will be notified to email subscribers.