Privacy Policy

heading banner img

Last updated: May 4, 2026

Elixora Direct ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have in relation to it. By using our website or placing an order, you acknowledge that you have read and understood this policy.

1. Data We Collect

We collect the following categories of personal data:

  • Identity data: first name, last name.
  • Contact data: email address, phone number.
  • Delivery data: shipping address, billing address.
  • Transaction data: order history, order amounts, product details. We do not store card numbers, CVV codes, or full payment credentials — these are processed exclusively by WayForPay.
  • Account data: login email, encrypted password (if you create an account).
  • Technical data: IP address, browser type, operating system, pages visited, session duration, collected via cookies and server logs.
  • Communications data: any messages you send us via our contact form or email.

2. How We Collect Data

  • Directly from you when you place an order, create an account, or contact us.
  • Automatically via cookies and analytics tools when you browse our website.
  • From payment processors confirming successful or failed transactions — limited to transaction status and reference number.

3. How We Use Your Data

We use your personal data to:

  • Process and fulfil your orders, including dispatch and delivery.
  • Send order confirmations, shipping updates, and support communications.
  • Manage your account and authenticate logins.
  • Handle returns, refunds, and complaints.
  • Comply with legal and regulatory obligations (e.g. tax records, consumer protection law).
  • Prevent fraud and maintain the security of our systems.
  • Improve our website and product offering based on aggregated, anonymised analytics.

We will only send you marketing emails if you have explicitly opted in in accordance with CAN-SPAM and TCPA requirements. You can unsubscribe at any time via the link in any marketing email or by contacting us directly.

4. Payment Processing

All payment transactions are handled by WayForPay, a PCI DSS-compliant payment provider. We never receive, process, or store your full card number, expiry date, or CVV. We only receive confirmation of the payment outcome along with a transaction reference number.

5. Legal Basis for Processing

  • Contract performance: to process and deliver your orders.
  • Legal obligation: to comply with tax, accounting, and consumer protection requirements.
  • Legitimate interests: to prevent fraud, improve our services, and maintain website security.
  • Consent: for marketing communications (where you have opted in) and non-essential cookies.

6. Cookies

  • Essential cookies: required for the website to function (shopping cart, login session).
  • Analytics cookies: help us understand how visitors use our site. Used only with your consent.
  • Functional cookies: remember your preferences such as language.

You can manage or withdraw cookie consent at any time via your browser settings.

7. Data Sharing

We do not sell your personal data to third parties. We share data only where necessary:

  • Logistics partners: receive your name and delivery address to fulfil shipments.
  • Payment processor (WayForPay): receives data needed to process your payment securely.
  • IT service providers: hosting, email delivery, and CRM tools, bound by data processing agreements.
  • Legal authorities: where required by law or court order.

8. International Transfers

If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, such as standard contractual clauses, to protect your data.

9. Data Retention

  • Order and transaction records: retained for a minimum of 5 years.
  • Account data: retained while active, plus 2 years after the last login or order.
  • Marketing data: retained until you withdraw consent.
  • Technical/log data: typically retained for 90 days.

10. Your Rights

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your data, subject to legal retention requirements.
  • Restriction: request that we limit how we process your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us via our Contact page. We will respond within 30 days.

11. California Residents — CCPA/CPRA Rights

California residents have the right to:

  • Know what personal information is collected and how it is used.
  • Request deletion or correction of personal information.
  • Opt out of the sale or sharing of personal information.
  • Limit the use of sensitive personal information.
  • Non-discrimination for exercising privacy rights.

We do not sell personal information. We recognise Global Privacy Control (GPC) signals as opt-out requests where required by law.

12. Other US State Privacy Rights

Residents of certain US states may have rights to access, delete, correct their data or opt out of targeted advertising under applicable state law.

13. Children's Privacy

Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

14. Medical Disclaimer

Information on this website is provided for informational purposes only. Products are not intended to diagnose, treat, cure, or prevent any disease. Consult a physician before use.

15. FDA Disclaimer

Statements on this website have not been evaluated by the Food and Drug Administration (FDA).

16. Data Security

We implement HTTPS/TLS encryption, access controls, and regular security reviews to protect your personal data. No internet transmission is completely secure.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised "Last updated" date. Continued use of our website after changes constitutes your acceptance of the updated policy.

18. Contact

For any questions relating to this Privacy Policy, please use the contact details on our Contact page.