body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 15px; line-height: 1.75; color: #1a1a1a; max-width: 860px; margin: 0 auto; padding: 48px 24px 80px; } h1 { font-size: 28px; font-weight: 700; letter-spacing: -0.5px; margin: 0 0 6px; } .policy-meta { font-size: 13px; color: #666; margin-bottom: 36px; } .summary-box { background: #f5f8ff; border-left: 4px solid #101f3d; border-radius: 0 8px 8px 0; padding: 20px 24px; margin-bottom: 40px; } .summary-box h2 { font-size: 14px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px; margin: 0 0 12px; color: #101f3d; } .summary-box ul { margin: 0; padding-left: 18px; } .summary-box li { font-size: 14px; margin-bottom: 5px; } h2.section-title { font-size: 18px; font-weight: 700; margin: 48px 0 12px; padding-bottom: 10px; border-bottom: 1px solid #e5e5e5; color: #101f3d; } h3 { font-size: 15px; font-weight: 700; margin: 28px 0 8px; color: #1a1a1a; } p { margin: 0 0 14px; } ul, ol { margin: 0 0 14px; padding-left: 22px; } li { margin-bottom: 6px; } table { width: 100%; border-collapse: collapse; margin: 16px 0 24px; font-size: 14px; } th { background: #101f3d; color: #fff; padding: 10px 14px; text-align: left; font-weight: 600; } td { padding: 9px 14px; border-bottom: 1px solid #e8e8e8; vertical-align: top; } tr:nth-child(even) td { background: #fafafa; } .callout { background: #fff8e6; border: 1px solid #f0d080; border-radius: 6px; padding: 14px 18px; margin: 16px 0; font-size: 14px; } .callout strong { display: block; margin-bottom: 4px; } .callout-blue { background: #f0f6ff; border-color: #90b8f0; } .callout-green { background: #f0fff4; border-color: #8bcba6; } .toc { background: #fafafa; border: 1px solid #e5e5e5; border-radius: 8px; padding: 20px 24px; margin-bottom: 40px; } .toc h2 { font-size: 13px; font-weight: 700; text-transform: uppercase; letter-spacing: 0.5px; color: #666; margin: 0 0 12px; } .toc ol { margin: 0; padding-left: 18px; } .toc li { font-size: 13px; margin-bottom: 4px; } .toc a { color: #101f3d; text-decoration: none; } .toc a:hover { text-decoration: underline; } .provider-table th { font-size: 13px; } .provider-table td { font-size: 13px; } .rights-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 12px; margin: 16px 0 24px; } .rights-card { border: 1px solid #e0e8f0; border-radius: 8px; padding: 14px 16px; background: #fafcff; } .rights-card h4 { font-size: 13px; font-weight: 700; margin: 0 0 6px; color: #101f3d; } .rights-card p { font-size: 13px; color: #444; margin: 0; line-height: 1.5; } .contact-box { background: #101f3d; color: #fff; border-radius: 10px; padding: 24px 28px; margin-top: 48px; } .contact-box h2 { font-size: 16px; font-weight: 700; margin: 0 0 10px; color: #fff; } .contact-box p { font-size: 14px; color: rgba(255,255,255,0.85); margin: 0 0 6px; } .contact-box a { color: #9ecfff; } @media (max-width: 600px) { body { padding: 32px 16px 60px; } h1 { font-size: 22px; } .rights-grid { grid-template-columns: 1fr; } table { font-size: 13px; } th, td { padding: 8px 10px; } }

Privacy Policy

Derma Renewal Lab  ·  Last updated: May 21, 2026  ·  Applies to dermarenewallab.com and all associated services

1. Who We Are

Derma Renewal Lab operates the website dermarenewallab.com and sells the PDRN Micro-Infusion System directly to consumers in the United States. For the purposes of this Privacy Policy, "we," "us," and "our" refer to Derma Renewal Lab.

Our primary customer contact address for privacy matters is: support@dermarenewallab.com

This Privacy Policy applies to our operations in the United States and is governed by applicable US federal and state privacy law. We do not operate under the UK GDPR, EU GDPR, or any European data protection framework.

2. Scope of This Policy

This Policy applies to:

• All visitors to dermarenewallab.com
• Customers who place one-time or subscription orders
• Individuals who create an account on our website
• Individuals who subscribe to our email list
• Individuals who contact our support team

This Policy does not apply to the privacy practices of third-party websites linked from our website. We are not responsible for the content or privacy practices of those sites.

3. Information We Collect

We collect the following categories of personal information, which map to the categories defined under the California Consumer Privacy Act (CCPA) where applicable:

3.1 Identifiers

• Full name
• Email address
• Phone number (if provided)
• Billing address
• Delivery address
• IP address
• Account username
• Device identifiers

3.2 Commercial Information

• Products purchased or considered
• Order history and subscription history
• Payment method type and last four digits of card number (we do not store full card numbers — see Section 3.6)
• Transaction amounts, dates, and references
• Subscription tier, billing cadence, and renewal history

3.3 Internet and Electronic Network Activity

• Pages viewed, products viewed, time on page, click patterns
• Referral source (how you arrived at our website)
• Search terms used on our website
• Browser type and version
• Operating system and device type
• Time zone setting
• Cookie identifiers

3.4 Geolocation Data

• Approximate location derived from IP address (not precise GPS-level location)
• Delivery address (provided by you at checkout)

3.5 Communications and Inferences

• Messages, photographs, and information you send to our support team
• Skin concerns or preferences you choose to share voluntarily
• Email engagement data (opens, clicks) via our email service provider
• Inferences drawn from the above to build a profile for marketing personalisation purposes

3.6 What We Do Not Collect

• Full payment card numbers — All card details are processed directly by Shopify Payments under PCI-DSS Level 1 compliant infrastructure. We receive only a transaction reference and the last four digits.
• Social Security numbers or government ID numbers
• Precise real-time geolocation (GPS-level)
• Biometric data
• Health or medical records

4. How We Collect Information

4.1 Directly from You

We collect information you provide when you:

• Create an account or log in
• Place an order (one-time or subscription)
• Enter your email address to receive marketing communications
• Contact our support team by email or through a contact form
• Submit a review or feedback

4.2 Automatically When You Use Our Website

We use cookies, pixels, and similar tracking technologies to collect technical and behavioural information as you navigate our website. See Section 7 for full details.

4.3 From Third Parties

We may receive information about you from:

• Shopify Inc. — our e-commerce platform, confirming payment status, account data, and order processing information
• Klaviyo — our email service provider, relaying email engagement data (opens, clicks, unsubscribes)
• Meta (Facebook/Instagram) — advertising performance data and audience matching via the Meta Pixel, subject to your cookie consent preferences
• Shipping carriers (USPS, FedEx, UPS, and equivalent) — delivery status and tracking updates
• Payment processors — fraud signals and payment verification data

5. How We Use Your Information

5.1 To Fulfil Your Orders and Manage Your Subscription

• Process, fulfil, and ship your orders
• Manage subscription billing and recurring charges
• Send order confirmations, dispatch notifications, and delivery updates
• Send pre-renewal reminders as required by applicable automatic renewal law
• Process returns, exchanges, refunds, and warranty claims
• Respond to customer service enquiries

5.2 To Operate and Improve Our Business

• Analyse website performance and user behaviour to improve the customer experience
• Conduct A/B testing and conversion optimisation
• Detect, prevent, and investigate fraud, chargebacks, and abuse
• Maintain the security and integrity of our systems
• Enforce our Terms of Service and other policies
• Comply with applicable legal and regulatory obligations
• Maintain tax and accounting records as required by applicable US law

5.3 To Send You Marketing Communications

Where you have given us your email address and consented to marketing (or where you are an existing customer and we are promoting similar products), we may send you:

• Information about new products and formulations
• Exclusive offers, promotions, and loyalty rewards
• Educational content about PDRN skincare and your product
• Re-engagement and winback communications

You can opt out of marketing emails at any time using the unsubscribe link in any marketing email, or by emailing support@dermarenewallab.com. Opting out of marketing does not affect transactional emails required to fulfil your orders or manage your subscription.

5.4 To Serve You Relevant Advertising

Where you have consented to advertising cookies, we may use your browsing data to show you relevant advertisements on third-party platforms including Meta (Facebook and Instagram). This is done through the Meta Pixel, which shares certain technical identifiers with Meta. You can opt out through your cookie preferences or through Meta's own advertising controls. See Sections 7 and 9 for more detail.

5.5 To Comply with Legal Obligations

• Responding to lawful requests from law enforcement or regulatory bodies
• Maintaining records as required by federal and state tax law
• Cooperating with chargeback and fraud investigations
• Defending legal claims

6. Third-Party Service Providers

We share personal information with third-party service providers solely to the extent necessary to operate our business. We do not authorise these providers to use your data for their own marketing purposes. The following table identifies our main processors and what information they receive:

Provider	Purpose	Data Received	Location
Shopify Inc.	E-commerce platform, payment processing, customer accounts, subscription management	All order, account, and payment data	Canada / USA
Klaviyo Inc.	Email marketing, transactional emails, pre-renewal notifications, abandoned cart flows	Name, email address, order history, email engagement, subscription status	USA
Meta Platforms Inc.	Advertising (Facebook / Instagram), audience matching, conversion tracking via Meta Pixel	IP address, browser identifiers, purchase events, hashed email (where consented)	USA
Google LLC	Website analytics (Google Analytics)	Anonymised browsing behaviour, page views, referral source, device data	USA
Shipping Carriers (USPS, FedEx, UPS)	Order fulfilment and delivery	Name, delivery address, phone number, order reference	USA
Fulfilment Partners	Order picking, packing, and dispatch	Name, delivery address, order contents	USA
Fraud Prevention Tools	Risk scoring, chargeback prevention, identity verification for high-risk orders	IP address, order data, device fingerprint, billing address	USA
Accounting / Tax Software	Tax reporting, financial record-keeping	Transaction amounts, billing addresses, tax information	USA

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their own independent marketing or commercial purposes. The sharing described above is operational — it is limited to what is necessary to provide you with the products and services you have purchased.

6.2 Sharing for Advertising — CCPA "Sharing"

Under the California Consumer Privacy Act (CCPA), sharing personal information with advertising platforms like Meta for the purpose of cross-context behavioural advertising is classified as "sharing" even if no money changes hands. We engage in this activity through the Meta Pixel, which may transmit certain identifiers to Meta when you visit our website. California residents have the right to opt out of this sharing. See Section 9 for how to exercise this right.

6.3 Business Transfers

If Derma Renewal Lab undergoes a merger, acquisition, sale of assets, or restructuring, your personal information may be transferred to a successor entity as part of that transaction. We will notify you by email and by a notice on our website before your data is transferred and becomes subject to a different privacy policy.

6.4 Legal Disclosures

We may disclose personal information to government authorities, regulators, courts, or law enforcement agencies where we are required to do so by law or where we believe disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of our customers or the public.

7. Cookies and Tracking Technologies

7.1 What We Use

We use cookies, pixels, web beacons, and similar tracking technologies on our website. These are small files or code snippets placed on your device that allow us and our third-party partners to recognise your browser and capture certain information about your visit.

7.2 Categories of Cookies We Use

Category	Purpose	Can You Opt Out?
Strictly Necessary	Required for the website to function — shopping cart, account login, checkout, fraud prevention. These cannot be disabled without breaking the site.	No
Functional	Remember your preferences, language settings, and previously viewed products to improve your experience.	Yes
Analytics	Measure how visitors use our website (page views, session length, referral source). Used by Google Analytics. Data is anonymised or pseudonymised.	Yes
Advertising / Marketing	Track conversions and behaviour to show you relevant ads on third-party platforms (Meta, Google). Includes the Meta Pixel.	Yes

7.3 Managing Your Cookie Preferences

When you first visit our website, a cookie consent banner will allow you to accept or reject non-essential cookie categories. You can update your preferences at any time through the cookie settings link in our website footer.

You can also manage cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or be alerted when new cookies are set. Note that disabling strictly necessary cookies may prevent the website from functioning correctly.

7.4 Meta Pixel

We use the Meta Pixel on our website. This is a piece of code provided by Meta Platforms Inc. that allows us to measure the effectiveness of our Facebook and Instagram advertising by tracking actions taken on our website (such as page views, add-to-cart events, and purchases). The Meta Pixel may share certain technical identifiers — including your IP address and browser information — with Meta when you visit our website, even if you do not have a Facebook or Instagram account.

You can opt out of Meta's use of this data for advertising through:

• Your cookie preferences on our website (reject advertising cookies)
• Meta's Privacy Center and ad preferences controls
• The Digital Advertising Alliance's opt-out tool at optout.aboutads.info
• California residents: the "Do Not Sell or Share My Personal Information" link on our website (see Section 9)

7.5 Google Analytics

We use Google Analytics to understand how visitors use our website. Google Analytics collects anonymised data about your session and behaviour on our site. You can opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.

8. Email Marketing and CAN-SPAM

Derma Renewal Lab complies with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.) for all commercial email communications. Our marketing email practices:

• We do not use false or misleading header information
• We do not use deceptive subject lines
• We identify every commercial email as an advertisement where required
• Our physical mailing address is included in every commercial email
• Every commercial email contains a clear, working unsubscribe mechanism
• We honour opt-out requests promptly — within ten (10) business days of receipt

We use Klaviyo Inc. to send both transactional emails (order confirmations, shipping updates, subscription reminders) and marketing emails (promotions, new products, educational content). Klaviyo processes your email address and engagement data on our behalf under a data processing agreement.

To unsubscribe from marketing emails at any time:

• Click the unsubscribe link in any marketing email, or
• Email support@dermarenewallab.com with the subject line "UNSUBSCRIBE"

Unsubscribing from marketing emails does not affect transactional emails that are necessary to fulfil your orders, manage your subscription, or communicate security-relevant account information.

9. California Residents — Your CCPA Rights

9.1 Your Rights

9.2 CCPA Categories of Personal Information We Collect

The following table summarises the CCPA categories of personal information we collect, the purposes for which we collect it, and whether it is shared for advertising:

CCPA Category	Examples	Collected	Shared for Advertising
Identifiers	Name, email, IP address, account ID	Yes	Hashed email to Meta (if consented)
Commercial information	Order history, subscription data, products purchased	Yes	Purchase events to Meta (if consented)
Internet activity	Page views, click patterns, cookies	Yes	Yes — Meta Pixel, Google Analytics (if consented)
Geolocation	IP-derived approximate location, delivery address	Yes	IP address to Meta (if consented)
Inferences	Skincare preferences, product affinity profiles	Yes (via Klaviyo)	No
Financial information	Last 4 digits of card, transaction amounts	Yes (limited)	No

9.3 How to Submit a CCPA Request

To exercise any of your CCPA rights, contact us at support@dermarenewallab.com with the subject line "CCPA Privacy Request" and specify the right you wish to exercise. We will:

1. Acknowledge your request within ten (10) business days
2. Verify your identity using information associated with your account (we will not process requests we cannot verify)
3. Respond substantively within forty-five (45) calendar days. If we need more time, we will notify you and may extend by a further forty-five (45) days
4. Provide our response free of charge for requests made up to twice per 12-month period

You may also designate an authorised agent to submit requests on your behalf. Authorised agent requests must be accompanied by written authorisation signed by you, or a power of attorney.

9.4 Do Not Sell or Share My Personal Information

To opt out of the sharing of your personal information with Meta for cross-context behavioural advertising, use the "Do Not Sell or Share My Personal Information" link in the footer of our website, or email support@dermarenewallab.com with that subject line. We will implement your opt-out by disabling advertising cookies for your session and suppressing your data from being passed to advertising platforms going forward.

Note: opting out of advertising data sharing does not affect transactional data sharing necessary to fulfil your orders (e.g., sharing your address with a shipping carrier).

10. Residents of Other States

A growing number of US states have enacted consumer privacy laws that grant residents rights similar to those described in Section 9 for California residents. These include:

• Virginia — Consumer Data Protection Act (CDPA)
• Colorado — Colorado Privacy Act (CPA)
• Connecticut — Connecticut Data Privacy Act (CTDPA)
• Texas — Texas Data Privacy and Security Act (TDPSA)
• Other states — Privacy law is evolving rapidly at the state level across the US

If you are a resident of any state with an applicable consumer privacy law and wish to exercise rights under that law — including rights to access, correct, delete, or opt out of targeted advertising — please contact us at support@dermarenewallab.com with the subject line "State Privacy Request" and identify your state. We will assess and respond to your request in accordance with the law applicable to your state of residence.

11. Children's Privacy

Our website, products, and services are not directed to children under the age of thirteen (13). We do not knowingly collect personal information from children under 13.

We comply with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501 et seq.). If we learn that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete that information as quickly as practicable.

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at support@dermarenewallab.com with the subject line "Child Privacy" and we will take prompt action to delete the data.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:

• SSL/TLS encryption across all pages of our website
• PCI-DSS Level 1 compliant payment processing through Shopify Payments — full card details are never stored on our systems
• Access controls ensuring that only authorised personnel can access customer data, limited to what is necessary for their role
• Regular security assessments of our website and third-party providers
• Strong password requirements for customer accounts

No method of electronic transmission or storage is 100% secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

In the event of a data breach that creates a risk to your personal information, we will notify affected individuals in accordance with applicable state breach notification laws, which typically require notification within thirty (30) to sixty (60) days depending on the state.

13. Data Retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements.

Data Category	Retention Period	Reason
Order and transaction records	7 years from order date	US federal and state tax law requirements
Subscription and billing records	7 years from last transaction	Tax law, dispute resolution
Customer account data	Until account closure, plus 1 year	Operational continuity, dispute resolution
Marketing email list	Until unsubscribe, or 3 years of inactivity	CAN-SPAM compliance, relevance
Customer support correspondence	3 years from last contact	Dispute resolution, service improvement
Returns and refund records	7 years	Tax law, dispute resolution
Chargeback and dispute evidence	7 years from dispute resolution	Legal protection, regulatory compliance
Google Analytics data	26 months (Google's default)	Analytics usage
Advertising cookie data	As set per cookie category (typically 90–180 days)	Ad campaign measurement

After the applicable retention period, we will either securely delete your personal information or anonymise it so that it can no longer be associated with you. Anonymised data may be retained for longer periods for aggregate analytics purposes.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, applicable law, or business operations. The "Last updated" date at the top of this page indicates when the most recent version was published.

Where changes are material — for example, a change to what data we collect, a new category of third-party sharing, or a change to your rights — we will notify you by email at the address on your account at least fourteen (14) calendar days before the change takes effect, and will post a prominent notice on our website.

For non-material changes (typographical corrections, clarifications that do not affect your rights, updated contact details), we may update the Policy without advance notice. Continued use of our website or services after an updated Policy is posted constitutes acceptance of the updated terms.

15. Contact and Privacy Requests