Privacy Policy

Last Updated: February 17, 2026

At URVI GmbH (“URVI,” “we,” “us,” or “our”), we take your privacy seriously. Please read this Privacy Policy to learn how we treat your Personal Data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use, and share your information as described in this Privacy Policy.

Remember that your use of URVI’s Services is at all times subject to our Terms and Conditions (the “Terms”), which incorporate this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms.

Scope note (U.S.): This Privacy Policy applies to individuals who access or use our Services from within the United States. If you are located in the European Economic Area, United Kingdom, or Switzerland, please consult our EU/UK privacy notice (if available) for GDPR-required disclosures.

You may print a copy of this Privacy Policy by using your browser’s print function.

Privacy Policy Table of Contents

  • What this Privacy Policy Covers

  • Personal Data

  • Categories of Personal Data We Collect

  • Categories of Sources of Personal Data

  • Our Commercial or Business Purposes for Collecting Personal Data

  • How We Disclose Your Personal Data

  • Cookies and Targeted Advertising

  • Data Security

  • Data Retention

  • Personal Data of Children

  • U.S. State Privacy Rights

  • Exercising Your Rights Under U.S. State Privacy Laws

  • Transfers of Personal Data

  • Changes to this Privacy Policy

  • Contact Information

What this Privacy Policy Covers

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personal information,” “personally identifiable information,” or “sensitive personal information” under applicable data privacy laws.

This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage, including third-party websites, apps, or services that you may access through links from our Services (for example, social media platforms or marketplaces like Amazon).

Personal Data

Categories of Personal Data We Collect

This chart details the categories of Personal Data that we may collect and/or may have collected over the past 12 months:

Category of Personal Data (and Examples) Business or Commercial Purpose(s) for Collection Categories of Third Parties With Whom We Share this Personal Data
Profile or Contact Data (e.g., first/last name, email address, phone number, billing/shipping address) Providing, Customizing and Improving the Services; Processing Transactions; Managing Subscriptions; Marketing; Corresponding with You; Fraud/Security Service Providers; Payment Processors; Shipping/Fulfillment Partners (if applicable); Advertising Partners; Parties You Authorize
Account Data (e.g., login credentials, unique identifiers, subscription preferences, customer support history) Providing Services; Managing accounts and subscriptions; Customer support; Security; Compliance Service Providers; Parties You Authorize
Payment Data (e.g., payment method type, last 4 digits, billing details; tokenized payment identifiers; transaction timestamps) Processing orders; Recurring billing for subscriptions; Fraud prevention; Customer support Payment processors and related service providers (we generally do not store full card numbers)
Commercial Data (e.g., products purchased, subscription status, renewal dates, order history, returns/refunds where applicable) Fulfilling orders; Managing subscriptions; Customer support; Analytics; Marketing (where permitted) Service Providers; Fulfillment/Shipping Partners (if applicable); Advertising Partners (limited); Parties You Authorize
Device/IP Data (e.g., IP address, device ID, browser/OS, approximate location inferred from IP) Security; Fraud prevention; Analytics; Marketing; Ad measurement Service Providers; Analytics Providers; Advertising Partners
Web Analytics / Usage Data (e.g., pages viewed, clickstream, referrer URLs, cookie/pixel/SDK events) Site analytics; Improving Services; Marketing; Ad measurement; Debugging Service Providers; Analytics Providers; Advertising Partners
Customer Communications (e.g., emails, chat messages, form submissions, reviews) Customer support; Corresponding with you; Quality assurance; Compliance Service Providers; Professional advisors; Authorities where required by law
Social Network Data (if you interact with us on social media) Marketing; Corresponding with you; Community management Social platforms; Service Providers
Text Messaging Data (if applicable) (e.g., phone number, consent status, message interactions) Sending requested texts; Customer support; Marketing (with consent where required) Messaging service providers; Carriers (as applicable)

Important clarifications

  • We generally do not receive or store your full payment card number; our payment processor(s) handle that directly, and we receive limited details (like last four digits) and transaction metadata.

  • If you purchase URVI products through a third-party marketplace (e.g., Amazon), that marketplace separately collects and controls transaction data under its own privacy policy.

Sensitive Personal Information / Sensitive Data
We do not intentionally collect “Sensitive Personal Information” (as defined by the CPRA) such as Social Security numbers, government IDs, precise geolocation, biometric identifiers, or health/medical information through the normal operation of the U.S. webshop.
If you choose to include sensitive information in free-text fields (e.g., in support messages), you disclose it at your own discretion.

If you in fact collect health-condition information (even “I have X condition, can I take this?” via forms), your intake flows should be reviewed for “consumer health data” laws (notably Washington’s MHMD). This draft is written to avoid stating you collect health data unless you truly do.

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

You

  • When you create an account, place an order, start a subscription, or manage subscription preferences.

  • When you provide information via checkout, forms, surveys (if offered), or customer support.

  • When you sign up for newsletters or (if offered) SMS/text messaging.

  • When you post reviews or submit content (if any portion is public, it may be visible to others).

Automatically (When You Use the Services)

  • Through cookies and similar technologies (see “Cookies and Targeted Advertising”).

  • Through device/browser data and usage logs.

Third Parties

  • Payment processors (confirmation and fraud signals; tokenized payment references).

  • Shipping/fulfillment partners (delivery status information) if you fulfill orders directly.

  • Advertising partners (e.g., Google/Meta/TikTok) and analytics providers (ad measurement, attribution).

  • Platforms you use to operate the webshop (e.g., ecommerce hosting, customer service tools, email providers).

Our Commercial or Business Purposes for Collecting Personal Data

Providing, Customizing and Improving the Services

  • Creating and managing accounts and customer profiles.

  • Processing orders, billing, subscription renewals, refunds, and chargebacks.

  • Providing customer support and responding to inquiries.

  • Managing subscription preferences, renewal schedules, and related communications.

  • Improving the Services, including testing, research, analytics, and product development.

  • Personalizing content and communications based on your interactions and preferences.

  • Fraud protection, security, debugging, and maintaining the integrity of the Services.

Marketing the Services

  • Sending marketing communications (subject to your choices and applicable law).

  • Delivering and measuring advertisements, including targeted advertising where permitted.

  • Running promotions (if offered) and measuring performance.

Corresponding with You

  • Sending transactional emails (order confirmations, subscription renewals, account notices).

  • Sending service-related messages and updates.

  • Responding to requests and feedback.

Other Permitted Purposes

We may also use or disclose Personal Data to comply with law, enforce legal terms, protect rights and safety, prevent fraud or security incidents, respond to legal process, and resolve disputes.

We will not collect additional categories of Personal Data or use Personal Data for materially different, unrelated, or incompatible purposes without providing notice or obtaining consent where required by law.

How We Disclose Your Personal Data

We disclose your Personal Data to the categories of service providers and other parties listed in this section. Depending on the laws applicable to you, some disclosures may constitute a “sale,” “share,” or use for “targeted advertising” as defined by certain U.S. state privacy laws.

Service Providers

These parties help us provide the Services or perform business functions on our behalf, such as:

  • Website hosting, infrastructure, and technology providers

  • Customer support and communications tools

  • Security and fraud prevention providers

  • Analytics providers (including those unrelated to targeted advertising)

  • Email delivery and (if applicable) SMS/text messaging providers

Payment Processors

Our payment processor(s) collect and process your payment information to complete transactions and recurring subscription charges. Their use of your payment information is governed by their own privacy practices.

Fulfillment and Delivery Providers (If Applicable)

If URVI fulfills orders directly (rather than via a marketplace), we disclose relevant contact and shipping information to logistics partners to deliver your purchases.

Advertising Partners

We may disclose identifiers and internet/network activity (often via cookies/pixels) to advertising partners for ad delivery, attribution, and measurement, and for targeted advertising where permitted by law and subject to your opt-out rights.

Parties You Authorize, Access or Authenticate

If you connect third-party services to our Services (where offered), we may disclose Personal Data to those third parties at your direction.

Legal Obligations and Rights Protection

We may disclose Personal Data to governmental authorities or other parties to comply with legal obligations or protect rights, safety, and property.

Business Transfers

Personal Data may be transferred in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to applicable law.

Data That Is Not Personal Data

We may create aggregated, de-identified, or anonymized data and use it for our lawful business purposes. We do not attempt to re-identify de-identified data except as permitted by law.

Cookies and Targeted Advertising

Our Services use cookies and similar technologies such as pixels, tags, web beacons, and SDKs (collectively, “Cookies”) to recognize your browser, understand how you use the Services, analyze trends, measure marketing effectiveness, and improve the Services. We may also receive information from third parties that place cookies on your device.

Types of Cookies We Use

  • Essential Cookies: required for core site functionality.

  • Functional Cookies: remember preferences and settings.

  • Performance/Analytical Cookies: help us understand site usage and improve.

  • Advertising Cookies: support advertising delivery, attribution, and targeted advertising.

Your Choices

You can control cookies and certain disclosures in several ways:

  • Use Cookie Settings (if available) on our site.

  • Use the “Do Not Sell or Share My Personal Information” (or “Your Privacy Choices”) link (if available).

  • Adjust browser settings to block or delete cookies.

  • Use Global Privacy Control (GPC). Where required by law, we treat GPC as an opt-out of “sale/sharing” for targeted advertising for that browser/device.

Data Security

We use appropriate physical, technical, organizational, and administrative safeguards designed to protect Personal Data. However, no method of transmission or storage is completely secure.

Data Retention

We retain Personal Data for as long as necessary to provide the Services or for legitimate business purposes such as compliance, dispute resolution, fraud prevention, and enforcing agreements.

Examples:

  • We retain account and subscription information while your account/subscription is active and for a reasonable period thereafter.

  • We retain transaction and billing records as required for accounting, tax, chargeback management, and legal compliance.

  • We retain device/IP and analytics data for periods typically ranging from 6–24 months, subject to tool settings and legal requirements.

We may retain certain information in aggregated or de-identified form for longer periods.

Personal Data of Children

The Services are not directed to children under 13, and we do not knowingly collect Personal Data from children under 13. If you believe a child has provided Personal Data to us, please contact us and we will take appropriate steps consistent with applicable law.

U.S. State Privacy Rights

If you reside in certain U.S. states that provide consumer privacy rights (including California and other states with comprehensive privacy laws), you may have certain rights, subject to exceptions:

  • Access: request confirmation of and access to Personal Data.

  • Deletion: request deletion of Personal Data we collected from you.

  • Correction: request correction of inaccurate Personal Data.

  • Portability: request a portable copy of your Personal Data (where required).

  • Opt-Out of Targeted Advertising: opt out of processing for targeted advertising.

  • Opt-Out of “Sale” / “Share”: opt out of “selling” or “sharing” as defined by applicable law.

  • Non-Discrimination: we will not discriminate for exercising your rights.

  • Appeals: in certain states, you may appeal a denial of your request.

“Sale,” “Share,” and Targeted Advertising

We do not sell Personal Data for monetary consideration. However, under certain state laws, some disclosures of identifiers and internet/network activity to advertising partners via cookies/pixels may be considered a “sale” or “share” or use for “targeted advertising.” You can opt out as described below.

Sensitive Personal Information

We do not use or disclose “Sensitive Personal Information” for purposes that require a “Limit the Use of My Sensitive Personal Information” link under the CPRA because we do not process it for those restricted purposes.

Nevada

Nevada residents may opt out of certain “sales” as defined by Nevada law. We do not currently engage in sales as defined by Nevada Revised Statutes Chapter 603A for monetary consideration.

Exercising Your Rights Under U.S. State Privacy Laws

You (or an authorized agent, where permitted) can make a request by:

  • Submitting a request at: /us/privacy-requests (or your designated U.S. privacy request page)

  • Emailing: privacy@ur-vi.com

Your request must include sufficient information for us to verify your identity and understand your request. We may request additional information for verification. We will use Personal Data provided in a request only to verify identity and fulfill the request.

We will respond within the timeframe required by applicable law. We may charge a reasonable fee or refuse requests as permitted by law (e.g., manifestly unfounded or excessive requests).

Authorized Agents

Where permitted, you may authorize an agent to submit a request on your behalf. We may require proof of authorization and may also verify your identity directly.

Appeals

Where required by law, if we deny your request you may appeal by emailing privacy@ur-vi.com with the subject line: “[STATE] Appeal” and sufficient information to identify the original request.

Transfers of Personal Data

Our Services may be hosted and operated in the United States and Germany, and we and our service providers may process Personal Data in other jurisdictions. If you use the Services, you understand your information may be transferred to and processed in countries with different privacy laws. Where required, we rely on appropriate safeguards for such transfers.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will post the updated Policy on the Services and update the “Last Updated” date. Your continued use of the Services after changes become effective means you accept the revised Policy.

Contact Information

URVI GmbH
Besselstr. 13, 10969 Berlin, Germany
Phone: +49 155 10647144
Email: privacy@ur-vi.com