Skip to content

Legal ·

Privacy policy.

Ox Research Labs LLC (“we”) operates oxresearchlabs.com. This policy explains what personal information we collect, how we use it, who we share it with, and what controls you have. We collect only what we need to run the site, ship orders, and comply with the law.

What we collect

Account information

  • Name and email address you provide when registering.
  • A hashed password (we never store your plaintext password).
  • Shipping address and phone number, if you provide one for an order.
  • Order history (SKUs, lots, dates, amounts, status).

Site usage

  • Session cookies required to keep you signed in. These are first-party, HttpOnly, and marked Secure.
  • Server logs of pages requested, response codes, IP address, user agent, and timestamps. Used for security monitoring and rate limiting.
  • We do not run advertising or social-media tracking pixels. We do not use Google Analytics. We may use minimal first-party analytics or none at all.

Communications

  • Emails you send us (support, order questions) and our replies. We retain these for customer-service history.

How we use it

  • To create and manage your account.
  • To process, ship, and support your orders.
  • To respond to your questions.
  • To detect, prevent, and respond to fraud, abuse, or security incidents.
  • To comply with applicable laws and respond to legitimate legal requests.

We do not sell your personal information. We do not share it with advertisers or data-brokers.

Who we share it with

We share information only with service providers we use to operate the site, under confidentiality and data-processing terms:

  • Vercel (web hosting).
  • Neon (database).
  • Cloudflare (DNS, edge, and admin-access security).
  • Resend (transactional email).
  • Carrier(s) we use to ship your order (USPS, UPS, FedEx, etc.) for delivery only.

We will disclose information when required by valid legal process, when we believe in good faith disclosure is necessary to comply with the law, or to protect rights, safety, or property.

How long we keep it

  • Account data: while your account is active, plus a reasonable period after closure.
  • Order records: at least 7 years for tax and dispute purposes.
  • Server logs: typically 30–90 days.
  • Support emails: typically 2 years.

How we protect it

  • Database hosted on a managed Postgres provider, encrypted at rest.
  • All site traffic over HTTPS with HSTS.
  • Admin access fronted by Cloudflare Zero Trust with SSO and rate-limited login.
  • Strict access controls on every database collection so customers can only read or modify their own records.
  • Passwords stored as one-way bcrypt/argon2 hashes.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the appropriate regulators as required by law.

Your choices

  • You can update your name, email, password, or shipping address by signing in and editing your account.
  • You can request a copy of the data we hold about you, or its deletion, by emailing [email protected]. We may retain information we are legally required to keep (order records, tax records, audit logs).
  • You can opt out of non-transactional emails at any time. Order- and account-related emails (e.g., shipping confirmations, password resets) are mandatory while you have an account.

Cookies

We use cookies that are strictly necessary to make the site work: session cookies for sign-in, and CSRF protection. We do not use cross-site tracking cookies.

Children

The site is not intended for anyone under 18. We do not knowingly collect information from minors. If we discover that we have, we will delete it.

Outside the US

We currently operate only in the United States. If you access the site from elsewhere, information you submit is processed in the US.

Changes

We may update this policy. Material changes will be reflected in the “Updated” date at the top.

Contact

Privacy questions: [email protected].