Get Your Blueprint

Privacy Policy

This Privacy Policy describes how Central Health Supply LLC (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

  • Examples of Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
  • Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
  • Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
  • Disclosure for a business purpose: shared with our processor Shopify and our payment processors, such as Stripe or QuickBooks.

Order information

  • Examples of Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
  • Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: shared with our processor Shopify and/or our payment processors Stripe and QuickBooks.

Customer support information

  • Examples of Personal Information collected: name, email address, phone number, and order number.
  • Purpose of collection: to provide customer support.
  • Source of collection: collected from you.
  • Disclosure for a business purpose: our processor Shopify and/or our payment processors such as Stripe and QuickBooks.

MINORS

The Site is not intended for individuals under the age of 16. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address below to request deletion.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

  • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
  • We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

BEHAVIOURAL ADVERTISING

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

  • We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
  • We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
  • We collect your email and other information to send personalized emails with offers or information we believe may be of interest to you.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.

Digital Marketing Services

In addition to our e-commerce operations, Central Health Supply LLC (“CHS,” “we,” or “us”) provides digital marketing services to business clients, including social media management and advertising management. This section describes how we collect, use, and protect data in connection with those services.

Important Note Regarding Healthcare Clients

Many of our clients are healthcare practices, including chiropractic offices. Our marketing services are strictly limited to marketing and advertising data. We do not collect, access, store, or process any protected health information (PHI), electronic health records (EHR), patient data, appointment records, medical histories, treatment information, or any other data that would be subject to HIPAA or similar healthcare privacy regulations. Our services operate entirely outside of any clinical systems. We have no access to our clients’ patient management systems, billing systems, or health records of any kind.

Services We Provide

We provide the following marketing services on behalf of our business clients:

  • Social media management: Managing Facebook Pages and Instagram Business accounts, including content creation, publishing, and performance tracking
  • Advertising management: Managing Google Ads campaigns, including campaign setup, optimization, and performance reporting
  • Email marketing: Managing email newsletters and campaigns on behalf of clients, including content delivery, audience management, and performance tracking

Data We Collect Through Meta Platforms

When providing social media management services, we access the following data through the Meta Graph API:

Page and account information

  • Facebook Page name and Page ID
  • Instagram Business Account ID
  • Basic account details necessary to identify and manage the accounts

Content publishing data

  • Posts, images, and captions that we create and publish on behalf of the client
  • Post IDs and publishing timestamps

Performance metrics

  • Post-level metrics including views, interactions (likes, comments, shares, saves), and engagement rates
  • Account-level metrics including follower counts and profile activity
  • We collect these metrics to measure content performance, generate client reports, and improve our content strategy

How we access client Meta accounts

Our clients authorize us to access their Facebook Pages and Instagram Business accounts by sharing their Page assets with our Meta Business Manager. This is a deliberate action taken by the client or their authorized representative. We do not access any accounts without explicit client authorization.

Clients may revoke our access at any time by removing Central Health Supply from their Meta Business Manager. Doing so immediately stops all data collection, content publishing, and metrics retrieval for that account.

Data We Collect Through Google Ads

When providing advertising management services, we access the following data through the Google Ads API:

Account and campaign information

  • Google Ads account ID and account name
  • Campaign names, settings, and configurations
  • Ad group and keyword structures

Advertising performance metrics

  • Campaign-level metrics including impressions, clicks, cost, conversions, and click-through rates
  • Keyword performance data
  • Geographic and demographic performance breakdowns (as provided by Google Ads — these are aggregated and anonymized by Google before we receive them)
  • Conversion tracking data tied to advertising campaigns

How we access Google Ads accounts Our clients grant us access to their Google Ads accounts by adding our manager account (MCC) as a linked manager. This is a deliberate action taken by the client or their authorized representative. Clients may revoke our access at any time by removing the manager link in their Google Ads settings.

Data We Collect Through Email Marketing Platforms

When providing email marketing services, we access the following data through our email service provider(s):

Subscriber information

  • Email addresses and subscriber names as provided to us by the client
  • Subscriber list segments and preferences
  • We do not independently collect email addresses from individuals — all subscriber data originates from the client’s existing customer or prospect lists

Campaign performance metrics

  • Send, delivery, open, and click-through rates
  • Unsubscribe and bounce rates
  • Link click activity (which links within an email were clicked)

How we access email subscriber data Our clients provide subscriber lists to us directly, or grant us access to their existing email platform account. Clients retain ownership of their subscriber lists at all times. We do not add subscribers to any list without the client’s direction, and we do not use subscriber lists from one client for any other client or purpose.

How We Use This Data

We use data collected from Meta platforms, Google Ads, and email marketing platforms solely to provide digital marketing services to our business clients. Specifically, we use this data to:

  • Publish content to our clients’ Facebook Pages and Instagram accounts on their behalf
  • Manage and optimize Google Ads campaigns on our clients’ behalf
  • Send email newsletters and campaigns to our clients’ subscriber lists on their behalf
  • Collect and analyze performance metrics for content, advertising, and email campaigns we manage
  • Generate performance reports for our clients
  • Improve the quality and effectiveness of the content and campaigns we create by analyzing aggregated, anonymized performance trends across our client base

We do not use platform data for any purpose unrelated to providing digital marketing services to our clients. We do not sell any platform data to third parties.

Data Sharing

We do not sell any platform data (Meta or Google) to any third party. Platform data may be shared with the following categories of service providers solely for the purpose of delivering our services:

  • Cloud infrastructure providers (for secure data storage and processing)
  • The client whose account the data pertains to (via performance reports)

All service providers are contractually required to protect the data and use it only for the purposes described above.

Data Retention and Deletion

We retain platform data for as long as the client relationship is active and for a reasonable period afterward to fulfill any remaining reporting obligations.

When a client terminates their marketing services with us, we take the following steps within 90 days of termination:

  • Identifiable account data is deleted. This includes Page IDs, account IDs, access credentials, and any data that could be used to identify the specific client or their accounts.
  • Aggregated performance data may be retained. We may retain anonymized, aggregated performance metrics (such as engagement rates, content performance scores, and trend data) that can no longer be associated with a specific client, account, or individual. This data is used solely to improve the quality of our services.

Clients may request deletion of all their data — including aggregated data — by contacting us using the contact information provided at the bottom of this policy. We will honor such requests within 30 days.

If Meta or Google requests deletion of specific data, we will comply promptly in accordance with the applicable platform’s terms and policies.

Data Security

We protect all platform data using industry-standard security measures, including:

  • Encrypted data storage and transmission
  • Access controls limiting data access to authorized personnel only
  • Secure credential management for API access tokens
  • No storage of end-user personal information (we manage business Pages and ad accounts, not individual user accounts)

Who Can Use Our Marketing Tools

Our Meta application and Google Ads integrations are internal business tools used exclusively by Central Health Supply to provide services to our business clients. They are not publicly available applications. Only accounts that have been explicitly shared with or linked to Central Health Supply by the account owner are accessible through our tools.

Children’s Privacy

Our digital marketing services are provided to businesses, not to individuals. We do not knowingly collect personal information from children through our marketing services.

Your Rights

If you are a business client whose account data we manage, you have the right to:

  • Access the data we hold about your accounts by requesting a copy from us
  • Delete your data by terminating your service agreement or contacting us directly
  • Revoke access to your accounts at any time by removing Central Health Supply from your Meta Business Manager, unlinking our manager account in Google Ads, and/or revoking access to your email marketing platform

Using Personal Information

We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

LAWFUL BASIS

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

  • Your consent;
  • The performance of the contract between you and the Site;
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests, which do not override your fundamental rights and freedoms.

RETENTION

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

AUTOMATIC DECISION-MAKING

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
  • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

Your rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information below.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address below.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

COOKIES NECESSARY FOR THE FUNCTIONING OF THE STORE

NameFunction
_abUsed in connection with access to admin.
_secure_session_idUsed in connection with navigation through a storefront.
cartUsed in connection with shopping cart.
cart_sigUsed in connection with checkout.
cart_tsUsed in connection with checkout.
checkout_tokenUsed in connection with checkout.
secretUsed in connection with checkout.
secure_customer_sigUsed in connection with customer login.
storefront_digestUsed in connection with customer login.
_shopify_uUsed to facilitate updating customer account information.

REPORTING AND ANALYTICS

NameFunction
_tracking_consentTracking preferences.
_landing_pageTrack landing pages
_orig_referrerTrack landing pages
_sShopify analytics.
_shopify_fsShopify analytics.
_shopify_sShopify analytics.
_shopify_sa_pShopify analytics relating to marketing & referrals.
_shopify_sa_tShopify analytics relating to marketing & referrals.
_shopify_yShopify analytics.
_yShopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above.

DO NOT TRACK

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Contact

For more information about our privacy practices, to request data records or deletion, if you have questions, or if you would like to make a complaint, please contact us using our contact page here.

Last updated: 3/29/2026

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: https://www.usa.gov/privacy