Privacy Policy

Last Modified: February 7, 2025

ULO, INC. (“ULO,” “we,” “us,” or “our”) values its customers, their information, their privacy, and their trust. This Privacy Policy (“Policy”) applies to Personal Identifiable Information (“PII”) and Protected Health Information (“PHI”) collected online from users of the ULO’s Site www.ulo.co. (the “Site”) and explains how we collect, use, and protect that information. This Policy applies to ULO’s collection, use, processing, storage, and transfer of information from the Site. For the purposes of this Policy, unless otherwise noted, all references to the Site, includes email correspondence or ULO’s online forms and other electronic messages between you and the Site.

Throughout this Policy, we refer to the term “PII and PHI.” “PII and PHI” means data which identifies, describes, is associated with, or could be linked to an individual, such as a name, birthdate, postal address, email address, telephone number, driver’s license number, Social Security Number or other government-issued identification number, credit card number, or other unique identifiers.

PII and PHI does not include anonymous or aggregated data that can no longer be used to identify a specific person, even if combined with other data. Also, we may collect information related to businesses, companies, institutions, or other entities rather than individuals (“Business Information”). We do not consider Business Information, such as title, employer’s name, work email, work phone number, work address, and other similar business information, to be PII and PHI.

Please note that the products and services offered on this Site are intended for users who reside in the United States. If you visit our Site from a country outside the United States, please note that the data protection laws in the country in which you reside may be different from the data protection requirements in the United States. Information that we may collect from you in connection with your use of this Site will be processed in accordance with federal and state laws of the United States.

Information We Collect and How We Use It Under the Health Insurance Portability and Accountability Act (“HIPAA”)  

We collect information about you in several ways: 1) directly from you; 2) indirectly from you via your use of the Site; and 3) from third parties.

Information Collected Directly From You

When you contact us through our Site or online forms, we will collect certain PII and PHI about you so that we may verify your identity, adequately respond to your inquiry or assist you in purchasing products. To do this, we collect information from you when you visit our Site, send us questions or communicate with us through the Site, register with us, place an order, fill out a form, or in connection with other activities, services, features, or resources we make available on the Site. We may collect your first and last name, email address, phone number, date of birth, and the contents of any messages you may send us. The information we collect and the purpose associated is as follows:

 

Activity

Information Collected

Access the Site

Name, email address, phone number, physical address

Place an order

Name, email address, phone number, physical address, credit card information

Register with the Site

Name, email address, physical address

Sign up to receive communications

Contents of the form

Communicate through the Site

Name, email address, contents of your inquiry to us

The personal information we collect from you is used to provide you with our products and services in a timely manner.

Information Collected Indirectly from You

When you visit our Site, we may collect information about your visit and maintain that information in our web server logs, which are records of the activities on our Site. The servers automatically capture and store the information electronically. Examples of the information we may collect include: Internet Protocol (IP) address; browser type and language; Internet Service Provider (ISP), referring and exit Sites and applications; Sites viewed while on the Site; operating system; date/time stamp of activity; clickstream data; whether you are a first-time or a returning user; links you clicked on while in the Site; and your flow and navigation path through the Site. We use this information in a deidentified and aggregated fashion to help us administer the site, analyze its usage, protect the Site and its content from inappropriate use, and improve your Site experience.

In some parts of our Site and through email messages, you will find a “click-through URL” linked to content on our Site. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click such links in our email messages.

Cookies

We use technologies, such as “cookies,” so we can remember certain information about you, remember your preferences, or recognize you when you return to the Site. Cookies also help us compile aggregate data about Site traffic and Site interaction so that we can improve our Site and protect our Site from fraud.

A cookie is a text file that is stored on your computer. As text files, cookies cannot read information on your hard drive, run programs, or deliver viruses to your computer. 

Most browsers are set to accept cookies automatically. You can set your browser to decline all cookies automatically or to prompt you for a response each time a cookie is offered. If you decline cookies, you may find that you cannot access all our Site’s features.

During your browsing session, we use “session” cookies to store information and monitor Site function. These session cookies are installed during your browsing session and are deleted when the browsing session has ended.

 

Cookie

When Deleted

Purpose

_ab

1y

Used to control when the admin bar is shown on the storefront.

_abv

1y

Persist the collapsed state of the admin bar.

_checkout_queue_token

1y

Used when there is a queue during the checkout process.

_cmp_a

1d

Used for managing customer privacy settings.

_identity_session

2y

Contains the identity session identifier of the user.

_master_udr

session

Permanent device identifier.

_pay_session

session

The Rails session cookie for Shopify Pay

_secure_account_session_id

30d

Used to track a customer's session for new customer accounts.

_session_id

2y

Used for providing reporting and analytics.

_shopify_country

30min

Used for Plus shops where pricing currency/country is set from GeoIP by helping avoid GeoIP lookups after the first request.

_shopify_essential

1y

Contains essential information for the correct functionality of a store such as session and checkout information and anti-tampering data.

_storefront_u

1min

Used to facilitate updating customer account information.

_tracking_consent

1y

Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region.

auth_state_<<id>>

25min

Stores state for customer authentication.

card_update_verification_id

20min

Used to support verification when a buyer is redirected back to Shopify after completing 3D Secure during checkout.

cart

2w

Contains information related to the user's cart.

cart_currency

2w

Used after a checkout is completed to initialize a new empty cart with the same currency as the one just used.

cart_sig

2w

A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations.

cart_ts

2w

Used in connection with checkout.

cart_ver

2w

Set every time a cart is updated and used to track cart version mismatches.

 

 

 

checkout

21d

Used in connection with checkout.

checkout_one_remember_me

1y

Used to prefill checkout with the details from the previous checkout.

checkout_prefill

5min

Encrypts and stores URL parameters containing PII which are used in cart permalink URLs.

checkout_session_lookup

3w

Used in connection with checkout.

checkout_session_token_<<id>>

3w

Used when a checkout session is established on the server.

checkout_token

session

Captures the landing page of the visitor when they come from other sites.

customer_account_locale

1y

Used to keep track of a customer account locale when a redirection occurs from checkout or the storefront to customer accounts.

customer_payment_method

Stores what payment method is being updated for subscriptions.

1h

customer_shop_pay_agreement

Used to help verify a new Shop Pay payment instrument.

20min

device_fp_id

Device fingerprint identifier to help prevent fraud.

session

device_id

Session device identifier to help prevent fraud.

session

discount_code

Stores a discount code (received from an online store visit with a URL parameter) in order to the next checkout.

session

dynamic_checkout_shown_on_cart

Adjusts checkout experience for buyers that proceed with regular checkout versus dynamic checkout.

30min

hide_shopify_pay_for_checkout

Set when a buyer dismisses the Shop Pay login modal during checkout, informing display to buyer.

session

 

We also use log files when you visit our Site. Log files track IP addresses, browser type, Internet Service Provider (ISP) identity, referring/exit pages, platform type, date/time stamp, and number of clicks. We utilize this information in our legitimate interest in administering the Site, preventing fraud, tracking Site navigation in the aggregate, and gathering broad demographic information for aggregate use.

Pixel Tracking

In addition to using Cookies, the Site may employ “pixel tracking,” a common process which may be used in connection with advertisements on other sites. Pixel tracking involves the use of pixel tags that are not visible to the user and consist of a few lines of computer code. Pixel tracking measures the effectiveness of advertisements and compiles aggregate and specific usage statistics. A “pixel tag” is an invisible tag placed on certain pages of Sites that is used to track an individual user’s activity. We may access these pixel tags to identify activity and interests that may allow us to better match our Products, services, and offers with your interests and needs. For example, if you visit our Site from an advertisement on another Site, the pixel tag will allow the advertiser to track that its advertisement brought you to the Site. If you visit our Site, and we link you to another Site, we may also be able to determine that you were sent to and/or transacted with a third-party Site. This data is collected for use in our marketing, research, and other activities.

Site Analytics

We use third-party Site analytics software from third-party providers [e.g., Google Analytics] in connection with our Site to gather data such as age, gender, and interests to provide advertising targeted to suit your interests and preferences.

You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting third party pages and using their opt out methods.

This analytics software helps us target our online ads based on information collected directly from you or by automated means, like cookies. These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts. 

ULO utilizes analytics software provided by Google Analytics. Google Analytics collects information associated with the Site (like information about your browser, network, and device, web pages visited before and during your view of the Site, and your IP address) that is not used to identify a user. This information helps us better understand how visitors use our Site, detect and defend against fraud and other security risks, and present advertisements, products, and/or services of interest to you.

Information We Collect and How We Use It Under HIPAA From Third Parties

We may collect information that others provide about you when you use the Site or obtain information from other sources and combine that with information we collect through the Site.

  • Credit Card Processors. If you make a purchase through the Site, the credit card processing company we work with to process payments, Stripe, may send us information such as your name, address, and contact information so that we may complete your order. We do not receive any of your credit card information.

  • Third-Party Services. If you link, connect, or login to your account with a third-party social media service (e.g., Facebook, Google, Instagram, Yelp, etc.), the third-party service may send us information such as your registration and profile information from that service. This information varies and is controlled by that service or as authorized by you via your privacy settings at that service.

  • Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you. For example, we may receive fraud warnings from service providers like identity verification services for our fraud prevention and risk assessment efforts. Other examples of such providers include, but are not limited to, backend processing, fulfillment, and automation, email management, authentication, form processing, Site usage tracking, and database hosting and management.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications, including advertisements, on the Site are served by third parties, including advertisers, ad networks and servers, content providers and application providers. First-party or third-party cookies may be used alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Site. A first-party cookie is a cookie set by the domain name that appears in the browser address bar. A third-party cookie is a cookie set by (and on) a domain name that is not the domain name that appears in the browser address bar. It might be set as part of a side resource load (image, JS, iframe, etc., from a different hostname) or an AJAX HTTP request to a third-party server. The information that first-party and third-party cookies collect may be associated with your Personal Information and Protected Health Information (PHI) or they may collect information, including Personal Information and Protected Health Information (PHI), about your online activities over time and across different Sites and other online services (i.e., tracking such activities). They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. More information on how to opt-out of third-party advertiser tracking mechanisms here.

Children’s Information

Our Site is not directed at children. We do not knowingly collect PII and PHI from anyone under the age of 18. If you are a parent or guardian and believe your child has provided us with PII and PHI without your consent, please contact us by using the information in the “HIPAA Contact and Complaints” section, below, and we will take steps to remove such PII and PHI from our systems.

Use of Personal and Health Information Under HIPAA 

We use information that we collect about you or that you provide to us, including any PII and PHI, for one or more of the following purposes:

• To present our Site and its contents to you;

• To provide you with information and respond to your questions on services that you request from us and information on new services, discounts, special promotions or upcoming events, and features or offers that we believe will be of interest to you;

• To provide you with customer support;

• To communicate with you in response to questions you may have about our products or services;

• To deliver marketing communications and other materials to you that we believe may be of interest to you, such as the opportunity to participate in a consumer survey group;

• To improve and further developing the products and services we offer on this Site and through our retail distribution channels;

• To protect and maintain the security and integrity of our Site and its infrastructure;

• To authenticate information you provide to us;

• To protect our rights and property or the rights and property of others;

• To detect, prevent and respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law and any misuse of the Site or our products or services;

• To comply with any legal obligations imposed on us;

• To pursue legal remedies available to us, limit our damages, and comply with judicial proceedings, court orders, or lawful requests from governmental authorities and for other legal purposes;

• To provide you with the products, services, or information that you have requested;

• To process transaction payments, including, but not limited to, product and/or service fees, and payments, refunds and reimbursements for any services that you choose to purchase from us (though we do not receive your full credit or debit card number);

• To provide you with notices about your account, including expiration and renewal notices;

• To notify you about information regarding or changes to our Site, our policies, terms, or any services we offer or provide, or regarding your account;

• To process your account application and any changes to your account information;

• To allow you to participate in interactive features on our Site;

• To provide access to restricted parts of our Site, e.g., areas accessible if you have a user account;

• To notify you of data privacy incidents or provide you with legally required information;

• To request your participation in ratings, reviews, surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our services; 

• In any other way we may describe and for which we obtain your consent when you provide the information and you give your consent.

We use cookies, clear gifs, and log file information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Site; (b) monitor the effectiveness of our Site and services; (c) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (d) diagnose or fix technology problems reported by our users or engineers that are associated with certain IP addresses; and, (e) help you efficiently access your information after you sign in. We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your PII and PHI for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

We only use your PII and PHI for the original purposes it was given and to further our legitimate interests, such as to enroll members in our organization, provide information about our organization and services, and to communicate with Site visitors. PII and PHI is also used to provide you with a more enjoyable, convenient online experience. We may use your PII and PHI to send you requested information, to personalize content for you, to compile, analyze, and better understand user data, demographics and behavior, and to detect, investigate, and prevent activities that may violate our policies or be illegal. We may also use your PII and PHI to communicate with you about events and services we believe you might find of interest and to administer marketing materials and surveys in which you might participate.

We also use the information automatically collected about you during your use of the Site, as described above, to improve the effectiveness of our Site, operations, mobile experience, or marketing efforts, to prevent against fraud and theft, and otherwise to protect our Site’s visitors and our organization.

Our employees and agents may view your PII and PHI to perform their jobs and address your needs. We authorize their access to your PII and PHI on a need-to-know basis to provide you with information or services, or for one of the other reasons listed in this section, and always in connection with a contractual obligation to protect the privacy of that information.

We also provide your PII and PHI to Stripe, a third-party vendor who partners with us to operate our payment system on the Site. Stripe may be given the PII and PHI identified above to allow us to complete your purchases of products or services. Stripe uses that information only to complete your purchases and orders and is hosted for internal purposes.

We may also use information you provide to us to communicate with you in the future. If you do not wish to receive such communications, you may opt out (unsubscribe) as described below in the “Access and Consent to Use of Your PII and PHI” and “HIPAA Contact and Complaints” section.

Use of Sensitive PII and PHI

Sensitive Personal Information Collected

Method of Collection

Information about Consumer Health

Online forms or questions.

Government Issued ID

When verifying identity

Disclosure of Your Information Under HIPAA

We will not sell, rent, or lease any information we collect from you to others. We will not make your PII and PHI available to any unaffiliated parties, except as follows:

  • To employees, contractors, agents, Site vendors, and/or contractors who may use it on our behalf or in connection with their relationship with us;

  • To our affiliates, service providers, and third-parties identified herein (e.g., credit card processor, analytics, advertising) for marketing purposes, building targeted ad campaigns, and providing you information about us or our services.

  • To others, including law enforcement, if we believe such release is reasonably necessary to comply with law or legal process; enforce or apply the applicable ULO Terms of Use, if reasonably necessary to protect our operations, members, or users; detect, prevent or otherwise address fraud, security, or technical issues; protect the rights, property, or safety of others; in a matter of public safety or Policy; or as needed in connection with the transfer of our assets. In the event of an insolvency, bankruptcy, or receivership, your PII and PHI may also be transferred as a business asset.

In addition, we may share aggregate, non-individual information, incapable of identifying a person, with third parties for lawful purposes. We will not disclose any of your PII and PHI except when we have your permission or under special circumstances, such as when we believe in good faith that the law requires it or under circumstances described in this Policy.

Access and Consent to Use of Your PII and PHI

If you believe that the PII and PHI that we have collected about you is incomplete, inaccurate, or not up to date, or if you would like to review and/or request changes or deletion of that information, please see the contact information in the “HIPAA Contact and Complaints” section.

If you do not consent or want to withdraw your consent for us to collect, use, or disclose your Personal Information and Protected Health Information (PHI) as described in this Policy, please use the contact information provided in the “HIPAA Contact and Complaints” section. In your request, please identify the Personal Information and Protected Health Information (PHI) at issue and the collection, use, or disclosure you wish to stop.

Denying or withdrawing consent may not allow us to provide you with some or all the products, services, or information you request.

You may opt-out of receiving marketing-related emails, targeted advertising Messages, or promotional offers from ULO by clicking the "unsubscribe" link at the bottom of any email you receive from us or emailing us at concierge@ulo.co.

If you opt-out from receiving marketing emails or text Messages, we may still need to send you communications about your account, membership, and other matters. If you agreed to receive future marketing communications directly from a third party through our Site, you will need to contact that party to opt-out of such communications. This process may be outlined on that party's privacy policy. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s Site.

State Specific Requirements

For more information regarding your state-specific rights, please refer to the chart at the following link: https://ulo.co/pages/state-law-chart.

Security of Your Personal and Health Information and Protected Health Information (PHI)

We implement a variety of security measures to help protect your personal information from unauthorized access, disclosure, alteration and destruction, which includes holding your personal information on a secured network with limited access. This information is required by ULO to be kept confidential. Although we use our best efforts to ensure the security and confidentiality of your personal information, unfortunately, no data transmission can be guaranteed to be 100% secure. Thus, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. You should only access our Site within a secure environment and you remain solely responsible for the security of your computer at all times.

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we maintain appropriate physical, electronic, and managerial procedures to safeguard and secure the information and data stored on our system. ULO uses SSL Protocol and SSL Encryption for this purpose.

When personal information (such as a credit card number) is transmitted by ULO to other Sites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol. While no computer system is completely secure, we believe the measures we have implemented reduce the likelihood of security problems to a level appropriate to the type of data involved.

Links to Other Sites

Our Site may contain links to, or advertisements about, non-ULO Sites. Other sites may also reference, advertise, or link to the ULO Site. You may be able to post content to third party Social Networking Sites on which we maintain a presence. If you choose to do this, we will provide information to the Social Networking Site(s), and receive information from them, in accordance with your elections. You acknowledge and agree that you are solely responsible for your use of those Sites and that it is your responsibility to review the applicable terms of use and privacy policies. We are not responsible for the availability, accuracy, content, products or services of third-party Social Networking Sites.

While you are using the Site, you may be linked or directed to other third-party Sites that are beyond our control. These third-party Sites may have privacy policies and terms of use which differ from ours. Please carefully review these policies. We are not responsible for any actions or policies of such third parties.

Retention and Accuracy of Personal Information and Protected Health Information (PHI)

We do our best to ensure that the Personal Information and Protected Health Information (PHI) we hold, and use is accurate. We rely on the individuals we do business with to disclose to us all relevant information and to inform us of any changes. We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as for tax, accounting or other legal requirements).

When we have no legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Changes to the Policy

From time to time, we may change this Policy and will notify you of material changes by posting the changed or modified Policy on our Site. Any changes will be effective immediately upon the posting of the revised Policy unless otherwise specified.

A Note to Parents Regarding the Children’s Online Privacy Protection Act:

Our Site is a general audience Site that is neither designed nor intended to collect personal information from children. ULO cares about the safety and privacy of children online and complies with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying FTC regulation establish United States federal law that protects the privacy of children using the Internet. Children under the age of 13 should not send us any personal data, including your email. If you are under the age of 13 and would like to contact us, please ask your parent or legal guardian to contact ULO on your behalf. We ask that parents supervise their children while online.

In the case that ULO becomes aware we have received personal information pertaining to persons under 13, we will promptly attempt to obtain parental consent or delete the personal information from our servers. If you want to notify us of our potential receipt of information by children under 13, please email us at concierge@ulo.co.

Handling of PHI

ULO complies with HIPAA regarding the collection, use, and disclosure of PHI. PHI includes information related to an individual’s past, present, or future physical or mental health, the provision of healthcare, and payment for healthcare services. ULO does not sell PHI, and we will only use or share PHI as permitted under HIPAA.

Patient Rights Under HIPAA

As required by HIPAA, you have the following rights regarding your Protected Health Information (PHI):

  • Right to Access: You may request copies of your PHI.

  • Right to Request Amendments: You may ask us to correct PHI that you believe is incorrect.

  • Right to an Accounting of Disclosures: You may request a list of disclosures we have made of your PHI.

  • Right to Request Restrictions: You may ask us to limit how we use or share your PHI.

  • Right to Confidential Communications: You may request that we communicate with you in a specific way (e.g., only by email).

Breach Notification

In the event of a breach of your PHI, we will notify you in accordance with the HIPAA Breach Notification Rule (45 CFR §164.400-414). Notifications will be provided without unreasonable delay and no later than 60 days after discovery of the breach.

Business Associates and Third-Party Compliance

ULO works with third-party service providers (Business Associates) who assist in providing services. We require all Business Associates to sign a Business Associate Agreement (BAA) ensuring their compliance with HIPAA regulations. Business Associates must implement security measures to protect PHI from unauthorized access, use, or disclosure.

HIPAA Contact and Complaints

For any questions or concerns you may have regarding this Privacy Policy and our information and data collection and use practices, please contact us at:

VIA MAIL: 850 New Burton Rd #201, Dover, DE  19904

VIA EMAIL: concierge@ulo.co

You may also request, at any time, that we review, change or delete your personal information or your preferences to receive any emails, products or services from us. To do so, please send us a written request as set forth above.

If you believe that your HIPAA rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.

To file a complaint with HHS:
Visit: https://www.hhs.gov/hipaa