◇ FOR RESEARCH USE ONLYCOA ON EVERY BATCHTHIRD-PARTY VERIFIEDFOUNDER-LED · 21+
Legal

Last updated: June 9, 2026

This Privacy Policy explains how Coast Labs LLC (operating as "COAST LABS", "we", "us", or "our") collects, uses, shares, and protects your personal information when you visit https://coastlabs.ai, place an order (as a guest or with an optional account), or otherwise interact with us.

Plain-English summary

  • We collect the information you give us when you place an order (checkout is available as a guest; an account is optional), plus standard analytics about how you use our site.
  • We use that information to fulfill orders, prevent fraud, improve the site, and (if you've opted in) send you marketing emails.
  • We share information only with vendors that help us run the business — for example, our payment processor, shipping carrier, and email tool — under contracts that limit what they can do with it.
  • We do not sell your personal information for money. We may share certain information with advertising platforms for cross-context behavioral advertising; you can opt out below.
  • You have specific legal rights, including the right to access, delete, correct, and (depending on your state) opt out of certain types of sharing.
  • For requests or questions, email support@coastlabs.ai.

1. Who we are and how to contact us

Coast Labs LLC · Sheridan, Wyoming, United States · support@coastlabs.ai

We are the controller (under GDPR) and business (under CCPA/CPRA) responsible for the personal information described in this policy.

2. What information we collect

Information you provide directly:

  • Account & contact — name, email address, phone number, password (stored hashed), shipping and billing addresses.
  • Order & payment — items ordered, order amount, payment-card details (handled directly by our PCI-compliant payment processor; we receive a tokenized reference, not the full card number), age and RUO affirmation, IP address and user-agent at order time.
  • Communications — emails, support tickets, chat messages, and customer-service correspondence.
  • User content — product reviews, comments, and any other content you submit.

Information we collect automatically:

  • Device & usage — IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, links clicked, time-on-page, and session duration.
  • Cookies & similar technologies — see Section 6.

Information from third parties:

  • Payment processor — authorization results, fraud-screening flags, chargeback notices.
  • Shipping carrier — tracking events and delivery confirmation.
  • Marketing platforms — aggregated campaign performance, audience matching results (if you arrive via a paid campaign).
  • Identity / age verification — where required, results of third-party age-and-identity checks.

3. How we use your information

We use your information to:

a. Operate the store — process orders, accept payments, ship products, send order confirmations and shipping updates, and provide customer service. b. Verify eligibility — confirm age, RUO acknowledgment, address validity, and shipping-jurisdiction compliance. c. Prevent fraud and abuse — screen for suspected fraud, chargeback abuse, denied-party matches, and order patterns inconsistent with research use. d. Improve the site — analyze how visitors use the site to improve product pages, navigation, and conversion. e. Communicate with you — answer questions, respond to support requests, send service announcements, and (if you've opted in) send marketing emails about new products and promotions. f. Comply with law — meet our obligations under tax, payment-network, consumer-protection, and dispute-resolution laws and regulations, and respond to lawful requests from courts, regulators, and law enforcement. g. Protect our rights — enforce our Terms of Service, defend against legal claims, and protect the safety, rights, and property of COAST LABS, our customers, and third parties.

Legal bases under GDPR (where applicable): performance of a contract with you (Art. 6(1)(b)) for order fulfillment and account management; our legitimate interests (Art. 6(1)(f)) in fraud prevention and site improvement; your consent (Art. 6(1)(a)) for marketing emails and non-essential cookies; and legal obligation (Art. 6(1)(c)) for tax and recordkeeping requirements.

4. How we share your information

We share personal information only with the categories of recipients listed below, and only as needed for the purposes described in Section 3.

a. Service providers acting on our behalf under written contract:

  • Payment processor — payment authorization, fraud screening, and chargeback handling.
  • Hosting & infrastructure provider — site hosting, content delivery, and security monitoring.
  • Shipping carrier (FedEx by default) — shipping address, contact information, and order weight/dimensions to deliver your order.
  • Email & marketing platform — email address and order activity to deliver transactional and (opt-in) marketing email.
  • Analytics provider — pseudonymous usage data to measure site performance.
  • Customer-service tool — your contact information and message history to respond to your inquiries.

b. Advertising platforms — see Section 6 for the full list of pixels we fire. You can opt out of cross-context behavioral advertising under Section 9. c. Legal and regulatory recipients — courts, regulators, and law-enforcement bodies when we are legally required to disclose, or when disclosure is necessary to protect our rights or the safety of others. d. In a corporate transaction — a successor entity in connection with a merger, acquisition, sale of assets, or financing, subject to the surviving entity's commitment to protect the information consistent with this policy.

We do not sell personal information for monetary consideration. Under CCPA / CPRA, certain pixel-based data sharing for cross-context behavioral advertising may qualify as a "sale" or "share." You can opt out at any time — see Section 9.

5. How long we keep your information

We retain personal information for as long as needed to:

  • Fulfill the purposes described in Section 3;
  • Comply with our tax, accounting, and recordkeeping obligations (typically seven (7) years for order and tax records under applicable U.S. law);
  • Resolve disputes and enforce our agreements (typically two (2) years after the dispute is resolved or the statute of limitations runs);
  • Comply with chargeback dispute and processor recordkeeping requirements (typically twenty-one (21) months for order metadata).

Marketing-list information is retained until you unsubscribe, then suppressed (not deleted entirely) so we don't re-add you. Account information is retained until you request deletion under Section 9.

6. Cookies and tracking technologies

We use the following categories of cookies and similar technologies:

CategoryPurposeExamples
Strictly necessarySite security, cart persistence, checkout, age-gate stateWooCommerce session cookie, age-verification cookie, CSRF token
Performance & analyticsAggregated site-usage metricsGoogle Analytics 4
Marketing & advertisingConversion tracking, audience matching, retargetingMeta Pixel, Google Ads conversion tag, TikTok Pixel (where installed)
FunctionalSave preferences, support chatKlaviyo onsite tracking, support-chat session cookie

You can manage cookie preferences via your browser settings or our cookie banner. Disabling strictly-necessary cookies will break the site. Disabling marketing cookies will not affect site functionality but will prevent personalized advertising.

Do Not Track. Our site does not currently respond to "Do Not Track" browser signals. We honor the Global Privacy Control (GPC) signal as an opt-out request under CCPA / CPRA for users browsing from California.

7. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information, including TLS-encrypted transport, hashed password storage, restricted internal access on a need-to-know basis, and PCI-DSS-compliant handling of payment data through our processor. No system is perfectly secure, however, and we cannot guarantee absolute security.

If a security incident affects your personal information, we will notify you to the extent and in the manner required by applicable law.

8. Children's information

The site is intended for users twenty-one (21) and older. We do not knowingly collect personal information from anyone under the age of 21, and we do not direct the site to children. If we learn that we have collected personal information from a person under 21, we will delete it promptly. Contact support@coastlabs.ai if you believe we have collected information about a minor.

We are not subject to COPPA (15 U.S.C. § 6501 et seq.) because the site is not directed to children under 13, but we apply the same diligence.

9. Your privacy rights

a. California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we have collected about you, the sources, the purposes, and the categories of third parties we share it with.
  • Access / Receive a copy in a portable format.
  • Delete personal information we have collected, subject to limited statutory exceptions (e.g., we may keep records needed for a refund, fraud investigation, or legal compliance).
  • Correct inaccurate personal information.
  • Limit use of sensitive personal information to permitted purposes.
  • Opt out of "sale" and "sharing" of personal information for cross-context behavioral advertising. To exercise this right, click "Do Not Sell or Share My Personal Information" in our site footer, send a GPC signal from your browser, or email support@coastlabs.ai with the subject line "CCPA Opt-Out."
  • Be free from retaliation for exercising any of these rights.

To submit a request, email support@coastlabs.ai with the subject line "CCPA Request." We will respond within 45 days (extendable by an additional 45 days with notice). We will verify your identity using information already on file before fulfilling the request. You may designate an authorized agent in writing to make a request on your behalf.

b. Other U.S. state residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive consumer-privacy statutes have analogous rights, including access, deletion, correction, portability, and (in most cases) opt-out of targeted advertising, sale, and profiling for consequential decisions. To submit a request, email support@coastlabs.ai with the subject line "Privacy Request" and identify your state of residence.

c. EEA, UK, and Switzerland residents (GDPR / UK GDPR)

If you are located in the EEA, the UK, or Switzerland, you have the right to:

  • Access the personal information we hold about you;
  • Rectify inaccurate or incomplete information;
  • Erase ("right to be forgotten"), subject to limited legal exceptions;
  • Restrict processing in certain circumstances;
  • Object to processing based on our legitimate interests;
  • Data portability — receive your information in a structured, machine-readable format;
  • Withdraw consent at any time, where processing is based on consent (this does not affect the lawfulness of processing before withdrawal);
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@coastlabs.ai. We will respond within one (1) month (extendable by two additional months for complex requests).

Note: COAST LABS does not ship to the EEA, the UK, or Switzerland. If you have arrived at our site from one of these jurisdictions and would like us to delete your visit data, email support@coastlabs.ai.

d. International transfers

We are based in the United States and process personal information in the United States. If you submit personal information from outside the U.S., you understand and consent to the transfer to and processing in the United States, which may not provide the same level of data-protection law as your country.

10. Marketing communications

If you sign up for our email list, we will send you marketing emails about new products, promotions, and content. Every marketing email contains an "Unsubscribe" link in the footer. You can also email support@coastlabs.ai with the subject line "Unsubscribe."

Unsubscribing from marketing emails does not affect transactional emails (order confirmations, shipping notifications, account notifications) — those are required to operate your account and orders.

11. Third-party links

Our site may link to third-party websites and services. We are not responsible for the privacy practices of those third parties. Review their privacy policies before providing any information.

12. Changes to this policy

We may update this Privacy Policy from time to time. The revised version will be posted at this URL with an updated "Last updated" date. Material changes will be communicated to account holders by email at least fifteen (15) days before they take effect.

13. How to contact us

Privacy questions, requests, and complaints should go to:

Coast Labs LLC · Attn: Privacy · Sheridan, Wyoming, United States · support@coastlabs.ai