Vagus Lab ("we," "us," or "our") operates the website vaguslab.net (the "Site"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our Site. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Israeli Privacy Protection Law (5741-1981).

By using our Site, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Site.

1. Who We Are

Vagus Lab is an educational health and wellness website operated as a licensed business (Osek Murshe) registered in Israel. We provide evidence-based educational content about vagus nerve stimulation (VNS) and related wellness topics.

Contact:
Email: [email protected]
Website: vaguslab.net

2. Information We Collect

2.1 Information You Provide

  • Newsletter subscription: Email address when you subscribe to our newsletter.
  • Contact form: Name and email address when you contact us.
  • Quiz responses: Answers you provide in our wellness assessment quiz, as described in Section 2.1a below.
  • Purchase information: When you purchase a digital product, your payment is processed by Paddle.com (our Merchant of Record). We receive your name, email address, country, and transaction details (product purchased, amount, date). We do not receive or store your credit card number, payment method details, or billing address -- Paddle handles all payment data directly.

2.1a Health and Wellness Assessment Data

When you take our Vagal Tone Assessment quiz, we collect the following consumer health data:

  • Health category responses: Your answers to questions about sleep, energy, stress, mood, nervous system balance, heart health, digestive health, pain, immune function, and athletic recovery.
  • Assessment scores: Calculated scores (0-10) for each health category and your overall Vagal Tone Index (0-100).
  • Overall assessment: Symptom impact level, symptom duration, methods you have previously tried, and self-reported treatment effectiveness.

Purpose: We use this data to:

  • Generate your personalized health score and report.
  • Create a personalized email sequence with wellness recommendations tailored to your results.
  • Improve our assessment methodology (using aggregated, de-identified data only).

Consent: We collect this health data only after you provide explicit, affirmative consent on our assessment consent screen. You may withdraw your consent at any time by contacting us at [email protected] or using our Data Rights Request Form.

Third-party recipients: Your health assessment data is shared with:

  • ActiveCampaign (email marketing platform): Receives your health scores and email address to deliver your personalized email sequence. ActiveCampaign Privacy Policy
  • Anthropic (AI provider): Your de-identified health scores (without email address) are processed to generate personalized email content. Anthropic Privacy Policy

Important: We do not share your health assessment data with advertising platforms (TikTok, Google, etc.) or any data brokers.

Retention: Quiz health data is retained for 12 months from the date of assessment, after which it is automatically deleted. You may request earlier deletion at any time.

2.2 Information Collected Automatically

  • Usage data: Pages visited, time spent on pages, referral sources, device type, browser type, and operating system.
  • IP address: Collected automatically by our hosting provider (Cloudflare) for security and performance purposes.
  • Cookies and similar technologies: See Section 5 below for details.

2.3 Information from Third Parties

We do not purchase or obtain personal information from third-party data brokers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Site and content.
  • Send you our newsletter and educational updates (only with your consent).
  • Respond to your inquiries and support requests.
  • Analyze Site usage to improve user experience.
  • Prevent fraud, abuse, and ensure the security of our Site.
  • Deliver purchased digital products and AI coaching services.
  • Comply with legal obligations.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis, we process your personal data based on:

  • Consent: When you subscribe to our newsletter or submit a contact form.
  • Contract: When you purchase a digital product, we process data necessary to fulfill your order and deliver the product or service.
  • Legitimate interests: To analyze Site usage, improve content, and ensure security, provided these interests are not overridden by your rights.
  • Legal obligation: When required by applicable law.

5. Cookies and Tracking Technologies

Our Site uses the following types of cookies:

5.1 Essential Cookies

Required for the Site to function properly (e.g., Cloudflare security cookies). These cannot be disabled.

5.2 Analytics Cookies

We may use analytics services to understand how visitors interact with our Site. These cookies collect information in an aggregated form to help us improve the Site.

5.3 Affiliate Cookies

When you click on affiliate links on our Site, the affiliate partner (e.g., Pulsetto) may place cookies on your device to track the referral. These cookies are governed by the affiliate partner's privacy policy.

5.4 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that disabling certain cookies may affect the functionality of our Site.

6. Third-Party Services

We use the following third-party services that may collect or process your data:

  • Cloudflare: Hosting, CDN, and security services. Cloudflare Privacy Policy
  • Google Fonts: Font delivery. Google may collect IP addresses. Google Privacy Policy
  • ActiveCampaign: Email marketing platform. Receives your email address and, if you take our assessment, your health scores to deliver personalized email content. ActiveCampaign Privacy Policy
  • Plausible Analytics: Privacy-friendly, cookie-less analytics. Collects aggregated usage data (page views, referral sources) without personal identifiers. Plausible Data Policy
  • Paddle: Payment processing and Merchant of Record for digital product purchases. Paddle processes your payment information directly; we do not receive or store payment card details. Paddle Privacy Policy
  • AI Coaching Platform: If you purchase an AI coaching product, your chosen messenger ID (Telegram, WhatsApp, or Viber) and coaching conversation data are processed to deliver the service. Conversation data is retained for the duration of the coaching service plus 30 days, then deleted.

We do not sell your personal information to any third party for advertising or marketing purposes.

7. Affiliate Links and Partnerships

Our Site contains affiliate links, meaning we may earn a commission if you make a purchase through these links at no additional cost to you. When you click an affiliate link, you are directed to a third-party website that has its own privacy policy and data practices. We encourage you to review the privacy policies of any third-party sites you visit.

For more details about our affiliate relationships, see our Advertising & Affiliate Disclosure.

8. Data Retention

  • Newsletter subscribers: We retain your email address until you unsubscribe or request deletion.
  • Contact inquiries: We retain correspondence for up to 2 years for reference purposes.
  • Analytics data: Aggregated analytics data is retained for up to 26 months.
  • Server logs: Automatically deleted within 30 days by our hosting provider.
  • Assessment health data: Retained for 12 months from assessment completion, then deleted. Aggregated, de-identified analytics data derived from assessments may be retained longer.

9. Your Rights

9.1 Rights Under GDPR (EEA/UK Residents)

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw consent at any time (e.g., unsubscribe from newsletter).

9.2 Rights Under CCPA/CPRA (California Residents)

California residents have the right to:

  • Know what personal information we collect and how it is used.
  • Request deletion of personal information.
  • Opt out of the sale of personal information (we do not sell personal information).
  • Non-discrimination for exercising your privacy rights.

Limit the Use of My Sensitive Personal Information: Under the California Privacy Rights Act (CPRA), health-related information collected through our assessment qualifies as sensitive personal information. California residents have the right to limit the use of sensitive personal information. To exercise this right, contact us at [email protected] or use our Data Rights Request Form.

9.3 Rights Under Washington My Health My Data Act (MHMDA)

Washington state residents have specific rights regarding consumer health data:

  • Consent: We collect your health data only with your affirmative consent, provided before the assessment begins.
  • Right to withdraw consent: You may withdraw consent at any time by contacting [email protected].
  • Right to deletion: You may request deletion of all health data we hold about you.
  • Right to know: You may request a list of all third parties with whom we have shared your health data.

We will respond to MHMDA requests within 30 days.

9.4 Rights Under Nevada SB 370

Nevada residents have the right to opt out of the sale of consumer health data. We do not sell consumer health data. You may request deletion of your health data at any time.

9.5 Rights Under Israeli Privacy Law

Israeli residents have the right to access, correct, and request deletion of their personal data in accordance with the Privacy Protection Law, 5741-1981.

9.6 Exercising Your Rights

To exercise any of these rights, contact us at [email protected] or use our Data Rights Request Form. We will respond to your request within 30 days (or sooner as required by applicable law).

10. International Data Transfers

Our Site is hosted on Cloudflare's global network, which may process your data in multiple countries. Where your data is transferred outside of your jurisdiction, we ensure appropriate safeguards are in place, including reliance on Cloudflare's data processing agreements and Standard Contractual Clauses (SCCs) as applicable.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including HTTPS encryption, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: vaguslab.net