Privacy policy

Privacy Policy

Last updated: October 18, 2025

This Privacy Policy describes how Tonum (“Tonum,” “we,” “us,” or “our”) collects, uses, and discloses your personal and health-related information when you visit, use our services, or make a purchase from tonum.com (the “Site”) or otherwise interact with us (collectively, the “Services”). By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we do, we will post the updated version on this page and revise the “Last updated” date. Your continued use of the Services after any update constitutes your acceptance.

2. Information We Collect

A. Personal Information
We collect personal information such as your name, email address, mailing address, phone number, billing/shipping information, account credentials, and any other details you provide when placing an order or contacting us.

B. Health-Related Information

As part of our Services, users may choose to share health-related data—such as wellness goals, dietary habits, supplement use, or other wellness indicators. While Tonum is not a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we voluntarily follow HIPAA privacy and security standards to protect any information that could be considered Protected Health Information (PHI).

We treat all PHI or health-related information you provide as confidential. Such data is collected only for legitimate purposes—such as improving our products, conducting research, supporting wellness programs, or delivering requested services—and is never sold or shared for unrelated purposes.

3. How We Use Information

We use your information to:

  • Process and fulfill orders;
  • Communicate with you about purchases, updates, or support;
  • Improve our products and Services;
  • Conduct research or analytics (in aggregated or de-identified form);
  • Detect and prevent fraud or misuse;
  • Comply with legal obligations.

4. How We Protect Information

We use administrative, physical, and technical safeguards to protect personal and health-related information.
All transactions and sensitive data transmitted through our Site are protected by Secure Socket Layer (SSL) or equivalent encryption technology. Data stored on our systems is encrypted and access is restricted to authorized personnel who require it to perform their duties. While no method of transmission or storage is completely secure, we continuously monitor and update our safeguards to maintain a high level of protection.

5. Cookies and Analytics

Like most websites, we use cookies and similar technologies to enhance functionality, personalize your experience, and analyze traffic. You may modify your browser settings to manage cookies, though disabling them may limit functionality. We also honor the Global Privacy Control (GPC) signal as an opt-out of data sharing for advertising purposes.

6. How We Disclose Information

We may share limited personal information with:

  • Service providers (e.g., Shopify, payment processors, shipping vendors, cloud providers);
  • Marketing partners who assist us in outreach, in accordance with applicable laws;
  • Affiliates within our corporate group;
  • Legal authorities if required by law or to protect rights, property, or safety.

We do not sell PHI or health-related data.

7. Children’s Data

Our Services are not directed to children, and we do not knowingly collect information from anyone under 13 years of age. If you believe your child has provided us information, please contact us so we can delete it.

8. Security and Retention

We retain your information only as long as necessary to provide Services, comply with laws, resolve disputes, and enforce our agreements. All data is stored using encrypted systems and protected by firewalls, intrusion detection, and regular audits.

9. Your Rights (General Privacy Laws)

Depending on your jurisdiction, you may have rights to access, delete, correct, or restrict use of your personal data, and to withdraw consent or opt out of marketing communications. To exercise these rights, contact lance@tonum.com.

10. HIPAA Notice of Privacy Practices

Tonum values your privacy and voluntarily complies with applicable HIPAA privacy and security provisions for any PHI we collect, use, or maintain.

A. How We Use and Protect PHI

We may collect limited PHI (such as wellness survey data, health metrics, or laboratory information) solely to deliver products, conduct research, or improve Services.
PHI is safeguarded through administrative, technical, and physical measures including SSL-encrypted transmission, encryption at rest, secure storage, and limited employee access.
We will not disclose PHI without your authorization except as required by law or to entities that assist us under written confidentiality and security obligations.

B. Your Rights Regarding PHI

You have the right to:

  1. Access and obtain a copy of your PHI.
  2. Request corrections or amendments to your PHI if you believe it is inaccurate.
  3. Request restrictions on certain uses or disclosures of your PHI.
  4. Receive an accounting of disclosures of your PHI made by Tonum.
  5. Request confidential communications (e.g., alternate contact methods).
  6. Obtain a paper copy of this Notice upon request.
  7. File a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) if you believe your rights have been violated. Tonum will not retaliate for filing a complaint.

To exercise these rights or ask questions about how we handle PHI, contact our Privacy Official below.

C. Privacy Official Contact

Privacy Official: Lance Converse
Email: lance@tonum.com
Phone: (561) 508-1905
Mailing Address: 400 North Flagler Drive, West Palm Beach, FL 33401 USA

You may also contact the U.S. Department of Health and Human Services, Office for Civil Rights at https://www.hhs.gov/ocr/privacy/hipaa/complaints/ to file a complaint directly.

11. International Data Transfers

If you access our Site outside the United States, your information may be transferred to and processed in the U.S. and other countries. We use lawful transfer mechanisms, such as Standard Contractual Clauses, to ensure adequate protection.

12. Contact Us

For questions about this Privacy Policy or our privacy practices, contact:

Tonum Health
400 North Flagler Drive
West Palm Beach, FL 33401 USA
Email: lance@tonum.com
Phone: (561) 508-1905