Privacy policy

Privacy Policy - Authentia Health Inc. d/b/a Gratitude Health

Privacy Policy

Last Updated: June 13, 2026

Authentia Health Inc. ("Authentia Health," "Company," "we," "us," or "our"), operating under the brand name Gratitude Health, respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit getgratitudehealth.com, purchase products, create an account, subscribe to communications, submit reviews, complete quizzes, participate in promotions, interact with advertisements, or otherwise engage with our products and services (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

Authentia Health Inc. operates the Gratitude Health brand and provides wellness and dietary supplement products designed to support healthy lifestyles and wellness goals.

For purposes of applicable privacy laws, Authentia Health Inc. is generally responsible for the personal information described in this Privacy Policy.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal information we collect from customers, website visitors, subscribers, account holders, product reviewers, quiz users, affiliate or referral participants, and other individuals who interact with our Services.

This Privacy Policy does not apply to websites, platforms, applications, or services operated by third parties, even if they are linked from our website.

3. Information We Collect

The information we collect depends on how you interact with us.

Information You Provide Directly

We may collect personal information that you provide directly to us, including name, email address, telephone number, billing address, shipping address, account information, order information, subscription information, product preferences, review content, photos and videos submitted with reviews, customer support communications, marketing preferences, referral information, affiliate information, and any other information you choose to provide.

Transaction and Order Information

When you purchase products or enroll in a subscription, we may collect information relating to products purchased, order details, subscription status, payment confirmation, billing information, shipping information, delivery information, returns, refunds, exchanges, discount usage, promotional code usage, and customer account activity.

Payment card information is processed by our payment providers and commerce platform. We do not intentionally store complete payment card numbers on our own systems.

Information Collected Automatically

When you visit our website, we and our service providers may automatically collect IP address, browser type, device information, operating system, language settings, website activity, pages viewed, products viewed, cart activity, checkout activity, referring URLs, referral sources, cookie identifiers, advertising identifiers, session identifiers, approximate location information derived from IP address, analytics information, and usage information.

Marketing, Advertising, and Analytics Information

We may collect information relating to advertising interactions, website visits, email opens, email clicks, marketing campaign engagement, purchase attribution, audience segmentation, conversion events, abandoned cart activity, product recommendations, customer journeys, and website personalization activities.

Information From Third Parties

We may receive information from third-party service providers and business partners, including Shopify, payment processors, shipping providers, subscription providers, analytics providers, advertising platforms, referral partners, affiliate partners, review platforms, customer engagement tools, and fraud prevention providers.

Reviews and User Generated Content

If you submit reviews, ratings, testimonials, photos, videos, comments, or similar content, we may collect and publicly display such content. Please do not include sensitive personal information, medical information, financial information, or confidential information in publicly submitted content.

4. Health and Wellness Information

Gratitude Health sells dietary supplements and wellness products. We may collect information relating to product interests, wellness goals, dietary preferences, product recommendation quiz responses, and customer support inquiries.

Our Services are intended to provide general wellness and product information only. Unless expressly stated otherwise, Authentia Health Inc. does not intend to collect medical records, laboratory results, diagnoses, treatment information, prescription information, or Protected Health Information regulated by HIPAA.

Please do not submit medical records, diagnoses, prescription information, laboratory results, or other sensitive health information through our website, forms, reviews, quizzes, or customer support channels.

Product quizzes, product recommendations, educational content, customer reviews, testimonials, and other website content are not medical advice and are not intended to diagnose, treat, cure, or prevent any disease. You should consult a qualified healthcare professional before using dietary supplements, especially if you are pregnant, nursing, taking medication, have a medical condition, or are under medical supervision.

5. How We Use Personal Information

We may use personal information for the purposes described below.

Providing Products and Services

We use personal information to process orders and payments, fulfill purchases, manage subscriptions, arrange shipping and fulfillment, provide customer support, manage customer accounts, process returns and refunds, administer loyalty, referral, affiliate, ambassador, or promotional programs, and provide related customer services.

Personalization and Product Recommendations

We may use personal information, including quiz responses, product interests, purchase history, browsing activity, and engagement information, to recommend products, personalize website experiences, customize offers, improve product education, and improve customer support.

Marketing and Communications

We may use personal information to send newsletters, promotional emails, product education materials, abandoned cart reminders, post-purchase communications, product updates, special offers, and other marketing communications where permitted by law.

You may unsubscribe from marketing emails at any time using the unsubscribe link included in our communications. Even if you opt out of marketing, we may still send transactional or service-related messages, such as order confirmations, shipping notices, subscription notices, account alerts, and security communications.

Analytics and Advertising

We may use personal information to analyze website traffic, understand customer behavior, measure advertising effectiveness, build customer audiences, improve advertising campaigns, attribute purchases to marketing channels, deliver personalized advertisements, and improve our Services.

Security, Fraud Prevention, and Compliance

We may use personal information to detect fraud, prevent unauthorized activity, protect customer accounts, enforce agreements and policies, respond to legal requests, comply with legal obligations, maintain business records, resolve disputes, and protect our business, customers, users, and others.

6. Cookies and Tracking Technologies

We use cookies, pixels, tags, web beacons, software development kits (SDKs), local storage technologies, session storage technologies, and similar technologies ("Cookies") to operate our website and improve our Services.

These technologies help us operate and secure our website, maintain shopping cart and checkout functionality, remember customer preferences, authenticate users, prevent fraud, analyze website traffic, measure marketing and advertising performance, personalize content and product recommendations, deliver relevant advertising on third-party platforms, and administer referral, affiliate, and loyalty programs.

We may use technologies provided by Shopify, Google Analytics, Google Ads, Meta Pixel, TikTok Pixel, Klaviyo, Pandectes GDPR Compliance, Alia, and other analytics, advertising, personalization, and marketing providers.

Cookie Categories

Essential Cookies: Necessary for website functionality, account access, shopping cart functionality, checkout operations, security, and fraud prevention.

Analytics Cookies: Used to understand website traffic, customer behavior, website performance, and how visitors interact with our Services.

Advertising Cookies: Used to deliver relevant advertisements, measure advertising performance, create audience segments, and support retargeting or attribution.

Preference Cookies: Used to remember settings, preferences, and user choices.

Affiliate and Attribution Cookies: Used to identify referral, affiliate, influencer, ambassador, and advertising campaign performance.

Personalization Cookies: Used to support product recommendations, quizzes, customer engagement, and customized website experiences.

Depending on your location and applicable law, we may request your consent before placing certain non-essential cookies and tracking technologies on your device.

We use Pandectes GDPR Compliance to manage consent preferences and cookie disclosures. You may update your cookie preferences through our consent management tools where available.

Where required by law, analytics, advertising, personalization, and marketing technologies may only be activated after obtaining your consent.

You can also manage certain cookie settings through your browser controls; however, disabling cookies may affect website functionality and your ability to use certain features of our Services.

7. Analytics, Advertising, and Marketing Technologies

We may use advertising and analytics providers such as Google, Meta, TikTok, Shopify, Klaviyo, and other providers to measure advertising performance, understand customer engagement, attribute purchases, improve campaigns, deliver relevant advertising, and support marketing operations.

These providers may collect or receive identifiers, device information, website interaction information, product views, cart activity, purchase information, conversion data, referral information, and similar information.

Depending on applicable law, these activities may be considered "sharing," "targeted advertising," "cross-context behavioral advertising," or similar regulated activity.

8. Technology Providers and Service Partners

To operate our business and provide our Services, we engage third-party service providers and technology partners that may process personal information on our behalf or in connection with services they provide.

These providers may include Shopify for e-commerce platform and hosting; Loop Subscriptions for subscription management; Loox Reviews for product reviews and user-generated content; Klaviyo for email marketing and customer communications; Google Analytics for website analytics; Google Ads for advertising and conversion measurement; Meta Pixel for advertising and conversion measurement; TikTok Pixel for advertising and conversion measurement; UpPromote for affiliate and referral program management; Quiz Kit for product recommendation quizzes and personalization; QuickBooks for accounting and financial administration; Passport Shipping for international shipping services; Kintsugi for sales tax compliance and automation; Pandectes GDPR Compliance for consent management; Bundler for product bundle management; One Click Upsell for checkout and post-purchase optimization; Alia for customer engagement and personalization services; and other providers that support our business operations.

These providers may collect, access, store, process, or transmit personal information as necessary to perform services on our behalf or support the operation of our business. We may change service providers from time to time as our business evolves.

9. Product Quizzes and Personalization

We may provide quizzes, recommendation tools, surveys, or preference assessments designed to help customers identify products that may be relevant to their interests and wellness goals.

Quiz responses may be used to recommend products, personalize website experiences, improve product education, improve marketing relevance, improve customer support, and improve our products and Services.

These tools are intended for informational and product recommendation purposes only and are not intended to provide medical advice, diagnosis, treatment recommendations, or healthcare services.

10. Reviews, Testimonials, and User Content

We may allow customers to submit product reviews, ratings, testimonials, photos, videos, comments, and other user-generated content.

When you submit such content, it may be publicly displayed on our website, in marketing materials, in advertising, in emails, or through third-party review platforms. Content that you submit may include your name, initials, review text, product purchased, rating, photos, videos, or other information you choose to provide.

Please do not submit confidential information, sensitive personal information, medical information, prescription information, financial information, or information about other people in public reviews or testimonials.

11. Affiliate, Referral, Ambassador, and Promotional Programs

We may operate affiliate, referral, ambassador, influencer, loyalty, or promotional programs. If you purchase products through referral links, affiliate links, ambassador codes, influencer promotions, discount codes, or similar programs, we may collect and disclose limited attribution and transaction information necessary to administer those programs.

This information may be used to track referrals, attribute purchases, calculate commissions, prevent fraud, administer discounts, and evaluate marketing performance.

12. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients.

Service Providers

We may disclose personal information to providers of e-commerce services, payment processing, shipping and fulfillment, subscription management, customer support, accounting services, analytics services, tax compliance services, marketing services, security services, consent management, review management, affiliate management, and business operations support.

Advertising and Marketing Partners

We may disclose or make available information to advertising and marketing partners, including Google, Meta, TikTok, advertising networks, analytics providers, and marketing platforms. These disclosures help us measure advertising performance, personalize marketing, attribute purchases, and improve customer acquisition efforts.

Affiliate and Referral Providers

We may disclose limited attribution, referral, discount, order, and transaction information to affiliate, referral, ambassador, influencer, or promotional program providers where necessary to administer those programs.

Legal and Regulatory Authorities

We may disclose personal information where required to comply with legal obligations, respond to lawful requests, cooperate with regulators, investigate fraud, protect our rights, protect customers and others, enforce our policies, or respond to legal proceedings.

Corporate Transactions

We may disclose personal information in connection with mergers, acquisitions, financing transactions, bankruptcy proceedings, asset sales, business transfers, due diligence, or business reorganizations.

With Your Direction or Consent

We may disclose personal information when you direct us to do so, when you consent, or when necessary to complete transactions or provide Services you request.

13. Sale, Sharing, and Targeted Advertising

Certain privacy laws define the terms "sale," "sharing," and "targeted advertising" broadly.

Authentia Health Inc. does not sell personal information for monetary compensation.

However, we may permit advertising, analytics, attribution, affiliate, and marketing providers to collect information through cookies, pixels, SDKs, and similar technologies. Under certain privacy laws, these activities may constitute "sharing" of personal information, "cross-context behavioral advertising," or processing for "targeted advertising."

Examples of these providers may include Google, Meta, TikTok, Klaviyo, Shopify, affiliate providers, analytics partners, and other advertising or marketing technology providers.

Depending on your location, you may have the right to opt out of targeted advertising, cross-context behavioral advertising, certain profiling activities, or the sharing of personal information.

You may exercise applicable opt-out rights through our cookie preference tools, privacy request mechanisms, Global Privacy Control signals where recognized, or by contacting us using the information provided in this Privacy Policy.

14. Global Privacy Control and Do Not Track

Where required by applicable law, we recognize Global Privacy Control ("GPC") signals as a request to opt out of sale, sharing, or targeted advertising for the browser or device that sends the signal.

Some browsers may transmit "Do Not Track" signals. Because there is no uniform industry standard for responding to Do Not Track signals, we do not respond to them unless required by applicable law.

15. International Data Transfers

We are based in Canada and may process personal information in Canada, the United States, and other countries where our service providers, technology partners, or business partners operate.

Privacy laws in these jurisdictions may differ from those in your place of residence. Where required by law, we implement reasonable safeguards intended to protect personal information transferred across borders, such as contractual protections, vendor due diligence, data processing agreements, and other appropriate measures.

16. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including providing our Services, maintaining business records, complying with legal obligations, resolving disputes, enforcing agreements, preventing fraud, and protecting our rights.

Retention periods vary depending on the nature of the information, the purposes for which it was collected, legal requirements, contractual obligations, and operational needs.

When personal information is no longer required, we will delete, anonymize, aggregate, or securely dispose of it in accordance with applicable laws and our record retention practices.

17. Data Security

We maintain reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, misuse, loss, alteration, or destruction.

These safeguards may include access controls, authentication controls, encryption where appropriate, vendor management processes, security monitoring, secure payment processing, account security measures, and incident response procedures.

No system can guarantee absolute security. Accordingly, we cannot guarantee that personal information will always remain secure.

18. Privacy Incidents

If we become aware of a privacy or security incident involving personal information, we will assess the incident and take steps designed to contain, investigate, remediate, and document it.

Where required by law, we will notify affected individuals, regulators, service providers, or other parties.

19. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

We do not knowingly sell or share personal information of individuals under 16 years of age.

If you believe a child has provided personal information to us, please contact us and we will take appropriate steps.

20. Your Privacy Rights

Depending on your location, you may have rights including access to personal information, correction of inaccurate information, deletion of personal information, data portability, withdrawal of consent, restriction of processing, objection to processing, opt-out of sale, sharing, or targeted advertising, limitation of certain uses of sensitive personal information, and appeal of certain privacy decisions.

These rights are not absolute and may be subject to exceptions under applicable law. To protect customers and prevent fraud, we may need to verify your identity before responding to requests.

We will not discriminate against you for exercising privacy rights.

21. Canadian Privacy Rights

Canadian residents may request access to personal information, correction of inaccurate information, information regarding our privacy practices, and withdrawal of consent, subject to legal and contractual restrictions.

Residents of Quebec may have additional rights under applicable privacy legislation, including rights relating to access, correction, consent withdrawal, portability where applicable, information about certain automated processing activities where required, and complaint handling.

22. U.S. State Privacy Rights

Residents of certain U.S. states may have rights relating to access, correction, deletion, portability, opt-out of targeted advertising, opt-out of sale or sharing, opt-out of certain profiling activities, limitation of certain sensitive data uses, and appeals.

These rights may apply to residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Delaware, New Jersey, and other states with applicable consumer privacy laws.

23. California Privacy Rights

California residents may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know what personal information we collect, use, disclose, sell, or share; the right to request access to personal information; the right to request deletion; the right to correct inaccurate information; the right to opt out of sale or sharing; the right to limit certain uses of sensitive personal information where applicable; and the right not to be discriminated against for exercising privacy rights.

We do not sell personal information for monetary compensation. However, certain advertising, analytics, attribution, and marketing activities may be considered "sharing" under California law.

24. EEA, UK, and International Privacy Rights

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar privacy laws, you may have additional rights, including the right to access, correct, delete, restrict, object to processing, withdraw consent, and request data portability.

Where applicable, we may process personal information based on performance of a contract, consent, legitimate interests, compliance with legal obligations, or other lawful bases permitted by applicable law.

You may also have the right to lodge a complaint with your local data protection authority.

25. How to Exercise Your Rights

You may submit privacy requests by contacting us using the information in the Contact Us section below.

When you submit a request, we may ask for information reasonably necessary to verify your identity, such as your email address, order number, account information, or other details associated with your relationship with us.

If you submit a request through an authorized agent, we may require proof that you authorized the agent to act on your behalf and may require you to verify your identity directly with us, where permitted by law.

If we deny your request, you may have the right to appeal the decision by replying to our response or contacting us with "Privacy Appeal" in the subject line.

26. Marketing Choices

You may opt out of promotional emails by clicking the unsubscribe link included in our emails.

If we offer SMS marketing, you may opt out by following the instructions included in the message, such as replying "STOP."

Opting out of marketing communications does not prevent us from sending transactional or service-related communications, such as order confirmations, shipping updates, account notices, subscription notices, and security alerts.

27. Third-Party Websites

Our website may contain links to third-party websites, social media platforms, payment services, or other services that we do not operate or control.

We are not responsible for the privacy, security, content, or practices of third parties. We encourage you to review the privacy policies of any third-party websites or services you visit.

28. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, vendors, legal obligations, or business operations.

Any updates will be posted on this page together with a revised "Last Updated" date. Where required by law, we may provide additional notice or request consent.

Your continued use of our Services after changes become effective constitutes acknowledgment of the updated Privacy Policy.

29. Contact Us

If you have questions about this Privacy Policy, wish to exercise privacy rights, submit a complaint, withdraw consent, appeal a decision, or contact us regarding privacy matters, please contact:

Authentia Health Inc. d/b/a Gratitude Health
100 King Street West, Suite 5700
Toronto, Ontario M5X 1C7
Canada

Privacy Requests: privacy@getgratitudehealth.com
General Support: support@getgratitudehealth.com

We will respond in accordance with applicable legal requirements.