Privacy policy

Privacy Policy

Effective date: September 15, 2025

At Vagtopia, your privacy matters. This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices you have about your information when you use our website, products, subscription boxes, Coochie Quiz, and related services (collectively, the “Services”). Please read carefully.

1. Scope & Who We Are

This policy applies to Vagtopia LLC (doing business as “Vagtopia,” “we,” “us,” or “our”) and the Services we operate at vagtopia.com and related subdomains, mobile apps, newsletters, and offline services (for example, subscription box fulfillment). If you are accessing the Services on behalf of someone else, you represent that you are authorized to act on their behalf.

2. Information We Collect

We collect information you provide directly and information collected automatically when you use the Services.

A. Information you provide

  • Account & contact details: name, email address, mailing address, phone number, username, password.

  • Order & payment details: billing & shipping addresses, order history. Card data is processed directly by third-party payment processors and is not stored by Vagtopia except where required for recurring billing tokens.

  • Coochie Quiz / Flo File data: quiz answers, cycle information, symptom information, and other personalization data. This may include health-related information you voluntarily provide.

  • Communications & content: messages you send us (support requests), product reviews, surveys, photos you upload, and any other content you submit.

  • Marketing preferences & consents: newsletter sign-ups and opt-ins/opt-outs.

B. Information collected automatically

  • Log data: IP address, device identifiers, browser type, operating system, and pages or actions on the site.

  • Usage data & analytics: pages visited, time on site, referral source, click events, and other interactions.

  • Cookies & tracking technologies: cookies, web beacons, pixels, and similar tech used for essential site functions, analytics, and advertising. See Section 7 for details.

C. Information from third parties

We may receive information about you from third parties (for example payment processors, shipping carriers, marketing partners, social platforms if you connect accounts, and public sources).

3. Sensitive Data & Health Information

The Coochie Quiz may collect health-related information (e.g., menstrual symptoms, conditions). We treat this as sensitive personal data:

  • We process such data only with your explicit consent when you submit it.

  • We use it primarily to personalize recommendations, tailor your subscription box, and improve your experience.

  • You should avoid submitting extremely sensitive information (e.g., race/ethnicity, sexual orientation, detailed medical records) unless you understand and consent to its use.

  • You can request deletion of quiz/health data at any time (see Section 11).

4. How We Use Your Information

We use your information for purposes including:

  • Providing and operating the Services: processing orders, fulfilling subscriptions, delivering boxes, and enabling account management.

  • Personalization: tailoring product, content, and quiz results to your Flo File.

  • Communications: responding to support requests, sending transactional messages (order confirmations, shipping notices), and providing important service updates.

  • Marketing & promotions: sending newsletters, offers, or other marketing communications when you opt in; you may opt-out at any time.

  • Security & fraud prevention: verifying identities, detecting and preventing fraud and abuse.

  • Analytics & improvements: measuring and analyzing usage to improve our products and user experience.

  • Legal & compliance: complying with legal obligations and responding to lawful requests.

5. Legal Bases for Processing (where applicable)

For users in the EU/EEA/UK and other jurisdictions that require a legal basis, we rely on:

  • Contract: processing necessary to perform services you request (e.g., fulfill an order, manage subscription).

  • Consent: where you have provided explicit consent (e.g., quiz health data, marketing communications).

  • Legitimate interests: for fraud prevention, site operation, and product improvement—balanced against your rights.

  • Legal obligation: when necessary to comply with laws or court orders.

6. Sharing & Disclosure

We do not sell your personal information for money. We may share information with:

  • Service providers: third-party companies who provide services on our behalf (payment processors such as our checkout provider, shipping carriers, fulfillment partners, customer support platforms, analytics providers, email delivery services, and marketing platforms). Example: Lantern (checkout) and other processors may be used for payments.

  • Business transfers: in connection with a merger, acquisition, reorganization, sale of assets, or financing (you will be notified where required).

  • Legal requests: when required by law or to respond to lawful requests by public authorities.

  • Protection of rights: to enforce our rights, protect users, or prevent fraud or illegal activities.

  • Aggregated or de-identified data: non-personally identifiable information may be used or shared for any purpose.

We require third parties to use personal data only as necessary to provide their services and to protect it appropriately.

7. Cookies, Tracking & Ads

We use cookies and similar tech for site functionality, analytics, and advertising. Typical categories:

  • Essential cookies: required for site operation (account login, shopping cart).

  • Performance & analytics: measure site usage and performance.

  • Functional cookies: remember preferences and enable enhanced features.

  • Advertising & targeting: deliver relevant ads and track ad performance.

You can manage or delete cookies via your browser settings. Many browsers allow blocking third-party cookies. To opt out of certain analytics or ad tracking, use tools such as the Google Analytics opt-out browser add-on and opt-out pages of ad networks. Our cookie banner (where present) provides more granular choices.

8. Third-Party Links & Embedded Content

Our Services may include links to third-party websites, social media, or embedded content. We are not responsible for third-party privacy practices. Review the privacy policies of any third-party site or app you use.

9. Data Retention

We retain personal data only as long as necessary for the purposes described and to meet legal obligations:

  • Account information: retained while your account is active and for a reasonable period after closure for fraud prevention and recordkeeping (commonly up to 2 years).

  • Order & transaction records: retained for tax, accounting, and legal compliance (commonly up to 7 years).

  • Quiz / Flo File data: retained while your account exists and thereafter as needed to provide our services unless you request deletion.

  • Analytics & logs: generally retained for limited periods (for example, 24 months), unless required otherwise.

If you request deletion, we will remove your personal data from active systems, except where we must keep certain data for legal or legitimate business purposes (e.g., tax records, dispute resolution).

10. Your Privacy Rights & Choices

Depending on your location, you may have rights to:

  • Access: request a copy of the personal data we hold about you.

  • Rectification: correct inaccurate or incomplete data.

  • Deletion: request deletion of your personal data (subject to legal exceptions).

  • Portability: request a machine-readable copy of data you provided.

  • Restriction / objection: restrict or object to certain processing (including marketing).

  • Withdraw consent: you can withdraw consent where processing is based on consent.

  • Opt-out (California): California residents may request to opt out of the sale or sharing of personal information and may have additional rights under the CCPA/CPRA.

California Residents

If you are a California resident, you have the right to request: (1) categories of personal information collected, (2) categories of sources, (3) business or commercial purpose for collecting, (4) categories of third parties with whom we share, and (5) specific pieces of personal information we have collected. To exercise California rights, see Section 11.

European Data Subjects (GDPR)

If you are in the EU/EEA/UK, you may have additional rights including lodging a complaint with a supervisory authority.

11. How to Exercise Your Rights

To exercise any rights, email us at privacy@vagtopia.com or support@vagtopia.com.

When you submit a request, we may ask for information to verify your identity. We will respond in accordance with applicable law—typically within 30 days of verification. If we cannot comply, we will explain why and describe any appeal rights.

For California privacy requests, you may also use the email addresses above. If you are a California resident and would like to designate an authorized agent to make requests on your behalf, please provide a signed authorization and acceptable identification.

12. Security

We implement reasonable technical, administrative, and physical safeguards designed to protect personal information. Measures include encryption in transit, access controls, and strong authentication practices. However, no internet or data storage system is completely secure; we cannot guarantee absolute security. We will notify you and regulators as required by law if a security incident affects your personal data.

13. International Transfers

Vagtopia may process or store information on servers located in the United States and other countries. When personal data is transferred internationally, we apply safeguards such as standard contractual clauses, where necessary, to protect your information as required by applicable laws.

14. Children’s Privacy

The Services are not intended for children under the age of 13 (or higher age threshold where required). We do not knowingly collect personal information from children under 13. If we learn that we have collected such data without parental consent, we will delete it. If you believe we have collected data from a child, please contact us.

15. Automated Decision-Making & Profiling

We may use automated systems and algorithms to personalize recommendations (product & quiz results). These systems are used to improve user experience and are not intended to make legal or similarly significant decisions about you. If you have concerns, contact us (see Section 11).

16. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will post the revised policy with a new “Effective date” and, where required by law, provide additional notice. Continued use of the Services after changes indicates acceptance of the updated policy.

17. Contact Us

If you have questions, complaints, or requests about this Privacy Policy or our data practices, please contact:

If you are a data subject in a jurisdiction with a supervisory authority (e.g., EU), you also have the right to lodge a complaint with that authority.