Privacy policy
Last updated: September 26, 2025
Elysium Chems (“Elysium,” “we,” “us,” or “our”) operates this website and store, and provides related content, features, tools, products and services (the “Services”). We use Shopify to host and power our storefront and certain commerce functionality. This Privacy Policy explains how we collect, use, disclose and protect personal information when you visit, interact with, or purchase from our Services, or otherwise communicate with us.
If any provision in this Privacy Policy conflicts with our Terms of Service, this Privacy Policy controls only with respect to collection, processing and disclosure of personal information.
By using the Services, you acknowledge you have read and understood this Privacy Policy.
Shopify’s role: Shopify provides our commerce platform and, for most store operations, acts as our processor/service provider. For certain “Enhanced”/network features, Shopify may act as an independent controller/business of customer data (e.g., to improve its services, fraud prevention, aggregated analytics). See Shopify’s DPA/Appendix E and privacy pages for details. Shopify+2Shopify Help Center+2
1) What we collect
We collect personal information from these sources:
-
Directly from you: account registration, checkout, support tickets, forms, email.
-
Automatically: via cookies, pixels and SDKs (see §8).
-
From providers/partners: payment processors, fraud-prevention, identity/age-verification services, shipping and fulfilment, analytics and advertising technology partners.
Categories of data (examples)
-
Identifiers & contact: name, institutional or business affiliation, email, phone, billing/shipping addresses.
-
Account & preferences: username, password, saved items, communication preferences.
-
Commercial data: order history, cart, returns, support history.
-
Device/usage data: IP address, device/browser type, pages viewed, cookies/IDs, approximate location.
-
Payment data: tokenised card/payment method details through Shopify Payments or other processors (we don’t store full card numbers ourselves).
-
Professional purchaser verification (where applicable): lab/institution name, role/title, professional email, date of birth/age-gate, and—only if legally necessary—ID verification data to confirm eligibility for research-only access.
We do not seek or want health/medical information, genetic data, or other sensitive categories unrelated to operating the store. Please don’t include such information in free-text fields.
2) How we use your information
-
Provide & operate the Services: process orders, payments, shipping, returns, account management, customer support, fraud prevention, service notices.
-
Improve & personalise: troubleshoot, analytics, performance, remember preferences, recommend products (non-therapeutic, research-only positioning).
-
Marketing & advertising: send emails/SMS (with consent where required); show ads or measure ad performance (you can opt out—see §10).
-
Security & fraud: authenticate, detect/prevent malicious or illegal activity, protect our rights and users.
-
Legal & compliance: tax, accounting, responding to lawful requests/disputes, enforcing our Terms and policies.
3) When we disclose information
We share personal information with:
-
Shopify (hosting, checkout, risk/fraud, analytics, platform features). Shopify
-
Payment processors (e.g., Shopify Payments/Stripe, PayPal).
-
Operational vendors: cloud hosting/CDN, email/SMS, fulfilment/shipping, returns, ticketing, cookie consent tools.
-
Analytics/ads partners: to measure performance or show ads (see “Sale/Share” in §10).
-
Corporate transactions (merger, acquisition, financing, insolvency).
-
Legal/safety: to comply with law, subpoenas, court orders, or defend legal claims.
We require service providers to use data only to perform services for us and to protect it appropriately.
4) Payments & security
Payments are processed via PCI-DSS compliant providers on Shopify. Shopify is Level 1 PCI DSS certified. While we take reasonable measures (encryption in transit, access controls, logging), no method of transmission or storage is 100% secure. Shopify+1
5) International transfers
We operate from the United States and may transfer, store and process information in the U.S. and other countries. For EEA/UK visitors, where data is transferred outside your region, we rely on Standard Contractual Clauses (EU SCCs) and, for the UK, the IDTA/Addendum, or other lawful mechanisms, as implemented by our providers (including Shopify). Shopify+1
6) Retention
We keep personal information only as long as needed for the purposes in this Policy: e.g., account lifecycle, order fulfilment and support, and to meet legal, tax and accounting requirements. Typical retention: order records up to 7 years (tax/audit); support tickets 2–3 years; marketing preferences until you opt out or your account is deleted. We may retain logs to detect fraud and security incidents.
7) Cookies, pixels & similar technologies
We (and partners) use cookies and similar tech to run the store (e.g., keeping you signed in, cart), for analytics and, where allowed, for advertising measurement and personalisation. You can manage preferences via your browser controls. See Shopify’s cookie information for platform-level details. Shopify
8) Children & age eligibility
Our Services are for professional, adult researchers. We do not knowingly collect personal information from individuals under 16, and we require purchasers to be 21+ where our products or law require age gating. If you believe a minor provided data, contact us and we’ll delete it.
9) Your privacy rights & choices
A. Email/SMS marketing
You can opt out of promotional emails at any time via the unsubscribe link; we may still send non-marketing messages (order confirmations, service notices).
B. U.S. state privacy rights (e.g., CA, CO, CT, UT, VA and others)
Depending on your state, you may have rights to access/know, delete, correct, port, and to opt out of (i) targeted advertising, (ii) the sale of personal information, and (iii) certain profiling. To exercise rights contact us via the contact form on our website. We will verify your request and respond as required by law. You may designate an authorised agent to submit requests on your behalf.
California (CPRA):
-
“Sale” includes disclosure for valuable consideration; “Share” includes transfers for cross-context behavioural advertising even without money changing hands. If we engage in such activities, we will provide “Do Not Sell or Share My Personal Information” links and honour opt-out preference signals. www.hoganlovells.com+1
-
We honour Global Privacy Control (GPC) signals as a valid opt-out of sale/sharing for that browser/device. California Attorney General+1
Colorado (CPA):
-
We recognise the Attorney General’s Universal Opt-Out Mechanisms list; GPC is recognised under Colorado rules, and we treat it as a valid opt-out for targeted ads/sale as applicable. coag.gov+1
Do Not Track: We currently do not respond to legacy browser DNT signals, but we do honour GPC as described above. California Attorney General
C. Cookie/ads choices
Manage cookie categories via device settings. Some advertising choices may also be available through industry tools (e.g., NAI/DAA), but these are browser-specific.
10) Professional purchaser verification
Because we supply research-only materials, we may verify eligibility (e.g., professional/institutional affiliation, age 21+). Where permitted by law, we may request business or institutional emails or limited ID data solely to confirm eligibility and prevent misuse. We do not use this information for unrelated purposes.
11) Data security measures
We implement administrative, technical, and physical safeguards appropriate to the risk (encryption in transit, least-privilege access, network monitoring, regular audits). Shopify provides platform-level security controls and compliance reporting. Shopify+1
12) Third-party websites
Links to third-party sites/services are provided for convenience. Their privacy and security practices are governed by their own policies; review those before sharing information.
13) Changes to this Policy
We may update this Policy to reflect operational, legal or regulatory changes. We’ll post the updated version here and update the “Last updated” date. If changes materially affect your rights, we’ll provide additional notice as required.