General nutrition education and lifestyle information only—not medical advice, diagnosis, or treatment. Individual experiences vary. Consult a qualified healthcare provider before changing your diet.

Privacy Policy

Effective Date: June 1, 2026

Last Updated: June 11, 2026

Notice at Collection (California & U.S. State Laws)

At or before the point of collection, we inform you that we collect identifiers (name, email, phone), commercial information (service inquiries), and internet activity (cookies with consent) for purposes of responding to requests, providing education-based coaching, improving our website, and legal compliance. We do not sell or share personal information for cross-context behavioral advertising. Retention periods are listed in Section 8. See Section 9 for your opt-out and other privacy rights.

This Privacy Policy explains how Vibrantflexback.ddd ("we," "us," or "our") collects, uses, discloses, and protects personal information when you visit our website, contact us, or use our nutrition coaching services. We are headquartered in Northport, Alabama, United States, and comply with applicable U.S. federal laws and state privacy statutes, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Texas Data Privacy and Security Act (TDPSA), and other state laws that may apply to you. Where required, we also honor rights under the EU General Data Protection Regulation (GDPR) for visitors in the European Economic Area.

1. Business Information

The entity responsible for your personal information is:

For privacy requests, email us with the subject line "Privacy Request." We will verify your identity before fulfilling certain requests, as permitted by law.

2. Categories of Personal Information We Collect

Depending on how you interact with us, we may collect the following categories of personal information as defined under U.S. state privacy laws:

  • Identifiers: Name, email address, phone number, IP address, and online identifiers
  • Customer records: Information you provide in contact forms, coaching inquiries, workshop registrations, and service communications
  • Commercial information: Records of services requested, coaching enrollment, and event participation
  • Internet or network activity: Browsing history on our site, pages viewed, referring URLs, and interaction data collected through cookies (see our Cookie Policy)
  • Geolocation data: General location derived from IP address (city/state level)
  • Inferences: Preferences inferred from your interactions with our website or services, where permitted

We do not knowingly collect Social Security numbers, driver's license numbers, financial account numbers, precise geolocation, or biometric data through this website. We do not intentionally collect sensitive personal information (such as health diagnoses) unless you voluntarily include it in a message to us.

3. Sources of Personal Information

  • Directly from you: Contact forms, email, phone calls, coaching intake questionnaires, and event sign-ups
  • Automatically: Through cookies, log files, and similar technologies when you browse our website
  • From service providers: Hosting, email delivery, analytics, and scheduling tools that process data on our behalf

4. How We Use Personal Information

We use personal information for the following business and commercial purposes:

  • Responding to inquiries and providing nutrition coaching services
  • Scheduling appointments, workshops, and follow-up communications
  • Processing and documenting your consent preferences
  • Operating, maintaining, and improving our website and services
  • Detecting security incidents, fraud, and unauthorized activity
  • Complying with legal obligations, court orders, and law enforcement requests
  • Sending marketing communications where you have opted in (you may opt out at any time)
  • Generating aggregated, de-identified analytics to understand site usage

5. Legal Bases for Processing (EEA/UK Visitors)

If GDPR applies to you, we process personal data based on: (a) your consent; (b) performance of a contract or steps prior to entering a contract; (c) our legitimate interests in operating and improving our services, provided those interests are not overridden by your rights; and (d) compliance with legal obligations.

6. How We Disclose Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising in exchange for monetary or other valuable consideration.

We may disclose personal information to the following categories of third parties for business purposes only:

  • Service providers / processors: Web hosting, email platforms, analytics (with consent), payment processors (if applicable), and IT security vendors bound by contractual confidentiality and data protection obligations
  • Professional advisors: Attorneys, accountants, and insurers where reasonably necessary
  • Legal and safety: Government authorities, law enforcement, or other parties when required by law or to protect rights, safety, and property
  • Business transfers: In connection with a merger, acquisition, or sale of assets, subject to continued protection of your information

In the preceding twelve (12) months, we have disclosed identifiers, customer records, commercial information, and internet activity to service providers for the business purposes listed above. We have not sold or shared personal information for targeted advertising purposes.

7. Cookies and Tracking Technologies

We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies are placed only with your consent through our cookie banner. You may withdraw consent at any time.

8. Data Retention

We retain personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law:

  • Contact form and inquiry records: 24 months after last interaction, then deleted or anonymized
  • Coaching client records: Up to 7 years after service completion for legal, tax, and accounting compliance
  • Cookie consent logs: 12 months
  • Analytics data: Up to 26 months, then aggregated and anonymized
  • Marketing opt-in records: Until you unsubscribe, plus a suppression record to honor your request

9. Your U.S. State Privacy Rights

Depending on your state of residence, you may have some or all of the following rights regarding your personal information:

  • Right to know / access: Confirm whether we process your personal information and receive a copy of specific pieces collected
  • Right to correct: Request correction of inaccurate personal information we maintain about you
  • Right to delete: Request deletion of personal information we collected from you, subject to legal exceptions
  • Right to data portability: Receive a copy of certain personal information in a portable, readily usable format
  • Right to opt out: Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising)
  • Right to limit use of sensitive personal information: Where applicable, limit use of sensitive personal information to permitted purposes
  • Right to non-discrimination: We will not deny services, charge different prices, or provide a different level of service because you exercised your privacy rights
  • Right to appeal: Residents of certain states (including Virginia and Colorado) may appeal a denied request within 30 days of our response

California residents (CCPA/CPRA): You have the rights listed above, including the right to know categories of personal information collected, sources, purposes, and third parties disclosed to in the preceding 12 months. We do not sell personal information. We do not use sensitive personal information for purposes requiring a "Limit the Use" link under CPRA. To submit a request, contact us using the details in Section 15. We will respond within 45 days (or up to 90 days with notice if extension is required). You may designate an authorized agent to submit requests on your behalf with written permission and verification.

Global Privacy Control (GPC): If our website detects a GPC signal from your browser, we treat it as a valid opt-out of sale/sharing of personal information, to the extent applicable.

Do Not Sell or Share My Personal Information: We do not sell your personal information. We do not share it for cross-context behavioral advertising. California residents may submit an opt-out request or any privacy rights request to callback@vibrantflexback.world with the subject line "Do Not Sell or Share." We will not discriminate against you for exercising your rights.

10. Your GDPR Rights (EEA/UK Residents)

If GDPR applies, you may request access, rectification, erasure, restriction, portability, or object to processing. You may withdraw consent at any time. You may lodge a complaint with your local supervisory authority. Contact us to exercise these rights; we respond within 30 days where required.

11. Marketing Communications and CAN-SPAM

If you subscribe to our emails, we comply with the CAN-SPAM Act. Every marketing email includes our physical mailing address and a clear unsubscribe link. We process opt-out requests within 10 business days. Transactional emails related to your coaching or appointments may still be sent as necessary to provide services you requested.

12. Children's Privacy (COPPA)

Our website and coaching services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If you are a parent or guardian and believe your child under 13 has provided us personal information, contact us immediately and we will delete it promptly. Users between 13 and 17 should use our services only with parental or guardian consent.

13. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including SSL/TLS encryption for data in transit, access controls, secure hosting, and staff confidentiality obligations. No method of transmission or storage is 100% secure. If you believe your interaction with us is no longer secure, notify us immediately.

14. Data Breach Notification

In the event of a data breach involving personal information that triggers notification obligations under applicable law—including the Alabama Data Breach Notification Act of 2018 (Ala. Code § 8-38-1 et seq.) and other state breach notification statutes—we will notify affected individuals and relevant authorities as required by law, including the Alabama Attorney General when applicable.

15. International Data Transfers

Our servers and service providers may be located in the United States. If you access our website from outside the U.S., your information may be transferred to, stored, and processed in the U.S. For EEA/UK transfers, we rely on Standard Contractual Clauses or other lawful transfer mechanisms where required.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a revised "Last Updated" date. Where required by law, we will provide additional notice (such as a banner on our website or email notification). Your continued use of the website after changes become effective constitutes acknowledgment of the updated policy.

17. Contact Us and Privacy Requests

To exercise your privacy rights, submit a request, or ask questions about this policy:

We will verify your identity before processing certain requests. Authorized agents must provide written authorization. We do not charge a fee unless a request is manifestly unfounded, excessive, or repetitive, as permitted by applicable law.