Privacy policy

OOLA PRIVACY POLICY

Effective Date: May 8, 2026   |   Last Updated: May 8, 2026


This Privacy Policy ("Privacy Policy") describes how Dr. Hank, LLC, a Tennessee limited liability company doing business as "Oola" ("Oola," "we," "us," or "our"), collects, uses, discloses, and protects personal information about you when you visit oola.com (the "Site"), purchase our products, subscribe to our communications, or otherwise interact with us (collectively, the "Services"). In this Privacy Policy, "you" means any person who visits the Site, uses the Services, or otherwise communicates with us.

IMPORTANT — AGE RESTRICTION. Our Services are intended only for adults 21 years of age or older. By accessing the Site or using the Services, you represent and warrant that you are at least 21 years old. If you are under 21, do not access the Site, use the Services, or provide any personal information to us. We will promptly delete any personal information we discover we have collected from a person under 21.

PRODUCT NOTICE. Our products contain hemp-derived cannabinoids, including tetrahydrocannabinol (THC) at concentrations of 0.3% or less by dry weight, in compliance with the federal Agriculture Improvement Act of 2018 (the "Farm Bill"). State and local laws regulating the sale and shipment of hemp-derived products vary. We may collect and use your shipping address and other location information to determine whether we can lawfully ship to your jurisdiction.

YOUR CONSENT. By accessing the Site or using the Services, you acknowledge that you have read this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described below. If you do not agree with this Privacy Policy, please do not use the Site or the Services.

What This Policy Covers

This Privacy Policy explains:

  • The categories of personal information we collect and the sources of that information

  • How and why we use your personal information

  • How and with whom we share your personal information, including for advertising and analytics

  • How we handle SMS/text-message marketing data

  • Subscription auto-renewal and how related data is handled

  • Your privacy rights and choices, including state-specific rights

  • How long we keep your information and how we protect it

  • How to contact us about privacy questions or to exercise your rights

1. Personal Information We Collect

We collect personal information directly from you, automatically through your interaction with the Site, and from third parties. The categories of personal information we collect depend on how you interact with us and may include:

A. Information You Provide Directly

  • Identifiers and contact information. Your name, billing and shipping addresses, email address, telephone number, and similar identifiers.

  • Account credentials. If you create an account, your username, password, security questions, and saved preferences.

  • Payment information. Payment card information, billing address, transaction history, and confirmation details. Payment card data is collected and processed by our payment processors (including Shopify Payments and other payment service providers); we do not store full payment card numbers on our systems.

  • Order and transaction information. Items you view, add to your cart, save, purchase, return, exchange, or cancel; subscription preferences; promotional codes used; and order history.

  • Age verification information. Confirmation that you are 21 years of age or older, and any age-verification information you provide.

  • Communications. Information you include when you contact us, leave a product review, respond to a survey, or otherwise communicate with us, including the content of those communications.

  • Marketing preferences. Your choices about receiving email, SMS/text, or postal communications from us.

B. Information Collected Automatically

When you access the Site, we and our service providers automatically collect:

  • Device and browser information. Device type, operating system, browser type and version, language settings, screen resolution, and unique device identifiers.

  • Network information. IP address, internet service provider, and approximate geographic location derived from your IP address.

  • Usage information. Pages and products you view, links you click, search queries, time spent on the Site, referring URL, exit pages, and the date and time of your visit.

  • Cookies and similar technologies. We and our advertising and analytics partners use cookies, pixels, web beacons, software development kits (SDKs), local storage, and similar technologies to recognize your device, remember your preferences, measure performance, and deliver targeted advertising. For details, please see Section 6 (Cookies, Pixels, and Tracking Technologies).

  • Cart abandonment data. If you add items to your cart and provide identifying information (such as your email address or phone number) but do not complete checkout, we use cookies, account information, and similar technologies to detect cart abandonment. We may then send you a follow-up email or, if you have opted in, a follow-up SMS message about the items left in your cart.

C. Information from Third Parties

We receive personal information about you from:

  • Service providers. Including our hosting platform (Shopify), email and SMS marketing platform (Klaviyo), subscription management platform (Appstle), reviews platform (Reviews.io), affiliate platform (Katalys), and payment processors.

  • Advertising partners. Including Meta (Facebook/Instagram), Google, TikTok, and X (Twitter), who provide us with information about how their users interact with our advertisements and the Site.

  • Analytics providers. Including Google Analytics and platforms operated by our advertising partners, who provide measurement and audience data.

  • Social media platforms. If you interact with us through a social media account or use a social login feature, we may receive information from that platform consistent with your privacy settings on that platform.

  • Affiliate and referral partners. Information about visits and orders driven by referral or affiliate links.

  • Fraud-prevention and verification providers. Information used to verify identity, prevent fraud, and confirm age eligibility.

D. Inferences

We may draw inferences from the information described above to create a profile reflecting your preferences, interests, predispositions, and behavior — for example, that you may be interested in a particular product or promotion.

2. How We Use Your Personal Information

We use your personal information for the following purposes:

  • Providing the Services. To process and fulfill your orders, manage subscriptions, deliver products, process returns and exchanges, manage your account, provide customer support, and send transactional messages (such as order confirmations and shipping updates).

  • Age verification and legal eligibility. To confirm you are 21 or older and that we may lawfully ship hemp-derived products to your jurisdiction.

  • Marketing and advertising. To send you marketing emails and, if you have opted in, SMS messages; to deliver targeted advertising on third-party platforms; to measure and improve advertising performance; to operate referral, affiliate, and loyalty programs; and to personalize your experience on the Site.

  • Analytics and Site improvement. To understand how visitors use the Site, to test and improve features and content, and to develop new products and services.

  • Communications. To respond to your questions and feedback and to send you administrative messages about the Services.

  • Security, fraud prevention, and legal compliance. To detect, prevent, investigate, and respond to fraud, abuse, security incidents, and unlawful activity; to enforce our terms; and to comply with applicable law, legal process, and regulatory requirements.

  • Business operations. To maintain records, conduct internal research and audits, and perform other operations necessary to run our business.

  • Corporate transactions. In connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

  • Other purposes with your consent. For any other purpose disclosed to you at the time of collection or with your consent.

3. How We Share Your Personal Information

We share personal information in the following circumstances and with the following categories of recipients:

A. Service Providers

We share personal information with vendors and service providers who perform services on our behalf and are contractually limited to using that information to provide services to us. Categories of service providers include:

  • E-commerce and hosting: Shopify (including Shopify Payments and, where applicable, Shopify Audiences and Shop Pay).

  • Subscription management: Appstle, which administers our 30-day auto-renewing subscription program (see Section 7).

  • Email and SMS marketing: Klaviyo, which sends our email and (if you opt in) SMS marketing communications.

  • Reviews: Reviews.io, which collects and displays customer product reviews.

  • Affiliate and referral programs: Katalys, which administers our affiliate and referral relationships.

  • Payment processing: Shopify Payments and other payment service providers, which process payments and screen for fraud.

  • Analytics: Google Analytics and similar measurement providers.

  • Customer support, fulfillment, shipping, and logistics providers.

  • Fraud-prevention, identity-verification, and age-verification providers.

B. Advertising and Analytics Partners

We work with advertising and analytics partners — including Meta (Facebook/Instagram), Google (including Google Ads and Google Analytics 4), TikTok, and X (Twitter) — who use cookies, pixels, software development kits, mobile advertising identifiers, and similar technologies to collect information about your activity on the Site and on third-party sites and apps. This information may be combined with information these partners collect from other sources or about other users to deliver advertising tailored to your interests, including interest-based advertising on third-party platforms, and to measure the performance of those advertisements.

We may also share with these partners hashed versions of your email address or phone number, order events, and other identifiers so that they can match you to a known user, deliver advertising across devices, build similar audiences ("lookalikes"), and measure conversions. Under the California Consumer Privacy Act ("CCPA") and certain other state privacy laws, this activity may be considered a "sale" or "sharing" of personal information, or "targeted advertising," even though we do not receive money in exchange. See Section 9 for your opt-out rights.

C. SMS / Text-Message Data — No Sharing With Third Parties

We do not sell, rent, share, or otherwise transfer mobile phone numbers, SMS opt-in information, or SMS consent records to any third party for marketing or promotional purposes. SMS opt-in data and consent records are excluded from any data-sharing arrangement we have with third parties, including the advertising and analytics partners listed above. We may share SMS-related information only with our SMS service provider (Klaviyo) and other service providers strictly to operate, secure, and support the SMS program, or as required by law.

D. Other Disclosures

  • Affiliates and corporate group. Entities under common ownership or control with Dr. Hank, LLC.

  • Business transfers. In connection with a merger, acquisition, financing, reorganization, sale of all or substantially all of our assets, bankruptcy, or similar transaction, in which case personal information may be transferred to the successor entity.

  • Legal and safety. To comply with applicable law, regulation, subpoena, court order, or other legal process; to respond to requests from law enforcement or government authorities; to enforce our terms and policies; to investigate or prevent fraud, security incidents, or other unlawful activity; and to protect the rights, property, or safety of Oola, our customers, or others.

  • With your direction or consent. Where you have asked us or otherwise consented for us to share your information.

  • Aggregated or de-identified data. We may share aggregated, anonymized, or de-identified information that does not reasonably identify you for any lawful business purpose.

4. Sources of Personal Information

We collect personal information from the following categories of sources:

  • Directly from you, when you provide it to us;

  • Automatically from your device and browser, through cookies, pixels, and similar technologies;

  • From our service providers (including hosting, payment, marketing, analytics, subscription, reviews, affiliate, and shipping providers);

  • From advertising and analytics partners;

  • From social media platforms when you interact with us through them; and

  • From publicly available sources, fraud-prevention services, and other third parties as permitted by law.

5. Categories of Personal Information We "Sell" or "Share" for Targeted Advertising

For purposes of the CCPA and other state privacy laws that use the terms "sale," "share," or "targeted advertising," we may "sell" or "share" the following categories of personal information to or with our advertising and analytics partners (Meta, Google, TikTok, X, and similar partners):

  • Identifiers (such as device identifiers, IP address, and hashed email);

  • Internet or other electronic network activity (such as browsing history, search history, and information about your interaction with the Site, advertisements, and emails);

  • Commercial information (such as products viewed or purchased); and

  • Inferences drawn from the above to create a profile reflecting your preferences and behavior.

We do not knowingly sell or share the personal information of consumers under 16 years of age. We have not knowingly sold or shared the personal information of consumers under 21 years of age, since our Services are not made available to anyone under 21.

You have the right to opt out of these activities. See Section 9 (Your Privacy Rights and Choices) below, including the "Do Not Sell or Share My Personal Information" link in the footer of the Site.

6. Cookies, Pixels, and Tracking Technologies

We and our partners use the following types of tracking technologies on the Site:

  • Strictly necessary cookies. Required for the Site to function (for example, to maintain your shopping cart and session).

  • Performance and analytics cookies. Help us understand how visitors use the Site and improve performance.

  • Functional cookies. Remember your preferences, such as your region or language.

  • Advertising and targeting cookies and pixels. Used by us and our advertising partners (including Meta, Google, TikTok, and X) to deliver advertising tailored to your interests on the Site and on third-party platforms, and to measure advertising performance.

You can control cookies and similar technologies through your browser settings, through any cookie consent or preferences tool we make available on the Site, and through industry opt-out tools such as the Network Advertising Initiative (optout.networkadvertising.org), the Digital Advertising Alliance (optout.aboutads.info), and the European Interactive Digital Advertising Alliance (youronlinechoices.eu). Disabling cookies may affect the functionality of the Site.

Global Privacy Control. We recognize the Global Privacy Control ("GPC") browser signal as a valid request to opt out of the "sale" and "sharing" of your personal information for targeted advertising purposes for the device and browser through which the signal is sent. If you are logged into your Oola account when the signal is detected, we will also apply the opt-out to your account. To learn more about GPC, visit globalprivacycontrol.org.

Do Not Track. Other than GPC, we do not currently respond to "Do Not Track" browser signals.

7. Subscription Auto-Renewal Disclosure

We offer auto-renewing subscriptions for certain products (for example, our 30-day subscription, which ships every 30 days). Our subscription program is administered by Appstle. The following terms apply to all subscription enrollments and are provided in compliance with the California Automatic Renewal Law and similar state laws.

  • Automatic renewal. When you enroll in a subscription, you authorize us to automatically charge your payment method on a recurring basis (for example, every 30 days for a 30-day subscription) until you cancel.

  • Recurring charges. The amount of each recurring charge will be the subscription price disclosed at the time you enroll, plus applicable taxes and shipping. Subscription prices may change from time to time; we will provide notice of any price change before it takes effect.

  • Length of term. Your subscription will continue for successive billing periods until you cancel or we terminate the subscription.

  • How to cancel. You may pause or cancel your subscription at any time before the next billing date through your Oola account, through the link in any subscription-related email, or by emailing support@oola.com. Cancellations are effective for future billing periods and do not affect orders already shipped.

  • Information collected. To administer your subscription, we (and Appstle) collect and use your contact information, payment information, shipping address, order history, subscription preferences, and communications relating to your subscription.

8. SMS and Text Message Communications

We use Klaviyo to send marketing and transactional SMS / text messages to U.S. mobile numbers, but only after you have provided express written consent (for example, by checking a clearly labeled opt-in box and entering your phone number on the Site or at checkout). Message and data rates may apply. Message frequency varies.

  • Opt-in. By providing your mobile number and opting in, you consent to receive recurring automated marketing and transactional text messages from us at the number you provided. Consent is not a condition of any purchase.

  • Opt-out. You may opt out at any time by replying STOP to any message you receive. You may also email support@oola.com to request to be unsubscribed.

  • Help. Reply HELP to any message for assistance, or email support@oola.com.

  • No third-party sharing. As described in Section 3.C, we do not sell, rent, or share your mobile phone number or SMS opt-in data with any third party for marketing or promotional purposes. SMS opt-in data is handled solely by Oola and our SMS service provider (Klaviyo) and other service providers acting on our behalf.

  • Cart-reminder texts. If you have opted in to SMS marketing and you add items to your cart but do not complete checkout, we may send you a follow-up text reminder. We use cookies and account information to detect cart abandonment.

9. Your Privacy Rights and Choices

A. Rights Available to All Customers

Regardless of where you live, you can:

  • Opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by emailing support@oola.com.

  • Opt out of marketing texts by replying STOP to any text message or emailing support@oola.com.

  • Update your account information by logging into your Oola account.

  • Cancel your subscription as described in Section 7.

  • Delete cookies and adjust browser-based tracking through your browser or device settings, or through the industry opt-out tools described in Section 6.

B. State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Florida, Delaware, New Hampshire, New Jersey, Kentucky, Rhode Island, Minnesota, Maryland, Nebraska, or another U.S. state with a comprehensive consumer privacy law, you may have the following rights, subject to certain exceptions and verification requirements under the law of your state:

  • Right to know / access. Request confirmation of whether we are processing personal information about you and request a copy of the personal information we have collected, the categories of sources, the purposes for collection, the categories of third parties to whom we have disclosed it, and (where applicable) the categories of personal information we have sold or shared.

  • Right to delete. Request that we delete personal information we have collected from you, subject to legal exceptions.

  • Right to correct. Request that we correct inaccurate personal information we maintain about you.

  • Right to data portability. Request that we provide your personal information in a portable, readily usable format, where technically feasible.

  • Right to opt out of "sale," "sharing," or targeted advertising. Direct us not to "sell" or "share" your personal information or use it for "targeted advertising," as those terms are defined in your state's privacy law.

  • Right to limit use of sensitive personal information. Where applicable, request that we limit our use and disclosure of sensitive personal information to certain permitted purposes.

  • Right to opt out of certain profiling and automated decision-making. Where applicable under state law.

  • Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.

  • Right to appeal. If we deny your request, you may appeal by replying to our denial or contacting support@oola.com. Some states allow you to contact your state attorney general if you are dissatisfied with our appeal response.

C. How to Exercise Your Rights

You can exercise your privacy rights in any of the following ways:

  • Email: support@oola.com (please put "Privacy Request" in the subject line and tell us which right you are exercising).

  • Mail: Dr. Hank, LLC, Attn: Privacy, 1402 3rd Ave N, Nashville, TN 37208.

  • "Do Not Sell or Share My Personal Information" link: Use the link in the footer of the Site to opt out of the "sale" or "sharing" of your personal information and the use of your information for targeted advertising.

  • Global Privacy Control: Browse the Site with a GPC-enabled browser, as described in Section 6.

Verification. To protect your information, we will need to verify your identity before responding to certain requests, typically by asking you to confirm information we already have on file (such as your email address, recent order details, or account login). We will not use information you provide for verification for any purpose other than verifying your identity.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization (such as a written, signed permission from you or a valid power of attorney), and we may require you to verify your own identity directly with us.

Response timing. We will respond to verifiable requests within the timeframe required by applicable law (typically 45 days, with the possibility of an extension where permitted).

D. Notice of Financial Incentives

From time to time we may offer financial incentives, such as discounts for signing up for our email or SMS list or for enrolling in a subscription. Participation is optional and based on your voluntary consent. The value of your personal information is reasonably related to the value of the discount or other benefit offered. You can withdraw from any incentive program at any time by unsubscribing or canceling, as described above.

10. Children's Privacy

Our Services are intended only for adults 21 years of age or older. We do not knowingly collect personal information from anyone under 21, and we do not direct the Site or any marketing to anyone under 21. We do not knowingly "sell" or "share" the personal information of any individual under 16 years of age. If we learn that we have collected personal information from a person under 21, we will delete that information promptly. If you believe that a person under 21 has provided personal information to us, please contact support@oola.com.

11. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, theft, misuse, and unauthorized access, disclosure, alteration, or destruction. Payment card information is handled by PCI-DSS-compliant payment processors and transmitted using encryption in transit. No security program is perfect, however, and we cannot guarantee the absolute security of any information transmitted over the internet or stored on our systems. You are responsible for safeguarding your account credentials. If you believe your account has been compromised, contact us immediately at support@oola.com.

12. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which we collected it, including to provide you with the Services, comply with our legal, tax, accounting, and regulatory obligations (which for transaction records is typically up to seven years), resolve disputes, prevent fraud and abuse, and enforce our agreements. When personal information is no longer needed, we will delete or de-identify it in a commercially reasonable manner.

13. Third-Party Websites and Services

The Site may contain links to third-party websites, applications, plug-ins, and services (for example, social media platforms, payment processors, and advertising partners). This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third party before providing them with your personal information.

14. Geographic Scope and International Visitors

The Services are intended for residents of the United States and are operated from the United States. We do not currently ship products outside the United States. If you access the Site from outside the United States, you understand and agree that your personal information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those of your country of residence.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on this page and update the "Effective Date" and "Last Updated" date at the top. If we make material changes, we will provide additional notice (such as by email or by posting a prominent notice on the Site). Your continued use of the Services after the updated Privacy Policy takes effect constitutes your acceptance of the updated Privacy Policy.

16. Health-Related Disclosures

Oola products are dietary supplements and are not intended to diagnose, treat, cure, or prevent any disease. The statements regarding our products have not been evaluated by the U.S. Food and Drug Administration. Information you provide to us about your wellness goals or product preferences is not "protected health information" under the Health Insurance Portability and Accountability Act ("HIPAA"), and we are not a HIPAA-covered entity. Consult your physician before using any cannabinoid product, particularly if you are pregnant, nursing, taking medication, or have a medical condition.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise any of your privacy rights, please contact us:

Dr. Hank, LLC (d/b/a Oola)

Attn: Privacy

1402 3rd Ave N

Nashville, TN 37208

Email: support@oola.com


This Privacy Policy is intended as a comprehensive draft for review by qualified legal counsel familiar with hemp / cannabinoid e-commerce, U.S. state privacy laws, the TCPA, and applicable advertising-platform policies. It does not constitute legal advice.