Orion

Privacy Policy

Last updated: April 2026

1. Information We Collect

Orion collects only the information necessary to process and fulfill your orders and provide customer support. This includes:

  • Name and shipping address (for order fulfillment)
  • Email address (for order confirmation and support)
  • Payment information (processed by our payment provider — not stored by us)
  • Order history (for account and support purposes)
  • Research-use attestation records (for regulatory compliance)
  • Basic server logs (IP address, request metadata) for security and abuse prevention

We do not build behavioral profiles for advertising and do not use cross-site tracking technologies.

2. How We Use Your Information

Information collected is used solely for:

  • Processing and fulfilling orders
  • Sending order confirmations and shipping notifications
  • Responding to customer support inquiries
  • Maintaining attestation and order records for compliance
  • Complying with applicable legal obligations

Marketing communications are sent only with your affirmative opt-in consent. We do not use automated decision-making processes that produce legal or significant effects on you.

3. Data Sharing

We do not sell, rent, or trade your personal information to third parties. Your data is shared only with service providers directly necessary for order fulfillment and payment processing — including our payment processor (for transaction handling), our email provider (for order and support correspondence), and our shipping carrier (for delivery). These providers are bound by their own privacy policies and are not permitted to use your data for any other purpose.

We may disclose information if required to do so by law, court order, subpoena, or governmental authority, and only to the extent required.

4. Cookies

This site uses only essential cookies required for core site functionality, such as maintaining your shopping cart session and storing your age and research-use verification status. We do not currently use advertising cookies or cross-site behavioral tracking. If we introduce analytics or advertising cookies in the future, this Privacy Policy will be updated and an opt-in mechanism will be provided where required by law.

5. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights with respect to your personal information:

  • Right to know what personal information we collect, use, disclose, and retain.
  • Right to delete personal information we have collected from you, subject to certain exceptions (e.g., records we are required to retain for tax or regulatory compliance).
  • Right to correct inaccurate personal information we maintain about you.
  • Right to opt out of the sale or sharing of personal information. Orion does not sell or share personal information as those terms are defined by CCPA/CPRA.
  • Right to limit the use and disclosure of sensitive personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact us at the support email listed in the site footer. We will verify your identity before responding to a request and will respond within the time required by applicable law.

6. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. All checkout and account pages are served over encrypted HTTPS connections. Payment data is processed directly by a PCI-compliant provider and is never stored on our systems.

No method of electronic transmission or storage is completely secure. While we take data security seriously, we cannot guarantee absolute security of information transmitted to or stored on our systems.

7. Data Retention

We retain personal information only as long as necessary for the purposes described in this policy. Typical retention windows:

  • Order, invoice, and payment records: up to 7 years, to meet tax and financial recordkeeping obligations.
  • Research-use attestations: retained for the same period as the associated order for compliance purposes.
  • Account data: retained while your account is active; deleted on request or after 12 months of inactivity.
  • Marketing preferences: removed from active marketing lists immediately upon unsubscribe; suppression record retained to honor the opt-out.
  • Server logs: retained for up to 90 days for security and abuse-prevention purposes.

8. Children

This site is not directed to children under 21. We do not knowingly collect personal information from individuals under 21. If we learn that we have collected such information, we will delete it.

9. Updates to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the most recent revision. Material changes will be communicated by updating this page and, where appropriate, by email to account holders.