Privacy Policy
1. Data Controller
The data controller responsible for processing personal data on this website is:
mCare LLC (Milo-Lab belongs to mCare)
30 N Gould St Ste R, Sheridan, WY 82801, USA
Contact: info@milo-lab.com
For any privacy-related request, please email info@milo-lab.com.
2. Personal Data We Collect
When you place an order or contact us, we collect the following categories of personal data:
- Name — to identify you as the customer and address correspondence correctly
- Email address — to send order confirmations, updates, and respond to inquiries
- Shipping address — required to deliver your order
- IP address — automatically logged for security, fraud prevention, and technical operation of the website
We do not collect payment card details directly — these are handled exclusively by our payment processors (see Section 3).
3. Recipients of Your Data
We share personal data only with service providers who need it to fulfil your order or operate the website, and only to the extent necessary:
- CircoFlows — card payment processing
- NOWPayments — cryptocurrency payment processing
- Logistics partner(s) — order fulfilment and shipping
- Mail provider — sending transactional emails (order confirmations, shipping updates)
We do not sell personal data to third parties, and we do not share your data for marketing purposes without your explicit consent.
4. Local Storage (No Tracking Cookies)
Milo-Lab does not use tracking cookies. Instead, a small amount of technical data is stored directly in your browser's local storage to make the website function correctly. This data stays on your device and is not used for tracking or advertising:
milolab_cart— remembers the contents of your shopping cart between visitsmilolab_locale— remembers your selected languagemilolab_currency— remembers your selected display currencymilo-age-ok— remembers that you confirmed you are 18+ on a previous visit, so the age gate is not shown repeatedly
Because no tracking or advertising cookies are used, no cookie consent banner is required under applicable law for this local storage usage.
5. No Tracking Cookies
We do not use tracking cookies, advertising pixels, or third-party analytics cookies that follow you across websites. Any technical data stored is limited to what is described in Sections 4 and 6.
6. Reach Measurement (Analytics)
We use a self-hosted, cookieless page-view counter to understand which pages are visited and where traffic comes from. Each page load records:
- Page path — the URL path you viewed (e.g.
/products/bpc-157) - Referrer — the referring page, if your browser provided one
- Country — a country code derived from our hosting provider's edge network, without any external geo-IP lookup
- Timestamp — the server time the page view was recorded
- Shop interaction type — for aggregate conversion statistics, whether an event was a page view, an add-to-cart, or the start/submission of a checkout (no product of any individual visitor is tied to an identity)
To count unique visitors without cookies, each event is grouped under a
daily-rotating, one-way hash: a technical checksum computed in memory
from a server secret, the current UTC date, your IP address, and your browser's
User-Agent string. The IP address and User-Agent themselves are never
stored; the hash cannot be reversed into them, and because it changes every
day, visits cannot be linked across days and no long-term visitor profile can be
built. No cookie or identifier of any kind is placed on your device. If your browser
sends a Do Not
Track (DNT) signal, nothing is recorded at all. This measurement does not
run on our internal admin pages.
Because this analytics method does not use cookies or any technology requiring consent under applicable law, no cookie consent banner is triggered by it.
7. Legal Basis for Processing
We process your personal data on the basis of Art. 6(1)(b) GDPR (performance of a contract, e.g. processing and shipping your order), Art. 6(1)(c) GDPR (compliance with legal obligations, e.g. accounting and tax records), and Art. 6(1)(f) GDPR (legitimate interest, e.g. fraud prevention and securing our website via IP logging).
8. Data Retention
We retain order information for as long as necessary to fulfil the purposes described in this policy and to meet applicable statutory retention obligations (tax and commercial law), typically 5 years. Local storage data described in Section 4 remains on your device until you clear your browser storage or it expires.
9. Your Rights Under the GDPR
As a data subject, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR) — request confirmation of and access to the data we hold about you
- Right to rectification (Art. 16 GDPR) — request correction of inaccurate or incomplete data
- Right to erasure (Art. 17 GDPR) — request deletion of your personal data, subject to legal retention obligations
- Right to restriction of processing (Art. 18 GDPR) — request that we limit how we use your data
- Right to data portability (Art. 20 GDPR) — request your data in a structured, machine-readable format
- Right to object (Art. 21 GDPR) — object to processing based on legitimate interest
- Right to lodge a complaint — with a supervisory authority, if you believe your data has been processed unlawfully
To exercise any of these rights, email us at info@milo-lab.com.
10. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or applicable law. Changes are effective immediately upon posting to this page.
11. Contact
Questions about this privacy policy or how your data is handled can be sent to info@milo-lab.com.
Last Updated: 2026
Copyright © 2026 Milo-Lab All rights reserved.