Privacy Policy

Effective Date: May 1st, 2026

Last updated: May 1st, 2026

This Privacy Policy (“Policy”) describes how UAVA Labs (“UAVA,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes your personal information when you visit uavalabs.com (the “Site”), download, install, or use our mobile application (the “UAVA App” or “App”), purchase, pair, or use a UAVA hardware device, including the UAVA Bluetooth-enabled vaporizer battery and any successor or related device (each, a “Device”), or otherwise communicate with us regarding the foregoing (collectively, the “Services”). For purposes of this Policy, “you” and “your” means you as the user of the Services, whether you are a customer, website visitor, App user, or another individual whose information we have collected pursuant to this Policy.

Please read this Policy carefully. By accessing the Site, downloading or using the App, registering an account, purchasing or pairing a Device, or otherwise using the Services, you acknowledge that you have read and understood this Policy.

This Policy is incorporated by reference into our Terms & Conditions. Capitalized terms not defined in this Policy have the meanings given in our Terms & Conditions.

Changes to This Privacy Policy

We may update this Policy from time to time, including to reflect changes to our practices, our Services, or for other operational, legal, or regulatory reasons. We will post the revised Policy on the Site, update the “Last updated” date, and take any other steps required by applicable law. Where required, we will obtain your consent to material changes.

Eligibility

The Services are intended exclusively for individuals who are at least 21 years of age. We do not knowingly collect personal information from anyone under 21. If we learn that we have collected personal information from a person under 21, we will take reasonable steps to delete that information. If you are the parent or legal guardian of a minor whom you believe has provided personal information to us, please contact us at help@uavalabs.com so we can take appropriate action.

How We Collect and Use Your Personal Information

To provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information we collect and use varies depending on how you interact with us.

In addition to the specific uses set out below, we may use information we collect about you to communicate with you, provide and improve the Services, develop new products and features, conduct research and analytics, comply with applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.

What Personal Information We Collect

The types of personal information we obtain about you depend on how you interact with our Services. When we use the term “personal information,” we are referring to information that identifies, relates to, describes, or can be associated with you, as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), and other applicable U.S. state privacy laws. The following sections describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information that you directly submit to us through our Services may include:

  • Contact details including your name, postal address, phone number, and email address.
  • Order information including your name, billing address, shipping address, payment confirmation, email address, phone number, and signature for delivery confirmation where required.
  • Account information including your username, password, security questions, and other information used for account security purposes.
  • Shopping information including the items you view, place in your cart, save into your account (such as loyalty points, reviews, referrals, or gift cards), and purchase.
  • Customer support information including the information you choose to include in communications with us, such as messages, photographs of your Device, and recordings of customer support interactions where permitted by law.
  • Age verification information including date of birth, government-issued identification, and other information used to verify that you are at least 21 years of age and otherwise eligible to purchase or use the Services.
  • Marketing preferences including your subscription status, communication preferences, and consent records.

Information We Collect from Your UAVA Device and the UAVA App

When you use a UAVA Device paired with the UAVA App, we may automatically collect device telemetry, diagnostic, and usage data (“Device Data”). Device Data is transmitted to our cloud infrastructure and may include:

  • Device identifiers: a randomized device ID assigned to your UAVA hardware, hashed Bluetooth address, hardware version, firmware version, and operating system of your paired phone. We do not collect your device serial number or Bluetooth MAC address in a personally identifiable form except where necessary for warranty validation or fraud prevention.
  • Session and usage metrics: session count, session duration, cumulative draw count, average draw length, voltage and temperature setting selections, heater performance metrics, fault codes, and battery charge cycles.
  • Connectivity data: Bluetooth signal strength (RSSI), connection and disconnection events, pairing attempts, firmware version, and over-the-air update status.
  • App interaction data: feature usage within the UAVA App (for example, use of the Find My Device feature, heat setting changes, and alarm activations), App version, navigation patterns, push notification engagement, and permissions granted.
  • Approximate location: coarse location data (city or region level) derived from IP address at the time of data sync. We do not collect precise GPS coordinates unless you explicitly enable location-based features within the UAVA App, in which case that data is processed in accordance with this Policy.
  • Diagnostic and error data: crash logs, error messages, performance telemetry, and other technical data used to diagnose and improve the Services.

Anonymization, De-identification, and Aggregation of Device Data

All Device Data transmitted to our cloud infrastructure is anonymized, de-identified, or pseudonymized prior to long-term storage. Anonymization means that we strip, hash, or otherwise transform data so that it cannot reasonably be used to identify you as an individual. We may further aggregate de-identified Device Data across our user base. Once data has been de-identified, anonymized, and/or aggregated, it is no longer considered personal information under applicable privacy laws, and we may use, retain, license, sell, or otherwise disclose such data without restriction, including for:

  • Product research, development, and improvement;
  • Internal analytics, benchmarking, and business intelligence;
  • Industry research, white papers, and published reports (always in aggregate, never individually identifiable);
  • Licensing or sharing aggregated datasets with third parties, including business partners, researchers, investors, prospective acquirers, lenders, and other commercial parties;
  • Regulatory compliance reporting and public health research;
  • Training machine learning models and developing new products, services, or features;
  • Establishing, conducting, expanding, modifying, or discontinuing internal research and development programs, including device telemetry programs and similar initiatives, the scope and methodology of which are determined by us in our sole discretion and from time to time; and
  • Any other lawful commercial purpose.

UAVA Labs owns all right, title, and interest in and to any de-identified, anonymized, aggregated, or pseudonymized data derived from Device Data or other personal information processed through the Services.

You may opt out of Device Data collection at any time by adjusting telemetry settings within the UAVA App or by disconnecting your UAVA Device from the UAVA App. Opting out may limit certain App features that rely on real-time or historical device data (for example, usage statistics dashboards). Opting out does not affect data already de-identified, anonymized, or aggregated, as such data can no longer be linked to you.

Information We Collect about Your Usage of the Site and App

We may automatically collect certain information about your interaction with the Services (“Usage Data”). To do this, we, our service providers, and our advertising and analytics partners may use cookies, software development kits (“SDKs”), pixels, web beacons, mobile advertising identifiers, server logs, and similar tracking technologies (collectively, “Tracking Technologies”). Usage Data may include information about how you access and use our Site and your account, including device information, browser type and version, operating system, language preference, referring and exit pages, pages viewed, links clicked, time spent on pages, search terms entered, network connection information, your IP address, mobile carrier, advertising identifiers (such as IDFA or AAID), and other information regarding your interaction with the Services. Usage Data may also include information collected from the UAVA App, as described in the Device Data section above.

We use Tracking Technologies for purposes that include website operation, security, fraud prevention, performance monitoring, analytics, personalization, and advertising. Some Tracking Technologies are operated by third parties (including analytics and advertising partners such as Google, Meta, TikTok, and similar platforms), and these third parties may receive information about your use of our Services and may combine that information with information they have collected from other sources.

Information We Obtain from Third Parties

We may also obtain information about you from third parties, including from vendors and service providers who collect information on our behalf, such as:

  • Companies that support our Site and Services, including hosting, e-commerce, customer support, and content delivery providers.
  • Our payment processors, who collect payment information (for example, bank account, credit or debit card information, and billing address) to process your payments to fulfill your orders and provide products or services you have requested, in order to perform our contract with you.
  • Age and identity verification vendors, who confirm your eligibility to access the Services.
  • Shipping and fulfillment partners, who provide tracking and delivery information.
  • Marketing, advertising, and analytics providers, who may collect or supplement information about you using Tracking Technologies, lookalike modeling, or other techniques.
  • Social media platforms, where you interact with us or grant us access to information from your social media account.
  • Retailers, distributors, and co-branded promotion partners.
  • Publicly available sources and data brokers, in compliance with applicable law.

Any information we obtain from third parties will be treated in accordance with this Policy.

How We Use Your Personal Information

We use personal information for the business and commercial purposes disclosed at the point of collection, for any purpose to which you consent, and for any of the following purposes:

  • Providing Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including to process your payments, fulfill your orders, send transactional notifications related to your account, purchases, returns, exchanges, or other transactions, create, maintain, and otherwise manage your account, arrange for shipping, facilitate returns and exchanges, and provide other features and functionalities related to your account.
  • Device and App Operation. We enable Bluetooth pairing, firmware updates (including over-the-air updates), feature delivery, diagnostics, and other technical functionality of the Device and App.
  • Eligibility and Identity Verification. We verify your eligibility, including age, identity, and jurisdictional eligibility for our products.
  • Marketing and Advertising. We may use your personal information for marketing and promotional purposes, such as to send marketing, advertising, and promotional communications by email, text message, push notification, or postal mail, and to deliver advertising for products or services on our Services and on third-party properties (including via cross-context behavioral advertising). This may include using your personal information to better tailor the Services and advertising to you.
  • Personalization and Service Improvement. We use your personal information to personalize your experience and to develop, test, and improve product features, content, and offerings.
  • Security and Fraud Prevention. We use your personal information to detect, investigate, and take action regarding possible fraudulent, illegal, or malicious activity, and to protect the security of our Services.
  • Communicating with You and Customer Support. We use your personal information to provide customer support, respond to your inquiries, send service announcements, and otherwise communicate with you.
  • Device Data Analytics, Research, and Product Development. We use Device Data, Usage Data, and other personal information to analyze product performance, identify usage trends, improve hardware and firmware design, develop new features, and generate insights about how our products are used across our customer base.
  • Internal Research and Development Programs. We may, in our sole discretion and from time to time, establish, conduct, expand, modify, or discontinue internal research and development programs, including device telemetry programs, performance studies, longitudinal usage studies, behavioral research, and similar initiatives, using personal information collected through the Services. The scope, methodology, duration, and outputs of any such program are determined by us in our sole discretion and may evolve over time. By using the Services, you consent to the collection and use of personal information for these purposes.
  • Legal Compliance and Defense. We use your personal information to comply with applicable law, regulations, court orders, subpoenas, governmental requests, and other legal process; to enforce our terms and policies; and to establish, exercise, or defend legal claims.
  • Corporate Transactions. We use your personal information to facilitate corporate transactions, including financings, mergers, acquisitions, reorganizations, divestitures, joint ventures, sales of assets, or bankruptcy or similar proceedings, and to share information with prospective and actual investors, acquirers, lenders, advisors, and their respective representatives, subject to customary confidentiality protections.
  • De-identified and Aggregated Data. We create de-identified, anonymized, aggregated, statistical, or pseudonymized data sets, which we may use and disclose for any lawful purpose without restriction.

Cookies, SDKs, and Similar Tracking Technologies

Like many websites and mobile applications, we use Tracking Technologies on our Site and in our App. We use Tracking Technologies to power and improve our Site, App, and other Services (including to remember your actions and preferences), to authenticate users and prevent fraud, to run analytics and better understand user interaction with the Services, and to deliver advertising. We may also permit third parties and service providers to use Tracking Technologies on our Site and in our App to better tailor the services, products, and advertising on our Site, in our App, and on other websites and platforms.

Where required by applicable law, we obtain your consent before deploying non-essential Tracking Technologies. You may manage your preferences for non-essential Tracking Technologies through the cookie preferences center available on our Site, where applicable, or through your browser or operating system settings. Most browsers automatically accept cookies by default, but you can choose to set your browser to remove or reject cookies through your browser controls. Mobile operating systems also offer controls for advertising identifiers and tracking. Disabling these technologies may limit certain features of the Services.

Some browsers transmit “Do Not Track” or Global Privacy Control (“GPC”) signals. Where required by applicable law, we treat a GPC signal received from your browser as a request to opt out of the sale or sharing of your personal information for that browser. Apart from honoring GPC signals where applicable, we do not respond to Do Not Track signals.

Apple App Tracking Transparency

If you access the App on an Apple iOS device, you may be presented with a prompt asking whether you permit the App to track your activity across apps and websites owned by other companies. If you decline, the App will not request your IDFA for cross-context behavioral advertising purposes; however, we will continue to collect Device Data and other information described in this Policy as permitted by applicable law and the App Store rules.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for contract fulfillment purposes, legitimate business purposes, and other reasons subject to this Policy. Such circumstances may include:

  • With vendors or other third parties who perform services on our behalf (for example, IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping, marketing technology, age and identity verification, and professional advisors).
  • With business and marketing partners to provide services and advertise to you, including advertising networks, social media platforms, and similar parties.
  • When you direct, request us, or otherwise consent to our disclosure of certain information to third parties.
  • With our affiliates or otherwise within our corporate group, in our legitimate interests to operate a successful business.
  • With investors, prospective investors, prospective acquirers, lenders, and their respective advisors and representatives, in connection with diligence, financings, strategic transactions, or proposed transactions.
  • In connection with a business transaction such as a merger, acquisition, financing, reorganization, sale of assets, joint venture, or bankruptcy, including the transfer of your personal information to a successor or assignee. You agree that any such successor or assignee may continue to process your personal information consistent with this Policy or as updated upon notice to you.
  • To comply with any applicable legal obligations, including responding to subpoenas, search warrants, court orders, and other legal process; to enforce any applicable terms of service; and to protect or defend the Services, our rights, and the rights of our users or others.

De-identified and Aggregated Data. We may share, license, sell, or otherwise disclose de-identified, anonymized, and/or aggregated Device Data and Usage Data to third parties, including business partners, researchers, data analytics providers, advertising platforms, prospective investors or acquirers, and other commercial parties. Because such data has been de-identified, anonymized, and/or aggregated, it does not constitute personal information and is not subject to the restrictions applicable to personal information under this Policy.

We do not use or disclose sensitive personal information without your consent for the purpose of inferring characteristics about you. For clarity, the de-identified, anonymized, and aggregated Device Data described above is not considered “personal information” or “sensitive personal information” under applicable law, and its disclosure is not a “sale” of personal information as defined by the CCPA or similar state privacy statutes.

“Sale” and “Sharing” of Personal Information

Under the CCPA, certain disclosures of personal information for monetary or other valuable consideration may be considered a “sale,” and certain disclosures for cross-context behavioral advertising may be considered “sharing.” Within the preceding twelve (12) months, we may have “sold” or “shared” the following categories of personal information for the purposes of cross-context behavioral advertising and analytics: identifiers, internet or other electronic network activity information, commercial information, geolocation information (coarse), inferences, and Device Data.

We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age. We do not sell or share sensitive personal information for the purpose of inferring characteristics about a consumer.

You have the right to opt out of the sale or sharing of your personal information. You can exercise this right by following the instructions in the “Your Rights” section below or by clicking the “Your Privacy Choices” or “Do Not Sell or Share My Personal Information” link on the Site.

Your Rights

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. These rights are not absolute, may apply only in certain circumstances, and, in certain cases, we may decline your request as permitted by law.

  • Right to Access / Know: You may have a right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting or sharing your personal information, and the categories of third parties to whom we disclose personal information.
  • Right to Delete: You may have a right to request that we delete personal information we maintain about you, subject to certain exceptions permitted by law.
  • Right to Correct: You may have a right to request that we correct inaccurate personal information we maintain about you.
  • Right of Portability: You may have a right to receive a copy of the personal information we hold about you in a portable format.
  • Right to Opt Out of Sale or Sharing: You may have a right to opt out of the sale or sharing of your personal information.
  • Right to Limit Use of Sensitive Personal Information: You may have a right to request that we limit our use and disclosure of sensitive personal information to those uses permitted under the CCPA.
  • Right to Restrict Processing: You may have the right to ask us to stop or restrict our processing of personal information.
  • Right to Withdraw Consent: Where we rely on consent to process your personal information, you may have the right to withdraw this consent.
  • Right to Appeal: In certain states, if we deny your request, you may have the right to appeal our decision. We will provide instructions for any such appeal in our response to your request.
  • Right of Non-Discrimination: We will not discriminate against you for exercising any of the rights described in this Policy. We may, however, offer different prices, rates, levels, or quality of goods or services where the difference is reasonably related to the value provided to us by your data, as permitted by law.
  • Managing Communication Preferences: We may send you promotional emails, text messages, or push notifications. You may opt out of marketing emails using the unsubscribe link in any such email. You may opt out of marketing text messages by replying STOP. You may control push notifications through your device settings. We may continue to send you transactional and service communications regardless of your marketing preferences.
  • Opt-Out of Device Data Collection: You may opt out of Device Data collection at any time through the UAVA App settings or by disconnecting your Device from the App. Opting out does not affect data that has already been de-identified, anonymized, or aggregated prior to your opt-out request, as that data can no longer be linked to you.

Submitting a Request

To exercise any of the rights above, please email help@uavalabs.com or use the request mechanism made available on the Site or in the App. Authorized agents may submit requests on your behalf with appropriate written authorization. We may need to verify your identity before processing your request, including by asking you to confirm information we already have about you. We will respond within the time periods required by applicable law (generally within 45 days of a verifiable request, with a possible extension where permitted).

California “Shine the Light” Disclosure

California Civil Code Section 1798.83 permits California residents to request, once per calendar year, a list of categories of personal information that we have disclosed to third parties for those third parties’ own direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of those third parties. To make such a request, please email help@uavalabs.com with the subject line “Shine the Light Request.”

California Minors

Although the Services are not directed to minors, California Business and Professions Code Section 22581 permits California residents under 18 who are registered users of online services to request and obtain removal of content or information they have publicly posted. To request removal, please email help@uavalabs.com with the subject line “Minor Removal Request.” Removal of content does not ensure complete or comprehensive removal from the Services.

Sensitive Personal Information

To the extent any of the categories described above include sensitive personal information as defined under the CCPA (including precise geolocation, account log-in credentials in combination with passwords, or other categories that may be considered sensitive under applicable law), we collect and use such information only for the purposes permitted under California Civil Code Section 1798.121, including to perform the services reasonably expected by an average consumer, to detect security incidents, to resist malicious or fraudulent actions, for short-term transient use, to perform services on our behalf, to verify or maintain the quality of our Services, and as otherwise permitted by law. We do not use sensitive personal information for the purpose of inferring characteristics about you.

Consumer Health Data

UAVA designs, manufactures, and sells consumer hardware. We do not provide health care services, do not make medical claims, and do not knowingly collect information that identifies your past, present, or future physical or mental health status. The Services are not intended to diagnose, treat, cure, or prevent any disease or condition.

UAVA Devices are general-purpose consumer hardware. Information about your use of a Device or the App, including telemetry, draw counts, and session metrics, reflects your interaction with consumer hardware and is not a measurement of your health, treatment, or medical status. We do not characterize this information as “consumer health data” under any state law, and we do not collect such information for any purpose related to assessing, measuring, improving, or learning about a person’s health.

If you reside in Washington State, Nevada, Connecticut, or another jurisdiction with a consumer-health-data law, you may have additional rights under those laws. To exercise any such rights, please contact us at help@uavalabs.com. We will not collect, share, or sell consumer health data (as defined under any applicable state consumer-health-data statute) without obtaining the consent required by such law, and we will honor any opt-in or authorization requirements that apply to your jurisdiction.

Notice of Financial Incentive

From time to time, we may offer financial incentives or price differences in connection with our collection, retention, or sale of personal information, such as a loyalty program, referral program, or email or text-message subscription discount. Where we offer such an incentive, we will provide a notice of financial incentive at the point of collection that describes the material terms of the program, including the categories of personal information involved, the value of the personal information to us, and how you may opt in and withdraw. Participation is voluntary, and you may withdraw at any time by following the instructions in the relevant program.

Automated Decision-Making and Profiling

We may use automated systems to process personal information for purposes including fraud detection, age and identity verification, marketing personalization, advertising delivery, recommendation features, and analytics. We do not use automated decision-making to produce legal or similarly significant effects on you without human involvement. Where required by applicable law, you may have the right to request additional information about automated decision-making, to object to such processing, or to obtain human review.

Third-Party Websites and Links

Our Services may provide links to, or interoperate with, websites, mobile applications, or other online platforms operated by third parties. If you follow links to sites or services not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such third-party services.

Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect any personal information about children. As of the Effective Date of this Policy, we do not have actual knowledge that we “sell” or “share” personal information of individuals under 16 years of age. If you are the parent or legal guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted, and we will take reasonable steps to delete it.

Security and Retention of Your Information

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, loss, or destruction. Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” Any information you send to us may not be secure while in transit. In the event of a data breach involving your personal information, we will notify you and applicable regulators as required by law.

How long we retain your personal information depends on factors such as whether we need the information to maintain your account, to provide the Services, to comply with legal, accounting, or reporting obligations, to resolve disputes, or to enforce other applicable contracts and policies. As a general matter:

  • Account information is retained for the duration of your account plus a period reasonably necessary to comply with legal, tax, audit, and dispute-resolution obligations (typically up to seven years).
  • Order and transaction records are retained for the period required by tax, accounting, and consumer-protection laws (typically up to seven years).
  • Customer support records are retained for as long as reasonably necessary to address related inquiries and disputes (typically up to four years).
  • Marketing preferences are retained until you withdraw consent or for the duration of the relationship plus a reasonable period thereafter.
  • Device Data in identifiable form is retained only as long as necessary for the purposes for which it was collected; thereafter, we de-identify, anonymize, or delete it.
  • De-identified, anonymized, and aggregated data may be retained indefinitely, as it is no longer associated with any identifiable individual.
  • Cookie and similar Tracking Technology data is retained in accordance with the retention periods configured for each technology, typically not exceeding 13 months for analytics cookies and 24 months for advertising cookies.

Text Message and Push Notification Communications

If you provide your mobile phone number and consent to receive text messages from us, you agree to receive recurring marketing and transactional text messages from UAVA at the number provided. Consent is not a condition of any purchase. Message frequency may vary. Message and data rates may apply. You may reply STOP at any time to opt out of marketing text messages, and you may reply HELP for assistance. Carriers are not liable for delayed or undelivered messages. Your consent to receive text messages is governed by our Terms & Conditions and applicable law, including the federal Telephone Consumer Protection Act.

International Users

Our Services are operated in the United States and intended for users in the United States and other jurisdictions where we make the Services available. We do not knowingly target the Services to residents of the European Economic Area, the United Kingdom, or other jurisdictions whose laws may impose additional restrictions on the processing of personal information. If you are accessing the Services from outside the United States, you understand and agree that your personal information may be transferred to, and processed in, the United States and other countries whose data-protection laws may differ from those of your jurisdiction of residence. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers of personal information.

Accessibility

UAVA is committed to making the Services accessible to all users. If you have difficulty accessing this Policy or any portion of the Services, or if you require this Policy in an alternative format, please contact us at help@uavalabs.com.

Contact

Should you have any questions about our privacy practices or this Policy, or if you would like to exercise any of the rights available to you, please email us at help@uavalabs.com or contact us at:

UAVA Labs

Attn: Privacy

7770 Regents Rd, Suite 113-540

San Diego, CA 92122

Email: help@uavalabs.com

For purposes of applicable data-protection laws and if not explicitly stated otherwise, UAVA Labs is the controller of your personal information.

Follow Us

Policies

Get Help

Turn off your ad blocker to see our safe payment processing seal.

Disclaimer

UAVA does not produce, manufacture, or distribute cannabis, tobacco, vape, or smoking products. Our products are not designed, marketed, or intended for use with nicotine, cannabis, e-juice, or e-liquids. For sale to adults aged 18 and older only.

THE NEW WAY TO WAX
© All Rights Reserved 2026

Your Shopping cart

Close