Global Privacy FAQs
Will personal data collected during age verification be stored or shared?
We use various technologies to ensure our products and services are offered only to adults. To access our E-Commerce Sites, the JUUL App, or to participate in certain consumer programs, you must verify that you are legally eligible to purchase our products in your jurisdiction.
To verify your age, we, and or our third-party service providers specialising in age verification and fraud deterrence, may collect information such as your email, phone number, date of birth, government ID, the last few digits of your government-issued identifying documentation, or facial photos (such as “selfies” used for verifying age by comparing them to the photo in the uploaded ID or by using age estimation technologies).
We do not allow our third-party service providers that process your personal data on our behalf to use your personal data for their own marketing or any other purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
For more information about how we handle your personal data, please see our Privacy Notice.
Do you share my personal data?
As outlined in our Privacy Notice, we may disclose your personal data to third parties for a variety of business purposes, including to provide our Services, comply with our legal obligations, exercise our legal rights, or in the event of a major business transaction such as a merger, sale, or asset transfer.
When we ask third-party service providers to help us perform services such as age verification, those third-party service providers will process your personal data on our behalf. In those cases, we prohibit our service providers from using your personal data for their own marketing or any other purposes, and we only permit them to process your personal data pursuant to the terms of written contracts only for specific purposes and strictly in accordance with our instructions.
How will Juul Labs use my phone number?
We collect and may use your phone number for account verification, security purposes, and to support certain requested JUUL App functionalities. We do not use, nor do we allow our third-party service providers to use your phone number for marketing or other purposes.
For more information about how we handle your phone number and other personal data, please see our Privacy Notice.
How will Juul Labs use information used to verify my age?
We (and, we instruct our third-party service providers to) only retain personal data we collect to conduct age-verification activities for as long as required to verify your age, comply with the law and our data retention policies. For example, we do not retain the last several digits of your government ID if we have collected them to verify your identity, and any photo you submit in conjunction with the age verification process is deleted after the minimum period required to enable us to meet our legal obligations.
For more information about how we handle your personal data, please see our Privacy Notice.
Is my account information safe?
We pledge to handle the personal information you entrust to us with integrity and care and adhere to the Juul Labs’ Privacy Pillars which outline our commitment to protecting your data. Some of the steps we take to secure personal data include minimizing the amount of data we collect and retain, by designing our products to only process personal data that is necessary for valid business and legal purposes and only retaining that data for as long as necessary to support the underlying purposes of processing. We also prioritise data safety and security by making ongoing investments in our security program and adhering to industry standard security practices to safeguard your personal data. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us.
What are my privacy rights? How do I exercise them?
Your privacy choices and rights you have with respect to your personal data are determined by your specific circumstances, the context, and applicable law and are outlined in our Privacy Notice.
For example, you can review and update personal data, or delete all personal data in your JUUL account at any time by logging in and interacting with the options offered in your account’s profile.
If you would like to exercise any other individual privacy rights granted to you under applicable laws, we encourage you to visit our Global Privacy Center where you can explore and exercise your options.
What personal data do you store?
Our Privacy Notice specifies how your personal data is collected, used, disclosed, and otherwise processed. This includes any personal data you may provide on websites where we sell our products (the “E-commerce Sites”) and through the JUUL App if you download and pair it with a JUUL2 Device.
Read more about how we process personal data to verify your age, how we process personal and non-personal data from the JUUL2 Device and JUUL App, and other specific types of data we process here.
How does Juul Labs handle JUUL2 Usage Data?
If you use a JUUL2 Device and elect to pair it with the JUUL App, data relating to how you use paired JUUL2 Device(s), such as puff-related data, pod consumption and pod-history (“Usage Data”) will be collected and maintained on your JUUL2 Device. We allow you to electively create encrypted backups of your Usage Data to Juul Labs server so that you can transfer these data to a JUUL App on a new mobile device or protect copies of these data stored in a web-based version of the JUUL App (“Your Backup Data”). Your Backup Data is encrypted and inaccessible to us unless the JUUL2 Device is returned to us with permission to access the device in connection with a warranty or medical/health claim.
Please review our Privacy Notice for more detail.
How do I report a security vulnerability?
Juul Labs uses the HackerOne platform for vulnerability reporting and management. If you are not part of Juul Labs’ HackerOne program and wish to submit a finding, send an email to bugbounty@juul.com to be added to the program. Your personal information is not required to be added to the HackerOne program.
Juul Labs will make a best effort to meet the following service levels for vulnerabilities reported through the HackerOne program:
- Time to first response from report submission - 3 business days.
- Time to bounty (if applicable) from triage - 10 business days