• TimingMon-Fri 9AM-5:30PM EST
  • Free shipping for orders within the contiguous US over $75
  • (888) 963-6637
Search Products
  • Contact Us
  • 0

Information Security Policy & Responsible Vulnerability Disclosure Policy

Information Security Policy & Responsible Vulnerability Disclosure Policy

Last Updated: January 1, 2026

Z Natural Foods LLC (“ZNF,” “we,” “us,” or “our”) operates from West Palm Beach, Palm Beach County, Florida, and conducts business through ZNaturalFoods.com, related checkout flows, ecommerce tools, business systems, marketplaces, support channels, local pickup operations, and associated facilities, systems, records, and communications. This Information Security Policy & Responsible Vulnerability Disclosure Policy (this “Policy”) sets forth the standards, controls, rights, restrictions, and procedures governing ZNF’s information-security practices, physical and digital safeguards, incident-response processes, and the reporting of suspected security vulnerabilities.

By accessing or using any ZNF site, service, system, facility, marketplace storefront, ordering channel, or communication channel; placing an order by website, phone, email, chat, marketplace, invoice, purchase order, or other method; picking up an order in person; submitting information to ZNF; or reporting a suspected vulnerability, you acknowledge that you have read, understood, and agree to be bound by this Policy, our Terms & Conditions of Use or Terms of Use (“TOU”), and all other ZNF legal policies incorporated therein.

To the fullest extent permitted by law, this Policy shall be interpreted to maximize ZNF’s contractual, statutory, regulatory, common-law, and equitable protections while preserving any non-waivable rights or obligations imposed by applicable law.

1. Scope; Relationship to Other ZNF Policies; Order of Precedence

1.1 Scope

This Policy applies to, without limitation:

(a) ZNaturalFoods.com, checkout flows, account portals, mobile experiences, APIs, integrations, and related online services;

(b) retail and wholesale / B2B transactions, subscriptions, pre-orders, quotes, invoices, local pickup, and in-person interactions;

(c) orders placed by website, telephone, email, chat, SMS/MMS, marketplace, social-commerce channel, purchase order, invoice, agent, or automated or semi-automated system;

(d) ZNF facilities, offices, warehouse operations, storage environments, shipping and receiving functions, pickup procedures, and food-defense-related activities;

(e) customer, prospect, vendor, supplier, contractor, marketplace, logistics, freight, customs, and service-provider information handled by or on behalf of ZNF;

(f) all records, files, systems, devices, networks, communications, logs, backups, and evidence preserved in connection with ZNF business operations; and

(g) the submission, receipt, assessment, management, and communication of suspected security vulnerabilities affecting ZNF-controlled digital services, software, hardware, or systems.

1.2 Incorporated Policies

This Policy is incorporated into and forms part of the TOU and must be read together with, where applicable, the Privacy Policy, Cookie Policy, GDPR Statement / applicable privacy notices, Mobile Terms of Service, Content Policy, Product Review Guidelines, Shipping & Delivery Policy, Cancelations / Returns / Refunds / Title Policy, Purchases / Subscriptions / Pre-Orders Policy, Agent Terms, Legal Notice Disclaimer, and all other policies posted on ZNF’s Legal page, as amended from time to time.

1.3 Order of Precedence

In the event of a direct conflict:

(a) the TOU controls with respect to arbitration, class-action waiver, limitation of liability, governing law, venue, evidentiary rules, injunctive relief, survival, and other general risk-allocation provisions;

(b) this Policy controls with respect to information-security, physical-security, incident-response, and vulnerability-disclosure matters;

(c) privacy- and data-rights issues are additionally governed by the Privacy Policy, Cookie Policy, GDPR Statement, CCPA / privacy-choice disclosures, and other applicable privacy notices; and

(d) shipping, returns, subscriptions, content, reviews, and marketplace-specific issues are additionally governed by the more specific ZNF policy applicable to that subject.

2. ZNF Security Program; Risk-Based Safeguards

ZNF maintains and may modify from time to time a commercially reasonable, risk-based information-security program designed to protect information, systems, operations, facilities, and business processes against reasonably foreseeable threats, unauthorized access, misuse, alteration, disclosure, loss, disruption, adulteration, tampering, fraud, abuse, or other compromise.

Such program may include administrative, technical, physical, operational, contractual, and procedural safeguards appropriate to, among other things:

(a) the nature, sensitivity, volume, and location of the information involved;

(b) the size, complexity, and operational realities of ZNF’s business;

(c) the channels through which information is collected, received, stored, transmitted, fulfilled, shipped, or otherwise processed;

(d) the use of third-party vendors, platforms, carriers, payment processors, cloud tools, marketplaces, and other service providers;

(e) the reasonably foreseeable internal and external risks to ZNF, its customers, counterparties, and its systems or facilities; and

(f) the cost, feasibility, and operational suitability of available safeguards.

ZNF reserves the right, in its sole discretion, to design, implement, suspend, replace, upgrade, downgrade, segment, isolate, supplement, or otherwise change any safeguard, workflow, provider, platform, or control at any time, with or without notice, to the fullest extent permitted by law.

3. Covered Information, Records, Systems, and Assets

For purposes of this Policy, the information and assets subject to protection may include, without limitation:

(a) customer names, contact details, billing information, shipping information, pickup details, account identifiers, and transaction history;

(b) order information, invoices, quotes, wholesale records, supplier records, customs/shipping data, and logistics documentation;

(c) payment-related information handled directly by ZNF or indirectly by payment processors, gateways, ecommerce platforms, or related service providers;

(d) communications by phone, email, chat, SMS, social channels, support systems, review systems, surveys, or other business communications;

(e) facility records, receiving records, traceability documents, lot/batch identifiers, warehouse documentation, and food-defense-related records;

(f) employee, contractor, agent, service-provider, or vendor credentials, access-control records, logs, or audit data;

(g) digital systems, servers, endpoints, cloud systems, checkout systems, integrations, backups, and business applications;

(h) physical premises, storage areas, pickup areas, shipping/receiving locations, labels, packaging, and records; and

(i) evidence, logs, or preserved materials relating to fraud, abuse, disputes, security incidents, chargebacks, returns, carrier claims, tampering, contamination, or legal compliance.

Nothing in this Policy requires ZNF to collect, retain, or process any category of information longer than reasonably necessary for business, legal, operational, evidentiary, safety, or compliance purposes.

4. Administrative Safeguards

ZNF’s administrative safeguards may include, as appropriate and without limitation:

(a) internal policies, procedures, standards, and workflows relating to confidentiality, security, access control, retention, disposal, escalation, and incident handling;

(b) workforce confidentiality requirements, onboarding and offboarding procedures, disciplinary measures, and role-based or need-to-know access limitations;

(c) training, awareness, reminders, or compliance measures for personnel, contractors, or others who may access ZNF information, systems, facilities, products, or records;

(d) business-process controls relating to order review, fraud screening, chargeback prevention, returns handling, pickup verification, shipping instructions, and marketplace/account administration;

(e) recordkeeping, audit support, evidence-preservation, and document-control procedures;

(f) review, assessment, revision, or reanalysis of security or food-defense procedures from time to time; and

(g) internal reporting and escalation mechanisms for suspected misuse, unauthorized access, tampering, fraud, contamination, security incidents, or policy violations.

ZNF may limit access to information, systems, records, products, facilities, and workflows to those persons, providers, or functions that ZNF determines have a legitimate operational, legal, compliance, or security need for such access.

5. Technical and Digital Safeguards

ZNF’s technical safeguards may include, as appropriate and without limitation:

(a) authentication controls, credential-management practices, account restrictions, lockouts, or session controls;

(b) access controls, least-privilege permissions, segmentation, or isolation of systems or data environments;

(c) logging, monitoring, alerting, malware defenses, anti-abuse protections, fraud-detection measures, and traffic-filtering controls;

(d) patching, updates, vulnerability management, configuration management, and security hardening;

(e) encrypted or otherwise protected transmission methods where commercially reasonable and appropriate to the sensitivity of the data and the operational context;

(f) backups, redundancy, continuity, recovery, or restoration processes;

(g) ecommerce, payment, fraud-prevention, DNS, firewall, hosting, gateway, cloud, or similar infrastructure and perimeter protections;

(h) controls designed to detect, deter, limit, or respond to scraping, credential abuse, bot abuse, spoofing, malware, phishing, social engineering, system probing, or other misuse; and

(i) technical or operational restrictions applicable to agents, crawlers, bots, scripts, APIs, and other automated or semi-automated interactions.

ZNF may rely on third-party platforms and service providers for all or part of the technical controls described above, and nothing in this Policy shall be construed as a representation that any particular technical measure is always in place, always available, or always effective.

6. Physical, Facility, Warehouse, Pickup, and Food-Defense Security

Because ZNF operates physical facilities, warehouse environments, shipping/receiving functions, and local pickup workflows, ZNF may implement physical, facility, and operational safeguards designed to reduce the risk of theft, tampering, contamination, adulteration, unauthorized access, misdelivery, fraud, or disruption.

Such safeguards may include, without limitation:

(a) controlled access to facilities, storage areas, pickup areas, records, labels, and operational workspaces;

(b) visitor, vendor, contractor, or driver screening, escort, documentation, or access restrictions;

(c) procedures for container seals, receiving, storage, refrigeration, warehouse handling, shipping, and documentation controls;

(d) lot, batch, or traceability documentation and preservation of packaging, records, labels, or related materials where needed for quality, safety, fraud, or dispute purposes;

(e) local pickup verification measures, including identity, authorization, order-matching, signature, or release procedures;

(f) security-conscious handling of returned, damaged, refused, recalled, or suspicious goods;

(g) food-defense, anti-tampering, adulteration-response, and contamination-escalation procedures reasonably designed to support lawful operations and product integrity; and

(h) coordination, where appropriate, with regulators, carriers, insurers, customs intermediaries, law enforcement, or other third parties in response to suspected tampering, adulteration, contamination, theft, diversion, or other security concerns.

Nothing in this Policy shall be construed as a warranty that any product, package, facility, shipment, storage area, or chain of custody is immune from tampering, contamination, delay, theft, substitution, adulteration, or other compromise.

7. Data Minimization, Retention, Preservation, and Disposal

ZNF may seek to collect, use, retain, preserve, archive, redact, anonymize, delete, destroy, or otherwise dispose of information in a manner that ZNF determines is commercially reasonable and appropriate in light of operational needs, legal requirements, evidentiary considerations, fraud prevention, dispute handling, product traceability, food safety, accounting, tax, customs, regulatory, and business needs.

Without limitation:

(a) ZNF may retain information for as long as reasonably necessary to complete transactions, administer accounts, fulfill orders, manage subscriptions, handle freight or pickup, investigate claims, preserve evidence, comply with law, defend claims, or protect rights;

(b) ZNF may preserve information, logs, records, products, packaging, and related materials longer than ordinary retention periods where fraud, tampering, contamination, chargeback, legal, regulatory, or insurance issues are suspected;

(c) ZNF may delete, redact, de-identify, archive, suppress, or securely dispose of information or materials when no longer reasonably needed, subject to applicable law and evidentiary needs; and

(d) no user, customer, or counterparty is entitled to immediate deletion, destruction, or suppression of information where ZNF reasonably determines retention is necessary for legal, operational, security, safety, contractual, or evidentiary reasons.

8. Service Providers, Marketplaces, Carriers, and Third Parties

ZNF may use third-party service providers, carriers, freight companies, marketplaces, payment processors, ecommerce platforms, hosting providers, fraud-prevention vendors, analytics providers, customer-service tools, customs intermediaries, and other third parties in connection with its business.

ZNF may, but is not obligated to:

(a) impose contractual, operational, technical, insurance, confidentiality, incident-notification, or audit-related expectations on such third parties;

(b) review, select, reject, replace, or suspend such providers in ZNF’s sole discretion;

(c) require providers to cooperate in responding to incidents, abuse, chargebacks, disputes, contamination issues, or legal process; and

(d) disclose information to such providers where reasonably necessary to operate ZNF’s business, protect rights, fulfill orders, manage shipments, investigate incidents, or comply with law.

Notwithstanding the foregoing, third-party providers, marketplaces, carriers, networks, and external systems remain subject to their own operational realities, outages, vulnerabilities, controls, limitations, terms, and legal obligations. To the fullest extent permitted by law, ZNF does not guarantee the security, continuity, availability, or compliance posture of any third-party platform or provider.

9. Incident Detection, Response, Investigation, and Notification

ZNF may investigate, assess, contain, mitigate, remediate, document, escalate, preserve evidence relating to, and respond to any suspected or actual security incident, privacy incident, system compromise, fraud event, unauthorized access, tampering event, adulteration concern, suspicious pickup, shipment diversion, or other event that ZNF determines may affect its systems, operations, facilities, products, records, or rights.

ZNF’s response may include, without limitation:

(a) restricting or suspending accounts, orders, access, shipments, pickups, credentials, integrations, or communications;

(b) isolating systems, preserving logs, imaging devices, maintaining legal holds, or otherwise preserving evidence;

(c) contacting service providers, carriers, marketplaces, customs intermediaries, insurers, counsel, forensic specialists, or regulators;

(d) canceling, delaying, intercepting, holding, or re-verifying orders, pickups, accounts, or transactions;

(e) requesting additional verification, documentation, signatures, photographs, declarations, or cooperation from affected parties;

(f) conducting internal or external investigation and remediation; and

(g) providing notices, disclosures, or communications where required or permitted by applicable law.

Where applicable law requires notice to individuals, regulators, or others, ZNF intends to provide such notice in the manner and within the timeframe required by applicable law, subject to any lawful delay, exception, risk-of-harm determination, confidentiality restriction, evidentiary need, or law-enforcement request. ZNF may also provide substitute, delayed, limited, or regulator-directed notice where permitted or required by applicable law.

Nothing in this Policy obligates ZNF to disclose every attempted, suspected, unsuccessful, immaterial, or non-reportable event, nor does it waive any right to delay or limit disclosure where permitted by law or reasonably necessary to contain the event, preserve evidence, protect the integrity of systems, or comply with investigative requirements.

10. International, Import, Export, and Cross-Border Security / Compliance

ZNF may engage in international sourcing, supplier qualification, import-related operations, international sales, customs coordination, export or freight logistics, and cross-border communications or data flows.

Accordingly:

(a) information may be transmitted to, from, or through jurisdictions outside the United States where reasonably necessary to source products, verify suppliers, process orders, coordinate shipping, comply with customs or trade requirements, prevent fraud, or protect ZNF’s rights and operations;

(b) ZNF may rely on risk-based supplier-verification, documentation, certifications, testing records, and related import-compliance measures in connection with foreign suppliers or imported goods;

(c) customers, buyers, importers, resellers, distributors, freight counterparties, and other non-U.S. parties remain responsible for the laws applicable to their own jurisdictions, activities, and use of ZNF products or services; and

(d) nothing in this Policy constitutes an admission that any non-U.S. law applies in every circumstance or overrides the TOU’s Florida-law and dispute-resolution framework, except to the extent non-waivable law requires otherwise.

11. Responsible Vulnerability Disclosure

11.1 Purpose

ZNF values good-faith reporting of suspected security vulnerabilities affecting ZNF-controlled digital products, services, software, systems, or web properties. This Section establishes the exclusive process and conditions under which ZNF may receive and assess such reports.

11.2 Reporting Channel

If you believe you have identified a suspected vulnerability affecting a ZNF-controlled digital service or system, you must submit a report to the security contact designated by ZNF, together with sufficient detail to permit reasonable review, reproduction, and assessment.

A report should include, where available:

(a) a clear description of the suspected vulnerability;

(b) the affected URL, system, feature, endpoint, page, asset, or environment;

(c) step-by-step reproduction details;

(d) the date and time of discovery;

(e) the tools, payloads, configurations, or methods used;

(f) the potential impact reasonably believed to exist; and

(g) your contact information for follow-up.

11.3 Good-Faith Testing Limits

Any permitted testing must be strictly limited to the minimum necessary to identify and document the suspected issue for reporting. You may not, and no authorization is granted to:

(a) access, acquire, view, exfiltrate, alter, delete, export, retain, or use data not belonging to you;

(b) access customer accounts, administrative panels, vendor accounts, employee accounts, or any system beyond what is strictly necessary to identify the suspected issue;

(c) establish persistence, plant backdoors, install code, create accounts, modify configurations, or perform lateral movement;

(d) conduct denial-of-service, resource exhaustion, brute-force, credential-stuffing, spam, ransomware, malware, or disruptive testing;

(e) engage in phishing, pretexting, social engineering, physical intrusion, tailgating, or impersonation;

(f) interfere with orders, payments, shipments, pickups, warehouse functions, customer service, marketplace activity, or other business operations;

(g) test third-party systems, applications, embedded tools, marketplaces, carriers, processors, or vendor infrastructure except to the extent expressly owned and controlled by ZNF and clearly in scope;

(h) violate law, this Policy, the TOU, or any other ZNF policy; or

(i) publicly disclose, sell, transfer, broker, weaponize, or exploit the suspected issue or any information derived from it.

11.4 Out of Scope

Without limitation, the following are generally out of scope unless ZNF expressly authorizes otherwise in writing:

(a) social engineering and phishing;

(b) clickjacking, content-spoofing, or issues dependent on unrealistic user interaction without meaningful security impact;

(c) broad best-practice disagreements, unsupported theoretical concerns, or missing headers/configurations that do not create a demonstrable material risk;

(d) rate-limit complaints lacking meaningful impact;

(e) testing against third-party providers or environments not controlled by ZNF;

(f) physical security testing of facilities, loading areas, pickup areas, phones, mail, or staff; and

(g) any activity that could compromise confidentiality, integrity, availability, food safety, operations, or chain of custody.

11.5 No Bounty; No Compensation Obligation

Unless ZNF expressly agrees otherwise in a separate written instrument signed by an authorized ZNF representative, ZNF does not offer and shall have no obligation to provide any bounty, payment, reward, reimbursement, consideration, or other compensation for any report, finding, communication, or alleged vulnerability.

11.6 Confidentiality

You must keep all information concerning a suspected or actual vulnerability, report, communication, remediation status, or related non-public information strictly confidential unless and until ZNF expressly authorizes disclosure in writing. ZNF may request additional confidentiality, delay, or coordination where reasonably necessary for remediation, evidentiary preservation, law-enforcement coordination, or customer protection.

11.7 ZNF Discretion

ZNF may, in its sole discretion:

(a) acknowledge or decline to acknowledge any report;

(b) request additional information or proof;

(c) determine whether an issue is valid, material, reproducible, in scope, or remediable;

(d) prioritize, defer, close, combine, or reject reports;

(e) remediate, mitigate, accept, defer, or otherwise address an issue in the manner ZNF deems appropriate; and

(f) decide whether, when, and how to communicate publicly or privately about any issue.

No report obligates ZNF to make any public statement, patch, timeline commitment, advisory, or attribution.

11.8 No Broad Safe Harbor

No testing, access, or conduct is authorized except to the narrow extent expressly permitted by this Policy. Any activity outside that scope may constitute unauthorized access, trespass, breach of contract, interference, or other unlawful conduct, and ZNF reserves all rights and remedies with respect to such activity. Nothing in this Policy shall be interpreted as granting any license, permission, or immunity for conduct that exceeds the express scope of this Policy or violates applicable law.

12. User and Counterparty Cooperation Obligations

Where ZNF reasonably requests cooperation in connection with fraud prevention, shipment security, pickup verification, contamination review, tampering concerns, chargeback disputes, incident response, vulnerability assessment, or legal compliance, you agree to provide commercially reasonable cooperation, which may include:

(a) providing records, screenshots, order details, logs, declarations, photographs, tracking, or other relevant information;

(b) preserving products, packaging, devices, communications, and records;

(c) ceasing suspicious or disputed use pending review;

(d) confirming authority, identity, delivery instructions, or pickup authorization; and

(e) not destroying or altering relevant evidence after notice of an investigation, dispute, or incident.

Failure to cooperate may affect eligibility for remedies, claims handling, order release, pickup, refunds, credits, or other discretionary accommodations, to the fullest extent permitted by law.

13. Reservation of Rights; Enforcement

ZNF reserves the absolute right, but not the obligation, to:

(a) monitor, log, review, investigate, and preserve information concerning access to its sites, systems, accounts, facilities, records, and services, subject to applicable law;

(b) block, throttle, filter, suspend, terminate, geoblock, challenge, or otherwise restrict access, pickups, orders, accounts, integrations, IP addresses, agents, or providers;

(c) refuse, hold, delay, cancel, intercept, or condition orders, shipments, credits, pickups, accounts, or services where fraud, abuse, tampering, contamination, unauthorized access, or other risk is suspected;

(d) involve law enforcement, regulators, carriers, marketplaces, insurers, processors, customs authorities, counsel, or forensic providers;

(e) seek injunctive relief, damages, contractual remedies, statutory remedies, attorneys’ fees where permitted, and all other relief available at law or in equity; and

(f) preserve all rights under the TOU, applicable law, and this Policy.

ZNF’s failure to detect, prevent, or act on any specific conduct shall not constitute consent, waiver, or limitation of rights with respect to that conduct or any future conduct.

14. No Warranty; No Guarantee of Absolute Security

TO THE FULLEST EXTENT PERMITTED BY LAW, ALL ZNF SITES, SYSTEMS, FACILITIES, COMMUNICATIONS, PRODUCTS, SHIPMENTS, PICKUP PROCESSES, RECORDS, AND SECURITY CONTROLS ARE PROVIDED, OPERATED, OR MADE AVAILABLE ON AN “AS IS” AND “AS AVAILABLE” BASIS.

NO METHOD OF COLLECTION, STORAGE, TRANSMISSION, FULFILLMENT, SECURITY CONTROL, FOOD-DEFENSE MEASURE, DIGITAL DEFENSE, PHYSICAL ACCESS CONTROL, SHIPPING PROCESS, PICKUP PROCESS, OR VULNERABILITY-HANDLING PROCESS IS COMPLETELY SECURE OR FAIL-SAFE.

ACCORDINGLY, ZNF DOES NOT REPRESENT OR WARRANT THAT ANY INFORMATION, SYSTEM, COMMUNICATION, FACILITY, ORDER, PRODUCT, RECORD, SHIPMENT, PICKUP, ACCOUNT, OR DIGITAL ENVIRONMENT WILL BE IMMUNE FROM UNAUTHORIZED ACCESS, LOSS, MISUSE, ALTERATION, DISCLOSURE, DESTRUCTION, DELAY, INTERRUPTION, ATTACK, TAMPERING, ADULTERATION, CONTAMINATION, OR OTHER SECURITY FAILURE.

ANY RELIANCE ON ZNF’S SECURITY PRACTICES, FACILITY PRACTICES, DIGITAL CONTROLS, SHIPPING CONTROLS, OR COMMUNICATIONS IS AT YOUR SOLE RISK, SUBJECT TO ANY NON-WAIVABLE RIGHTS UNDER APPLICABLE LAW.

15. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, ZNF AND ITS AFFILIATES, OWNERS, MEMBERS, MANAGERS, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, SERVICE PROVIDERS, LICENSORS, CARRIERS, MARKETPLACE PARTNERS, AND CONTRACTORS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR ENHANCED DAMAGES ARISING OUT OF OR RELATING TO THIS POLICY, ANY SECURITY PRACTICE, ANY SECURITY INCIDENT, ANY ALLEGED VULNERABILITY, ANY REPORT OR RESPONSE, ANY FACILITY OR PICKUP SECURITY ISSUE, ANY SHIPMENT-SECURITY ISSUE, OR ANY RELATED INVESTIGATION OR ENFORCEMENT ACTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE EXTENT LIABILITY CANNOT BE LAWFULLY DISCLAIMED, ANY LIABILITY SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY THE TOU AND APPLICABLE LAW.

NOTHING IN THIS POLICY IS INTENDED TO LIMIT ANY LIABILITY THAT CANNOT BE LIMITED AS A MATTER OF NON-WAIVABLE LAW.

16. Governing Law; Dispute Resolution; Class Waiver

Any dispute, claim, or controversy arising out of or relating to this Policy, any alleged or actual security incident, any privacy or information-security issue, any vulnerability report, any investigation, any security-related order hold or cancellation, any pickup verification dispute, any tampering or adulteration concern, or any conduct governed by this Policy shall be governed exclusively by the dispute-resolution provisions of the TOU, including any applicable arbitration requirements, class-action waiver, venue provisions, and any valid opt-out rights or court-forum consequences set forth therein, to the fullest extent permitted by law.

To the fullest extent permitted by law, you waive any right to participate in any class, collective, coordinated, consolidated, representative, or mass action, except as expressly provided in the TOU or where non-waivable law prohibits such waiver.

17. Compliance with Law; Non-Waivable Rights

This Policy is intended to operate consistently with applicable law, including, where applicable and without limitation, laws relating to information security, breach notification, unfair or deceptive practices, food safety, food defense, import compliance, consumer protection, privacy, electronic records, computer-access restrictions, and evidence preservation.

Nothing in this Policy shall be construed to:

(a) waive any non-waivable right or remedy available under applicable law;

(b) require ZNF to act contrary to law, legal process, regulator direction, or law-enforcement instruction;

(c) create any private right of action, bounty right, or duty beyond what is expressly stated herein or required by law; or

(d) constitute an admission that any particular statute, regulation, or foreign legal regime applies in every circumstance.

18. Modifications; Survival

ZNF may amend, revise, replace, supplement, or retire this Policy at any time, in its sole discretion, by posting an updated version or otherwise providing legally sufficient notice. Your continued access to or use of ZNF’s sites, services, facilities, systems, orders, pickups, communications, or vulnerability-reporting process after the effective date of an updated Policy constitutes acceptance of the updated Policy to the fullest extent permitted by law.

All provisions of this Policy that by their nature should survive shall survive, including without limitation provisions concerning confidentiality, evidence preservation, incident response, cooperation, enforcement, reservation of rights, disclaimers, limitations of liability, arbitration, governing law, and remedies.

19. Final Acknowledgment; Integrated Legal Framework; Questions; Dispute Resolution

Thank you for reviewing this Policy. This Policy explains important rights, obligations, disclosures, restrictions, procedures, and risk allocations that apply to Z Natural Foods LLC (“ZNF,” “we,” “us,” or “our”) and to each person, entity, customer, visitor, purchaser, recipient, service provider, marketplace participant, reviewer, content submitter, automated system, bot, crawler, scraper, agentic tool, or other party that accesses, uses, purchases from, submits information to, communicates with, or otherwise interacts with ZNF, our Sites, Products, Services, systems, facilities, content, communications, or legal-policy framework.

This Policy is part of ZNF’s integrated legal framework and must be read together with ZNF’s Terms of Use and all other legal policies, notices, addenda, statements, guidelines, and disclosures posted on or linked from ZNF’s Legal page, currently available at https://www.znaturalfoods.com/pages/legal (collectively, the “ZNF Legal Policies”), each as amended, supplemented, restated, or replaced from time to time. The ZNF Legal Policies include, without limitation and as applicable, the Terms of Use, Privacy Policy, Cookie Policy, Your Privacy Choices / Data Sharing Opt-out Notice, U.S. State Privacy Addendum, International Privacy Addendum, GDPR Statement / EEA-UK-Switzerland Privacy Notice, Legal Notice / Disclaimer Policy, Purchases / Subscriptions / Pre-Orders Policy, Shipping & Delivery Policy, Cancelations / Returns / Refunds & Title Policy, California Proposition 65 Notice, Accessibility Statement, Mobile Terms of Service, Content Policy, Product Review Guidelines, Digital Advertising & Analytics Policy, Information Security Policy & Responsible Vulnerability Disclosure Policy, DMCA Compliance Statement & Copyright Infringement Policy, Agent Terms & Automated Access / Bot Policy, and any other policy, notice, addendum, disclosure, or guideline made available by ZNF.

To the fullest extent permitted by applicable law, the ZNF Legal Policies are incorporated by reference into this Policy and into ZNF’s Terms of Use. If there is a direct conflict among ZNF Legal Policies, the Terms of Use control with respect to arbitration, class-action waiver, governing law, venue, limitation of liability, warranty disclaimers, damages exclusions, evidentiary standards, survival, enforcement, and other general risk-allocation provisions. The more specific topic-specific ZNF Legal Policy controls with respect to its particular subject matter, including, as applicable, privacy, cookies, advertising, mobile messaging, purchases, subscriptions, pre-orders, shipping, returns, title, accessibility, content, reviews, intellectual property, security, automated access, and jurisdiction-specific privacy rights. Any transaction-specific checkout disclosure, order disclosure, consent notice, or legally required jurisdiction-specific notice controls only for the specific matter disclosed and only to the extent required by applicable law.

If you have questions about this Policy, please contact ZNF Customer Care or use the topic-specific contact method identified in the applicable ZNF Legal Policy. Questions, customer-service communications, marketplace messages, reviews, social-media posts, informal comments, or other communications do not waive, modify, limit, or amend any ZNF Legal Policy, any dispute-resolution requirement, any limitation of liability, any defense, any privilege, or any right or remedy available to ZNF, unless ZNF expressly agrees otherwise in a written amendment signed by an authorized ZNF representative.

If any concern, claim, controversy, or dispute arises out of or relates to this Policy, any ZNF Legal Policy, any ZNF Site, Product, Service, order, communication, content, review, submission, automated access, privacy matter, security matter, delivery, return, refund, payment, marketplace interaction, or other relationship with ZNF, you must follow the Initial Dispute Resolution process and the Binding Individual Arbitration requirements set forth in ZNF’s Terms of Use, including any applicable class-action waiver, jury-trial waiver, venue provision, governing-law provision, mass-arbitration procedure, and survival provision, except only to the limited extent a non-waivable law requires otherwise.

Your access to, browsing of, use of, purchase from, order placement with, receipt of products or services from, submission of information or content to, communication with, enrollment in, continued interaction with, or automated or agentic access to any ZNF Site, Product, Service, system, content, communication, or channel constitutes acknowledgment of this Policy and the ZNF Legal Policies to the fullest extent permitted by law. Where affirmative consent, opt-in, opt-out, notice, or other specific procedure is required by applicable law, ZNF may rely on the legally required method for that specific context. Nothing in this Policy or any ZNF Legal Policy is intended to waive, limit, restrict, or override any right or obligation that cannot lawfully be waived, limited, restricted, or overridden.

By using, purchasing from, communicating with, submitting to, accessing, or otherwise interacting with ZNF through any channel, you acknowledge that you have had an opportunity to review this Policy, the Terms of Use, and the other ZNF Legal Policies available on the Legal page, and that your relationship with ZNF is governed by the then-current versions of those policies to the fullest extent permitted by applicable law.