PRIVACY POLICY

1. Introduction

At Pathhug (“we,” “our,” or “us”), accessible via pathhug.com, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy sets forth the principles by which we collect, use, store, and safeguard your personal data in line with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We take a privacy-first approach in our operations and believe in transparency, accountability, and respect for your data rights.

2. Scope of the Policy and Data Controller Role

This Privacy Policy applies to all personal data collected through pathhug.com or related services, whether accessed via desktop, mobile device, or other platforms. Pathhug is the data controller for the purposes of data protection laws. As the data controller, we determine the purposes and means of processing your personal data.

3. Categories of Personal Data Processed

Depending on your interaction with pathhug.com, we may collect and process the following categories of personal data:

a. Usage Data
Includes information such as IP address, browser type and version, operating system, referral URLs, time-zone settings, mobile identifiers, browsing behavior, session information, and website interaction data.

b. Account Data
Includes personally identifiable information (PII) provided upon registration or contact, including your full name, email address, mailing address, and phone number.

c. Profile Data
Includes preferences, user settings, purchase history, interaction behavior, and other information you voluntarily provide to personalize your experience.

d. Communication Data
Includes data associated with inquiries, support tickets, customer service interactions, and historical communication records.

e. Technical Data
Includes device type, hardware specifications, language preferences, plug-ins, and diagnostic/usage logs collected during routine system operation.

f. Transaction Data
Includes billing addresses, order histories, payment confirmations, delivery tracking, and related financial and logistical data—processed via secure third-party payment processors.

g. Preference Data
Includes marketing preferences, opted-in consents, responses to promotional campaigns, product interest indicators, A/B test data, and analytics on content engagement.

4. Legal Bases for Processing

We process your data based on one or more of the following lawful grounds under GDPR and applicable U.S. regulations:

– Contractual Necessity: When it is required to fulfill a contract with you (e.g., account creation, service delivery, transaction execution).
– Consent: Where you have explicitly granted permission (e.g., newsletter subscription or use of non-essential cookies).
– Legitimate Interests: When processing is necessary for our business operations, fraud prevention, analytics, or improving website functionality—provided such interests are not overridden by your rights.
– Legal Obligation: When required to meet our legal or regulatory compliance obligations.

5. Your Rights

As a data subject under GDPR and/or CCPA, you have the following rights:

– Right of Access: To obtain a copy of your personal data held by us.
– Right to Rectification: To correct inaccurate or incomplete information.
– Right to Erasure (“Right to be Forgotten”): To request deletion of your data where no legal basis justifies its retention.
– Right to Restriction: To limit the scope or processing of certain data.
– Right to Data Portability: To obtain and reuse your data in a structured, commonly used, and machine-readable format.
– Right to Object: To object to the processing of personal data in cases such as direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, its withdrawal does not affect processing prior to withdrawal.
– Right to Non-Discrimination: Under CCPA, you will not be discriminated against for exercising any of your privacy rights.

Requests to exercise any of these rights may be directed to [email protected]. We reserve the right to verify user identity before responding to such requests.

6. Security Measures

We implement appropriate technical and organizational safeguards to ensure the confidentiality, integrity, and availability of personal data. These measures include:

– End-to-end encryption during data transmission.
– Secure access control protocols and authentication barriers.
– Firewalls, DDoS protection, and anti-malware systems.
– Regular staff privacy training and awareness programs.
– Scheduled audits, vulnerability assessments, and penetration testing.
– Secure data center operations and contingency planning.

7. International Data Transfers

Where necessary, personal data may be transferred to and processed in locations outside the European Economic Area (EEA) or the United States. In such instances, we will ensure appropriate safeguards are in place, including:

– Standard Contractual Clauses (SCCs) approved by the European Commission.
– Adequacy decisions where applicable.
– Additional organizational and technical safeguards such as anonymization and restricted access protocols.

8. Data Retention

We retain personal data for no longer than necessary to fulfill the purposes outlined in this Privacy Policy or as legally required. Specific timeframes include:

– Account Data and Profile Data: Retained for the duration of user engagement or up to five years following deactivation, unless otherwise requested.
– Communication Data: Retained up to three years post-resolution for support and legal recordkeeping.
– Transaction Data: Retained for up to seven years to comply with tax and financial regulations.
– Usage and Technical Data: Retained for up to 24 months for analytics and optimization purposes.
– Preference and Marketing Data: Retained until opt-out or consent withdrawal.

9. Cookie Policy

Cookies are small data files placed on your device when visiting pathhug.com. These include:

– Essential Cookies: Required for core site functionality (login, navigation, secure areas).
– Functional Cookies: Enhance user experience by remembering session preferences and settings.
– Analytics Cookies: Provide aggregated usage insights via services such as Google Analytics.
– Performance Cookies: Help measure website responsiveness, loading times, and performance metrics.

10. Cookie Management and Legal Compliance

In compliance with GDPR and CCPA, visitors are provided with an opt-in mechanism for non-essential cookies via a cookie banner upon their first visit. You may adjust your cookie preferences at any time by accessing the cookie settings available on the website’s footer or via browser tools. Additionally:

– You may revoke consent for cookies at any time.
– We honor Global Privacy Control (GPC) signals and “Do Not Track” browser settings where legally enforced.
– Consent logs are maintained to verify compliance.

11. Protection of Children Under 13

pathhug.com is not intended for children under the age of 13, and we do not knowingly collect, use, or store personal data from anyone under this age. If we become aware that we have received data from a person under 13 without verified parental consent, we will take steps to delete such data promptly. Parents or guardians who believe we may have unknowingly collected information from a child may contact us at [email protected].

12. Updates to this Privacy Policy

We reserve the right to amend this Privacy Policy from time to time, in accordance with changing legal, technical, or business developments. Material changes will be communicated to users via banners, pop-ups, or email correspondence, depending on your communication preferences. Continued use of pathhug.com following such updates constitutes acceptance of the revised policy.

13. Contact Us

For questions, concerns, complaints, or to exercise your data protection rights, please contact us at:

Email: [email protected]
Website: https://pathhug.com

We are committed to privacy rights and maintain full compliance with applicable privacy laws. Please reach out at any time with your questions about how we manage and protect your personal data.