PRIVACY POLICY
1. Introduction
At Pathhug (“we,” “our,” or “us”), accessible via pathhug.com, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy sets forth the principles by which we collect, use, store, and safeguard your personal data in line with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We take a privacy-first approach in our operations and believe in transparency, accountability, and respect for your data rights.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through pathhug.com or related services, whether accessed via desktop, mobile device, or other platforms. Pathhug is the data controller for the purposes of data protection laws. As the data controller, we determine the purposes and means of processing your personal data.
3. Categories of Personal Data Processed
Depending on your interaction with pathhug.com, we may collect and process the following categories of personal data:
a. Usage Data
Includes information such as IP address, browser type and version, operating system, referral URLs, time-zone settings, mobile identifiers, browsing behavior, session information, and website interaction data.
b. Account Data
Includes personally identifiable information (PII) provided upon registration or contact, including your full name, email address, mailing address, and phone number.
c. Profile Data
Includes preferences, user settings, purchase history, interaction behavior, and other information you voluntarily provide to personalize your experience.
d. Communication Data
Includes data associated with inquiries, support tickets, customer service interactions, and historical communication records.
e. Technical Data
Includes device type, hardware specifications, language preferences, plug-ins, and diagnostic/usage logs collected during routine system operation.
f. Transaction Data
Includes billing addresses, order histories, payment confirmations, delivery tracking, and related financial and logistical data—processed via secure third-party payment processors.
g. Preference Data
Includes marketing preferences, opted-in consents, responses to promotional campaigns, product interest indicators, A/B test data, and analytics on content engagement.
4. Legal Bases for Processing
We process your data based on one or more of the following lawful grounds under GDPR and applicable U.S. regulations:
– Contractual Necessity: When it is required to fulfill a contract with you (e.g., account creation, service delivery, transaction execution).
– Consent: Where you have explicitly granted permission (e.g., newsletter subscription or use of non-essential cookies).
– Legitimate Interests: When processing is necessary for our business operations, fraud prevention, analytics, or improving website functionality—provided such interests are not overridden by your rights.
– Legal Obligation: When required to meet our legal or regulatory compliance obligations.
5. Your Rights
As a data subject under GDPR and/or CCPA, you have the following rights:
– Right of Access: To obtain a copy of your personal data held by us.
– Right to Rectification: To correct inaccurate or incomplete information.
– Right to Erasure (“Right to be Forgotten”): To request deletion of your data where no legal basis justifies its retention.
– Right to Restriction: To limit the scope or processing of certain data.
– Right to Data Portability: To obtain and reuse your data in a structured, commonly used, and machine-readable format.
– Right to Object: To object to the processing of personal data in cases such as direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, its withdrawal does not affect processing prior to withdrawal.
– Right to Non-Discrimination: Under CCPA, you will not be discriminated against for exercising any of your privacy rights.
Requests to exercise any of these rights may be directed to [email protected]. We reserve the right to verify user identity before responding to such requests.
6. Security Measures
We implement appropriate technical and organizational safeguards to ensure the confidentiality, integrity, and availability of personal data. These measures include:
– End-to-end encryption during data transmission.
– Secure access control protocols and authentication barriers.
– Firewalls, DDoS protection, and anti-malware systems.
– Regular staff privacy training and awareness programs.
– Scheduled audits, vulnerability assessments, and penetration testing.
– Secure data center operations and contingency planning.
7. International Data Transfers
Where necessary, personal data may be transferred to and processed in locations outside the European Economic Area (EEA) or the United States. In such instances, we will ensure appropriate safeguards are in place, including:
– Standard Contractual Clauses (SCCs) approved by the European Commission.
– Adequacy decisions where applicable.
– Additional organizational and technical safeguards such as anonymization and restricted access protocols.
8. Data Retention
We retain personal data for no longer than necessary to fulfill the purposes outlined in this Privacy Policy or as legally required. Specific timeframes include:
– Account Data and Profile Data: Retained for the duration of user engagement or up to five years following deactivation, unless otherwise requested.
– Communication Data: Retained up to three years post-resolution for support and legal recordkeeping.
– Transaction Data: Retained for up to seven years to comply with tax and financial regulations.
– Usage and Technical Data: Retained for up to 24 months for analytics and optimization purposes.
– Preference and Marketing Data: Retained until opt-out or consent withdrawal.
9. Cookie Policy
Cookies are small data files placed on your device when visiting pathhug.com. These include:
– Essential Cookies: Required for core site functionality (login, navigation, secure areas).
– Functional Cookies: Enhance user experience by remembering session preferences and settings.
– Analytics Cookies: Provide aggregated usage insights via services such as Google Analytics.
– Performance Cookies: Help measure website responsiveness, loading times, and performance metrics.
10. Cookie Management and Legal Compliance
In compliance with GDPR and CCPA, visitors are provided with an opt-in mechanism for non-essential cookies via a cookie banner upon their first visit. You may adjust your cookie preferences at any time by accessing the cookie settings available on the website’s footer or via browser tools. Additionally:
– You may revoke consent for cookies at any time.
– We honor Global Privacy Control (GPC) signals and “Do Not Track” browser settings where legally enforced.
– Consent logs are maintained to verify compliance.
11. Protection of Children Under 13
pathhug.com is not intended for children under the age of 13, and we do not knowingly collect, use, or store personal data from anyone under this age. If we become aware that we have received data from a person under 13 without verified parental consent, we will take steps to delete such data promptly. Parents or guardians who believe we may have unknowingly collected information from a child may contact us at [email protected].
12. Updates to this Privacy Policy
We reserve the right to amend this Privacy Policy from time to time, in accordance with changing legal, technical, or business developments. Material changes will be communicated to users via banners, pop-ups, or email correspondence, depending on your communication preferences. Continued use of pathhug.com following such updates constitutes acceptance of the revised policy.
13. Contact Us
For questions, concerns, complaints, or to exercise your data protection rights, please contact us at:
Email: [email protected]
Website: https://pathhug.com
We are committed to privacy rights and maintain full compliance with applicable privacy laws. Please reach out at any time with your questions about how we manage and protect your personal data.