PRIVACY & DATA PROTECTION POLICY

Last Updated: 01/10/2025

 

Overview

At Hercuddle, we respect your privacy and are committed to protecting your personal and sensitive information.
This Privacy & Data Protection Policy (“Policy”) explains what data we collect, how we use it, and how you can exercise control over your information.
It applies to our website (hercuddle.com), mobile applications, connected devices (including Vionne), and any related digital services.

Legal Basis for Processing

We process personal data in compliance with both U.S. consumer-protection laws and the EU General Data Protection Regulation (GDPR).
Our legal bases include:

• Contractual necessity: to fulfill purchases and provide product functionality.
• Consent: for optional data collection (sensor data, analytics, marketing).
• Legitimate interest: to improve our Services and ensure safety and fraud prevention.

You may withdraw consent at any time without affecting prior lawful processing.

Information We Collect

(a) Personal Information

• Name, email, phone number, billing & shipping address.
• Account credentials if you create an account.
• Order and payment information (processed via secure third-party gateways).

(b) Device & Sensor Data

Our products may collect optional data such as pH readings, pressure data, vibration patterns, and usage duration.
These data are used solely to enable AI-driven personalization and wellness monitoring features.

(c) Technical & Usage Data

• IP address, browser type, device ID, operating system.
• App interactions, crash logs, and aggregated analytics.
• Cookies and similar technologies (see Cookie Policy).

We do not collect biometric identifiers or medical records without explicit consent.

Purpose of Data Use

We use your information to:

1. Process orders and deliver products.
2. Provide adaptive, AI-based personalization to enhance your comfort and experience.
3. Display relevant content, product updates, and limited promotional offers (opt-in only).
4. Improve product safety, usability, and customer support.
5. Comply with legal obligations and warranty claims.

We never sell your personal or sensor data.

Design-Level Privacy & User Control

At Hercuddle, privacy is not an add-on — it is an essential part of how we design and operate every product and service.

• Your data stays yours. All information is collected only with your explicit consent and processed locally by default.
• End-to-end encryption. Sensitive data is encrypted, obfuscated, and stored separately, with encryption keys fully controlled by you.
• Zero third-party access. No external party, including Hercuddle, can access your plain data.
• Independent security validation. We partner with certified, independent data-security institutions to audit and maintain our privacy and encryption practices.
• Full user control. You may enable or disable all data-related or AI-assisted features at any time, and permanently delete all personal information through the in-app or account privacy settings.

Data Storage & Security

• All transmissions use SSL/TLS encryption.
• Sensor data and personal identifiers are stored separately using hashed or tokenized IDs.
• Access to databases is strictly limited to authorized personnel under confidentiality agreements.
• Regular penetration testing and third-party security audits are conducted to maintain compliance with international standards (ISO 27001, SOC 2).

International Transfers

Your information may be processed in countries outside your residence (for example, cloud servers located in the U.S. or EU).
When transferring data internationally, we apply standard contractual clauses or equivalent safeguards as required by GDPR.

Data Retention

We retain data only as long as necessary to:

• Fulfill your purchase or warranty period;
• Provide ongoing Services;
• Comply with legal, tax, or accounting requirements.

After expiration, data are securely deleted or anonymized.

Your Rights

Depending on your jurisdiction, you have the right to:

• Access a copy of your personal data;
• Request correction or deletion;
• Withdraw consent for processing;
• Object to automated decision-making;
• Port your data to another provider.

To exercise these rights, email [email protected] with the subject line “Data Request.”
We will respond within 30 days.

Marketing & Communications

You may subscribe to optional newsletters.
Each email contains an “unsubscribe” link.
We comply with CAN-SPAM (US) and ePrivacy/GDPR (EU) regulations.

Third-Party Service Providers

We partner only with vendors who meet strict privacy standards.
Examples include:

• Payment processors (e.g., Stripe, PayPal)
• Shipping carriers
• Cloud infrastructure (e.g., AWS or Google Cloud)
• Analytics tools (aggregated and anonymized)

These providers act as “data processors” and cannot use your information for their own purposes.

Children’s Privacy

Our products and website are not directed to anyone under 18.
We do not knowingly collect data from minors.
If you believe a minor has provided data, contact [email protected] for immediate deletion.

Data Breach Notification

In the unlikely event of a breach affecting your personal or sensor data, we will:

• Notify you and the relevant authorities within 72 hours (as required by GDPR).
• Provide details of the breach and recommended protective steps.
• Take immediate action to remediate and prevent recurrence.

Changes to This Policy

We may update this Policy to reflect new laws, technologies, or business practices.
The updated version will include a revised “Last Updated” date and become effective upon posting.
Material changes will be communicated via email or in-app notification.

Contact Us

For questions or data-protection concerns, contact:
Hercuddle Privacy
[email protected]
hercuddle.com/privacy