Privacy Policy
At Bright Roots Haven (accessible via brightrootshaven.com), we are committed to respecting your privacy and safeguarding your personal data. This Privacy Policy outlines our practices regarding the collection, use, processing, and protection of your personal information. We take a privacy-first approach to data handling and strictly adhere to applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction
Bright Roots Haven values your trust. We are fully committed to maintaining the confidentiality, integrity, and security of your personal information. Whether you are browsing our site, making a purchase, or communicating with us, we strive to ensure that your data is managed lawfully, transparently, and securely.
2. Scope of Policy and Data Controller
This Privacy Policy applies to all users of brightrootshaven.com and governs the collection and processing of personal data through or in connection with our website. Bright Roots Haven is the data controller responsible for determining the purposes and means of processing personal data as defined under the GDPR and acts as a “business” under the CCPA.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Includes data automatically collected about your interactions with brightrootshaven.com such as your IP address, browser type and version, pages visited, time spent on pages, navigation paths, referring URL, and device identifiers.
b. Account Data
Personal identification information collected upon account creation or purchase, including full name, billing and shipping addresses, email address, and phone number.
c. Profile Data
Information related to your profile, such as your login credentials, purchase history, saved items, interests, browsing behavior, and expressed preferences.
d. Communication Data
Includes records of communications you share with us, including emails, customer service inquiries, chat messages, contact form submissions, and support tickets.
e. Technical Data
Information regarding your device, operating system, system settings, IP geolocation, browser settings, and other device-level technical configuration details.
f. Transaction Data
Includes payment-related data, order details, shipping information, transaction IDs, billing amounts, and related communications. We do not store full credit/debit card numbers; instead, this data is handled securely by our payment processors.
g. Preference Data
Includes details about your marketing preferences, communication opt-ins or opt-outs, selected content or products of interest, and consent records for data use.
4. Legal Bases for Data Processing
In accordance with the GDPR, we process your personal data under the following legal bases:
– Contractual necessity: Data required to fulfill our agreement with you (e.g., product purchases, account creation).
– Legitimate interests: Data used to improve our services, website functionality, and internal administrative purposes without overriding your privacy rights.
– Consent: Personal data used for email newsletters, marketing promotions, or non-essential cookies is processed with your explicit consent.
– Legal obligation: Data processed in order to comply with applicable laws or authorized law enforcement requests.
For California residents, we also comply with your rights under the CCPA and may collect, use, or disclose personal information as “business purposes” allowed by law.
5. Your Rights Regarding Personal Data
As a user, you have specific rights regarding your personal data, which may include:
– Right of Access: You may request copies of your personal data held by us.
– Right to Rectification: You may request corrections of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, where legally permissible.
– Right to Restrict Processing: You may request a temporary or permanent halt to processing under certain conditions.
– Right to Data Portability: You may request to receive your data in a structured, commonly used format and transmit it to another controller.
California residents have additional rights under the CCPA, including:
– The right to know what categories of data we collect, use, and share.
– The right to request deletion of personal data collected.
– The right to opt out of the sale or sharing of personal data (we do not sell your personal information).
– The right to non-discrimination for exercising these rights.
Users may exercise these rights by contacting us at [email protected].
6. Security Measures
We implement and maintain appropriate technical and organizational safeguards to protect your personal data. These measures include:
– Data encryption at rest and in transit
– Secure server environments with restricted access
– Role-based access control and multi-factor authentication
– Routine backups and secure logging systems
– Staff training and awareness programs around data protection best practices
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside of your country of residence. Where such transfers occur, we ensure adequate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission, binding corporate rules, or other legally compliant mechanisms to protect your rights and freedoms in accordance with GDPR.
8. Data Retention
We retain personal data only as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Typical retention periods include:
– Account and Profile Data: Retained for as long as the user account remains active and for a limited period thereafter.
– Transaction and Payment Data: Retained for a minimum of 7 years to comply with financial and tax reporting obligations.
– Communication Data: Retained for the duration needed to resolve inquiries or fulfill subscriber requests.
– Consent Records: Retained indefinitely to demonstrate compliance with applicable data protection laws.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, evaluate site performance, and provide personalized services. We classify cookies as follows:
– Essential Cookies: Necessary for the basic functioning of brightrootshaven.com; cannot be disabled.
– Functional Cookies: Enable enhanced functionality, such as remembering your preferences.
– Analytics Cookies: Used to measure website performance and user engagement, often via third-party services like Google Analytics.
– Performance Cookies: Improve page load times, optimize navigation, and support troubleshooting.
10. Cookie Management and Compliance
You may manage your cookie preferences at any time using our Cookie Settings tool available on the site. Consents requested when you first visit brightrootshaven.com comply with GDPR consent standards and CCPA opt-out mechanisms. For California users, we honor “Do Not Sell My Personal Information” and signal-based choices, where applicable.
11. Children’s Privacy
brightrootshaven.com is not directed toward children under the age of 13. We do not knowingly collect or store personal data from minors absent verifiable parental consent. If we become aware that we have inadvertently received data from a child under 13, we will promptly delete it. Parents or guardians with questions should contact us at [email protected].
12. Policy Updates
We reserve the right to revise this Privacy Policy as needed to reflect changes to our operations, legal requirements, or data processing practices. Users will be notified of material changes via our website or through direct communication. Continued use of brightrootshaven.com after changes indicates acceptance of the updated policy.
13. Contact Us
For questions, requests, or concerns related to this Privacy Policy or your personal data rights, please contact us at:
Email: [email protected]
Website: https://brightrootshaven.com
We are committed to full compliance with all applicable data protection laws and strive to provide transparency to our users. If you have any questions regarding how your data is used, stored, or shared, we encourage you to reach out at the contact above.