Privacy Policy

Last updated:

Introduction

This Privacy Policy describes how Herbalbrighten ("we," "us," or "our") collects, uses, stores, and protects your personal information when you visit herbalbrighten.world (the "Website"). We are a United States–based business and handle information in accordance with applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and other state privacy statutes where they apply to our processing activities.

This Policy applies to visitors and users located in the United States. If you access the Website from outside the United States, additional laws may apply to you.

Who We Are

The business responsible for your personal information is:

Herbalbrighten
414 Grand Ave, Lead, SD 57754, United States
Phone: +1 605 580 6230
Email: customer@herbalbrighten.world

Information We Collect

In the preceding 12 months, we may have collected the following categories of personal information:

Identifiers

  • Name and email address when you submit our contact form
  • IP address and online identifiers collected automatically

Customer records and communications

  • Message content and any information you choose to include in your inquiry
  • Records of consent for data processing and cookie preferences

Internet or other electronic network activity

  • Pages visited, time spent on pages, referral sources, and browsing interactions
  • Browser type, device information, and operating system
  • Cookie and similar technology data as described in our Cookie Policy

We do not knowingly collect sensitive personal information (such as Social Security numbers, financial account details, precise geolocation, or health data) through the Website. We do not collect personal information from children under 13 years of age.

How We Use Your Information

We use personal information for the following business and commercial purposes:

  • Responding to inquiries submitted through the contact form
  • Operating, maintaining, and securing the Website
  • Measuring and analyzing Website usage to improve content and user experience (with consent where required)
  • Delivering and measuring online advertising and marketing campaigns (with consent where required)
  • Detecting security incidents, fraud, and unauthorized activity
  • Complying with legal obligations and enforcing our terms

Depending on the activity and your location, we process personal information based on one or more of the following:

  • Consent: When you agree to analytics or marketing cookies, submit the contact form with the required consent checkbox, or otherwise opt in to a specific use
  • Legitimate business interests: To operate, secure, and improve the Website, provided those interests are not overridden by your privacy rights
  • Performance of a request: To respond to inquiries you initiate through the contact form
  • Legal obligation: Where required by applicable federal or state law

We Do Not Sell or Share Personal Information

We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising unless you have provided consent through our cookie banner or similar mechanism. You may opt out of targeted advertising at any time as described in the sections below and in our Cookie Policy.

Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Contact form submissions: up to 24 months after resolution of your inquiry
  • Cookie consent records: up to 12 months
  • Analytics data: up to 26 months, anonymized where possible
  • Server logs: up to 90 days for security purposes

After retention periods expire, data is securely deleted or anonymized.

How We Share Information

We may disclose personal information to the following categories of recipients:

  • Service providers: Hosting, analytics, advertising measurement, and technical support vendors that process information on our behalf under contractual confidentiality and security obligations
  • Legal and safety recipients: Courts, regulators, or law enforcement when required by law, subpoena, or to protect our rights, users, or the public
  • Business transfers: Successors in connection with a merger, acquisition, or sale of assets, subject to this Policy

We require service providers to use personal information only for the services they perform for us and in compliance with applicable privacy laws.

Online Advertising and Analytics

When you consent to analytics or marketing cookies, we and our partners may use cookies, pixels, and similar technologies to measure traffic, understand how the Website is used, and evaluate advertising performance. This may include tools such as Google Analytics or Google Ads conversion tracking if enabled on the Website.

Non-essential tracking technologies are placed only after you provide consent through our cookie banner. You can withdraw consent at any time by declining non-essential cookies, clearing your browser storage, or contacting us. For more detail, see our Cookie Policy.

Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • HTTPS encryption for all data transmission
  • Access controls limiting data access to authorized personnel
  • Regular security assessments of our systems
  • Secure storage with encryption at rest where applicable

Your Privacy Rights

Depending on where you live, you may have the right to:

  • Know and access: Confirm whether we process your personal information and request a copy
  • Correct: Request correction of inaccurate personal information
  • Delete: Request deletion of personal information we collected from you, subject to legal exceptions
  • Opt out of targeted advertising: Direct us not to use your information for cross-context behavioral advertising
  • Opt out of sale/sharing: Direct us not to sell or share personal information (we do not sell personal information)
  • Limit use of sensitive data: Where applicable under state law
  • Data portability: Receive certain information in a portable format where technically feasible
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing
  • Non-discrimination: Not receive discriminatory treatment for exercising privacy rights

To submit a request, contact us at customer@herbalbrighten.world or call +1 605 580 6230. We will verify your request using information associated with your inquiry and respond within the timeframe required by applicable law (generally 45 days, with a possible 45-day extension where permitted).

You may designate an authorized agent to submit a request on your behalf where allowed by law. Authorized agents must provide proof of authorization.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the CCPA/CPRA provides additional rights regarding personal information. In the preceding 12 months, we may have collected the categories of personal information listed in the "Information We Collect" section for the business purposes described above.

Categories of sources: Directly from you, automatically from your device when you use the Website, and from service providers or advertising partners when you consent to non-essential cookies.

Retention: We retain personal information only as long as reasonably necessary for the purposes described in this Policy and as outlined in the "Data Retention" section.

Your California rights include: the right to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and not be discriminated against for exercising these rights. Because we do not sell personal information, a "Do Not Sell or Share My Personal Information" link is not required for monetary sales; however, you may opt out of sharing for cross-context behavioral advertising through our cookie controls or by contacting us.

Shine the Light: California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.

Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have rights similar to those described above, including rights to access, delete, correct, obtain a copy of, and opt out of targeted advertising and certain profiling. Nevada residents may opt out of the sale of covered information under NRS 603A.340; we do not sell covered information as defined by Nevada law.

To appeal a decision regarding your privacy request where required by state law, contact us using the details above and include "Privacy Appeal" in your message. We will respond within the timeframe required by applicable law.

Do Not Track and Global Privacy Control

Some browsers offer a "Do Not Track" (DNT) signal. There is no uniform industry standard for responding to DNT signals. We currently do not respond to DNT signals, but we honor opt-out preferences you express through our cookie banner and applicable state privacy rights.

Where supported by your browser, we recognize the Global Privacy Control (GPC) signal as a valid opt-out of sale or sharing for targeted advertising, in accordance with applicable state law.

Children's Privacy (COPPA)

The Website is not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in violation of the Children's Online Privacy Protection Act (COPPA). If you believe we have collected information from a child under 13, please contact us immediately and we will take steps to delete it.

International Visitors

The Website is operated from the United States. If you access the Website from the European Economic Area, United Kingdom, or other regions with data protection laws, you may have additional rights under applicable local law, including the right to lodge a complaint with a supervisory authority. Where GDPR applies, our legal bases include consent, legitimate interests, contract performance, and legal obligation as described above.

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy regularly.