Privacy Policy

1. INFORMATION WE COLLECT

We may collect information about you in a variety of ways. The information we may collect via the Services depends on the content and materials you use, and includes:

A. Personal Data You Provide to Us:

Account Information: When you register for an account (e.g., for e-commerce purchases or SaaS access), we collect personal information, which may include your name, email address, and password.

Profile Information: You may choose to provide additional information as part of your user profile, such as a display name.

User Content: We collect the files, data, and content you upload, store, process, or share through our Services (e.g., files in SaaS applications, product reviews, blog comments), including associated metadata.

Communications: If you contact us directly (e.g., for support), we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

Financial Data (Processed by Third Parties): If you make a purchase, our third-party payment processor (Stripe) will collect your payment information (e.g., credit card number, billing address). We do not directly collect or store your full payment card details. We may receive transaction details related to your purchase from our payment processor.

B. Data Collected Automatically (Derivative Data):

Log and Usage Data: We automatically collect information when you access or use our Services and record it in log files. This data may include your Internet Protocol (IP) address, browser type and version, operating system, Internet service provider, referring/exit pages, pages viewed, date/time stamps, clickstream data, and other usage information.

Device Information: We may collect information about the computer or mobile device you use to access our Services, such as the hardware model, operating system and version, unique device identifiers, mobile network information, and browser characteristics.

Location Data: We may collect imprecise location data (e.g., location derived from your IP address) for purposes such as analytics or content customization, subject to your device settings.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes, including to:

• Provide, operate, maintain, secure, and improve our Services (informational blogs, e-commerce, SaaS applications);
• Process your registration and manage your account;
• Process transactions and send you related information, including purchase confirmations and invoices (via our payment processor);
• Respond to your comments, questions, and requests, and provide customer service and support;
• Send you technical notices, updates, security alerts, and support and administrative messages;
• Monitor and analyze trends, usage, and activities in connection with our Services (subject to cookie consent for non-essential analytics);
• Personalize the Services, including providing advertisements, content, or features that match user interests on ad-supported pages (subject to cookie consent and your rights to opt-out where applicable);
• Communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information we think will be of interest to you (where you have opted-in to such communications or where permitted by law);
• Prevent fraudulent transactions, monitor against theft, and protect against criminal activity;
• Comply with legal obligations and legal process, and protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties;
• For other purposes about which we notify you and, where required by applicable law, obtain your consent.

3. LEGAL BASIS FOR PROCESSING (FOR EEA/UK USERS)

If you are an individual in the European Economic Area (EEA) or the United Kingdom (UK), we collect and process information about you only where we have legal bases for doing so under applicable EU and UK laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

• We need it to provide you the Services, including to operate the Services, provide customer support and personalized features, and to protect the safety and security of the Services (i.e., performance of a contract);
• It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services (where consent is not required for general communications to existing customers about similar products/services), and to protect our legal rights and interests;
• You give us consent to do so for a specific purpose (e.g., for non-essential cookies, targeted advertising on ad-supported pages, certain marketing communications); or
• We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time (e.g., via our cookie consent management tool or by contacting us), but this will not affect any processing that has already taken place.

4. DISCLOSURE OF YOUR INFORMATION

We may share information we have collected about you in certain situations:

With Service Providers: We share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work (e.g., cloud hosting (AWS), payment processing (Stripe), email delivery (AWS SES), security services (Google reCAPTCHA), analytics providers (Google Analytics, if consented)). These service providers are authorized to use your personal information only as necessary to provide these services to us and are contractually obligated to keep your information confidential and secure.

With Advertising Partners (Limited & Conditional): On ad-supported pages or sections of our Services, and if you have provided consent via our cookie consent banner, we may allow third-party advertising partners (e.g., ad networks and ad servers like Google AdSense) to use cookies and similar technologies to collect information about your browsing activities across our Services and other websites over time. This information may be used to select and deliver targeted advertisements that may be of interest to you on our Services or other sites (this is sometimes called "interest-based advertising" or "online behavioral advertising"). For more information on how to manage these preferences, see Section 5 (Cookies and Other Tracking Technologies) and our "Do Not Sell or Share My Personal Information" page.

By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.

Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

With Your Consent: We may disclose your personal information for any other purpose with your specific consent.

Publicly Visible Information: If you create a user profile or post User Content (e.g., comments, reviews) in public areas of the Services, this information may be viewed by all users and may be publicly distributed outside the Services in perpetuity.

5. COOKIES AND OTHER TRACKING TECHNOLOGIES

We use cookies, web beacons, tracking pixels, and other tracking technologies on the Services to help customize the Services and improve your experience. When you first access the Services, you will be presented with a cookie consent banner that allows you to manage your preferences for non-essential cookies.

What are Cookies?

Cookies are small text files stored on your computer or mobile device by a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Types of Cookies We May Use:

Essential Cookies (Strictly Necessary): These cookies are necessary for the Services to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms (e.g., shopping cart functionality). You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.

Performance and Analytics Cookies: Subject to your consent, these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Services. For example, we may use Google Analytics to understand how users interact with our Services.

Functionality Cookies: Subject to your consent, these cookies enable the Services to provide enhanced functionality and personalization.

Targeting/Advertising Cookies: Subject to your consent, these cookies may be set through our Services by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.

Your Choices Regarding Cookies:

Cookie Consent Banner: You can set your cookie preferences when you first visit our Services via our cookie consent banner. You can typically revisit these settings (e.g., through a link in the footer of our website).

Browser Settings: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

Industry Opt-Out Tools: For more information about interest-based ads, and to learn about options for opting out of having your web browsing information used for behavioral advertising purposes by companies that participate in the Digital Advertising Alliance (DAA), visit http://www.aboutads.info/choices/. European users can opt out of receiving targeted advertising through the European Interactive Digital Advertising Alliance (EDAA) at http://www.youronlinechoices.eu/.

Web Beacons/Pixels:

We may also use web beacons (or clear gifs, pixel tags) on the Services and in our emails to, among other things, track the actions of users and email recipients, measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.

Google reCAPTCHA:

We use Google reCAPTCHA on certain forms to protect against automated abuse. This service operates by collecting hardware and software information, such as device and application data, and sending these data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalized advertising by Google. Your use of reCAPTCHA is subject to Google's Privacy Policy and Terms of Use.

6. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

7. DATA SECURITY

We use administrative, technical, and physical security measures designed to help protect your personal information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include, for example, encryption of data in transit (TLS/SSL) and at rest (for file storage on S3), access controls, and secure password policies. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

8. DATA RETENTION

We will retain your personal information for as long as your account is active or as needed to provide you Services and to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. We will also retain and use your information as necessary to comply with our legal obligations (e.g., if we are required to retain your data to comply with applicable tax/revenue laws), resolve disputes, and enforce our agreements. For example, log data may be retained for a limited period for security and operational purposes. Data collected via cookies will be retained in accordance with your consent and the specific cookie's purpose and lifespan. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

9. YOUR DATA PROTECTION RIGHTS

Depending on your location and subject to applicable law, you may have the following rights regarding your personal information:

• Right to Access: You may have the right to request access to the personal information we hold about you and to receive a copy of it.
• Right to Rectification: You may have the right to request that we correct any inaccurate or incomplete personal information.
• Right to Erasure (Right to be Forgotten): You may have the right to request that we delete your personal information, subject to certain exceptions.
• Right to Restrict Processing: You may have the right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: You may have the right to receive your personal information in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.
• Right to Object: You may have the right to object to our processing of your personal information based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: If we are processing your personal information based on your consent (e.g., for non-essential cookies, targeted advertising), you have the right to withdraw your consent at any time, typically through our cookie consent management tool or by contacting us. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Rights Related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (unless certain exceptions apply). We do not currently engage in such automated decision-making.

For California Residents (CCPA/CPRA Rights):

The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides California residents with specific rights regarding their personal information. This section describes your CCPA/CPRA rights and explains how to exercise them.

Categories of Personal Information Collected:

In the preceding 12 months, we have collected the categories of personal information listed in Section 1 ("INFORMATION WE COLLECT") of this Privacy Policy. These correspond to the following CCPA categories: Identifiers (e.g., name, email, IP address); California Customer Records personal information categories (e.g., name, payment information processed by our provider); Commercial information (e.g., records of products or services purchased); Internet or other electronic network activity information (e.g., browsing history, interaction with our Services); Geolocation data (imprecise); and Inferences drawn from other personal information to create a profile (e.g., about preferences).

Sources of Personal Information:

We collect this information directly from you, from your devices when you interact with our Services, and from third-party service providers (e.g., payment processors, analytics providers).

Purposes for Collection and Use:

We collect and use this personal information for the business and commercial purposes described in Section 2 ("HOW WE USE YOUR INFORMATION").

Categories of Personal Information Disclosed for a Business Purpose:

In the preceding 12 months, we have disclosed the categories of personal information listed in Section 1 for a business purpose to the categories of third parties listed in Section 4 ("DISCLOSURE OF YOUR INFORMATION"), primarily to our service providers.

"Sale" or "Sharing" of Personal Information:

• We do not "sell" personal information in the traditional sense of exchanging it for monetary consideration.
• However, under the CCPA/CPRA, the use of certain third-party cookies and tracking technologies on our ad-supported pages for the purpose of cross-contextual behavioral advertising (i.e., targeted advertising based on your activity across different websites and services) may be considered "sharing." In the preceding 12 months, we may have "shared" categories of personal information such as Identifiers (e.g., cookie ID, IP address) and Internet or other electronic network activity information with advertising partners for these purposes, subject to your consent choices.

Your Rights:

• Right to Know/Access: You have the right to request that we disclose certain information to you about our collection, use, disclosure, and potential "sharing" of your personal information over the past 12 months.
• Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, comply with legal obligations).
• Right to Correct Inaccurate Information: You have the right to request the correction of inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the "sharing" of your personal information for cross-contextual behavioral advertising. You can exercise this right by:
  • Managing your cookie preferences through our cookie consent banner (usually accessible via a link in the footer of our website) and disabling advertising/targeting cookies.
  • Visiting our "Do Not Sell or Share My Personal Information" page for more information and links to industry opt-out tools.
• Right to Limit Use and Disclosure of Sensitive Personal Information: We do not currently collect or process "sensitive personal information" (as defined by CCPA/CPRA) for purposes that would require offering a right to limit its use under CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny you goods or services, charge you different prices or rates, or provide you a different level or quality of goods or services.

Exercising Your Rights:

To exercise any of these rights (Access, Deletion, Correction), or if you have questions about your rights, please contact us at: help@homestreetconcepts.com. To opt-out of "sharing" for targeted advertising, please use our cookie consent banner and visit our "Do Not Sell or Share My Personal Information" page.

We will respond to your verifiable consumer request within 45 days of its receipt, as required by law. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We may need to verify your identity before processing your request, which may require you to provide additional information. If you use an authorized agent to submit a request, we may require proof of their authorization.

If you are an EEA/UK resident and believe that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection in your country of residence or place of work.

10. INTERNATIONAL DATA TRANSFERS

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Our primary operations and service providers (e.g., AWS, Google, Stripe) are located in the United States. If you are located in the EEA, UK, or other regions with laws governing data collection and use that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers of personal information from the EEA, UK, or Switzerland to countries not considered adequate by the European Commission, we rely on legally-provided mechanisms to lawfully transfer data across borders, such as Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities, or other appropriate safeguards.

11. CHILDREN'S PRIVACY

Our Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. We do not specifically target our Services to individuals under 18. If we become aware that an individual under the age of 18 has provided us with personal information without verifiable parental consent (or as otherwise permitted by law), we will take steps to delete such information. If you are a parent or guardian and you believe that your child under 18 has provided us with Personal Information without your consent, please contact us at help@homestreetconcepts.com so that we can take appropriate action.

12. CONTACT US

If you have questions or comments about this Privacy Policy, our data practices, or to exercise your rights, please contact us at:

For data protection matters specific to GDPR or similar regulations, you can also reach out to us via the same email address. We do not currently have a formally appointed Data Protection Officer, but inquiries will be handled by our designated privacy personnel.