Privacy Policy

Last updated: July 27, 2022

This privacy policy details the information we collect, store, use, and/or share (“process”) when you use our services (“Services”). Leadstart Media, Inc. (“we,” “us,” or “our”) services include:

1. Visiting our website at https://leadstart.org, or any other website that links to this privacy policy.
2. Downloading our mobile application (Leadstart Media), or any other application affiliated with us that references this privacy policy.
3. Engaging with us through other associated channels, including but not limited to sales, marketing, or participation in events.

If you do not agree with our policies and procedures, we kindly request that you refrain from using our Services.

In the event that you still have questions or concerns, please feel free to contact us at privacy@leadstart.org.

Summary

1. Personal Information: When you engage with our Services through visits, usage, or navigation, we may process personal information contingent upon your interactions with us, your choices, and your use of our products and Services. In cases where necessary and with your consent or as permitted by applicable law, we may process sensitive personal information.

2. Information from Third Parties: Third parties may warrant the sharing of your personal information. We may receive information from external sources, including public databases, marketing partners, and social media platforms.

3. Information Processing Procedures: Our information processing serves multiple purposes with your consent. We process your information to provide, improve, and administer our Services, as well as communication with you, security measures, fraud prevention, and adherence to legal requirements.

4. Data Security: We maintain organizational and technical safeguards to protect your personal information. Nevertheless, it is imperative to note that no electronic transmission or data storage system can guarantee absolute security. We cannot guarantee unauthorized access, data breaches, or modifications by hackers, cybercriminals, or other unauthorized parties.

5. Privacy Rights: Depending on your geographical location, applicable privacy laws may confer specific rights concerning your personal information. You may exercise your privacy rights by submitting a data subject access request or by contacting us directly. We commit to considering and acting upon any such requests in accordance with applicable data protection laws.

1. What Information Do We Collect?

We gather personal information that you disclose to us. This includes data you provide when registering on our Services, expressing interest in obtaining information about us or our products and Services, participating in activities on our platform, or when contacting us.

The personal information we collect is contingent upon the context of your interactions with us and the use of our Services, as well as the choices you make and the specific products and features you engage with. This may include a range of data, including but not limited to:

– Names
– Email addresses
– Mailing addresses
– Phone numbers
– Usernames
– Passwords
– Contact preferences
– Billing addresses
– Debit/Credit card numbers
– Contact or authentication data
– Social media account details

Sensitive Information

When necessary, with your consent or as otherwise permitted by applicable law, we process the following types of sensitive information:

– Creditworthiness data
– Student data
– Information disclosing race or ethnic origin
– Information revealing political opinions
– Information disclosing religious or philosophical beliefs
– Biometric data
– Financial data

Payment Data

For individuals making purchases through our platform, we may collect data essential for payment processing, such as your payment instrument number and the associated security code. Please note that all payment data is securely stored by Leadstart Media, Inc.

Social Media Login Data

We offer you the convenience of registering with us through your existing social media account details, including platforms like Facebook, Twitter, and others. Should you opt for this registration method, we will collect the information detailed in this policy.

Application Data

For users of our application(s), we may additionally gather the following information if you grant us access or permissions:

  • Geolocation Information: On occasion, we may seek access or permissions to track location-based data from your mobile device, either continuously or during your usage of our mobile application(s). This is to facilitate specific location-based services. If you wish to modify our access or permissions, you can manage these settings within your device.
  • Mobile Device Data: Automatically, we gather data regarding your device, such as its mobile device ID, model, manufacturer, operating system, version details, system configuration data, device and application identification numbers, browser type and version, hardware model, internet service provider or mobile carrier, and your Internet Protocol (IP) address (or proxy server). For users of our application(s), we may also collect data concerning your mobile device’s associated phone network, operating system or platform, the unique device ID, and details about the features of our application(s) you accessed.
  • Push Notifications: We may request permission to send you push notifications relating to your account or specific features of our application(s). If you prefer not to receive such communications, you have the option to disable them within your device settings.

The primary purpose of collecting this information is to ensure the security and functionality of our application(s), assist in troubleshooting, and facilitate our internal analytics and reporting requirements. It is important that any personal information provided to us remains accurate, complete, and up-to-date, and any changes to such information are promptly communicated to us.

Information Automatically Collected

In some instances, certain information, such as your Internet Protocol (IP) address and device characteristics, is automatically collected when you access our Services. This data does not reveal your specific identity, such as your name or contact details, but includes device and usage information, including your IP address, browser and device specifications, operating system, language preferences, referring URLs, device identification, country, location data, details of your interactions with our Services, and other technical information.

This data primarily serves the purpose of ensuring the security and functionality of our Services, as well as supporting our internal analytics and reporting requirements. Similar to many businesses, we employ cookies and similar technologies to collect information, including:

  • Log and Usage Data: This type includes service-related, diagnostic, usage, and performance data that our servers automatically gather when you access or use our Services. Depending on your interactions with us, this log data may include your IP address, device information, browser type and settings, details of your activities within the Services (such as date/time stamps, pages viewed, searches conducted, and actions taken), as well as device event information (such as system activity, error reports, and hardware settings).
  • Device Data: We collect device data, including information related to the devices you utilize to access our Services, such as computers, phones, tablets, or other devices. Depending on the specific device, this data may comprise details like your IP address (or proxy server), device and application identification numbers, location information, browser type, hardware model, internet service provider, mobile carrier, operating system, and system configuration data.
  • Location Data: Our collection of location data pertains to information concerning your device’s location, which can range from precise to imprecise, contingent upon your device type and settings when accessing our Services. For instance, we may employ GPS and other technologies to obtain geolocation data that reveals your current location based on your IP address. Should you wish to opt out of this data collection, you have the option to refuse access to this information or disable your device’s Location setting. However, it is important to note that opting out may limit your ability to use specific aspects of our Services.

Information Collected from Other Sources

In our endeavor to enhance our capacity to provide you with marketing, offers, and services, as well as maintain accurate records, we may acquire information about you from external sources. These sources include public databases, collaborative marketing partners, affiliate programs, data providers, social media platforms, and other third-party entities. The data obtained may include mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, social media URLs, and customized profiles. This information is instrumental in targeted advertising and event promotion. When you interact with us on a social media platform via your social media account (e.g., Facebook or Twitter), we may receive personal information, including your name, email address, and gender. The specific data collected from your social media account is contingent upon your social media account’s privacy settings.

2. How Do We Process Your Information?

We engage in the processing of your personal information for various purposes, depending on your interactions with our Services, including:

– Creating, authenticating, and managing user accounts.
– Delivering and facilitating the delivery of services to users.
– Responding to inquiries and providing support.
– Sending administrative information regarding our products, services, and policy updates.
– Fulfilling and managing orders, payments, returns, refunds and exchanges.
– Enabling user-to-user communications through our Services.
– Requesting feedback and contacting you regarding your use of our Services.

These processes help to provide, improve, enhance and administer our Services, ensuring security and fraud prevention, and compliance with applicable laws. Additionally, we may process your information for other purposes with your consent.

Sending, Marketing, and Promotional Communications

We may process the personal information you provide to us for our marketing endeavors, provided it aligns with your marketing preferences. It is important to note that you retain the option to opt out of our marketing emails at any time.

Delivering Targeted Advertising

Processing your information allows us to create and present tailored content and advertising that aligns with your interests, geographical location, and other factors.

Protecting Our Services

As part of our commitment to ensuring the safety and security of our Services, we may process your information. This includes activities such as fraud monitoring and prevention, designed to maintain the integrity of our platform.

Usage Trends

We may process information related to your usage pattern to learn more and get insights into how our Services. This analysis aids us in understanding how our Services are being used and to evaluate the effectiveness of our marketing and promotional campaigns. This assessment informs our strategies to provide campaigns that are highly relevant to you, our valued user. In certain circumstances, we may process your information when it is essential to safeguard an individual’s interests, particularly to prevent harm.

Legal Terms for Processing Your Information

As we process your personal information, it is essential to understand the legal terms upon which we rely for such processing.

In summary, we engage in the processing of your personal information only when we have a valid legal reason (i.e., legal basis) to do so, in accordance with applicable laws. These legal terms include scenarios such as obtaining your consent, complying with legal obligations, fulfilling contractual commitments, safeguarding your rights, or pursuing our legitimate business interests.

For individuals within the European Union (EU) or the United Kingdom (UK), this section is particularly relevant. Under the General Data Protection Regulation (GDPR) and UK GDPR, we are obligated to give valid legal terms upon which we rely to process your personal information. These legal terms include:

1. Consent: We may process your information when you have granted us permission (consent) to use your personal information for a specific purpose. It is important to note that you have the right to withdraw your consent at any time.

2. Performance of a Contract: Processing your personal information may be necessary to fulfill our contractual obligations to you. This includes providing our Services or responding to your requests prior to formalizing a contract with you.

3. Legitimate Interests: We may process your information when we reasonably deem it necessary to pursue our legitimate business interests, provided that these interests do not override your fundamental rights and freedoms.

For instance, this may involve:

  • Sending users information about special offers and discounts.
  • Creating and displaying personalized, relevant advertising content.
  • Analyzing user behavior to enhance our Services.
  • Supporting our marketing initiatives.
  • Troubleshooting issues and preventing fraudulent activities.
  • Understanding user usage patterns to improve the overall experience.

4. Legal Obligations: We may process your information when compliance with legal obligations is necessary. This includes cooperating with law enforcement bodies or regulatory agencies, defending our legal rights, or use your information as evidence in legal proceedings in which we are involved.

5. Vital Interests: In situations involving potential threats to the safety of individuals, we may process your information when it is important to protect your vital interests or those of a third party.

For individuals in Canada, the following applies:

We may process your information if you have provided explicit permission (express consent) for a specific purpose or in cases where consent can be reasonably inferred (implied consent). Your consent can be withdrawn at any time.

In exceptional circumstances, we may be legally permitted under applicable law to process your information without your consent. This includes situations such as investigations, fraud detection and prevention, business transactions meeting specific criteria, and various other scenarios outlined by the regulations.

3. When and With Whom Do We Share Your Personal Information?

We do so under specific circumstances and in accordance with the details presented in this section. Additionally, we may share this information with the following types of third-parties:

Vendors, Consultants, and Other Third-Party Service Providers: Personal data may be shared with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services on our behalf. These third parties require access to such information to carry out their assigned tasks.

The types of third parties with whom we may share personal information include:

  • Data Analytics Services
  • Data Storage Service Providers
  • Payment Processors
  • Order Fulfillment Services
  • Customer Support Services

Vendors, Consultants, and Other Third-Party Service Providers

We engage with various third-party service providers, including but not limited to:

  1. Data Analytics Services: These providers assist us in analyzing and deriving insights from data to enhance our services.
  2. Data Storage Service Providers: Our data storage partners help manage and maintain the secure storage of user data.
  3. Payment Processors: To facilitate payment processing for purchases made through our Services, we collaborate with trusted payment processors.
  4. Order Fulfillment Services: Partners in order fulfillment support the delivery and management of user orders, including shipping and returns.
  5. Communication & Collaboration Tools: Tools for communication and collaboration aid our internal processes and interactions.
  6. Performance Monitoring Tools: These tools help us monitor and optimize the performance of our Services.
  7. User Account Registration & Authentication Services: We use these services to manage user accounts and authentication processes.
  8. Website Hosting Service Providers: Our website hosting partners assist in hosting and maintaining our online platforms.

These collaborations with third-party service providers are essential for the efficient functioning of our Services and to ensure the security, reliability, and quality of the user experience. We maintain strict agreements and measures to safeguard the privacy and security of user information in these partnerships.

  • Social Networks
  • Sales & Marketing Tools
  • Retargeting Platforms
  • Testing Tools
  • Government Entities
  • Finance & Accounting Tools
  • Cloud Computing Services
  • Affiliate Marketing Programs
  • Ad Networks

There are situations in which we may need to share your personal information. These circumstances include:

1. Business Transfers: Your information may be shared or transferred in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

2. When we use Google Maps Platform APIs: We may share your information with specific Google Maps Platform APIs (e.g., Google Maps API, Places API). As part of this process, we obtain and store your location data on your device (“cache”). Your consent for this can be revoked at any time by contacting us using the contact details provided at the end of this page.

3. Affiliates: We may share your information with our affiliates, and in such cases, we ensure that these affiliates adhere to the terms outlined in this privacy notice. Our affiliates include our parent company, subsidiaries, joint venture partners, or other entities under common control with us.

4. Business Partners: Your information may be shared with our business partners to provide you with specific products, services, or promotions.

4. What about data on third-party websites?

In brief, we are not accountable for the security of any information you disclose to third parties that we may link to or who advertise on our Services but are not affiliated with us.

Our Services may include links to third-party websites, online services, or mobile applications, and may feature advertisements from unaffiliated third parties that may also link to other websites, services, or applications. We do not provide any guarantee any safeguards regarding these third parties, and we do not accept liability for any losses or damages resulting from the use of such third-party websites, services, or applications. Inclusion of a link to a third-party website, service, or application does not constitute an endorsement by us. We cannot guarantee the security and privacy of data shared with third parties. Any data collected by third parties is not covered by this privacy policy. We are not responsible for the content, privacy practices, and policies of third parties, including other websites, services, or applications that may be linked to or from our Services. It is advisable to review the policies of these third parties and contact them directly for inquiries.

5. Do you use cookies and other tracking technologies?

In brief, we may use cookies and other tracking technologies to gather and retain your information. These technologies include web beacons and pixels, which allow us to access or store information. More details about our use of these technologies and instructions for opting out of specific cookies can be found in our cookie policy.

If you decide to register or log in to our Services using your social media account, we may access certain information related to you. Our Services offer the option to register and log in using third-party social media account credentials, such as Facebook or Twitter. When you choose this method, we receive specific profile information from your social media provider. The information received may vary depending on the particular social media provider but often includes details like your name, email address, friends list, profile picture, and any other public information on that platform. We will use this information exclusively for the purposes specified in this privacy notice or as otherwise communicated through the relevant Services. Please note that we do not control or assume responsibility for the handling of your personal information by your third-party social media provider. We recommend reviewing their privacy policy to understand how they collect, use, and share your personal information, as well as how to configure your privacy preferences on their websites and applications.

6. How are data transferred countries outside the U.S.?

We may transfer, store, and process your information in other countries. Our servers are situated in the United States. For users accessing our Services from locations beyond the United States, your information may be transmitted, stored, and processed by us and our third-party collaborators. If you are a resident of the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please note that these countries may not have data protection laws as those in your home country. However, we have implemented suitable measures to safeguard your personal information in accordance with this privacy policy and applicable regulations. For instance, we use the European Commission’s Standard Contractual Clauses for personal information transfers between our group entities and between us and our third-party service providers, ensuring the protection of personal information originating from the EEA or UK in accordance with European data protection laws.

Further details on these safeguards can be provided upon request.

7. How long do we store data?

In summary, we store your data only as long as required to fulfill the purposes outlined in this privacy policy, unless otherwise mandated by law. Your personal information will be stored only for the duration necessary to achieve the objectives articulated in this privacy notice, unless extended retention is compelled or permitted by law, such as for tax, accounting, or legal requirements. No purpose mentioned in this notice necessitates the retention of your personal information beyond the period during which users maintain an account with us. When no legitimate business need exists for us to process your personal information, we will either delete or anonymize it. If this is not feasible, such as when personal information is stored in backup archives, we will securely store your personal information and cease any further processing until deletion is possible.

8. How do we keep data safe?

We prioritize the safeguarding of your personal information and have established both organizational and technical safeguards to protect it. However, it’s crucial to acknowledge that no electronic transmission or data storage system can guarantee absolute security. While we are committed to doing our utmost to protect your personal information, we cannot guarantee unauthorized access, data breaches, or modifications by hackers, cybercriminals, or other parties.

Here’s how we work to protect your data:

Compliance
We ensure compliance with industry-specific standards and regulations, enhancing data safety and ensuring our servers meets necessary compliance requirements.

User Controls
You can manage user access and permissions, controlling who has access to your data and what actions can be perform, reducing the risk of unauthorized access.

SSH (Secure Shell) access is strictly limited to our dedicated work IP address, requiring VPN (Virtual Private Network) access for utilization. This access control further reinforces the integrity of our security protocols.

Security Updates
Our technical support team actively maintains our servers with security patches and updates. This guarantees protected against known vulnerabilities, reducing the risk of breaches.

Data Encryption
Our managed server instances support data encryption in transit (using protocols like SSL/TLS) and at rest (encrypting data stored on disks). This adds an additional layer of protection for sensitive information. Let’s Encrypt is our certificate authority that provides  SSL/TLS certificates to secure our websites and encrypt data in transit.

Firewalls and Detection
We employ Cloudflare’s Web Application Firewall (WAF) to provide firewall protection and filter and block malicious requests at the Cloudflare edge. This includes protection against common web application vulnerabilities.

We also have implemented security modules to:

  • Monitor incoming HTTP requests and responses for web application attacks and vulnerabilities. This includes analyzing the content, headers, and behavior of web requests to detect threats like SQL injection, XSS, and CSRF.
  • Protect our Apache web servers by focusing on identifying and mitigating Distributed Denial of Service (DDoS) attacks and other abusive behavior.
  • Manage connections and requests based on rate limiting and resource management to ensure efficient operation.
  • Network Traffic Analysis: We continuously analyze network traffic in real-time, examining packets for patterns and signatures of known attacks, such as port scans, intrusion attempts, and malware. Our network environments benefit from an Intrusion Detection and Prevention System (IDS/IPS)  that monitors network traffic for security threats and takes action to block or alert on suspicious activity.
  • Log File Analysis: We maintain log files for various services (e.g., SSH, Apache) to detect patterns indicating failed login attempts or other malicious activities. We dynamically ban IP addresses that repeatedly exhibit such behavior, protecting against brute-force attacks and automated scanning.

Two-Factor Authentication (2FA) 
In 2FA setups, where an additional layer of security is added to the login process, two-factor authentication can be used as an extra measure to ensure that even if a user’s credentials are compromised, malicious actors cannot gain access. After entering your username and password, you may be required to enter a code from an authenticator app as an additional step before gaining access to your accounts. This adds an extra layer of protection by confirming an identity beyond just login credentials.

Custom Scripts
In our pursuit of enhanced security measures, we utilize custom scripts to effectively filter and block malicious traffic. Most are integrated into our custom build, ensuring their  functionality even during system updates.

While these measures are in place to secure your personal information, please be aware that the transmission of personal information to and from our services remains at your own risk. We encourage you to take your own precautions to protect your data. Your privacy and security are of importance to us, and we remain committed to safeguarding your information to the best of our abilities.

9. Do we collect information from minors?

In summary, we do not intentionally collect or market to individuals under the age of 18. It is not our intention to solicit data from or market to minors under 18 years of age. By using our Services, you affirm that you are at least 18 years old or, if you are the parent or guardian of a minor, you consent to the minor’s use of the Services. Should we become aware that personal information has been gathered from individuals under the age of 18, we will deactivate the account and take reasonable actions to promptly erase such data from our records. If you discover that we may have collected data from individuals under the age of 18, please reach out to us at privacy@leadstart.org.

10. What are your privacy rights?

In some jurisdictions, including the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you possess rights that grant you increased access to and control over your personal information.

You may review, modify, or deactivate your account at your discretion. In select regions such as the EEA, UK, Switzerland, and Canada, you have certain rights under relevant data protection regulations. These rights may include (i) the right to request access to and obtain a copy of your personal information, (ii) the right to request correction or deletion of your personal information, (iii) the right to restrict the processing of your personal information, (iv) where applicable, the right to data portability, and (v) the right not to be subjected to automated decision-making. In specific circumstances, you may also have the right to object to the processing of your personal information.

To exercise any of these rights, please contact us at privacy@leadstart.org.

We will assess and respond to your request in accordance with applicable data protection laws.

If you are situated in the EEA or UK and believe that we are processing your personal information unlawfully, you also have the right to file a complaint with your state data protection authority or the UK data protection authority.

If you are located in Switzerland, you can reach out to the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we rely on your consent to process your personal information, which may be express or implied consent based on the applicable law, you have the right to withdraw your consent at any time.  However, please be aware that this action will not impact the lawfulness of processing before the withdrawal or, where applicable law permits, the processing of your personal information based on legal processing grounds other than consent.

Opting out of marketing and promotional communications: You have the option to unsubscribe from our marketing and promotional communications anytime. You can achieve this by clicking the unsubscribe link in the emails we send, responding with “STOP” or “UNSUBSCRIBE” to the SMS messages we send.

11. Controls for Do-not-Track Features?

Many web browsers and some mobile operating systems and applications offer a Do-Not-Track (“DNT”) feature that allows you to express your preference not to have your online browsing activities tracked and recorded. It is important to note that there is currently no universally accepted technology standard for recognizing and implementing DNT signals. We do not presently respond to DNT browser signals or any other mechanism that automatically communicates your choice to not be tracked. If a widely accepted standard for online tracking emerges in the future that we are obliged to follow, we will provide information about this in a revised version of our privacy policy.

12. Do California residents have specific privacy rights?

In brief, if you are a California resident, you possess certain rights concerning access to your personal information.

The “Shine The Light” law, outlined in California Civil Code Section 1798.83, empowers California residents who use our Services to request and receive, once per year and free of charge, information about the types of personal information (if any) we have shared with third parties for direct marketing purposes and the identities and addresses of all third parties with whom we have shared personal information in the preceding calendar year. If you are a California resident and wish to make such a request, please submit it in writing using the contact details provided below.

To request the removal of such data, please contact us by email at ccpa@leadstart.org or by calling our toll-free number at 1-800-390-7856.

Our physical address is 235 Peachtree Street Northeast #400, Atlanta, GA 30303, United States.

Please include the email address associated with your account and a statement confirming your California residency. We will ensure that the data is no longer publicly displayed on our Services. However, please be aware that the data may not be entirely deleted from all our systems (e.g., backups, etc.).

13. Do Virginia residents have specific privacy rights?

Yes, if you are a resident of Virginia, you may have specific rights related to the access and use of your personal information under the Virginia Consumer Data Protection Act (CDPA).

Virginia CDPA Privacy Notice:
Under the Virginia Consumer Data Protection Act (CDPA), certain definitions and principles apply. A “consumer” is defined as a natural person who resides in the Commonwealth and engages with us only on an individual or household basis, excluding commercial or employment contexts. “Personal data” refers to any information that can be linked or reasonably linked to an identified or identifiable natural person, excluding de-identified data or publicly available information. “Sale of personal data” involves the exchange of personal data for monetary consideration.

If you fall within the definition of a “consumer” under the CDPA, specific rights and obligations regarding your personal data apply to us.

The information we collect, how we use it, and when and with whom we share it may vary depending on your interactions with us and our services. For more detailed information, you can explore the following links:

  • Personal data we collect
  • How we use your personal data
  • When and with whom we share your personal data
  • Your rights concerning your personal data
  • Right to be informed about the processing of your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data

These resources provide insights into how we handle your personal information and the rights you have under the CDPA as a Virginia resident.

Right to Obtain a Copy of Your Personal Data 
As a Virginia resident, you have the right to obtain a copy of the personal data you’ve previously shared with us. Additionally, you have the right to opt-out of the processing of your personal data if it is being used for targeted advertising, the sale of personal data, or profiling that leads to significant legal consequences.

Our Commitment Regarding Personal Data Sale
We want to assure you that we have not sold any personal data to third parties for business or commercial purposes, and we do not have any plans to do so in the future. This commitment applies to all website visitors, users, and consumers.

Exercising Your Rights Under the Virginia CDPA
To exercise the rights provided to you under the Virginia Consumer Data Protection Act (CDPA), please refer to the resources mentioned in this privacy notice.

Contact Us for Assistance
For further information about our data collection and sharing practices or to exercise your rights, you may reach out to us through email at  privacy@leadstart.org or by submitting a data subject access request.

Our contact details can also be found at the bottom of this page.

Authorized Agent Representation
If you choose to use an authorized agent to exercise your rights, please note that we may request proof of their valid authorization to act on your behalf. This ensures the security of your personal data.

Verification Process
To verify your identity and process your request, we may need you to provide additional information reasonably necessary for this purpose. If you submit a request through an authorized agent, additional information may be necessary to confirm your identity.

Response to Your Requests
Upon receiving your request, we are committed to responding promptly, within forty-five (45) days of receipt. In some cases, an extension of an additional forty-five (45) days may be required, and we will notify you of any such extension, along with the reason for it, within the initial 45-day response period.

Right to Appeal
If we decline to take action regarding your request, we will provide an explanation for our decision. In the event you wish to appeal our decision, please contact us via email at privacy@leadstart.org. Within sixty (60) days of receiving your appeal, we will inform you in writing of the actions taken or not taken in response, along with a detailed explanation for the decisions made. If your appeal is denied, you have the option to contact the Attorney General to file a complaint.

14. WORDPRESS

The mention of “WordPress” suggests a specific context or topic related to the content. If you would like further information or clarification regarding WordPress, please feel free to specify, and we will be happy to provide additional details.

Who We Are
Our website address is https://leadstart.org

Comments
When visitors leave comments on our site, we collect the data displayed in the comments form. Additionally, we gather the visitor’s IP address and browser user agent string to aid in spam detection.

An anonymized string, generated from your email address (referred to as a hash), may be provided to the Gravatar service to determine if you are using it. Please refer to the Gravatar service privacy policy available at https://automattic.com/privacy for further details. Once your comment is approved, your profile picture becomes visible to the public within the context of your comment.

Media
If you upload images to our website, please avoid including images with embedded location data (EXIF GPS). Visitors to our website can potentially download and extract location data from these images.

Cookies
When you leave a comment on our site, you have the option to opt-in for saving your name, email address, and website in cookies. These cookies are designed for your convenience, eliminating the need to re-enter your details when you leave subsequent comments. These cookies remain valid for one year.

If you visit our login page, a temporary cookie will be set to determine if your browser accepts cookies. This particular cookie contains no personal data and is discarded upon closing your browser.

Upon logging in, we establish several cookies to save your login information and screen display preferences. Login cookies remain valid for two days, while screen options cookies persist for a year. If you choose “Remember Me,” your login will endure for two weeks. Logging out of your account will result in the removal of login cookies.

When editing or publishing an article, an additional cookie will be stored in your browser. This cookie contains no personal data and solely indicates the post ID of the article you have recently edited. It expires after one day.

Embedded Content from Other Websites
Articles on our site may feature embedded content, such as videos, images, or articles, sourced from other websites. Embedded content from external websites behaves in the same manner as if you were visiting the originating site.

These external websites might collect data about you, employ cookies, integrate additional third-party tracking, and monitor your interaction with the embedded content. This includes tracking your interaction if you have an account and are logged in on the external website.

Who We Share Your Data With
If you request a password reset, your IP address will be included in the reset email.

How Long We Retain Your Data
If you leave a comment, the comment itself and its associated metadata are retained indefinitely. This practice allows us to recognize and automatically approve any subsequent follow-up comments, eliminating the need for manual moderation.

For users who register on our website, we store the personal information they provide in their user profile. All users have the ability to view, edit, or delete their personal information at any time, with the exception of changing their username. Website administrators also possess the capability to view and edit this information.

Your Data Rights
If you have an account on our site or have left comments, you may request to receive an exported file containing the personal data we hold about you. This includes any data you have provided to us. You also have the option to request the erasure of any personal data we hold about you. It’s important to note that this request does not include data we are legally obligated to retain for administrative, legal, or security purposes.

Where Your Data Is Sent
Visitor comments on our site may undergo a review process through an automated spam detection service.

WooCommerce

Within our online store, we collect and store information during the checkout process.

What We Collect and Store

During your site visit, we track:

  • Products you’ve viewed, which allows us to display recently viewed products.
  • Location, IP address, and browser type, which aids in estimating taxes and shipping.
  • Shipping address, which is necessary for shipping cost estimation and order delivery.
  • We also utilize cookies to monitor cart contents while you browse our site.

When you make a purchase, we request information that includes your name, billing address, shipping address, email address, phone number, credit card/payment details, and optional account details like username and password. We use this information for various purposes, such as:

  • Sending you updates about your account and order.
  • Addressing your inquiries, including refunds and complaints.
  • Processing payments securely and preventing fraudulent activities.
  • Establishing your account for our store.
  • Complying with legal obligations, such as tax calculations.
  • Enhancing our store’s products.
  • Sending marketing messages if you opt to receive them.

If you create an account, we will retain your name, address, email, and phone number for future orders’ convenience.

We generally retain your information for as long as it serves the purposes for which we collected and used it, and as long as legal requirements do not mandate further retention. For example, we will store order information for XXX years for tax and accounting purposes, which includes your name, email address, and billing and shipping addresses. We also store comments or reviews if you choose to leave them.

Access by Team
Members of our team have access to the information you provide, including Administrators and Shop Managers. They can access:

  • Order details, such as the purchased items, purchase date, and shipping information.
  • Customer information, which includes your name, email address, and billing and shipping details.

Our team members access this information to fulfill orders, process refunds, and provide support.

What We Share and Track with Others

We share and or track information with third parties who assist us in delivering our orders and store services to you, including:

Brute Force Attack Protection
This protection mechanism checks login activity and potentially blocks fraudulent attempts. Data used includes the attempting user’s IP address, attempting user’s email address/username (as per the value used during login), and all IP-related HTTP headers connected to the attempting user. Activities tracked encompass failed login attempts, along with the setting of a cookie (jpp_math_pass) for 1 day to remember successful completion of a math captcha as a measure to verify human users.

Data Used: In order to check login activity and potentially block fraudulent attempts, the following information is used: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.

Activity Tracked: Failed login attempts (these include IP address and user agent). We also set a cookie (jpp_math_pass) for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this cookie.

Data Synced (?): Failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.

WordPress.com Secure Sign On
This feature is only accessible to registered users of the site with WordPress.com accounts.

Data Used: User ID (local site and WordPress.com), role (e.g. administrator), email address, username and display name. Additionally, for activity tracking (see below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Activity Tracked: The following usage events are recorded: starting the login process, completing the login process, failing the login process, successfully being redirected after login, and failing to be redirected after login. Several functionality cookies are also set, and these are detailed explicitly in our Cookie documentation.

Data Synced: The user ID and role of any user who successfully signed in via this feature.

WordPress.com Toolbar
This feature is only accessible to registered users of the site who are also logged in to WordPress.com.

Data Used: Gravatar image URL of the logged-in user in order to display it in the toolbar and the WordPress.com user ID of the logged-in user. Additionally, for activity tracking (detailed below): IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code.

Search
For sites on the Complete plan or with the Search upgrade, visitor-chosen search filters and query data are utilized to process search requests on WordPress.com servers. Aggregate data about page views and searches is also utilized to enhance search results. Anonymous tracking includes search and click activity, including IP address, URL, user agent, event timestamp, browser language, country code, and search queries with filters.

Subscriptions
Data Used: To initiate and process subscriptions, the following information is used: subscriber’s email address and the ID of the post or comment (depending on the specific subscription being processed). In the event of a new subscription being initiated, we also collect some basic server data, including all of the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given in order to access the page (REQUEST_URI and DOCUMENT_URI). This server data used for the exclusive purpose of monitoring and preventing abuse and spam.

Activity Tracked: Functionality cookies are set for a duration of 347 days to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription.

Notifications
The Notifications feature is accessible solely to registered site users who are logged in to WordPress.com. Data employed includes IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, event timestamp, browser language, and country code. Some visitor-related information or activity may be relayed to the site owner via this feature. This may include email address, WordPress.com username, site URL, email content, follow actions, and more. Tracked activities include sending notifications, opening notifications, taking actions from within the notification panel (e.g., liking comments or marking comments as spam), and clicking on links within the notification panel/interface.

Payments
We accept payments via PayPal. When processing payments, specific data required for payment processing, such as the purchase total and billing information, will be shared with PayPal for the purpose of processing or supporting the payment.

Data Used: Transaction amount, transaction currency code, product title, product price, product ID, order quantity, PayPal payer ID, and PayPal transaction ID.

Activity Tracked: The PayPal payer ID, transaction ID, and HTTP referrer are sent with a payment completion tracking event that is attached to the site owner.

Data Synced: PayPal transaction ID, PayPal transaction status, PayPal product ID, quantity, price, customer email address, currency, and payment button CTA text.

For more details about how PayPal handles your information, please refer to https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Stripe (WooCommerce)
When using the Stripe payment extension in WooCommerce, it’s important to be aware of the data being collected Information shared with a payment provider for payment processing may include personal details such as name, email, address, phone number, payment identifiers, and provider identifiers.

Payment providers have their respective privacy policies that govern how they use and store shared data. For a complete understanding of their practices, it is recommended to review their privacy policies directly.

WooCommerce Subscriptions:
WooCommerce Subscriptions involves the collection and storage of personal data, particularly for recurring subscription payments. The information stored includes the customer’s name, billing address, shipping address, email address, phone number, and credit card/payment details. The data shared with external sources depends on the third-party payment processor plugins used for subscription payments. It is advised to consult their privacy policies to ascertain specific data-sharing practices.

WooCommerce Product Addons:
By employing this extension, it is important to acknowledge that you may store personal data or share data with external services. To delve deeper into how this operates, please consult the [Marketplace Privacy Guide](https://woocommerce.com/document/marketplace-privacy/#woocommerce-product-addons).

WooCommerce Shipping & Tax
The usage of the WooCommerce Shipping & Tax extension may involve personal data storage or data sharing with external services. This activity records the actions of registered users on the site, and the retention duration varies based on the site’s plan and activity type. The data captured for this purpose includes user email address, user role, user login, user display name, WordPress.com and local user IDs, activity description, site ID, and activity timestamp. Some activities may also include the actor’s IP address and user agent. The activities tracked include login attempts, post/page updates, comment/pingback submissions, plugin/theme management actions, widget updates, user management actions, and various site setting modifications. The retention duration depends on the site’s plan and activity type.Data synchronization may include successful and failed login attempts, which may contain the actor’s IP address and user agent information.

Data Used: For payments with PayPal or Stripe: purchase total, currency, billing information. For taxes: the value of goods in the cart, value of shipping, destination address. For checkout rates: destination address, purchased product IDs, dimensions, weight, and quantities. For shipping labels: customer’s name, address as well as the dimensions, weight, and quantities of purchased products.

Data Synced: For payments, we send the purchase total, currency and customer’s billing information to the respective payment processor. Please see the respective third party’s privacy policy (Stripe’s and PayPal’s Privacy Policy) for more details. Please see their Privacy Policy for details about how they handle this information. For checkout rates we send the destination ZIP/postal code and purchased product dimensions, weight and quantities to the carrier directly or via EasyPost, depending on the service used. For shipping labels we send the customer’s name, address as well as the dimensions, weight, and quantities of purchased products to EasyPost. We also store the purchased shipping labels on our server to make it easy to reprint them and handle support requests.

WooCommerce YITH Wishlist
Products you’ve added to the wishlist: we’ll use this to show you and other users your favorite products, and to create targeted email campaigns. Wishlists you’ve created: we’ll keep track of the wishlists you create, and make them visible to the store staff we’ll also use cookies to keep track of wishlist contents while you’re browsing our site.

Details concerning your wishlists, including products added, the date of addition, wishlist names, and privacy settings, are accessible to our team members. This access is utilized to provide you with enhanced deals and offers for the products you hold an interest in.

Affiliates for WooCommerce
Regarding the Affiliates for WooCommerce plugin, please refer to the respective privacy policy or documentation provided by the plugin’s developer or distributor for information about data processing and privacy concerns associated with its usage. Our data storage practices for affiliates and visitors are as follows:

For affiliates, we retain a cookie containing your affiliate ID, linking it to the user accessing our site through your link.

If you are a visitor accessing our site via an affiliate link, we collect and store your IP address. If you proceed to make a purchase, your order details are stored, along with your IP address.

Mailchimp for WooCommerce:
During the shopping process, we maintain a record of your email address and cart contents for up to 30 days on our server. This record is retained to facilitate cart repopulation in cases where you switch devices or wish to return on a different day. You can find further details at https://mailchimp.com/legal/privacy.

Sharing: The Sharing feature facilitates the display of sharing buttons from various services, which load content directly from those services to enable sharing actions. Information such as the sharing party’s IP address and page URL is available for each service when non-official Facebook or Pinterest sharing buttons are active. For email sharing, data used includes the sharing party’s name and email address (if logged in), IP address (for spam checks), user agent (for spam checks), and email body/content. This content is sent to Akismet for spam checks. Additionally, if reCAPTCHA (by Google) is enabled, the sharing party’s IP address is shared with that service.

Tracking Post Views
We collect certain data related to post views. This data includes information such as IP addresses, WordPress.com user IDs (if logged in), WordPress.com usernames (if logged in), user agents, visiting URLs, referring URLs, timestamps of the view events, browser languages, and country codes.

This information allows us to get insights into how users interact with our content, which posts are the most popular, and how effectively our platform is serving our audience. It also aids in optimizing the performance of our website, ensuring that pages load efficiently, and content is readily accessible. We take user privacy seriously and maintain the security and confidentiality of this data while utilizing it solely for the purpose of enhancing our platform and providing a better user experience.

Likes
The Likes feature is available to all users with access to single pages for all post types. When a user engages in a post liking action, information is shared and tracked, including the IP address, WordPress.com user ID, username, the site ID connected to WordPress.com (where the post was liked), post ID (of the liked post), user agent, event timestamp, browser language, and country code. This activity exclusively tracks post likes.

Bookmarks
The Bookmarks feature is available to all users with access to single pages for all post types. When a user interacts with a post by marking it as a bookmark, certain data is utilized in the process. This data includes the user’s IP address, WordPress.com user ID, WordPress.com username, the site ID linked to WordPress.com (where the post was bookmarked), post ID (of the bookmarked post), user agent, event timestamp, browser language, and country code. This activity exclusively tracks post bookmarks.

Pinterest
A pin is embedded using JavaScript resources directly from Pinterest, and no tracking activities are conducted by this block. For information regarding Pinterest’s tracking practices, please refer to their privacy policy.

Data Used: A pin is embedded using JavaScript resources loaded from Pinterest directly.

Activity Tracked: We don’t track any activity. For details of what Pinterest tracks, refer to their privacy policy.

Data Export/Deletion
Both affiliates and visitors have the option to export their personal data from our system. Please note that data export or deletion requests will be carried out only after we receive confirmation from you. If you wish to delete cookie data, visitors can simply clear their browser cookies.

15. Updates to this Notice

Yes, we do make updates to this privacy notice as required to ensure compliance with applicable laws. This privacy notice may undergo periodic updates, and the revised version will be identified by a revised date. Any such updates become effective as soon as they are made accessible. In the event of material changes to this notice, we may notify you through conspicuous postings of such alterations or by direct notifications. We strongly recommend reviewing this privacy notice regularly to remain informed about how we safeguard your information.

Contact Information

If you have questions or comments regarding this privacy notice, you may reach out to our Data Protection Officer (DPO), Jessica Kafor, through various means. You can contact us by email at privacy@leadstart.org, by phone at 1-800-390-7856, or by post at:
Leadstart Media, Inc.
235 Peachtree Street Northeast #400400
Atlanta, GA 30303
United States

Review, Update, or Delete Data:
You possess the right to request access to your personal information that we collect, make alterations to this information, or have it deleted. To initiate a request for reviewing, updating, or deleting your personal information, please complete and submit a data subject access request.