Privacy Policy for Drifa's Leap

Effective Date: March 27, 2025

Welcome to Drifa's Leap. We value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and safeguard your information when you visit our website and use our services.

This Policy is designed to comply with the requirements of the California Consumer Privacy Act (CCPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and other applicable state data privacy laws.

1. Definitions

1.1 We," "us," or "our" shall refer to Drifas Leap Inc., a corporation duly organized and existing under the laws of the State of Delaware.

1.2. "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, as defined by the CCPA, CTDPA, and UCPA.

1.3. "Sensitive Personal Information" means personal information that reveals an individual's racial or ethnic origin, religious beliefs, biometric information, precise geolocation, sexual orientation, or other categories of sensitive data as defined by the CCPA, CTDPA, and UCPA.

2. Personal Information We Collect

2.1. Identifiers: Such as your name, contact information, online identifiers, and unique personal or online identifiers.

2.2. Financial Information: Such as payment card numbers, bank account numbers, and transaction history.

2.3. Commercial Information: Such as records of products or services purchased, obtained, or considered.

2.4. Biometric Information: Such as fingerprints, voice recordings, and facial geometry.

2.5. Internet or Network Activity: Such as browsing history, search history, and information regarding your interaction with our website or mobile application.

2.6. Geolocation Data: Precise location information about the physical location of your device.

2.7. Demographic Information: Such as age, gender, race, citizenship, ethnicity, and income level.

2.8. Inferences: Profiles created about you based on the personal information collected.

3. How We Collect Your Personal Information

3.1. Directly from you, such as when you create an account, make a purchase, or communicate with us.

3.2. Indirectly, such as through cookies, web beacons, and other automated data collection technologies on our website or mobile application.

3.3. From third parties, such as data brokers, credit bureaus, and other service providers, with your consent or as permitted by law.

3.4. From public sources, such as property records and social media platforms.

4. How We Use Your Personal Information

4.1. To provide and improve our products and services, including order processing, customer service, and account maintenance.

4.2. For marketing and advertising purposes, such as sending you promotional communications or displaying targeted advertisements.

4.3. To protect the security and integrity of our systems and to prevent fraud and other unlawful activities.

4.4. To comply with our legal and regulatory obligations, such as responding to court orders or law enforcement requests.

4.5. For our legitimate business interests, such as conducting market research, product development, and internal analytics.

5. Your Rights Under Applicable Data Privacy Laws

5.1. Access: You have the right to confirm whether we are processing your personal information and to access such data.

5.2. Correction: You have the right to request the correction of inaccuracies in your personal information.

5.3. Deletion: You have the right to request the deletion of personal information you have provided to us.

5.4. Portability: You have the right to obtain a copy of your personal information in a portable format.

5.5. Opt-Out: You have the right to opt-out of the processing of your personal information for targeted advertising or the sale of your personal information.

5.6. Appeal: You have the right to appeal our decision regarding your request to exercise your rights.

5.7. Non-Discrimination: You have the right to be free from discrimination for exercising your rights under applicable data privacy laws.

6. How to Exercise Your Rights

6.1. To exercise your rights, please contact us at support@drifasleap.com

       6.2. When submitting a request, please provide the following information:

6.2.1. Your full name, address, and other identifying information to verify your identity.

6.2.2. A description of the right you wish to exercise and the specific personal information to which your request relates.

       6.3. Verification Process: To protect your privacy and ensure the security of your information, we will take reasonable steps to verify your identity before processing your request. This may include:

6.3.1. Matching the identifying information provided in your request with information we have on file.

6.3.2. Requesting additional information or documentation to confirm your identity.

6.3.3. Using multi-factor authentication for online account access.

       6.4. We will respond to your request within 45 days, as required by the CCPA, CTDPA, and UCPA. If we need additional time to process your request, we will notify you and may extend the response period by up to an additional 45 days.

       6.5. If we refuse to take action on your request, we will provide you with a written explanation, including the reasons for our decision and information about how to appeal our decision.

      6.6. Appeal Process: If you wish to appeal our decision regarding your request, you may do so by:

6.6.1. Submitting a written appeal to support@drifasleap.com within 30 days of receiving our decision.

6.6.2. Providing any additional information or documentation that supports your appeal.

6.6.3. We will respond to your appeal within 60 days of receipt, providing a written explanation of our decision.

7. Data Storage, Security, and International Transfers

7.1. We store your personal information on servers located in the United States. We implement reasonable security measures to protect your personal information, including:

7.1.1. Encryption of data in transit and at rest using industry-standard protocols (e.g., TLS, AES-256).

7.1.2. Access controls and authentication mechanisms to ensure only authorized personnel can access personal information.

7.1.3. Regular security assessments and penetration testing to identify and address potential vulnerabilities.

7.1.4. Employee training on data protection and security best practices.

       7.2. We may transfer your personal information to third-party service providers located outside of the United States. When we engage in such transfers, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data privacy laws, including:

7.2.1. Executing Standard Contractual Clauses approved by the European Commission for transfers to countries without an adequacy decision.

7.2.2. Conducting due diligence on third-party service providers to ensure they have adequate data protection measures in place.

7.2.3. Implementing additional technical and organizational measures as necessary to ensure an adequate level of protection for your personal information.

8. Sensitive Personal Information and Data Protection Assessments

      8.1. We will only process your Sensitive Personal Information with your explicit consent or as otherwise permitted by law. When we collect Sensitive Personal Information, we will:

8.1.1. Clearly identify the information as Sensitive Personal Information.

8.1.2. Explain the specific purpose(s) for which the information will be used.

8.1.3. Obtain your explicit consent through a clear affirmative action (e.g., checking a box or providing a signature).

       8.2. We conduct data protection assessments for any processing activities that present a heightened risk of harm to consumers, as required by the CTDPA and UCPA. Our assessment process includes:

8.2.1. Identifying high-risk processing activities based on factors such as the nature and scope of the processing, the type of personal information involved, and the potential impact on individuals.
8.2.2. Evaluating the necessity and proportionality of the processing in relation to its purpose.
8.2.3. Assessing the risks to individuals' rights and freedoms.
8.2.4. Identifying and implementing measures to mitigate identified risks.
8.2.5. Documenting the assessment process and results.
8.2.6. Regularly reviewing and updating assessments as necessary.

9. Changes to This Privacy Policy

       9.1. We may update this privacy policy from time to time to reflect changes in our practices or applicable laws.

      9.2. We will notify you of any material changes by posting the updated policy on our website and, where required by law, obtaining your consent to the changes.

      9.3. We encourage you to review this policy periodically to stay informed about our data practices.

10. Compliance Monitoring and Policy Updates

     10.1. We have established a robust compliance monitoring process to ensure ongoing adherence to this Policy and applicable data privacy laws. This process includes:

10.1.1. Regular internal audits of our data processing activities.
10.1.2. Periodic review of this Policy by our legal team and data protection officer.
10.1.3. Ongoing monitoring of legal and regulatory developments in relevant jurisdictions.
10.1.4. Annual employee training on data privacy and security.

10.2. We will update this Policy as necessary to reflect changes in our practices, applicable laws, or regulatory guidance. Any updates will be promptly communicated to affected individuals and, where required, subject to consent.

11. Contact Us

If you have any questions or concerns about this privacy policy or our data practices, please contact us at:

Drifas Leap Inc

190 Bozarth Ave #772

Woodland, WA 98674

support@drifasleap.com


This Data Privacy Policy for www.drifasleap.com outlines our practices regarding the collection, use, and sharing of personal information. We are committed to protecting the privacy of our customers and users, and to complying with all applicable data privacy laws. Please review this policy carefully to understand your rights and our obligations under the law.

By using our website or services, you acknowledge that you have read and understood this Policy. If you do not agree with our practices as described in this Policy, please do not use our website or services.


Appendix A: Definitions

For the purposes of this Policy, the following terms shall have the meanings set forth below:

1. "Automated Decision-Making" means a decision based solely on automated processing, including profiling, which produces legal effects concerning the consumer or similarly significantly affects the consumer.

   
   

2. "Biometric Information" means data generated by automatic measurements of an individual's biological characteristics, such as fingerprints, voiceprints, eye retinas, irises, or other unique biological patterns or characteristics that are used to identify a specific individual.

   
   

3. "Consent" means a clear affirmative act establishing a freely given, specific, informed, and unambiguous indication of the consumer's agreement to the processing of personal information relating to the consumer, such as by a written statement, including by electronic means, or an oral statement.

   
   

4. "Consumer" means a natural person who is a resident of the states covered by this Policy, as defined by the applicable state laws.

   
   

5. "Data Protection Assessment" means a systematic review of the data processing activities that may present a heightened risk of harm to consumers, conducted to establish and implement appropriate safeguards.

   
   

6. "Personal Information" has the meaning set forth in Section 1.2 of this Policy.

   
   

7. "Processing" means any operation or set of operations which is performed on personal information or on sets of personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

   
   

8. "Profiling" means any form of automated processing of personal information consisting of the use of personal information to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

   
   

9. "Sale of Personal Information" means the exchange of personal information for monetary or other valuable consideration by the business to a third party for the third party's commercial purposes.

   
   

10. "Sensitive Personal Information" has the meaning set forth in Section 1.3 of this Policy.

    
    

11. "Targeted Advertising" means displaying advertisements to a consumer where the advertisement is selected based on personal information obtained from that consumer's activities over time and across nonaffiliated websites or online applications to predict such consumer's preferences or interests.

    
    

12. "Third Party" means a person or entity that is not the business with which the consumer intentionally interacts and that is not a service provider or contractor.

Appendix B: State-Specific Privacy Rights

In addition to the rights outlined in Section 5 of this Policy, consumers may have additional rights depending on their state of residence. These state-specific rights include:

1. California Residents:

1.1. Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.

1.2. Right to Opt-Out of Sale: You have the right to direct us not to sell your personal information.

1.3. Rights Related to Automated Decision-Making: You have the right to opt-out of automated decision-making, including profiling, in certain circumstances.

2. Connecticut Residents:

2.1. Right to Confirm Processing: You have the right to confirm whether or not we are processing your personal data.

2.2. Right to Opt-Out of Targeted Advertising: You have the right to opt-out of the processing of your personal data for purposes of targeted advertising.

3. Utah Residents:

3.1. Right to Access and Delete: You have the right to access and delete your personal data in a portable and, to the extent technically feasible, readily usable format.

3.2. Right to Opt-Out of Certain Processing: You have the right to opt-out of the processing of your personal data for purposes of targeted advertising or the sale of personal data.

To exercise any of these state-specific rights, please follow the instructions provided in Section 6 of this Policy.

Appendix C: Data Retention Schedule

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, and to comply with our legal obligations. The specific retention periods for different categories of personal information are as follows:

1. Account Information: Retained for the duration of the account's active status, plus 7 years after account closure or last activity.

2. Transaction Data: Retained for 7 years from the date of the transaction, in compliance with tax and financial regulations.

3. Communication Records: Retained for 3 years from the date of the last communication.

4. Marketing Preferences: Retained until the user opts-out or requests deletion.

5. Website Usage Data: Retained for 2 years from the date of collection.

6. Sensitive Personal Information: Retained only for the duration necessary to complete the specific processing purpose for which it was collected, and securely deleted immediately thereafter.

7. Data Protection Assessments: Retained for 3 years from the date of the assessment.

We regularly review our retention periods to ensure that we only retain personal information for as long as necessary. At the end of the applicable retention period, we will securely delete or anonymize the personal information in accordance with our data deletion procedures.

Appendix D: Subprocessors and Third-Party Service Providers

We engage the following categories of subprocessors and third-party service providers in the processing of personal information:

1. Cloud Storage Providers: AWS, Google

2. Payment Processors: Paypal, Stripe, Plaid

3. Customer Support Services: in house

4. Analytics Providers: tbd

5. Marketing and Advertising Services: tbd

6. Shipping and Logistics Providers: USPS, FedEx

7. Fraud Prevention and Security Services: tbd

We have conducted due diligence on these providers and entered into data processing agreements that require them to process personal information in accordance with our instructions and applicable data protection laws. We regularly review and update our list of subprocessors and third-party service providers to ensure accuracy and compliance with this Policy.

Appendix E: Cookie Policy

Our website uses cookies and similar technologies to enhance user experience and collect information about how our website is used. This Cookie Policy explains how we use these technologies and provides information on how to manage your cookie preferences.

1. Types of Cookies We Use:

1.1. Essential Cookies: These are necessary for the website to function properly and cannot be switched off.

1.2. Performance Cookies: These help us understand how visitors interact with our website by collecting and reporting information anonymously.

1.3. Functionality Cookies: These enable the website to provide enhanced functionality and personalization.

1.4. Targeting Cookies: These are used to deliver advertisements more relevant to you and your interests.

2. Managing Cookie Preferences:

You can manage your cookie preferences through our cookie consent banner or by adjusting your browser settings. Please note that disabling certain cookies may impact the functionality of our website.

3. Third-Party Cookies:

Some cookies on our website are placed by third-party services. We do not control these cookies and recommend reviewing the privacy policies of these third parties for more information.

4. Updates to Cookie Policy:

We may update this Cookie Policy from time to time to reflect changes in our practices or applicable laws. We encourage you to review this policy periodically.

For more detailed information about the specific cookies we use and their purposes, please contact us using the information provided in Section 11 of this Policy.