PRIVACY POLICY

This Privacy Policy describes how Leonel Flores Ruiz, doing business as TestiWall and TryTestiWall ("TestiWall," "we," "us," or "our"), collects, uses, and discloses your personal information when you use our website at trytestiwall.com (the "Site") and our related services (collectively, the "Services").

This Privacy Policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

We collect information that you voluntarily provide when you:

• Register for an account (name, email address, password)
• Create a testimonial space (space name, customization settings)
• Submit testimonials (text, images, videos, ratings)
• Use our payment services (billing information, payment method details)
• Contact us for support (correspondence, feedback, questions)
• Subscribe to our newsletter or marketing communications

When you access our Services, we automatically collect certain information, including:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Data: Pages visited, features used, time spent on pages, click patterns, date and time of access
• Log Data: IP address, browser type, referring/exit pages, timestamps
• Location Data: General location based on IP address
• Cookies and Similar Technologies: See section 5 for more details

We may receive information about you from third parties, such as:

• Authentication Services: If you register using third-party authentication (e.g., Google, GitHub), we receive your name, email, and profile information
• Payment Processors: Payment confirmation and transaction details from our payment service providers (e.g., Stripe)
• Analytics Providers: Aggregated analytics data to improve our Services

When you or your customers submit testimonials through TestiWall, this content may include personal information such as names, photos, videos, company names, and other information you choose to include. You are responsible for ensuring you have proper consent from individuals before collecting and displaying their testimonials.

We use the information we collect for the following purposes:

To Provide and Maintain Our Services

• Create and manage your account
• Process your testimonial submissions and display them on your Wall of Love
• Generate embed codes for your website
• Process payments and manage subscriptions
• Provide customer support and respond to your inquiries
• Send transactional emails and service notifications

To Improve and Optimize Our Services

• Analyze usage patterns and trends
• Monitor and improve the performance and security of our Services
• Develop new features and functionality
• Conduct research and testing
• Debug and fix technical issues

For Marketing and Communications

• Send you promotional materials, newsletters, and product updates (with your consent)
• Personalize your experience and show relevant content
• Run contests, surveys, and other promotional activities

For Legal and Security Purposes

• Comply with legal obligations and respond to lawful requests
• Protect against fraud, unauthorized access, and security threats
• Enforce our Terms and Conditions and other policies
• Resolve disputes and investigate complaints

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal information based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (e.g., providing the Services you requested, processing payments)
• Consent: You have given explicit consent for specific processing activities (e.g., marketing communications, cookies)
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as:
  • Improving and developing our Services
  • Detecting and preventing fraud and security threats
  • Understanding how users interact with our Services
  • Marketing and promoting our Services to existing customers
• Legal Compliance: Processing is necessary to comply with legal obligations (e.g., tax requirements, responding to court orders)

Where we rely on legitimate interests, we balance our interests against your rights and freedoms. You have the right to object to processing based on legitimate interests.

We may share your information in the following circumstances:

Service Providers

We share information with third-party service providers who perform services on our behalf:

• Hosting and Infrastructure: Cloud hosting providers (e.g., AWS, Vercel) to store and process data
• Payment Processing: Payment processors (e.g., Stripe) to handle billing and subscriptions
• Email Services: Email service providers (e.g., SendGrid, Resend) to send transactional and marketing emails
• Analytics: Analytics providers (e.g., Google Analytics, Plausible) to understand usage patterns
• Customer Support: Support tools to provide customer service
• Storage Services: File storage providers (e.g., AWS S3) for testimonial videos and images

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Business Transfers

If TestiWall is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Site of any change in ownership or use of your personal information.

Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (e.g., court orders, subpoenas, search warrants)
• Government or regulatory requests
• Investigations of potential violations of our Terms and Conditions
• Situations involving potential threats to the safety of any person

With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

Public Information

When you create a Wall of Love and embed it on your website, the testimonials you choose to display become publicly visible. This is a core feature of the Services.

We Do Not Sell Your Personal Information

TestiWall does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

We use cookies and similar tracking technologies to collect and track information about your use of our Services. Cookies are small data files stored on your device.

Types of Cookies We Use

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete cookies. However, disabling cookies may impact your ability to use certain features of our Services.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

Third-Party Analytics

We use third-party analytics services (such as Google Analytics or privacy-focused alternatives) to help us understand how our Services are used. These services may use cookies and similar technologies to collect information about your use of our Services and other websites.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

• Account Information: We retain your account information for as long as your account is active. If you close your account, we will delete or anonymize your information within 30 days, unless we are required to retain it for legal or regulatory purposes.
• Testimonial Content: Testimonials and related content are retained for as long as your account is active or as needed to provide the Services. You can delete testimonials at any time from your dashboard.
• Payment Information: We retain payment transaction records for 7 years to comply with tax and financial regulations.
• Usage Data and Logs: We typically retain usage data and server logs for 90 days for security and performance monitoring purposes.
• Marketing Communications: If you subscribe to our marketing emails, we retain your email address until you unsubscribe.

Data Deletion

When we no longer need your information, we will securely delete or anonymize it. If deletion is not possible (e.g., due to backups stored in archive systems), we will securely isolate your information and prevent its further use until deletion is possible.

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

Security Measures

• Encryption: We use industry-standard SSL/TLS encryption to protect data in transit
• Secure Storage: Data at rest is stored in secure, encrypted databases
• Access Controls: Strict access controls limit who can access your personal information
• Authentication: Strong password requirements and secure authentication mechanisms
• Regular Security Audits: We regularly review and update our security practices
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Vendor Security: We carefully vet third-party service providers for security compliance

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant supervisory authorities without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws (including GDPR, UK GDPR, and CCPA requirements).

The notification will include:

• The nature of the breach
• The categories and approximate number of individuals affected
• The likely consequences of the breach
• The measures taken or proposed to address the breach
• Contact information for further inquiries

Your Responsibilities

While we take security seriously, you also play a role in keeping your information secure:

• Use a strong, unique password for your account
• Do not share your password with others
• Log out of your account when using shared devices
• Report any suspicious activity to us immediately

Please note that no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use our Services or provide any information to us.

If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have information from or about a child under 18, please contact us at leonelfr212@gmail.com.

For residents of the EEA and UK, the age threshold may be lower in certain jurisdictions (typically 13-16 years). We comply with local age restrictions as applicable.

Depending on your location and applicable law, you may have certain rights regarding your personal information:

Rights Available to All Users

• Right to Access: You can request a copy of the personal information we hold about you
• Right to Correction: You can request that we correct inaccurate or incomplete information
• Right to Deletion: You can request that we delete your personal information (subject to certain legal exceptions)
• Right to Data Portability: You can request a copy of your information in a structured, machine-readable format
• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time
• Right to Opt-Out of Marketing: You can unsubscribe from marketing communications at any time

How to Exercise Your Rights

To exercise any of these rights, you can:

• Email us at leonelfr212@gmail.com
• Access your account settings to update or delete certain information
• Use the unsubscribe link in marketing emails

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to protect your privacy and security.

Right to Lodge a Complaint

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with your local data protection authority:

• EU/EEA: Your local supervisory authority under GDPR
• UK: Information Commissioner's Office (ICO) at ico.org.uk
• Mexico: National Institute of Transparency, Access to Information and Personal Data Protection (INAI)
• California: California Attorney General's Office

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

Your California Privacy Rights

• Right to Know: You can request information about the personal information we have collected, used, disclosed, and sold about you in the past 12 months
• Right to Delete: You can request deletion of your personal information
• Right to Correct: You can request correction of inaccurate personal information
• Right to Opt-Out: You have the right to opt out of the "sale" or "sharing" of your personal information (Note: We do not sell or share personal information)
• Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address)
• Commercial information (purchase history, payment information)
• Internet or network activity (browsing history, interactions with our Services)
• Audio, electronic, visual, or similar information (testimonial videos, photos)
• Professional or employment-related information (if provided in testimonials)
• Inferences drawn from the above to create a profile about preferences

We Do Not Sell Your Personal Information

TestiWall does not sell your personal information as defined by the CCPA. We have not sold personal information in the past 12 months.

Exercising Your CCPA Rights

To exercise your rights under the CCPA, please contact us at leonelfr212@gmail.com or write to us at the address provided in the Contact section below.

You may designate an authorized agent to make a request on your behalf. We may require verification of your identity and your agent's authority.

California Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request certain information regarding disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR) and UK GDPR.

Your Rights Under GDPR

• Right of Access: Obtain confirmation of whether we process your data and access to your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain circumstances
• Right to Restriction of Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent: Withdraw consent at any time (without affecting the lawfulness of processing based on consent before withdrawal)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Data Controller

For the purposes of GDPR and UK GDPR, TestiWall (Leonel Flores Ruiz) is the data controller responsible for your personal information.

Legal Bases for Processing

We process your personal information based on the legal grounds described in Section 3 of this Privacy Policy.

International Data Transfers

Your data may be transferred to and processed in countries outside the EEA/UK, including the United States. We ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

Exercising Your GDPR Rights

To exercise any of your rights under GDPR, please contact us at leonelfr212@gmail.com. We will respond to your request within one month, or two months for complex requests.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority:

• EU: Find your local authority at edpb.europa.eu
• UK: Information Commissioner's Office (ICO) - ico.org.uk

TestiWall operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and Mexico, which may have different data protection laws than your country.

Safeguards for International Transfers

When we transfer personal information from the EEA, UK, or Switzerland to other countries, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with our service providers
• Adequacy Decisions: We transfer data to countries recognized by the European Commission as providing adequate protection
• Data Processing Agreements: We have appropriate data processing agreements with all third-party service providers

Data Processing Locations

Your data may be processed in the following locations:

• United States (cloud infrastructure, analytics)
• Mexico (company headquarters)
• European Union (if using EU-based service providers)

By using our Services, you acknowledge and consent to the transfer of your information to these locations.

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Currently, there is no universal standard for how to respond to DNT signals.

At this time, our Services do not respond to DNT browser signals. However, you can control cookies and tracking through your browser settings and the cookie preferences in our Services.

We will update this Privacy Policy if we implement DNT signal recognition in the future.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes

• We will update the "Last updated" date at the top of this Privacy Policy
• For material changes, we will provide prominent notice on our Site or send you an email notification (if you have provided your email address)
• For significant changes affecting your rights, we may request your explicit consent

Reviewing Changes

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree with the updated Privacy Policy, you should discontinue using our Services.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Response Time

We aim to respond to all privacy-related inquiries within 30 days. For complex requests, we may extend this period and will notify you of any delay.

Verification

To protect your privacy and security, we may need to verify your identity before responding to your request. We will request specific information from you to confirm your identity.