Privacy Policy

1. Data controller

Tendonsherbback
24387 US-395, Kettle Falls, WA 99141, United States
Email: reachus@tendonsherbback.world
Phone: +1 509 690 7228

2. Scope and purpose

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit or use tendonsherbback.world (the “Site”), operated from Washington State, United States. The Site is an informational platform about ergonomic habits for daily life. We do not sell products or paid subscriptions through the Site.

We comply with applicable U.S. federal and state privacy laws, including state comprehensive privacy laws where they apply to our processing, and with the EU General Data Protection Regulation (GDPR) where relevant to visitors in the European Economic Area.

3. Information we collect

Information you provide

• Contact information: name, email address, and message content when you use the contact form
• Consent records: confirmation that you agreed to personal data processing when submitting the form

Information collected automatically

• Device and technical data: IP address, browser type, operating system, referring URLs, pages viewed, and approximate location derived from IP
• Cookie and similar technologies data: as described in our Cookie Policy
• On-site interaction signals: anonymized or pseudonymized behavioral data used only to adapt the interface layout during your session (not used to build advertising profiles)

Information we do not collect

We do not knowingly collect government identifiers, financial account numbers, precise geolocation, biometric identifiers, or sensitive personal information categories defined under applicable state laws (such as data about medical conditions, diagnosis, or treatment). The Site does not offer medical services.

4. How we use personal information

We use personal information for the following business and commercial purposes:

• Operating, maintaining, and improving the Site and adaptive interface
• Responding to contact inquiries and customer support requests
• Analyzing aggregated usage trends when you consent to analytics cookies
• Delivering relevant educational content when you consent to marketing cookies
• Detecting security incidents, fraud, and abuse
• Complying with legal obligations and enforcing our Terms of Use

We do not use personal information for automated decision-making that produces legal or similarly significant effects.

5. Legal bases (EEA and UK visitors)

Where GDPR applies, we rely on: consent (analytics, marketing cookies, contact form); contractual necessity (responding to your requests); legitimate interests (security, service improvement, fraud prevention); and legal obligation.

6. Disclosure of personal information

We may share personal information with:

• Service providers (hosting, email delivery, analytics if enabled) under written contracts requiring appropriate safeguards
• Professional advisers where required by law
• Law enforcement or regulators when required by valid legal process

We do not sell your personal information and we do not share it for cross-context behavioral advertising as “sale” or “sharing” under the California Consumer Privacy Act (CCPA/CPRA) and similar state laws. If this practice changes, we will update this policy and provide a clear opt-out mechanism.

7. Retention

• Contact form messages: up to 24 months after the inquiry is resolved, unless a longer period is required by law or for dispute resolution
• Server and security logs: up to 90 days
• Cookie consent records (localStorage): up to 12 months or until you clear browser storage
• Analytics data (if enabled): up to 26 months in aggregated form where possible

We delete or anonymize data when it is no longer needed for the purposes described above.

8. Security

We implement reasonable administrative, technical, and physical safeguards, including HTTPS encryption, access controls, and data minimization. No online transmission is completely secure; you use the Site at your own risk regarding network security.

9. Your U.S. state privacy rights

Depending on your state of residence (including California, Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, and others with consumer privacy laws), you may have the right to:

• Know/access the categories and specific pieces of personal information we collected about you
• Delete personal information we hold about you, subject to exceptions
• Correct inaccurate personal information
• Obtain a portable copy of certain data in a usable format
• Opt out of sale, sharing for targeted advertising, and certain profiling (not applicable while we do not sell or share as defined above)
• Limit use of sensitive personal information (not applicable as we do not collect such categories)
• Non-discrimination for exercising privacy rights
• Appeal a denied request where required by state law (e.g., Virginia, Colorado)

How to submit a request

Email us with the subject line “Privacy Request” using the contact email in Section 1. Include your name, the email used on the Site (if any), your state of residence, and the right you wish to exercise. We will verify your identity before responding. Authorized agents may submit requests with written proof of authorization.

We aim to respond within 45 days (or the period required by your state law). California residents may also contact us regarding Shine the Light (Civil Code § 1798.83) requests about disclosure to third parties for direct marketing—we do not share personal information for third-party direct marketing.

10. Washington State residents

Our business is located in Washington. Washington residents have rights under the Washington Consumer Privacy Act and related rules, including rights to access, delete, correct, and opt out of targeted advertising, sale, and certain profiling. Because we do not sell personal information or conduct targeted advertising with personal data beyond optional analytics you consent to, many opt-out rights may not apply. You may still submit requests using the process in Section 9.

11. EEA, UK, and Swiss rights (GDPR)

You may request access, rectification, erasure, restriction, portability, and object to processing. You may withdraw consent at any time. You may lodge a complaint with your local supervisory authority. Contact us using the details in Section 1.

12. International transfers

Data may be processed in the United States and other countries where our service providers operate. For transfers from the EEA, we use appropriate safeguards such as Standard Contractual Clauses where required.

13. Children’s privacy (COPPA)

The Site is not directed to children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child provided data to us, contact us and we will delete it without undue delay.

14. Third-party links and advertising

The Site may link to external resources (for example, EU dispute resolution portals). Third-party sites have their own privacy practices. If we display third-party advertising in the future, we will disclose data collection for ads in an updated policy and honor applicable opt-out signals where required.

15. Changes to this policy

We may update this Privacy Policy. The “Last updated” date at the top will change when we do. Material changes will be described on this page. Continued use after changes constitutes notice where permitted by law.