human garage

PRIVACY POLICY

Effective Date: July 27, 2025

________________________________________________________________________________

1. INTRODUCTION AND SCOPE

Human Garage, Inc., a corporation incorporated under the laws of Canada ("Company," "Human Garage," "we," "us," or "our"), is committed to protecting and respecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, disclose, store, and protect your personal information when you use our website at humangarage.net, mobile application, and related services (collectively, the "Services").

This Policy applies to all users of our Services worldwide and complies with applicable privacy laws including:

  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada

  • General Data Protection Regulation (GDPR) - European Union

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) - United States

  • Children's Online Privacy Protection Act (COPPA) - United States

  • Virginia Consumer Data Protection Act (VCDPA) - United States

  • Colorado Privacy Act (CPA) - United States

  • Connecticut Data Privacy Act (CTDPA) - United States

  • Utah Consumer Privacy Act (UCPA) - United States

  • Lei Geral de Proteção de Dados (LGPD) - Brazil

  • Privacy Act 1988 - Australia

  • Personal Data Protection Act (PDPA) - Singapore

  • Data Protection Act 2018 - United Kingdom

  • Other applicable regional and national privacy laws

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.

2. DEFINITIONS AND KEY TERMS

  • "Personal Information" or "Personal Data" means any information that identifies, relates to, describes, or can be associated with a particular individual.

  • "Processing" means any operation performed on personal data, including collection, use, storage, disclosure, and deletion.

  • "Data Controller" means the entity that determines the purposes and means of processing personal data.

  • "Data Processor" means the entity that processes personal data on behalf of the data controller.

  • "Data Subject" means the individual to whom personal data relates.

  • "Sensitive Personal Information" includes health data, biometric data, precise geolocation, and other categories defined by applicable law.

  • "Third Party" means any individual or entity other than you and Human Garage.

  • "Services" means our website, mobile application, programs, courses, and related offerings.

3. INFORMATION WE COLLECT

3.1 INFORMATION YOU PROVIDE DIRECTLY:

  • Account Information: Name, email address, phone number, date of birth, gender, address

  • Profile Information: Bio, preferences, goals, health interests, profile photos

  • Payment Information: Credit card details, billing address, transaction history

  • Health Information: Medical history, health conditions, fitness levels, wellness goals

  • Communication Data: Messages, emails, chat conversations, support tickets

  • User-Generated Content: Posts, comments, reviews, testimonials, photos, videos

  • Survey and Feedback Data: Responses to questionnaires, polls, and feedback forms

  • Event Registration: Information for classes, workshops, and events

  • Verification Documents: Government-issued ID for age verification or parental consent

3.2 INFORMATION COLLECTED AUTOMATICALLY:

  • Device Information: IP address, device type, operating system, browser type, device identifiers

  • Usage Data: Pages visited, time spent, click patterns, navigation paths, feature usage

  • Location Data: Approximate location based on IP address, precise location if permitted

  • Technical Data: Log files, error reports, performance metrics, system diagnostics

  • Cookies and Tracking: Session data, preferences, authentication tokens, analytics data

  • App Usage: Screen views, app interactions, crash reports, performance data

  • Network Information: Internet service provider, connection type, network performance

3.3 INFORMATION FROM THIRD PARTIES:

  • Social Media Platforms: Profile information when you connect social accounts

  • Payment Processors: Transaction verification and fraud prevention data

  • Marketing Partners: Lead generation and referral information

  • Public Databases: Information to verify identity or prevent fraud

  • Analytics Providers: Aggregated usage statistics and demographic data

  • Integration Partners: Data from connected health apps or wearable devices

3.4 SENSITIVE PERSONAL INFORMATION:

We may collect sensitive personal information including health data, biometric information, and precise geolocation data. We will obtain explicit consent before collecting such information and implement additional security measures for its protection.

4. HOW WE USE YOUR INFORMATION

We use your personal information for the following purposes, based on legitimate interests, contractual necessity, legal obligations, or your consent:

4.1 SERVICE PROVISION AND IMPROVEMENT:

  • Providing access to our wellness programs, courses, and content

  • Creating and managing your user account and profile

  • Processing payments and managing subscriptions

  • Delivering personalized content and recommendations

  • Facilitating communication between users and instructors

  • Providing customer support and technical assistance

  • Improving our Services through analytics and user feedback

  • Developing new features and functionalities

4.2 COMMUNICATION AND MARKETING:

  • Sending service-related notifications and updates

  • Delivering marketing communications about our Services (with consent)

  • Responding to inquiries and providing customer support

  • Sending newsletters and educational content

  • Notifying you about events, classes, and special offers

  • Conducting surveys and collecting feedback

4.3 LEGAL AND SECURITY PURPOSES:

  • Complying with legal obligations and regulatory requirements

  • Protecting against fraud, abuse, and security threats

  • Enforcing our Terms of Use and other policies

  • Resolving disputes and investigating violations

  • Protecting the rights, property, and safety of Human Garage and users

  • Conducting internal audits and risk assessments

4.4 ANALYTICS AND RESEARCH:

  • Analyzing usage patterns and user behavior

  • Conducting market research and trend analysis

  • Measuring the effectiveness of our marketing campaigns

  • Creating aggregated and anonymized statistics

  • Improving our algorithms and recommendation systems

5. LEGAL BASIS FOR PROCESSING (GDPR COMPLIANCE)

For users in the European Union, we process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for specific processing activities

  • Contract Performance: To fulfill our contractual obligations to provide Services

  • Legitimate Interests: For our legitimate business interests that do not override your rights

  • Legal Obligation: To comply with applicable laws and regulations

  • Vital Interests: To protect your life or physical safety in emergency situations

  • Public Task: When processing is necessary for public interest or official authority

You have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

6. INFORMATION SHARING AND DISCLOSURE

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 SERVICE PROVIDERS AND BUSINESS PARTNERS:

  • Cloud hosting and data storage providers

  • Payment processors and financial institutions

  • Email and communication service providers

  • Analytics and marketing platforms

  • Customer support and help desk services

  • Security and fraud prevention services

  • Legal and professional service providers

All service providers are contractually bound to protect your information and use it only for specified purposes.

6.2 LEGAL REQUIREMENTS AND PROTECTION:

  • To comply with legal obligations, court orders, or government requests

  • To protect the rights, property, and safety of Human Garage, users, or the public

  • To investigate and prevent fraud, abuse, or illegal activities

  • To enforce our Terms of Use and other agreements

  • In connection with legal proceedings or investigations

6.3 BUSINESS TRANSFERS:

In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity, subject to the same privacy protections.

6.4 WITH YOUR CONSENT:

We may share your information with third parties when you have given explicit consent for such sharing.

7. INTERNATIONAL DATA TRANSFERS

As a Canadian company operating globally, we may transfer your personal information to countries outside your jurisdiction, including:

  • Canada (our primary data processing location)

  • United States (cloud services and business partners)

  • European Union (service providers and users)

  • Other countries where we have users or service providers

When transferring data internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities

  • Adequacy decisions by competent data protection authorities

  • Binding Corporate Rules for intra-group transfers

  • Certification schemes and codes of conduct

  • Explicit consent where required by law

8. DATA RETENTION AND DELETION

We retain your personal information only as long as necessary for the purposes outlined in this Policy or as required by applicable law:

  • Account Information: Retained while your account is active and for 7 years after closure

  • Payment Data: Retained for 7 years for tax and accounting purposes

  • Health Information: Retained for 10 years or as required by healthcare regulations

  • Communication Records: Retained for 3 years for customer service purposes

  • Marketing Data: Retained until you opt-out or for 2 years of inactivity

  • Legal and Compliance Data: Retained as required by applicable laws

  • Analytics Data: Aggregated data may be retained indefinitely after anonymization

When personal information is no longer needed, we will securely delete or anonymize it using industry-standard methods.

9. YOUR PRIVACY RIGHTS

Depending on your jurisdiction, you may have the following rights regarding your personal information:

9.1 UNIVERSAL RIGHTS (AVAILABLE TO ALL USERS):

  • Right to Access: Request information about what personal data we hold about you

  • Right to Correction: Request correction of inaccurate or incomplete information

  • Right to Deletion: Request deletion of your personal information (subject to legal requirements)

  • Right to Opt-Out: Unsubscribe from marketing communications

  • Right to Data Portability: Request a copy of your data in a portable format

9.2 GDPR RIGHTS (EU RESIDENTS):

  • Right to Restrict Processing: Limit how we use your personal data

  • Right to Object: Object to processing based on legitimate interests

  • Right to Withdraw Consent: Withdraw consent for consent-based processing

  • Right to Lodge a Complaint: File complaints with data protection authorities

  • Right to Data Protection Impact Assessment: Information about automated decision-making

9.3 CCPA/CPRA RIGHTS (CALIFORNIA RESIDENTS):

  • Right to Know: Detailed information about data collection and use

  • Right to Delete: Request deletion of personal information

  • Right to Opt-Out of Sale: Opt-out of the sale of personal information

  • Right to Non-Discrimination: Equal service regardless of privacy choices

  • Right to Correct: Request correction of inaccurate personal information

  • Right to Limit Use of Sensitive Personal Information: Restrict use of sensitive data

9.4 EXERCISING YOUR RIGHTS:

To exercise your privacy rights, contact us using the information provided in Section 15. We will respond to your request within the timeframes required by applicable law (typically 30 days for GDPR and 45 days for CCPA).

10. CHILDREN'S PRIVACY PROTECTION

10.1 AGE RESTRICTIONS:

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

10.2 PARENTAL CONSENT FOR MINORS (13-17 YEARS):

For users between 13-17 years of age, we require verifiable parental consent before collecting, using, or disclosing personal information. Parents have the right to:

  • Review their child's personal information

  • Request deletion of their child's personal information

  • Refuse to permit further collection or use of their child's information

  • Receive notification of our information practices regarding children

  • Consent to collection and use but not disclosure to third parties

10.3 COPPA COMPLIANCE:

We comply with the Children's Online Privacy Protection Act (COPPA) and implement additional safeguards for children's information including:

  • Enhanced security measures for children's data

  • Limited data collection to what is necessary for participation

  • No behavioral advertising directed at children

  • Parental access and control mechanisms

  • Regular review and deletion of unnecessary children's data

11. DATA SECURITY AND PROTECTION MEASURES

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

11.1 TECHNICAL SAFEGUARDS:

  • Encryption of data in transit and at rest using industry-standard protocols

  • Multi-factor authentication for administrative access

  • Regular security assessments and penetration testing

  • Secure coding practices and vulnerability management

  • Network security monitoring and intrusion detection systems

  • Regular software updates and security patches

  • Secure data backup and disaster recovery procedures

11.2 ORGANIZATIONAL SAFEGUARDS:

  • Employee training on data protection and privacy practices

  • Background checks for employees with access to personal information

  • Confidentiality agreements and access controls

  • Data protection impact assessments for high-risk processing

  • Incident response procedures and breach notification protocols

  • Regular audits and compliance monitoring

  • Privacy by design principles in system development

11.3 DATA BREACH NOTIFICATION:

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities within the timeframes required by applicable law (typically 72 hours for authorities and without undue delay for individuals).

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 TYPES OF COOKIES WE USE:

  • Essential Cookies: Necessary for basic website functionality and security

  • Performance Cookies: Collect information about how you use our Services

  • Functional Cookies: Remember your preferences and personalize your experience

  • Marketing Cookies: Track your activity for advertising and marketing purposes

  • Third-Party Cookies: Set by our partners for analytics and advertising



12.2 OTHER TRACKING TECHNOLOGIES:

  • Web Beacons: Small graphics that track email opens and website visits

  • Pixel Tags: Monitor user behavior and measure advertising effectiveness

  • Local Storage: Store information locally on your device

  • Session Replay Tools: Record user interactions for analysis and improvement

  • Analytics Tools: Google Analytics, Adobe Analytics, and similar services

12.3 MANAGING COOKIES:

You can control cookies through your browser settings, our cookie preference center, or opt-out tools provided by advertising networks. Note that disabling certain cookies may affect the functionality of our Services.

13. THIRD-PARTY SERVICES AND LINKS

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Human Garage. This Privacy Policy does not apply to third-party services.

13.1 THIRD-PARTY INTEGRATIONS:

  • Social Media Platforms: Facebook, Instagram, Twitter, LinkedIn, YouTube

  • Payment Processors: Stripe, PayPal, Apple Pay, Google Pay

  • Analytics Services: Google Analytics, Facebook Analytics, Mixpanel

  • Communication Tools: Mailchimp, Twilio, Zendesk, Intercom

  • Cloud Services: Amazon Web Services, Google Cloud, Microsoft Azure

  • Marketing Platforms: HubSpot, Salesforce, Facebook Ads, Google Ads

13.2 THIRD-PARTY PRIVACY PRACTICES:

We encourage you to review the privacy policies of any third-party services you access through our Services. We are not responsible for the privacy practices or content of third-party services.

14. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through:

  • Email notification to registered users

  • Prominent notice on our website and mobile application

  • In-app notifications and alerts

  • Updates to our Terms of Use or other communications

Your continued use of our Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of our Services.

15. CONTACT INFORMATION AND DATA PROTECTION OFFICER

15.1 GENERAL PRIVACY INQUIRIES:

Human Garage, Inc.
Privacy Officer
Email: privacy@humangarage.net
Website: https://humangarage.net/privacy
Address: Vancouver, British Columbia, Canada


15.2 DATA PROTECTION OFFICER (DPO):

For GDPR-related inquiries:
Data Protection Officer
Email: dpo@humangarage.net
Address:


15.3 REGULATORY AUTHORITIES:

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

  • Canada: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)

  • EU: Your local Data Protection Authority

  • California: California Attorney General (oag.ca.gov)

  • UK: Information Commissioner's Office (ico.org.uk)

  • Australia: Office of the Australian Information Commissioner (oaic.gov.au)

16. JURISDICTION-SPECIFIC PROVISIONS

16.1 CALIFORNIA RESIDENTS (CCPA/CPRA):

In the past 12 months, we have collected the following categories of personal information: identifiers, commercial information, internet activity, geolocation data, audio/visual information, and inferences. We do not sell personal information to third parties.

16.2 EUROPEAN UNION RESIDENTS (GDPR):

Human Garage, Inc. acts as the data controller for personal information collected through our Services. We have appointed a Data Protection Officer and EU representative as required by GDPR.

16.3 CANADIAN RESIDENTS (PIPEDA):

We comply with PIPEDA and provincial privacy laws. You have the right to access your personal information and request corrections. Complaints can be filed with the Privacy Commissioner of Canada.

16.4 BRAZILIAN RESIDENTS (LGPD):

We process personal data in accordance with LGPD. You have rights to access, correct, delete, and port your personal data. Contact our Data Protection Officer for LGPD-related inquiries.

17. AUTOMATED DECISION-MAKING AND PROFILING

We may use automated decision-making and profiling to:

  • Personalize content and recommendations

  • Detect and prevent fraud

  • Optimize marketing campaigns

  • Improve user experience and engagement

  • Provide customer support through chatbots

You have the right to request human intervention, express your point of view, and contest automated decisions that significantly affect you.

18. BIOMETRIC AND HEALTH DATA PROTECTION

If we collect biometric identifiers or health information, we will:

  • Obtain explicit consent before collection

  • Implement enhanced security measures

  • Limit retention to the minimum necessary period

  • Provide clear opt-out mechanisms

  • Comply with applicable health information laws (HIPAA, PHIPA, etc.)

  • Use de-identification and anonymization techniques where possible

19. MARKETING AND COMMUNICATIONS

19.1 CONSENT FOR MARKETING:

We will only send you marketing communications if you have consented to receive them. You can opt-out at any time using the unsubscribe link in our emails or by contacting us directly.

19.2 TYPES OF COMMUNICATIONS:

  • Service announcements and updates

  • Educational content and wellness tips

  • Event invitations and class schedules

  • Product recommendations and special offers

  • Newsletters and community updates

  • Survey and feedback requests

20. DATA MINIMIZATION AND PURPOSE LIMITATION

We adhere to the principles of data minimization and purpose limitation by:

  • Collecting only personal information necessary for specified purposes

  • Using personal information only for the purposes for which it was collected

  • Regularly reviewing and deleting unnecessary personal information

  • Implementing privacy by design in our systems and processes

  • Conducting privacy impact assessments for new processing activities

________________________________________________________________________________

© 2025 Human Garage, Inc. All Rights Reserved.
This Privacy Policy is effective as of the date stated above and supersedes all previous versions.

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.