Privacy Policy

Effective Date: August 1, 2025

1. Introduction and Scope

1.1 About Shepard Labs

Shepard Labs is a limited liability company (LLC) operating in the technology sector. Our primary business address is 10350 N Vancouver Way, Portland, OR 97217, United States.

1.2 Scope of This Policy

This Privacy Policy describes how Shepard Labs collects, uses, shares, and protects personal information. This policy applies to all users of our services and website, regardless of location. We comply with applicable privacy laws including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in California.

This policy covers our data practices across all platforms, services, and interactions where we collect personal information.

2. Information We Collect

2.1 Categories of Personal Information

We collect the following categories of personal information:

• Contact Information: This includes names, email addresses, phone numbers, mailing addresses, and other information that allows us to communicate with you or identify you.

2.2 Collection Methods

We collect personal information through the following methods:

• Directly from Users: Information you provide when you register for our services, contact us, or interact with our platform
• Cookies and Tracking Technologies: Information collected automatically through cookies, web beacons, and similar technologies when you use our website or services

2.3 Sources of Information

We collect personal information from the following sources:

• Direct from Consumer: Information you provide directly to us through forms, communications, or account creation

3. How We Use Information

3.1 Processing Purposes

We use your personal information for the following purposes:

• Providing Services and Products: To deliver, maintain, and improve our services and products
• Customer Support: To respond to your inquiries, provide technical support, and resolve issues
• Marketing and Advertising: To send you promotional materials, newsletters, and other marketing communications (with your consent where required)
• Analytics and Improvements: To analyze usage patterns, improve our services, and develop new features
• Legal and Regulatory Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To protect our systems, prevent fraud, and ensure the security of our services and users

3.2 Sensitive Personal Information Usage

Our use of sensitive personal information is limited to business purposes as defined by applicable law. We do not use sensitive personal information for purposes beyond what is necessary to provide our services or comply with legal obligations.

4. Information Sharing and Disclosure

We do not share your personal data with third parties, sell your personal information, or engage in joint controller arrangements. We do not transfer personal information internationally or share information for behavioral advertising purposes.

We may disclose personal information only in the following limited circumstances:

• When required by law or legal process
• To protect our rights, property, or safety, or that of our users
• In connection with a business transaction such as a merger or acquisition
• With your explicit consent

5. Your Privacy Rights

5.1 General Rights

You have certain rights regarding your personal information, which may vary depending on your location and applicable laws. These generally include the right to access your information, request corrections, and in some cases, request deletion of your data.

5.2 Exercising Your Rights

You can exercise your privacy rights through the following methods:

• Online Form: Submit requests through forms available on our website
• Email: Send requests to hi@privacyforge.ai

We will respond to your requests within 30 days. We do not provide extensions to this response timeframe.

5.3 Identity Verification

To protect your privacy and security, we verify your identity before processing rights requests using:

• Account Login: Verification through your existing account credentials
• Email Verification: Confirmation through the email address associated with your account

5.4 Look-Back Period

For requests related to data disclosure or deletion, we will look back 12 months from the date of your request to identify relevant personal information.

6. Security and Data Protection

6.1 Technical Measures

We implement the following technical security measures to protect your personal information:

• Encryption: Data is encrypted both in transit and at rest using industry-standard encryption protocols
• Access Controls: Strict access controls limit who can view or modify personal information
• Network Security: Firewalls, intrusion detection systems, and other network security measures protect our systems
• Monitoring Systems: Continuous monitoring helps detect and respond to security threats
• Multi-Factor Authentication: Additional authentication layers protect access to sensitive systems

6.2 Organizational Measures

We maintain the following organizational security practices:

• Staff Training: Regular training ensures our team understands privacy and security requirements

6.3 Incident Response and Breach Notification

In the event of a data security incident, we have established procedures including:

• Internal Notification Process: Immediate internal escalation and response procedures
• Breach Response Team: While we do not maintain a dedicated breach response team, we have designated personnel responsible for incident response
• Notification Timeline: We will notify affected individuals and relevant authorities as required by applicable law

7. Data Retention

7.1 Retention Policy

We retain your personal information until you delete your user account. Upon account deletion, we will delete or anonymize your personal information in accordance with our data retention procedures and applicable legal requirements.

8. Cookies and Tracking Technologies

8.1 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and services. Cookies are small text files stored on your device that help us remember your preferences and understand how you use our services.

8.2 Types of Cookies We Use

We use the following types of cookies:

• Essential/Functional Cookies: These cookies are necessary for our website to function properly. They are session-only cookies that are deleted when you close your browser. These are first-party cookies that collect contact information to maintain your session and provide basic functionality.

8.3 Third-Party Tracking

We use third-party tracking technologies for the following purposes:

• Analytics: To understand how visitors use our website and improve our services

These third-party services may collect information about your online activities across different websites. We recommend reviewing the privacy policies of these third-party services to understand their data practices.

8.4 Cookie Consent Management

We manage cookie consent in accordance with applicable laws. Essential cookies are necessary for website functionality and do not require consent. For non-essential cookies, we obtain appropriate consent where required by law.

8.5 Opting Out of Tracking

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect the functionality of our website. You can also opt out of third-party analytics tracking through the respective service providers' opt-out mechanisms.

9. Contact Information

9.1 General Contact

PrivacyForge.ai (operated by Shepard Labs LLC)
10350 N Vancouver Way
Portland, OR 97217
United States
Website: https://www.privacyforge.ai

9.2 Privacy Contact

For privacy-related inquiries, requests, or concerns, please contact us at:

Email: hi@privacyforge.ai

10. Changes to This Privacy Policy

10.1 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the effective date at the top of this policy.

Current Effective Date: August 1, 2025

12. California Privacy Rights (CCPA/CPRA)

12.1 Categories of Personal Information

Under the California Consumer Privacy Act (CCPA), we collect the following categories of personal information:

• Identifiers: Names, email addresses, and other contact information

12.2 Sources of Personal Information

We collect personal information from the following sources:

• Direct from Consumer: Information you provide directly to us

12.3 Business Purposes for Collection

We collect and use personal information for the following business purposes as defined by the CCPA:

• Providing Services and Products: Performing services and providing goods
• Customer Support: Providing customer service and support
• Marketing and Advertising: Marketing our products and services
• Analytics and Improvements: Analyzing and improving our services
• Legal and Regulatory Compliance: Complying with legal obligations
• Security: Detecting and preventing security incidents and fraud

12.4 Categories of Third Parties

We do not share personal information with third parties for business or commercial purposes.

12.5 California Consumer Rights

As a California resident, you have the following rights:

• Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of your personal information (though we do not sell or share personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
• Right to Limit Use of Sensitive Personal Information: Limit our use of your sensitive personal information

12.6 Selling and Sharing Personal Information

We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising purposes.

12.7 Sensitive Personal Information Processing

We limit our use and disclosure of sensitive personal information to purposes that are necessary to perform our services or as otherwise permitted by the CPRA.

12.8 Non-Discrimination Policy

We will not discriminate against you for exercising your privacy rights under the CCPA/CPRA. This means we will not:

• Deny you goods or services
• Charge you different prices or rates
• Provide you with a different level or quality of goods or services
• Suggest that you may receive a different price, rate, level, or quality of goods or services

12.9 Verification Process for Requests

To protect your privacy, we verify your identity before processing rights requests. We use account login credentials and email verification to confirm your identity. The verification method may vary depending on the type of request and the sensitivity of the information involved.

12.10 Authorized Agent Requests

You may designate an authorized agent to make requests on your behalf. We require written authorization from you and may require the agent to provide proof of their authority. We may also require you to verify your identity directly with us.

12.11 Look-Back Period Disclosure

For requests related to the disclosure of personal information, we will provide information covering the 12-month period preceding our receipt of your request.

14. Canadian Privacy Rights (PIPEDA)

14.1 Consent Practices and Types

We obtain consent for the collection, use, and disclosure of personal information as required by PIPEDA:

• Contact Information: Implied consent is sufficient for basic contact information used for service provision and communication

We collect personal information through online forms. You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice.

14.2 Accountability and Privacy Officer

We have not designated a specific privacy officer, but executive management is responsible for privacy compliance. We provide staff training on privacy practices as needed to ensure proper handling of personal information.

14.3 Access and Correction Procedures

You have the right to access your personal information and request corrections. To exercise these rights, contact us using the methods described in Section 5.2. We will respond to your request within 30 days and provide access to your personal information or explain any refusal.

14.4 Complaint Procedures

If you have concerns about our privacy practices, you may:

1. Contact us directly at hi@privacyforge.ai
2. File a complaint with the Privacy Commissioner of Canada if you are not satisfied with our response

We are committed to investigating and resolving privacy complaints in a timely manner.

14.5 Safeguards for Sensitive Information

We implement enhanced safeguards for sensitive personal information, including:

• Enhanced Consent: Obtaining more explicit consent for sensitive information
• Heightened Security: Additional security measures for protecting sensitive data

14.6 Openness and Transparency Measures

We ensure openness about our privacy practices through:

• Public Privacy Policy: This policy is publicly available on our website
• Clear Contact Information: We provide clear contact information for privacy inquiries

Our privacy policy is accessible through a website link and is written in clear, understandable language.

14.7 Challenging Compliance

You have the right to challenge our compliance with PIPEDA. If you believe we have not complied with privacy requirements, you may:

1. Contact us to discuss your concerns
2. Request an investigation of our practices
3. File a complaint with the Privacy Commissioner of Canada

We will investigate any compliance challenges and take appropriate corrective measures when necessary.

Generated by PrivacyForge.ai