Privacy Policy

Heffl Ventures - LLC (we, our, or us) operates heffl.com website (the Service).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (Personal Data). Personal Data may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• Cookies and Usage Data
• Business information
• Payment and transaction data
• Google User Data: When you authorize our Service to access your Google account via Google Workspace APIs, we collect and process certain data from your Google account, such as emails, calendar events, contacts, or files, depending on the features you use and the permissions you grant. This data is used solely for the purpose of providing our Service to you, as described in this privacy policy.
• We do not use Google user data to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.
• Our use of Google user data is subject to Google's API Services User Data Policy, and we comply with all applicable requirements.

Use of Data

We use the collected data for various purposes, including:

• To provide and maintain our Service
• To notify you about changes to our Service
• To provide customer support
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent, and address technical issues
• To access and use Google Workspace APIs on your behalf, with your consent, to provide the features of our Service

Disclosure of Data

We share your personal data, including Google user data, only in the following circumstances:

• With Google LLC, as necessary to access and use the Google Workspace APIs.
• With third-party service providers who assist us in operating our Service, such as hosting providers, analytics services, or customer support tools. These providers are contractually obligated to protect your data and only use it for the purposes we specify.
• When required by law or to protect our legal rights.

We do not sell, rent, or otherwise disclose your personal data, including Google user data, to third parties for their own marketing or other purposes.

Data Security and Protection

The security of your data is of utmost importance to us. We implement and maintain comprehensive technical, physical, and administrative safeguards to protect your personal data, including sensitive data obtained from Google Calendar and other Google Workspace APIs.

Technical Security Measures:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocols. Sensitive data, including Google Calendar events and user information, is encrypted both in transit and at rest using AES-256 encryption.
• Secure Data Storage: Your Google Calendar data and other sensitive information are stored in secure, access-controlled databases with encryption at rest. We use reputable cloud service providers with SOC 2 Type II certification.
• Access Controls: We implement strict access controls and authentication mechanisms. Only authorized personnel with a legitimate business need have access to user data, and all access is logged and monitored.
• API Token Security: OAuth tokens used to access your Google account are stored securely with encryption and are never exposed in client-side code or logs. Tokens are automatically refreshed and rotated following security best practices.

Organizational Security Measures:

• Principle of Least Privilege: Our systems and personnel operate on the principle of least privilege, ensuring that access to sensitive data is granted only when necessary for specific job functions.
• Employee Training: All employees and contractors with access to user data undergo security training and are bound by confidentiality agreements.
• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
• Incident Response: We maintain an incident response plan to quickly detect, respond to, and mitigate any security incidents involving user data.

Google Calendar Specific Protections:

• Your Google Calendar data is accessed only when you explicitly authorize our application and only for the specific purposes you consent to.
• We implement scope-limited access, requesting only the minimum necessary permissions required to provide the calendar integration features.
• Calendar data is processed in real-time when needed and is not unnecessarily stored or retained beyond what is required to provide the service.
• You can revoke access to your Google Calendar at any time through your Google Account settings, which will immediately terminate our access to your calendar data.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We continuously work to improve our security practices and promptly address any identified vulnerabilities. If you discover any security concerns, please contact us immediately at [email protected].

Data Retention and Deletion

We retain your personal data, including Google user data, only for as long as necessary to provide the Service to you or as required by applicable laws and regulations. When you delete your account or request deletion of your data, we will delete your personal data from our systems within a reasonable timeframe, typically within 30 days, unless we are required to retain it for legal or regulatory reasons.

You can request deletion of your data by contacting us at [email protected].

Additionally, you can revoke our access to your Google account at any time by visiting your Google account settings and removing the permissions granted to our Service.

GDPR Compliance

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), the General Data Protection Regulation (GDPR) applies to the processing of your personal data. This section provides additional information about your rights under GDPR.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities, such as marketing communications or non-essential cookies.
• Contract Performance: To fulfill our contractual obligations and provide the services you have requested.
• Legitimate Interests: For purposes such as improving our services, security, fraud prevention, and business operations, where our interests do not override your fundamental rights and freedoms.
• Legal Obligations: To comply with applicable laws and regulations.

EU/EEA & UK GDPR Representatives (Article 27)

If you are located in the EU, EEA, or UK and have questions or concerns regarding your personal data, you may contact our appointed GDPR representative:

To submit a Data Subject Access Request (DSAR), data deletion request, or any other GDPR-related inquiry, please use our secure portal at: https://gdpr.euverify.com/verify/502b522f-f51a-49c1-8ed4-9611d370fed4

This link allows you to verify our appointed representative and submit GDPR requests directly. Requests submitted through this portal are logged and tracked to ensure timely response and compliance.

Data Subject Rights (Articles 15-22)

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): You have the right to obtain confirmation as to whether your personal data is being processed and to access that data.
• Right to Rectification (Article 16): You have the right to have inaccurate personal data corrected and incomplete data completed.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data under certain circumstances.
• Right to Restrict Processing (Article 18): You have the right to restrict the processing of your personal data under certain circumstances.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object (Article 21): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Rights related to Automated Decision Making (Article 22): You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

To exercise any of these rights, please contact us using the information provided in the Contact Us section below, or use our GDPR portal. For more detailed information about your rights, please visit our Data Subject Rights page.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by:

• Updating your cookie preferences through our cookie banner
• Contacting us at [email protected]
• Using our GDPR portal

Data Transfers

Your personal data may be transferred to and processed in countries outside the EU/EEA/UK. When we transfer your data to countries that are not considered to have adequate data protection laws, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Other appropriate safeguards as required by GDPR

By using our Service, you consent to the transfer of your data to these countries in accordance with this Privacy Policy.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your preferences and activity on our website. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights under GDPR, please contact us at:
Email: [email protected]

For GDPR-specific inquiries, you may also contact our EU/UK representatives or use our GDPR portal.