Privacy Policy

Effective Date:

Last Updated:

Version: 2.0

1. Introduction and Scope

BurnPeak ("we," "our," or "Company") is committed to protecting the privacy and security of our users' personal data ("you," "your," or "User"). This Privacy Policy describes how we collect, use, process, store, and protect your information when you use our website and related services (collectively, the "Services").

This policy complies with:

  • General Data Protection Regulation (GDPR) - EU 2016/679
  • California Consumer Privacy Act (CCPA) - Cal. Civ. Code § 1798.100
  • Telephone Consumer Protection Act (TCPA) - 47 U.S.C. § 227
  • CTIA Messaging Guidelines
  • A2P 10DLC Requirements
  • Brazilian General Data Protection Law (LGPD) - Law No. 13,709/2018

2. Definitions and Legal Basis

2.1 Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Sensitive Data: Personal data about health, racial/ethnic origin, political opinions, religious beliefs
  • Processing: Any operation performed on personal data
  • Controller: Entity that determines the purposes and means of processing
  • Processor: Entity that processes data on behalf of the controller

2.2 Legal Bases for Processing

We process your personal data based on:

  • Consent: For marketing communications and health data collection
  • Contract Performance: To provide our Services
  • Legal Obligation: To comply with applicable laws
  • Legitimate Interests: For security, fraud prevention, and service improvements

3. Information We Collect

3.1 Information You Provide Directly

  • Account Data: Name, email address, phone number, postal address
  • Payment Data: Credit card information (tokenized via PCI-DSS processor)
  • Health Data: Health information related to hair and nail conditions (with explicit consent)
  • Communication Data: Messages, communication preferences, consent records

3.2 Information Collected Automatically

  • Device Data: IP address, browser type, operating system, unique identifiers
  • Usage Data: Pages visited, features used, timestamps, clickstream data
  • Location Data: Approximate location based on IP (with consent for precise location)
  • Cookies and Similar Technologies: As per our Cookie Policy

4. How We Use Your Information

4.1 Primary Purposes

  • Provide, maintain, and improve our Services
  • Process transactions and send related notifications
  • Respond to customer support requests
  • Send important service communications

4.2 TCPA Compliance for Communications

  • Messaging Hours: 8 AM to 9 PM recipient's local time
  • Express Written Consent: Obtained before any automated communications
  • Immediate Opt-Out: Reply STOP to cancel SMS, unsubscribe links in emails
  • Consent Records: Detailed records of all consents maintained

5. Data Security

5.1 Technical Security Measures

  • Encryption: AES-256 for data at rest, TLS 1.2+ for data in transit
  • Access Control: Multi-factor authentication (MFA) required, RBAC, least privilege principle
  • Network Security: Firewalls, IDS/IPS, network segmentation, VPN for admin access
  • Monitoring: 24/7 security monitoring, real-time anomaly detection

6. Your Privacy Rights

6.1 Rights under GDPR/LGPD

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of data ("right to be forgotten")
  • Portability: Receive data in structured format
  • Restriction: Limit data processing
  • Objection: Object to certain processing

6.2 Rights under CCPA

California residents have additional rights:

  • Know what personal information we collect
  • Know if we sell information (we do not sell)
  • Delete personal information
  • Non-discrimination for exercising rights

7. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at support@burnpeak.com or visit our Contact page.