Privacy Policy

The Heybrook Privacy Policy

Your Privacy Matters to The Heybrook

This Privacy Policy governs your relationship with The Heybrook, LLC (also “Heybrook,” “we,” “our,” or “us”). Protecting our customers and visitors (also “you,” “your,” or “their”) and their privacy is a priority of ours. We have provided this Privacy Policy to help you understand:

  • how we collect non-public information about you that can be used alone or in combination to identify you (“Personal Information”), 

  • how we use your Personal Information, and 

  • how we protect your privacy. 

This Privacy Policy covers your access to and use of our website located at www.theheybrook.com and all other websites, newsletters, social media pages, apps, or other electronic channels owned and maintained by Heybrook (collectively, the “Website”). It applies to any Personal Information collected, stored, or used by us, such as Personal Information you provide us through the Website, including by email, telephonic communications, or mail. In addition, the Privacy Policy describes how we handle Personal Information we collect through the provision of our parenting and related services to you, such as by telephone calls, e-mails, applications, or other communications with us, our employees, or service providers involved in providing services to you (collectively, the “Services”).

By accessing and using the Website and Services, you acknowledge that you have read this Privacy Policy. 

I. Privacy

Our Privacy Assurance 

  • We take reasonable steps to collect only Personal Information necessary or relevant to our business. 

  • We make a reasonable effort to ensure that Personal Information we act upon is accurate, relevant, timely, and complete. 

  • We use only legitimate means to collect Personal Information. 

  • We make reasonable efforts to make Personal Information available externally only to respond to legitimate business needs, to regulatory or other government authorities, or as otherwise permitted by law. 

  • We take reasonable steps to limit employees' access to those who need to handle Personal Information and who are trained in the proper handling of such Personal Information. 

  • We take industry standard precautions and reasonable measures to protect your Personal Information.

  • We do not knowingly sell Personal Information to any person or company. 

  • We do not knowingly share Personal Information with non-affiliate companies that would use such Personal Information to market their own products and services, unless permitted pursuant to a joint marketing agreement. 

Personal Information We Collect from You 

We get most of our Personal Information directly from you through the Website, such as the Contact page or Newsletter signup page, or via email, mail, telephone calls, other electronic communications, any application you send to us, and your transactions with us. Sometimes our agents may contact you by phone or mail to obtain additional Personal Information. We also might obtain Personal Information about you from transactions with us, our affiliates, resellers, or other third parties.

Some examples of the Personal Information we may collect from you, usually by you providing it directly to us, include: 

  • Your first and last name 

  • Your email 

  • The first and last name of your child and/or significant other

  • Information about your inquiries to us, which may contain personal information

You can choose not to provide certain information, but it may delay or prevent us from providing products and/or our Services to you.

Personal Information from Internet Use 

We may also automatically receive and store certain types of Personal Information whenever you visit the Website, such as the name of the domain and host from which you access the Internet and the IP address of the computer you are using. We may log and use your IP address to administer the Website, to help diagnose problems with our server, to analyze trends, to track users' webpage movements, to help identify you, and to gather broad demographic information for aggregate use. 

We may use standard tools, such as “cookies” (which may be html files, flash files, or other technology), web beacons, or similar technologies (collectively, “Tracking Tools”). Cookies are small text files stored locally on your computer that help store user preferences. “Web beacons” or “clear gifs” are small pieces of code placed on websites used to collect advertising metrics, such as counting page views, promotion views, or advertising responses. We may use Tracking Tools to monitor the Website and Internet usage and to improve or customize the content on the Website. 

In addition, on occasion we may also set a “session cookie” on the Website to help us administer the Website. The session cookie expires when you close your web browser and does not retain any Personal Information about you after it expires. If you do not want the benefits of these cookies, you may opt-out by visiting https://optout.networkadvertising.org/?c=1. However, if you do so, you may not receive the full benefit from the use of the Website. 

We may use Tracking Tools only to gather information as indicated in this Privacy Policy. In many web browsers, you can choose to delete, disable, turn off, or reject most Tracking Tools through the “Internet Options” sub-option of the “Tools” menu of your web browser or otherwise as directed by your web browser’s support feature. Please consult the “Help” section of your web browser for more information. By agreeing to this Privacy Policy, you are consenting to the use of Tracking Tools as set forth in this Privacy Policy. 

Finally, our web servers may collect “log data.” Log data provides aggregate information about the number of visits to different pages on the Website. This Privacy Policy does not apply to other types of information you may disclose or that we may collect, including aggregate user statistics, demographic information, and other data that does not include Personal Information or from which you cannot be identified.

We may use such aggregate log data to improve access to the Website based on visitors’ web browsers and operating system types to make the Website available to as many relevant users as possible. We do not link the “log data” collected to Personal Information. Third party providers may also collect aggregate log data independently from us. 

How We Use Your Personal Information 

Under data protection law, we can only use your Personal Information if we have a proper reason for doing so, e.g.:

  • To comply with our legal and regulatory obligations;

  • For the performance of Services or to take steps at your request before engaging in Services with you;

  • For our legitimate interests or those of a third party; or

  • Where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your Personal Information for and our reasons for doing so:

Uses of Your Personal Information

Our Reasons for Such Use

To provide products and/or Services to you

For the performance of our contract with you or to take steps at your request before entering into a contract

To make decisions about the types of products and prices we can offer to you

For our legitimate interests or those of a third party; e.g. to factor various risks into the products and prices we offer

To assess your eligibility for payment plans and to process your payments

For our legitimate interests or those of a third party; e.g.  to factor various risks into payment plans we offer

To communicate with you and others as part of our business and to respond to your requests

For our legitimate interests or those of a third party; e.g. to send updates to you regarding our products and Services

For the performance of our contract with you or to take steps at your request before entering into a contract

To prevent and detect fraud or abuse

For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us, a third party or for you

Conducting checks to identify our customers and verify their identity

Other processing necessary to comply with professional, legal, and regulatory obligations that apply to our business

To comply with our legal and regulatory obligations

Gathering and providing information required by or relating to audits, enquiries, or investigations by regulatory bodies

To comply with our legal and regulatory obligations

Ensuring business policies are adhered to, e.g. policies covering security and internet use

For our legitimate interests or those of a third party; e.g.  to make sure we are following our own internal procedures so we can improve our products and Services

Operational reasons, such as improving efficiency, training, and quality control

For our legitimate interests or those of a third party; e.g. to be as efficient as we can so we can improve our products and Services

Ensuring the confidentiality of commercially sensitive information

For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information

To comply with our legal and regulatory obligations

Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures

For our legitimate interests or those of a third party; e.g. to be as efficient as we can so we can improve our products and Services

Preventing unauthorized access and modifications to systems

For our legitimate interests or those of a third party; e.g. to prevent and detect criminal activity that could be damaging for us and for you

To comply with our legal and regulatory obligations

Generally establish and defend legal rights and protect our operations or those of any of our group companies or business partners

For our legitimate interests or those of a third party; e.g. to pursue available remedies to limit our damages.

Updating and enhancing customer records

For the performance of our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products

Statutory returns or responses

To comply with our legal and regulatory obligations

Ensuring safe working practices, staff administration, and assessments

To comply with our legal and regulatory obligations

For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

Marketing our Services and those of selected third parties to:

  • existing and former customers;

  • third parties who have previously expressed an interest in our Services;

  • third parties with whom we have had no previous dealings.

For our legitimate interests or those of a third party; e.g. to promote our business to existing and former customers

External audits and quality checks, e.g. security accreditation and the audit of our accounts

For our legitimate interests or those of a third party; e.g. to maintain our accreditations so we can demonstrate we operate at the highest standards

To comply with our legal and regulatory obligations

Facilitate social sharing functionality

For our legitimate interests or those of a third party; e.g. to enable efficient functionality between our Services and social media websites

Send you important information regarding changes to our policies, other terms and conditions, our Services and other administrative information

For our legitimate interests or a those of a third party; e.g. to obtain your consent to updated policies

To comply with our legal and regulatory obligations


With whom do we share your Personal Information 

In order to conduct our business and to better serve you, we may disclose all of the Personal Information we collect, as described above, to our affiliates, contractors, and agents. We may also disclose all the Personal Information we collect to companies or individuals that perform services on our behalf with whom we have joint marketing agreements. In order to conduct our business and to better serve you, we may disclose all of the Personal Information we collect, as described above, to:

  • Our affiliated companies. Other companies associated with Heybrook may have access to and use of Personal Information in connection with the conduct of our business where appropriate.

  • Other distribution parties. In the course of marketing and providing services, we may make Personal Information available to third parties such as intermediaries and agents, appointed representatives, marketing partners, and other business partners.

  • Our service providers. We may also share your Personal Information with external third-party service providers, such as accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; call center service providers; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; banks and financial institutions that service our accounts; document and records management providers; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.

  • Recipients of your social sharing activity. Your friends associated with your social media account(s), other website users and your social media account provider(s), in connection with your social sharing activity. 

  • Governmental authorities and third parties involved in court action. Heybrook may also share Personal Information with governmental or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.

  • Other Third Parties. We may share Personal Information with purchasers and prospective purchasers or other parties in any actual or proposed reorganization, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, assets or stock.  

We may disclose your Personal Information to third parties for the following reasons: 

  • Providing you the Services 

  • Payment processing 

  • Tracking how visitors use the Website 

  • Fulfilling a transaction you requested 

  • Preventing fraud 

  • Marketing our products 

  • Complying with requests from law enforcement 

  • With your consent (e.g., if you authorize us to share your Personal Information)

  • Protecting our rights, property, or safety, or that of users of Heybrook or the general public


In the event of a bankruptcy or a sale, merger, or acquisition, we may also transfer your Personal Information to a separate entity. That entity will be responsible for ensuring that your Personal Information is used only for authorized purposes and persons in a manner consistent with this Privacy Policy and applicable law.

Additionally, we may share Personal Information when it is required by a court or government agency or to respond to a Claim by you or a third party. In doing so, we may respond to any subpoena received from a court or government agency without prior notice to you. Unless prohibited by law or by a court order, we will use reasonable efforts to notify you of any subpoena received from any other party that requires us to disclose your identity and will wait ten (10) days thereafter, or a lesser amount of time as required by the deadline in the subpoena, before providing the requested Personal Information. 

Personal Information may also be shared by you, on message boards, chat, profile pages and blogs, and other services to which you are able to post information and materials (including, without limitation, our social media pages and apps). Please note that any information you post or disclose through these services will become public information, and may be available to third parties who access the Heybrook Website and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, on the Website and our social media pages.

We do not knowingly sell any of your Personal Information to any third parties. 


Retention, Confidentiality, and Security of Personal Information

We store Personal Information for as long as reasonably necessary to fulfill the purposes described above, as we determine is necessary for business records, and as required under applicable law.

We restrict access to Personal Information about you to those who need to know in order to provide products or Services to you and to conduct our internal operations. We make reasonable efforts to maintain, or take reasonable steps to ensure that our third-party service providers maintain on our behalf, physical, electronic, and procedural safeguards that comply with federal regulations to guard your Personal Information. 

Additionally, the Website is a certificate trusted website and uses commercially reasonable security measures to protect information before and during transmission to the internet. If we become aware of a security systems breach, we may attempt to notify you electronically so that you can take appropriate protective steps. We may post a notice through the Website if a security breach occurs. We may also send an email to you at the email address you have provided to use in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

However, some of our security measures depend on the compatibility of your web browser. While we strive to protect your Information, the internet is not absolutely secure and, thus, we cannot promise guaranteed security. In the unlikely event that we believe that the security of your Information in our possession or control may have been compromised, we may seek to notify you of that development. If a notification is appropriate and to the extent we have your email address, we may notify you by email. 

You should also take steps on your own to protect your Personal Information, such as: 

  • Using the latest version of your web browser. 

  • Keeping your username and password confidential. 

  • Accessing the Website only on personal or trusted computers. 

Please refer to the Federal Trade Commission’s website at http://www.business.ftc.gov/privacy-and-security/consumer-privacy for information about how to protect yourself against identity theft.


II. Personal Information and Third Parties

Links 

The Website may include links to other websites. This Privacy Policy only applies to our Website and Services. We do not make any representations about any websites other than our own. Any Personal Information you provide to any linked websites will be subject to the privacy policies of that website. If provided, you should review the privacy policies of any linked websites carefully. 

Social Media 

The Website includes social media features, such as Facebook, Instagram, and LinkedIn pages and widgets. These features may collect your IP address, which page you are visiting on the Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Website. Your interactions with these features are governed by the privacy policy of the company providing them. 

Commercial Electronic Messages

If you provide your email address to us, you affirmatively and expressly consent to receiving commercial emails from us and from our third party providers, affiliates, and resellers. These parties may send you commercial emails in order to deliver information about the Website, information about developments relating to our products and Services, special offers, and other information, including but not limited to updates to the Website. 

Children 

The Website is intended to be used in connection with our Services and is not intended for minors. Consistent with the United States Federal Children’s Online Privacy Protection Act of 1998 (COPPA), the Website is not directed at children and we do not knowingly collect Personal Information from anyone under the age of eighteen (18) years, except to the extent provided by a parent or guardian. If you are a parent or guardian and believe that your child has provided Personal Information to the Website without your consent, for example – by misrepresenting their age, please notify us. If we become aware that information is or has been submitted by or collected from a minor under the age of 18, we will delete this information unless it was provided by a parent or guardian.


III. Additional Relevant Provisions and Laws

We make reasonable efforts to comply with the privacy laws of the U.S. and make no representation that this Privacy Policy or the Terms of Use comply with the laws of any other jurisdiction. If you choose to visit the Website, you do so at your own initiative and at your own risk and you are responsible for complying with all applicable local laws and you waive any causes of action, suits, penalties, fines, losses, damages, costs, or expenses, including attorneys’ fees (“Claims”) that may arise under such local laws. 

International Visitors

We are based in the United States and the Website we own or operate is located and hosted in the United States and is intended mainly for visitors located within the United States. In most cases, the Personal Information we collect is stored and used in the United States. While we do not generally direct our Services to residents of the European Union (EU), it is possible that EU residents may access and use the Website. If you choose to use the Website from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.

We may also transfer your data, including Personal Information, from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Website. By providing any information, including Personal Information, to us, you consent to such transfer, storage, and processing.

If you are a resident of the EU and if GDPR applies to our Website and Services, you may have certain additional rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) with respect to any of your Personal Information that we may collect, including the following:

  • the right of access to your Personal Information.

  • the right to rectify your Personal Information if it is incorrect or incomplete.

  • the right to have your Personal Information erased (“right to be forgotten”) if certain grounds are met.

  • the right to withdraw your consent to our processing of your Personal Information at any time (if our processing is based on consent).

  • the right to object to our processing of your Personal Information (if processing is based on our legitimate interests) provided that we may retain your Personal Information for certain compelling purposes such as legal, auditing, accounting, and billing purposes.

  • the right to object at any time to our processing of your Personal Information for direct marketing purposes, including, without limitation, for profiling purposes to the extent that it is related to direct marketing. If you object to processing for direct marketing purposes, we will no longer process your Personal Information for such purposes.

  • the right to receive your Personal Information from us in a structured, commonly used and machine-readable format, and the right to transmit your Personal Information to another controller without hindrance from us (data portability).

The following terms shall also apply to our collection, use, and retention of the Personal Information of applicable EU residents and in the event GDPR applies to our Website and Services:

Basis for collection. We collect and process Personal Information for which you have given your express consent at the time of collection or where we have another legitimate legal basis for such collection, such as a legitimate business interest in improving our Services, to deliver Services and perform obligations under contracts we have with you, and to comply with legal obligations.

Sensitive data. We do not intentionally collect sensitive data, for example, biometric data, health data, or data revealing racial or ethnic origin, from visitors to our Website.

Onward transfer. Except as otherwise provided in this Privacy Policy, we only disclose Personal Information to third parties who reasonably need to have access to it for the purpose of the transaction or activity for which it was originally collected or to provide services to or perform tasks on our behalf or under our instruction. All such third parties must agree to use the Personal Information we provide to them only the purposes for which we have engaged them and they must either: (a) comply with a mechanism permitted by the applicable EU data protection law(s) for transfers and processing of Personal Information; and (b) agree to provide adequate protections for the Personal Information that are no less protective than those set out in this Privacy Policy. Where we have knowledge that an entity to whom we have provided Personal Information is using or disclosing Personal Information in a manner contrary to this Privacy Policy, we will take reasonable and appropriate steps to prevent, remediate or stop the use or disclosure.

Authorized transfer. We also may disclose Personal Information for other purposes or to other third parties when you have consented to or requested such disclosure. Please be aware that we will disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We are not liable for appropriate onward transfers of Personal Information to third parties.

Data processors. We may retain third parties to process or analyze Personal Information we collect through our Website. For example, a site may be maintained or hosted by a third-party service provider or a promotion may be administered by a sales promotion agency. We take reasonable steps to ensure that these suppliers and other third parties who provide services for us are contractually obligated not to use Personal Information about you except as we authorize. 

Profiling. We may analyze Personal Information we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use Personal Information about you to detect and reduce fraud and credit risk. 

If you are located in the EU, and you are or have been our customer, we may send you marketing communications based on our legitimate interests, subject always to your right to opt out of such communications. Further, if you are located in the EU and the GDPR applies to us, we will not knowingly share your Personal Information with a third party for such third party’s marketing purposes, unless you have specifically consented to us doing so.

You may contact us as indicated below to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances we may charge a reasonable fee for access to your Personal Information. We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected Personal Information, or is someone authorized to act on such person’s behalf. Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

If you believe that our processing of your Personal Information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you may have the right to lodge a complaint with the Data Protection Supervisory Authority of your country.

For purposes of the GDPR, we are a “controller” and you are a “data subject.”


V. Updates, Access, Correction

Updates to this Privacy Policy; Incorporation; Scope

We may, from time to time, unilaterally modify the Privacy Policy without notice to you, so it is important that you review this Privacy Policy every time you use or access the Website. Such modifications by us are effective upon posting to the Website and your access to or use of the Website at any time constitutes acceptance of the Privacy Policy in effect at that time. Our use of Personal Information collected or obtained at any time is subject to the Privacy Policy in effect at the time of such use. 

This Privacy Policy supplements, but does not replace other applicable policies, practices, and privacy notices that may relate to specific business relationships you have with us or to certain products or Services, as described in the applicable privacy notice. At the start of our business relationship with you as a client, we will give you a copy of our privacy notice that applies to that relationship, if applicable. In the event of a conflict between this Privacy Policy and a privacy notice for a specific product or service, the specific product or service privacy notice shall govern.

VI. Contact

Contacting Heybrook 

For clarification or if you have any concerns about the Privacy Policy or requests related to any Personal Information that we collect, use, or share about you, please write to us at hello@theheybrook.com or 10415 NE 37th Cir Building 4, Kirkland, WA 98033, and we will promptly respond.

We will promptly investigate and attempt to respond in a manner that complies with the principles described in this Privacy Policy. 


Embedded Community Box Privacy Policy

In the following Policy,

* "we" refers to Fraction 7, Ltd, makers of Community Box

1. What data we store on your device

We do not store any data on your device.

2. What we track

We monitor activity in, and uploads to, Boxes. This is both to ensure there are no violations of the Terms and Conditions, or in order to comply with requests from law enforcement or other authorised government agencies.

3. What data we store

We store any data that is necessary for the display and processing of a Box (e.g., the box contents themselves, and any settings or customisations that have been made to the Boxes). We also store your contact details so that we can get in touch with you for purposes in connection with the business. We also store usage metrics in order for our internal teams to improve the Community Box experience.

4. What data we share

We are committed to your privacy and we do not share data with any 3rd parties, except in the case of requests from law enforcement and other authorised government agencies.

5. How we process your data

Your data is stored and processed in the form of reports, and real-time monitoring and metrics. These are used internally within our company to allow us to improve our services so we can improve the Community Box user experience.

6. How you can obtain and erase the data we store about you

If you wish to obtain copies of any data we store about you, or for us to erase that data (note that this would imply terminating your account with us), then you can email hello@communitybox.co with the subject line "GDPR request" and we will follow up with you to ascertain what action is required.

Last Updated: July 2024