ThriveSerene Privacy Policy

Company/Trading Name: ThriveSerene (operated by an individual)
Owner: Yoav
Website: https://thriveserene.com

Effective Date: September 19, 2025 Last Updated: September 19, 2025

1. Scope & Acceptance

  1. This Privacy Policy explains how we collect, use, share, secure, retain, and transfer personal information when you visit our Site or purchase our digital products (the Services).
  2. By using the Services, you agree to this Policy; if you do not agree, discontinue use.
  3. This Policy is incorporated into our Terms of Service.

2. Roles & Definitions

  1. Controller: ThriveSerene (Israel) for personal information we collect directly.
  2. Personal Information means information relating to an identified or identifiable individual.
  3. Processing means any operation on personal information (collection, storage, use, disclosure, deletion, etc.).
  4. We act as controller for data we collect, and independent or joint controller with certain third parties where their tools collect directly (e.g., payment providers).

3. Information We Collect

  1. You provide: name (or alias), email, billing details, purchase information, support messages, and any content you send us.
  2. Automatic: device data, IP address, general location (city/region), pages viewed, timestamps, error logs, and anti-fraud indicators (e.g., unusual download patterns).
  3. From third parties: payment/checkout providers, email service providers, security/anti-fraud vendors, and dispute/chargeback platforms (e.g., transaction confirmations, risk scores, dispute outcomes).
  4. Cookies & similar tech: we use strictly necessary cookies (operation, security, licensing). If/when enabled, we also use functional/analytics cookies. We will request consent for non-essential cookies where required by law and provide controls to manage choices.

4. How We Use Data & Legal Bases (GDPR/UK GDPR)

  1. Contract: to take and fulfill orders, deliver digital content, manage access links, and provide support.
  2. Legitimate interests: to secure the Services, prevent fraud/piracy (including download/device limits), improve performance, and maintain accurate records.
  3. Legal obligations: tax, accounting, compliance, and responding to lawful requests.
  4. Consent (where required): email marketing, non-essential cookies, and certain international transfers when consent is the chosen basis.

5. Sharing & Disclosure

  1. Service providers/Processors: hosting, email delivery, analytics (if enabled), customer support tools, and logistics for digital deliverybound by contracts to handle data lawfully and securely.
  2. Payment providers: (e.g., Shopify Payments/PayPal or equivalent) typically act as independent controllers; we do not receive full card data.
  3. Security/anti-fraud: limited sharing to investigate abuse, piracy, or chargeback fraud and to protect users and our platform.
  4. Legal: disclosures to comply with law, court orders, or to protect our rights, security, users, or the public.
  5. No sale/share: we do not sell or share personal information for cross-context behavioral advertising as defined by the CPRA. If this changes, we will update this Policy and honor applicable opt-out rights.

6. International Transfers

  1. We operate from Israel and may process data in other countries using reputable vendors.
  2. For EEA/UK users, where required, we rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and, for the UK, the IDTA or UK Addendum.
  3. Note: The EU recognises Israel as providing an adequate level of protection, permitting transfers from the EEA to Israel without additional transfer tools.

7. Security

  1. We implement administrative, technical, and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction.
  2. Access to personal information is limited to authorized personnel and vetted vendors with a need-to-know.
  3. We monitor for suspicious activity and may restrict access temporarily (e.g., link/device limits) to protect users and the platform.
  4. Where required by law, we will notify authorities and/or affected individuals of certain security incidents.

8. Retention

  1. We keep personal information only as long as reasonably necessary for the purposes described (including legal/accounting obligations) and then delete or de-identify it.
  2. Examples:
    1. Purchases/invoices: kept for statutory accounting/tax periods;
    2. Security/access logs: kept for a limited period to detect and investigate abuse;
    3. Marketing records: kept until you opt out or withdraw consent.

9. Your Rights & How to Exercise Them

  1. EEA/UK (GDPR/UK GDPR): right of access, rectification, erasure, restriction, portability, and objection; right to withdraw consent where applicable. We aim to respond within one month (may extend by up to two months for complex/volume requests and will notify you within the first month if extended).
  2. US State Privacy Laws (e.g., CA/CO/CT/VA/UT/OR/TX/DE, etc.): rights to know/access, delete, correct, and to opt-out of sale/share or targeted advertising (where applicable). We typically respond within 45 days (may extend once by 45 days with notice). If we deny a request, you may appeal by emailing us with Appeal in the subject.
  3. Israel (PPL, incl. Amendment 13): rights include access and correction of data in a registered database; the law and guidance continue to evolve following Amendment 13 (in force Aug 14, 2025).
  4. Submitting requests: email support@thriveserene.com with the right youre invoking and your jurisdiction; we may verify your identity (e.g., order ID, email confirmation). We do not discriminate for exercising rights.

10. Preference Signals (GPC) & Cookies

  1. Where legally required (e.g., California), we honor the Global Privacy Control (GPC) opt-out signal for sale/share or targeted advertising. We may choose to honor it more broadly as a good-faith practice.
  2. Non-essential cookies/analytics (if enabled) are used only with your consent in jurisdictions that require it; consent can be withdrawn at any time via the banner or browser settings.

11. Children

  1. Our Services are not directed to children under 13 and we do not knowingly collect their data.
  2. Purchases are restricted to adults (18+) or 1617-year-olds with parental/guardian consent (see Terms of Service).
  3. EEA/UK note: child consent thresholds vary by country (often 1316, default 16); where consent is relied upon for information-society services, parental authorization may be required below the set age.

12. Automated Decision-Making

  1. We do not make decisions with legal or similarly significant effects based solely on automated processing.
  2. We may use automated anti-fraud signals to flag suspicious behavior; any access-limitation decision can be reviewed upon request.

13. Data Integrity & Minimization

  1. We collect only what we need for stated purposes and take steps to keep data accurate and up to date.
  2. You are responsible for providing accurate contact and order information.

14. International Representatives & Complaints

  1. EU/UK representatives: If we are required to appoint an EU/UK representative under GDPR Art. 27/UK GDPR, we will publish their details here; designation does not limit our responsibilities.
  2. Supervisory authorities: You may lodge a complaint with your local data-protection authority. We encourage contacting us first so we can try to resolve your concern promptly.

15. Changes to this Policy

  1. We may update this Policy from time to time; the Last Updated date shows the current version.
  2. Material changes will be posted on the Site. Continued use after changes constitutes acceptance.

16. Contact

  1. Email: yoavman997@gmail.com
  2. Postal/Registered address: will be published once available; until then, contact us by email for privacy requests or complaints.
Back to Legal hub Back to site