Skip to main content

PRIVACY & DATA PROTECTION POLICY

Effective 1 July 2025 – Replaces all prior versions

1 WHO WE ARE

Region Role Legal Entity & Address Contact
United States Data Controller Highly Persuasive LLC
7311 W Hwy 326, Ocala FL 34482		 [email protected]
Thailand Joint Controller DBA Highly Persuasive
248/12 Moo 3 Taling Ngam
Koh Samui, Surat Thani 84310		 [email protected]
Data Protection Officer Michael Lynch

We serve customers worldwide, with primary focus on United States, Canada, Australia, and Thailand. We do not deliberately target or monitor individuals in the EU/EEA or United Kingdom.

2 SCOPE & GOVERNING LAW

This Policy governs all personal data we process, online or offline. We comply with:

  • U.S. federal law (FTC Act, CAN-SPAM, COPPA) and applicable state privacy statutes (CCPA/CPRA – CA; VCDPA – VA; CPA – CO; CTDPA – CT; UCPA – UT; TDPSA – TX).
  • Canada – PIPEDA and Québec Law 25.
  • Australia – Privacy Act 1988 & Australian Privacy Principles; Spam Act 2003.
  • Thailand – PDPA B.E. 2562.

When laws conflict, we apply the higher-protection standard for the individual.

3 KEY DEFINITIONS

  • Personal Data (PD) – information that identifies or can reasonably be linked to an individual.
  • Sensitive PD – race/ethnicity, biometrics, precise geolocation, children’s data, etc.
  • Non-Personal Data (NPD) – anonymized or aggregated data that cannot be re-identified.
  • Processing – any operation on PD (collection, storage, use, disclosure, deletion).
  • Visitor/Member/User – anyone who browses, registers, or transacts on our site.

4 WHAT WE COLLECT & WHY

Category Examples Legal Basis* Purpose
Identity name, title, company Contract; Legitimate Interest Onboarding, authentication
Contact email, phone, postal address Contract; Consent Support, project delivery
Payment masked card data (Stripe/PayPal) Contract; Legal Obligation Billing, fraud prevention
Behaviour IP, device ID, session recordings (Hotjar) Legitimate Interest UX optimisation, security
Marketing cookie IDs, campaign tags Consent Analytics, remarketing
Sensitive processed only with explicit consent or legal duty Consent; Legal Obligation Compliance, hiring

*PDPA §24; PIPEDA principles; APP 6; CPRA §1798.100

We do not knowingly collect data from anyone under 16; if discovered, we erase it immediately.

5 AI & AUTOMATED TOOLS

We employ narrow-purpose AI (chatbots, copy-suggestion engines, lead scoring). Any outcome that materially affects you is human-reviewed before action. We do not use facial recognition, emotion inference, or other high-risk AI systems.

6 COOKIES & TRACKING

We load first- and third-party cookies only after opt-in via our banner:

  • Strictly Necessary
  • Performance (e.g. Google Analytics 4)
  • Functional (e.g. chat preferences)
  • Advertising/Remarketing (e.g. Meta Pixel, Google Ads)

Full details & retention: highlypersuasive.com/cookies. Consent can be withdrawn anytime.

7 HOW WE USE DATA

  • Deliver products & services you request
  • Personalise site content & marketing
  • Improve usability, performance & security
  • Send transactional notices, newsletters, promotions (opt-out anytime)
  • Detect, investigate & prevent fraud or abuse
  • Comply with legal, tax & audit obligations

We never sell personal data for profit.

8 DATA RETENTION

Dataset Trigger Retention Period Hard-Delete
Contracts & invoices last transaction 7 years (tax) +1 year
Marketing IDs last interaction 26 months on request
AI logs model cycle ≤12 months aggregated thereafter
Job applications final decision 12 months on request

9 YOUR RIGHTS

United States (State-specific)

Access, deletion, correction, opt-out of sale/share & targeted ads, limit sensitive PD. Exercise via [email protected].

Canada (PIPEDA / Law 25)

Access, correction, withdraw consent, challenge compliance; complaint to OPC.

Australia (APPs)

Access, correction, withdraw consent; complaint to OAIC.

Thailand (PDPA)

Access, portability, rectification, erasure, consent withdrawal; response within 30 days (plus 15-day extension).

10 DATA SECURITY

  • TLS 1.3 + HSTS (12 months)
  • AES-256 encryption at rest (AWS us-east-1, ap-southeast-1)
  • Role-based access controls; MFA for staff
  • Annual penetration testing; 24/7 intrusion monitoring

Breach notification

  • U.S. states: within 30–45 days per state law
  • Canada: “as soon as feasible” (PIPEDA)
  • Australia: ≤30 days (NDB Scheme)
  • Thailand: regulator & individuals within 72 hours (PDPA)

11 INTERNATIONAL TRANSFERS

Data is stored & processed in the United States and Thailand. For Canada & Australia, we rely on contractual safeguards (DPAs, encryption, access controls) and take reasonable steps to ensure overseas recipients protect PD in line with home-country standards.

12 DISCLOSURE & SHARING

  • With vetted sub-processors under DPA-compliant contracts (live list online)
  • To comply with subpoenas, court orders or lawful requests
  • In mergers & acquisitions, with notice
  • To detect/prevent fraud, security incidents or imminent harm

No third-party direct marketing without your express consent.

13 EMAIL, SMS & CALLS

  • U.S. – CAN-SPAM, TCPA compliance (clear opt-out; no autodialed sales calls without consent)
  • Canada – CASL: express opt-in; no pre-checked boxes
  • Australia – Spam Act 2003: express consent; unsubscribe within 5 days

Transactional/service messages remain unaffected.

14 DO-NOT-TRACK & GLOBAL PRIVACY CONTROL

We honor the Global Privacy Control (GPC) signal for U.S. residents. Browser “DNT” headers are not acted upon.

15 CHILDREN’S PRIVACY

Our services are not directed at minors under 16. We do not knowingly collect their data; parents may request deletion via [email protected].

16 LIMITATION OF LIABILITY

Except as prohibited by law, Highly Persuasive’s total liability under this Policy shall not exceed US $100 or the amount you paid us in the previous 12 months, whichever is greater.

17 CHANGES TO THIS POLICY

Material updates appear at highlypersuasive.com/privacy and, where required, you’ll receive 30 days’ advance email notice.

18 QUESTIONS OR COMPLAINTS

Contact [email protected] or your local regulator:

  • U.S. state Attorney-General
  • Office of the Privacy Commissioner of Canada
  • Office of the Australian Information Commissioner
  • Thailand’s Personal Data Protection Committee (PDPC)

Last reviewed: 15 June 2025.

Close Menu

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None