Privacy Policy

Introduction

Since Joy Loyalty is a product of Avada Commerce, Inc., we will use Avada Commerce, Inc. as the representative for Joy in related cases. This privacy policy outlines how Avada Commerce, Inc. ("Avada", “we” or “us”) handle information from End Users ("you") of our website and the information we collect for clients using our services.

Avada participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We take responsibility for personal data received and subsequently transferred to third parties. We maintain this responsibility unless we can prove we're not responsible for any event causing damage to data protection.

This policy applies only to services directly under Avada's control. Third-party services operate independently, and we are not responsible for their privacy practices. Note that additional service agreements may take precedence over this policy where differences exist.

What information we work with?

Information Collection

When you interact with our site, we collect and store various types of information necessary for service provision and improvement. This includes personal information you actively provide, such as your name, mailing address, phone number, and email address, as well as company information and colleague details when applicable. We also automatically gather information about your site usage, including pages viewed and other interactions, through our system.

Our information collection extends to technical data about your device and connection. This encompasses statistics about page views, traffic patterns, referral sources, IP addresses, and device identifiers. We also maintain records of your browsing history and transaction history within our platform to enhance your user experience and improve our services.

Cookies and Tracking Technologies

Our Site employs cookies and similar tracking technologies to enhance your browsing experience. These technologies consist of alphanumeric identifiers transferred to your computer through your web browser. They help us recognize your browser and understand how our site is used, but they do not collect personal information. We maintain a strict separation between cookie data and personal information, never combining these data sources to protect your privacy.

Third-party advertising partners may use similar technologies on our site to provide advertisements on other websites. These partners may collect information about your online activities over time and across different websites to provide you with interest-based advertising. While we do not knowingly share personally identifying information with these entities, they may, through other data sources, develop the ability to identify users independently.

End User Information Management

In providing our Services to clients, we collect specific types of customer information limited to interaction data, purchase patterns, and product views. We explicitly exclude collection of sensitive information such as customer emails, credit card details, addresses, or any other personally identifiable information (PII). This approach allows us to provide valuable insights while protecting individual privacy.

Our data retention policies are structured to maintain information only as long as necessary for service provision and compliance requirements. Cookies placed on our clients' websites expire after three years, with expiration dates updating upon server interaction. We maintain standard web logs for 5 years after site visits, while aggregated reports and analytics may be retained for up to 10 years to support long-term business intelligence needs.

How We Manage Data

Protection Methods

We implement comprehensive security measures to protect your information. All account information is secured behind password protection and enhanced with additional security measures. During data transmission, we employ encryption technology to protect information in transit. We strictly limit employee access to personal information, providing access only to those who need it to perform specific job functions.

While we employ commercially reasonable security measures to protect information in our care, we must acknowledge that no security system is impenetrable. We cannot guarantee absolute protection against unauthorized access, disclosure, or destruction of information, despite our best efforts and security practices.

Data Usage and Information Sharing

Your information serves several important purposes in our service delivery. We use collected data to personalize your experience, improve our services, fulfill information requests, analyze usage trends, and maintain communication with users. This information helps us understand how our services are used and how we can better serve our user community.

There are specific circumstances under which we may share information with third parties. We may partner with affiliated businesses for certain transactions, requiring limited data sharing. We engage service providers for functions such as billing, payment processing, marketing assistance, and customer service, providing them only the information necessary to perform their functions. During business transitions such as mergers or acquisitions, user information may transfer to new ownership. We may also release information when required by law or to protect rights and safety.

Your Rights and Control

We believe in providing you control over your personal information. You can access, update, or request deletion of your personal information by contacting us at privacy@avada.io. Account deactivation options are available through our site, though some information may remain in our records after account closure for legal and operational purposes.

Special protections and rights apply to certain users. California residents may request specific information about how their data is shared with third parties. EU and Swiss residents receive additional protections under the Privacy Shield Framework. While our services are not intended for users under 18, we maintain specific protocols to handle any inadvertently collected information from minors.

Dispute Resolution Process

We take privacy concerns seriously and have established a comprehensive dispute resolution process. Initial concerns should be directed to privacy@avada.io, where our team will investigate and respond within 30 days. For unresolved issues, we participate in the BBB EU PRIVACY SHIELD program, providing an independent dispute resolution mechanism. Under certain circumstances, binding arbitration options are available through the Privacy Shield Panel.

For privacy inquiries or concerns, please contact us at:

Avada Commerce Inc. 651 N Broad St, Suite 206 Middletown, DE 19709 Email: privacy@avada.io

This policy may be updated periodically to reflect changes in our practices or legal requirements. Continued use of our services following any changes constitutes acceptance of the updated policy.