HEVRON LABS

A Trade Name of Amazing Shine Group, LLC

Doral, Florida 33178, United States

Effective Date: April 26, 2026 | Last Updated: April 26, 2026

This Privacy Policy ("Policy") describes how Amazing Shine Group, LLC, doing business as Hevron Labs ("Hevron Labs", "Company", "we", "us", or "our"), collects, uses, discloses, retains, and protects personal information when you visit hevronlabs.com (the "Website"), engage our professional services, interact with our chatbot, or otherwise communicate with us (collectively, the "Services").

This Policy applies to all visitors, prospective clients, active clients, and authorized representatives ("you" or "your"). It is incorporated by reference into our Terms and Conditions and applies in conjunction with any service-specific agreement.

By accessing the Website, submitting information through any form, interacting with our chatbot, or engaging our Services, you acknowledge that you have read and understood this Privacy Policy.

1. SCOPE AND APPLICABILITY

This Policy applies to personal information collected:

• Through our Website, hevronlabs.com;
• Through our contact, intake, or onboarding forms;
• Through interactions with our AI-powered chatbot;
• Through email correspondence, phone calls, or video meetings;
• Through marketing communications and newsletters;
• Through cookies, pixels, and similar tracking technologies;
• During the course of providing professional Services to clients.

This Policy does NOT apply to: (a) information collected by third-party platforms with separate privacy policies (Meta, Google, Stripe, etc.); (b) data we process on behalf of our clients in our capacity as a service provider/processor (which is governed by separate agreements); or (c) third-party websites linked from our Website.

2. PERSONAL INFORMATION WE COLLECT

We collect the following categories of personal information:

2.1 Information You Provide Directly

Contact Form Data: When you submit our contact form, we collect:

• Full name
• Email address
• Phone number
• Company name
• Type of business or industry
• Message content and inquiry details

Chatbot Interactions: When you interact with our AI-powered chatbot on the Website, we collect:

• The content of your messages and queries
• Any contact information you voluntarily provide during the conversation
• Conversation timestamps and session data
• Responses generated by the AI system

Client Onboarding Data (active clients only): During our engagement, we may additionally collect:

• Business address and tax information
• Billing and payment details (processed through Stripe; we do not store full card numbers)
• Authorized representative information
• Access credentials to platforms you authorize us to manage (Meta Ads Manager, Google Ads, CRM, social media accounts, etc.)
• Brand assets, content, and business strategy information
• Customer or audience data necessary to perform the Services

Marketing Communications: Email addresses and engagement data of active clients who consent to receive newsletters or service updates.

2.2 Information Collected Automatically

When you visit the Website, we automatically collect:

• IP address and approximate geolocation (city/region level);
• Browser type, version, and language settings;
• Device type, operating system, and screen resolution;
• Referring URL and exit pages;
• Pages visited, time spent, and interaction patterns;
• Date and time stamps of visits;
• Unique device identifiers and cookie IDs.

2.3 Information from Third Parties

We may receive information from:

• Advertising platforms (Meta, Google) regarding ad performance and audience interactions;
• Analytics providers (Google Analytics);
• Public business directories and professional networks (e.g., LinkedIn) for prospecting;
• Referral sources who introduce us to prospective clients.

2.4 Sensitive Personal Information

We do NOT intentionally collect sensitive personal information such as Social Security numbers, government-issued IDs, financial account numbers (other than processing through Stripe), health information, biometric data, precise geolocation, racial or ethnic origin, religious beliefs, or sexual orientation. If you submit such information unsolicited, we will delete it.

3. HOW WE USE YOUR INFORMATION

We use personal information for the following business purposes:

3.1 To Provide and Operate the Services

• Respond to inquiries submitted through the contact form or chatbot;
• Provide quotes, proposals, and Service information;
• Onboard new clients and manage active engagements;
• Execute marketing campaigns, automation workflows, and Services authorized by clients;
• Process payments through Stripe;
• Maintain client accounts and provide customer support.

3.2 To Communicate With You

• Send transactional emails (proposals, invoices, project updates);
• Send newsletters, service updates, and marketing communications to active clients who have opted in;
• Respond to your questions, feedback, and complaints;
• Schedule meetings and follow up on consultations.

3.3 To Improve and Personalize the Services

• Analyze Website usage, conversion patterns, and user behavior;
• Improve chatbot responses and AI system performance;
• Refine our methodologies, strategies, and Service offerings;
• Conduct internal research and quality assurance;
• Train and improve our internal AI and automation systems using anonymized or aggregated data.

3.4 For Marketing and Advertising

• Run retargeting campaigns on Meta and Google to website visitors;
• Measure the effectiveness of our advertising campaigns;
• Build lookalike audiences from anonymized client data;
• Identify and reach prospective clients similar to our existing client base.

3.5 For Legal, Security, and Compliance Purposes

• Comply with applicable laws, regulations, court orders, and legal processes;
• Enforce our Terms and Conditions and other agreements;
• Detect, prevent, and address fraud, security incidents, or abuse;
• Protect the rights, property, and safety of Hevron Labs, our clients, and third parties;
• Establish, exercise, or defend legal claims.

4. LEGAL BASIS FOR PROCESSING

We process personal information based on the following legal grounds:

• Contractual necessity: To perform our Services and fulfill agreements with clients;
• Legitimate business interests: To operate, market, and improve our business in ways that do not override your rights;
• Consent: Where required by law (e.g., for marketing communications, certain cookies, or sensitive data);
• Legal obligation: To comply with tax, accounting, anti-fraud, and other legal requirements.

You may withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing prior to withdrawal.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 What We Use

The Website uses the following tracking technologies:

• Google Analytics: Measures website traffic, user behavior, conversion paths, and aggregated demographic information.
• Meta Pixel (Facebook Pixel): Tracks conversions, builds custom audiences, and enables retargeting on Meta's platforms (Facebook and Instagram).
• Google Ads Conversion Pixel: Measures the performance of our Google Ads campaigns and enables remarketing.
• Essential Cookies: Required for the Website's basic functionality, security, and chatbot operation.
• Functional Cookies: Remember your preferences and settings.

5.2 How These Technologies Work

These tools collect information such as your IP address, device identifiers, pages viewed, time spent on the Website, conversion events, and interaction patterns. This data is shared with the respective providers (Google LLC and Meta Platforms, Inc.) and is governed by their own privacy policies.

5.3 Your Cookie Choices

You can control cookies through:

• Browser settings: Most browsers allow you to block or delete cookies. Note that essential cookies are required for the Website to function properly.
• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
• Google Ads settings: https://adssettings.google.com
• Meta Ads preferences: https://www.facebook.com/ads/preferences
• Industry opt-out tools: http://optout.aboutads.info (Digital Advertising Alliance) and http://optout.networkadvertising.org (Network Advertising Initiative).

For comprehensive cookie information, please review our Cookie Policy (when available).

5.4 Do Not Track Signals

Our Website does not currently respond to "Do Not Track" (DNT) browser signals due to the absence of an industry standard. We will update this Policy when standards are established.

5.5 Global Privacy Control (GPC)

For California residents, we honor opt-out preference signals such as the Global Privacy Control (GPC) as a valid request to opt out of the sale or sharing of personal information.

6. AI CHATBOT NOTICE

Our Website features an AI-powered chatbot. By interacting with the chatbot, you acknowledge that:

• Your messages are processed by automated artificial intelligence systems;
• Conversation transcripts may be stored and reviewed for quality assurance, training, and Service improvement purposes;
• The chatbot may collect any personal information you voluntarily provide during the conversation;
• AI-generated responses are informational only and do not constitute professional advice or a binding offer of Services;
• You should not submit sensitive personal information, financial account details, or confidential information through the chatbot.

You may discontinue chatbot interactions at any time and contact us directly through hello@hevronlabs.com.

7. HOW WE SHARE PERSONAL INFORMATION

We do NOT sell your personal information for monetary consideration. We share personal information only as described below:

7.1 Service Providers and Processors

We share information with trusted third-party vendors who perform services on our behalf, including:

• Stripe, Inc. — payment processing
• Google LLC — analytics, advertising, email infrastructure (Workspace), cloud services
• Meta Platforms, Inc. — advertising and pixel tracking
• Hosting and infrastructure providers — Website hosting, file storage, backups
• Email service providers — transactional and marketing email delivery
• CRM and project management tools — internal client management
• AI and chatbot infrastructure providers — for chatbot operation

These vendors are contractually obligated to use the information only as necessary to provide their services and to maintain appropriate security safeguards.

7.2 Business Transfers

If Hevron Labs is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of the transaction, subject to standard confidentiality protections.

7.3 Legal Disclosures

We may disclose personal information when required to:

• Comply with applicable laws, subpoenas, court orders, or governmental requests;
• Enforce our Terms and Conditions and other agreements;
• Investigate and prevent fraud, security incidents, or illegal activity;
• Protect the rights, property, or safety of Hevron Labs, our clients, employees, or the public;
• Establish, exercise, or defend legal claims.

7.4 Affiliates and Professional Advisors

We may share information with our owners, accountants, attorneys, insurers, and consultants who are bound by confidentiality obligations.

7.5 With Your Consent

We may share information for any other purpose with your express consent.

7.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data (which cannot reasonably be used to identify you) with third parties for any purpose, including industry research, marketing, and Service improvement.

8. DATA RETENTION

We retain personal information only as long as necessary for the purposes described in this Policy, including:

• Prospective client inquiries: Up to 24 months after last contact, unless extended by ongoing communication;
• Active client data: For the duration of the engagement and up to 7 years thereafter for tax, accounting, audit, and legal compliance;
• Marketing communications data: Until you unsubscribe, plus a reasonable suppression period to honor your opt-out;
• Chatbot transcripts: Up to 12 months for quality assurance and improvement, unless deletion is requested;
• Website analytics data: According to Google Analytics and Meta default retention periods (typically 14–26 months);
• Financial records: As required by federal and state tax law (typically 7 years);
• Legal hold data: Indefinitely, until the legal matter is resolved.

After applicable retention periods, we securely delete, anonymize, or de-identify personal information.

9. DATA SECURITY

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include:

• Encryption in transit (TLS/SSL) for data submitted through the Website;
• Access controls and authentication for internal systems;
• Limited access on a need-to-know basis;
• Use of reputable third-party processors with their own security certifications;
• Regular review of our security practices.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any credentials we provide and for promptly notifying us of any suspected unauthorized access.

In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

10. YOUR PRIVACY RIGHTS

10.1 Rights Available to All Users

Regardless of your location, you may:

• Request access to the personal information we hold about you;
• Request correction of inaccurate or incomplete information;
• Request deletion of your information (subject to our legitimate retention obligations);
• Withdraw consent for marketing communications by clicking "unsubscribe" in any marketing email or contacting us at hello@hevronlabs.com;
• Object to specific processing activities.

To exercise these rights, contact us at hello@hevronlabs.com with the subject line "Privacy Rights Request." We will verify your identity before fulfilling the request and will respond within the timeframes required by applicable law (typically 30–45 days).

10.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have the following rights under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, used, disclosed, or sold/shared in the preceding 12 months.
• Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell personal information for monetary value. However, our use of advertising cookies (Meta Pixel, Google Ads) may constitute "sharing" under CPRA. You may opt out by emailing hello@hevronlabs.com or by enabling Global Privacy Control (GPC) on your browser.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information for purposes that would trigger this right.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Designate an Authorized Agent: You may designate an agent to make requests on your behalf, with proper verification.

California Categories Disclosure (Past 12 Months):

Category

Collected

Purpose

Disclosed To

Identifiers (name, email, phone, IP, cookie IDs)

Yes

Service delivery, marketing, analytics

Service providers, advertising platforms

Customer records (company, billing)

Yes

Service delivery, billing

Service providers, payment processor

Commercial information (Services purchased)

Yes

Service delivery, accounting

Service providers, accountants

Internet activity (browsing, interactions)

Yes

Analytics, advertising, improvement

Analytics and advertising providers

Geolocation (approximate, IP-based)

Yes

Analytics, fraud prevention

Service providers

Professional/employment information

Yes

Service delivery, prospecting

Service providers

Inferences (preferences, behavior)

Yes

Marketing, personalization

Service providers, advertising platforms

10.3 Other U.S. State Privacy Rights

Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, delete, correct, and opt out of certain processing. To exercise these rights, contact hello@hevronlabs.com.

10.4 Florida Digital Bill of Rights

Florida residents may have specific rights under the Florida Digital Bill of Rights, including the right to access, correct, delete, and opt out of certain data processing. Contact hello@hevronlabs.com to exercise these rights.

10.5 How to Submit a Request

To exercise any of these rights, contact us at:

• Email: hello@hevronlabs.com (subject line: "Privacy Rights Request")
• Mail: Amazing Shine Group, LLC, d/b/a Hevron Labs, Doral, Florida 33178

We will require verification of your identity (typically by confirming details of prior interactions). We will respond within the timeframes required by applicable law.

11. MARKETING COMMUNICATIONS AND OPT-OUT

We send marketing emails only to active clients who have consented or have an existing business relationship. You may opt out at any time by:

• Clicking the "unsubscribe" link in any marketing email;
• Replying to any marketing email with "STOP" or "UNSUBSCRIBE";
• Emailing hello@hevronlabs.com.

Opt-out requests are processed within 10 business days, in compliance with the CAN-SPAM Act. Even after opting out, we may continue to send transactional or service-related communications (invoices, project updates, legal notices).

For SMS or text-message marketing (where applicable), opt-out is available by replying "STOP" to any text message, in compliance with the Telephone Consumer Protection Act (TCPA).

12. CHILDREN'S PRIVACY

The Services are intended exclusively for businesses and professionals over the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in certain jurisdictions). If you believe a child has provided us with personal information, please contact hello@hevronlabs.com and we will promptly delete it. This Policy and the Services comply with the Children's Online Privacy Protection Act ("COPPA").

13. INTERNATIONAL DATA TRANSFERS

Hevron Labs is based in the United States, and your information is processed in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States, where data protection laws may differ from those in your jurisdiction.

14. THIRD-PARTY LINKS AND SERVICES

The Website may contain links to third-party websites, services, or applications that are not operated by Hevron Labs. This Policy does not apply to such third parties. We are not responsible for the privacy practices, content, or security of third-party services. We encourage you to review the privacy policies of any third party before providing them with personal information.

15. DATA WE PROCESS ON BEHALF OF CLIENTS

When providing Services to clients, Hevron Labs may process personal data belonging to the client's customers, leads, or end users (e.g., audience data uploaded to ad platforms, CRM records, lead form submissions). In such cases:

• The client acts as the data controller / business;
• Hevron Labs acts as the data processor / service provider;
• The processing is governed by the client's privacy policy and the agreement between the client and Hevron Labs;
• The client is responsible for obtaining all required consents, providing required notices, and complying with applicable privacy laws (including CCPA/CPRA, GDPR, HIPAA, COPPA, and similar);
• Where required by law, the parties shall execute a separate Data Processing Addendum.

This Privacy Policy does not govern such third-party data processing. End users with privacy questions about data processed by us on a client's behalf should contact the client directly.

16. CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Material changes will be communicated by posting the updated Policy on the Website with a revised "Last Updated" date and, where reasonably practicable, by direct notice to active clients. Continued use of the Website or Services after changes take effect constitutes acceptance of the updated Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your information.

17. CONTACT INFORMATION

For questions, concerns, or formal privacy requests regarding this Policy or our data practices, please contact:

Hevron Labs A trade name of Amazing Shine Group, LLC Doral, Florida 33178, United States

Email: hello@hevronlabs.com Subject line for privacy requests: "Privacy Rights Request" Website: www.hevronlabs.com

We are committed to addressing your concerns and resolving privacy matters promptly and transparently.

© 2026 Amazing Shine Group, LLC d/b/a Hevron Labs. All Rights Reserved.