Privacy Policy

AllHaste LLC.

Effective Date: June 20, 2026 · Last Updated: June 20, 2026

1. Introduction

This Privacy Policy explains how AllHaste LLC. ("we," "us," or "our") collects, uses, discloses, and protects personal information when you visit, use, or make a purchase from https://allhaste.com (the "website"). By accessing or using the website, you acknowledge that you have read and understood this Privacy Policy.

2. Table of Contents

Introduction
Table of Contents
Information We Collect
How We Use Your Information
Legal Bases for Processing
How We Share Your Information
Third-Party Services
Cookies and Tracking Technologies
Data Retention
Data Security
International Data Transfers
Your Privacy Rights
Children's Privacy
Changes to This Policy
Contact Us

3. Information We Collect

We collect personal information you provide directly to us, information collected automatically through your use of the website, and information from third-party sources.

3.1 Information You Provide Directly

Information you provide when creating an account, making a purchase, or contacting us.

3.2 Information Collected Automatically

Device and technical data — IP address, browser type and version, operating system, device identifiers, time zone, language, screen size
Usage data — pages visited, time spent, links clicked, referring URLs, session duration
Log data — server logs, error reports, diagnostic information

4. How We Use Your Information

We use personal information for the following purposes:

To provide, operate, and maintain the website
To communicate with you about the website, including important notices, updates, and support
To improve, personalize, and develop the website
To understand usage patterns and conduct analytics
To detect, prevent, and address fraud, security issues, and technical problems
To comply with legal obligations and enforce our terms

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under GDPR Article 6:

Consent (Art. 6(1)(a)) — where you have given clear consent for specific purposes, such as marketing emails or non-essential cookies. You may withdraw consent at any time.
Contract (Art. 6(1)(b)) — where processing is necessary to provide the website, fulfill orders, or respond to your requests.
Legal Obligation (Art. 6(1)(c)) — where processing is required by applicable law (tax, accounting, fraud prevention).
Legitimate Interests (Art. 6(1)(f)) — where we have a legitimate business interest that is not overridden by your rights (e.g., improving our service, preventing fraud, network security).

We do not sell personal information in the traditional sense. We share personal information with the following categories of recipients:

Service providers — vendors and contractors who perform services on our behalf under contractual confidentiality obligations (see Section 7)
Professional advisors — lawyers, auditors, accountants, consultants bound by confidentiality
Legal and regulatory authorities — when required by law, subpoena, court order, or to protect rights and safety
Business transfers — in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets
With your consent — for any other purpose disclosed at the time we request your consent

6.1 Categories of Information Sold or Shared (CCPA Disclosure)

In the 12 months preceding the effective date, we have not sold or shared personal information for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA.

7. Third-Party Services

We use the following third-party services to operate the website. Each service has its own privacy policy governing how they handle personal information.

CDN, Security & Infrastructure

| Service | Purpose | Data Shared | Privacy Policy

Cloudflare Cloudflare, Inc. | Content delivery and security | IP address, browser data, traffic logs | View

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods depend on:

Account data — retained while your account is active and for a reasonable period afterward for record-keeping, legal, or security purposes
Marketing data — retained until you unsubscribe or withdraw consent
Technical logs — typically retained for a limited period (30-90 days) for security and debugging
Backups — data in backups is deleted according to our backup rotation schedule

When we no longer need your personal information, we securely delete or anonymize it. You may request earlier deletion as described in Section 12.

10. Data Security

We implement appropriate administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

Encryption in transit (TLS/HTTPS) for data transmitted over the internet
Access controls limiting personnel access to personal information on a need-to-know basis
Regular security assessments and vulnerability management
Logging and monitoring for suspicious activity
Employee confidentiality agreements and security training

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.

11. International Data Transfers

We operate globally and may transfer your personal information to countries other than your country of residence, including to the United States, where data protection laws may differ from those in your country. When we transfer personal information internationally, we rely on appropriate legal mechanisms:

Adequacy decisions — where the European Commission or UK ICO has determined the destination country provides adequate protection
Standard Contractual Clauses (SCCs) — European Commission-approved clauses, including the UK International Data Transfer Addendum where applicable
Supplementary measures — additional technical or organizational measures where required post-Schrems II
Your consent — where you explicitly consent to the transfer after being informed of risks

12. Your Privacy Rights

Your rights depend on where you are located. Below we describe rights under major privacy laws. To exercise any of these rights, contact us at [email protected]. We will verify your identity before responding and will respond within the timeframes required by applicable law.

The General Data Protection Regulation applies to all businesses processing personal data of EEA residents, regardless of the business's location.

If you are a resident of European Economic Area, you have the following rights:

Right to Access (Art. 15) — Request a copy of the personal data we hold about you, along with information about how it's used.
Right to Rectification (Art. 16) — Request correction of inaccurate or incomplete personal data.
Right to Erasure / 'Right to be Forgotten' (Art. 17) — Request deletion of your personal data when it's no longer necessary, you withdraw consent, or the processing is unlawful.
Right to Restrict Processing (Art. 18) — Request that we limit how we use your data in certain circumstances.
Right to Data Portability (Art. 20) — Receive your personal data in a structured, machine-readable format and transmit it to another controller.
Right to Object (Art. 21) — Object to processing based on legitimate interests or for direct marketing purposes.
Right not to be subject to Automated Decision-Making (Art. 22) — Not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
Right to Lodge a Complaint — File a complaint with your local data protection authority (DPA). Find yours at edpb.europa.eu.

Response time: one month (may extend to three months for complex requests)

Post-Brexit, the UK retained GDPR principles under the UK-GDPR and Data Protection Act 2018. Rights mirror EU GDPR with the UK ICO as the enforcement authority.

If you are a resident of United Kingdom, you have the following rights:

Right to be Informed — Know what data is collected and how it's used.
Right of Access — Request a copy of your personal data.
Right to Rectification — Correct inaccurate data.
Right to Erasure — Request deletion of your data.
Right to Restrict Processing — Limit how your data is processed.
Right to Data Portability — Receive and transfer your data.
Right to Object — Object to certain processing.
Rights related to Automated Decision-Making — Challenge automated decisions that affect you.

Response time: one month

Supervisory authority: Information Commissioner's Office (ICO) — ico.org.uk

12.3 🇺🇸 CCPA/CPRA (California) — California, USA

The California Consumer Privacy Act as amended by the California Privacy Rights Act (CPRA) grants California residents extensive privacy rights. It applies to for-profit businesses meeting certain thresholds.

If you are a resident of California, USA, you have the following rights:

Right to Know — Know what categories of personal information we collect, the sources, business purposes, and to whom we disclose it. You may request this information twice per 12-month period.
Right to Delete — Request deletion of personal information we've collected from you, subject to certain exceptions (fulfilling transactions, legal compliance, security).
Right to Correct (CPRA) — Request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing — Direct us not to sell or share your personal information with third parties. We honor Global Privacy Control (GPC) signals.
Right to Limit Use of Sensitive Personal Information (CPRA) — Limit our use of sensitive data (SSN, precise geolocation, race, religion, health, sexual orientation, genetic/biometric, communications content) to what is necessary.
Right to Non-Discrimination — Not be discriminated against for exercising your CCPA rights (no denial of service, different prices, or reduced quality).
Right to Data Portability — Receive your data in a readily usable format.

Response time: 45 days (one-time 45-day extension possible)

Supervisory authority: California Privacy Protection Agency (CPPA) and Attorney General

12.4 🇺🇸 CalOPPA (California Online Privacy Protection Act) — California, USA

CalOPPA requires commercial websites collecting personally identifiable information from California residents to post a conspicuous privacy policy.

Required disclosures:

Clearly identify categories of PII collected
Identify categories of third parties with whom PII may be shared
Describe the process for reviewing and updating PII (if any)
Describe the process for notifying users of material policy changes
Effective date of the policy
Response to Do Not Track signals

12.5 🇺🇸 CPA (Colorado) — Colorado, USA

The Colorado Privacy Act provides consumer rights similar to VCDPA, with additional opt-out mechanism requirements.

If you are a resident of Colorado, USA, you have the following rights:

Right to Access — Confirm processing and access personal data.
Right to Correct — Correct inaccuracies.
Right to Delete — Delete personal data.
Right to Data Portability — Portable copy of data.
Right to Opt-Out — Opt out of targeted advertising, sale, and profiling via Universal Opt-Out Mechanism (UOOM).

Response time: 45 days

Supervisory authority: Colorado Attorney General

12.6 How to Exercise Your Rights

To submit a privacy rights request:

Email [email protected] with your request
Include enough information for us to verify your identity
Specify the right(s) you wish to exercise
Provide details about the request (e.g., specific data to delete, information to correct)

If we are unable to verify your identity, we may request additional information. If you use an authorized agent, we may require written authorization and verification.

Appeals: If we deny your request, you may appeal our decision. In certain US states (Virginia, Colorado, Connecticut), you have a statutory right to appeal within a specified time.

13. Children's Privacy

The website is not directed to children under 13 (or under 16 in the European Economic Area and UK). We do not knowingly collect personal information from children below these ages without verifiable parental consent. If we learn that we have collected personal information from a child without parental consent, we will delete it promptly.

If you believe we may have collected information from a child without consent, please contact us at [email protected].

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. When we make material changes, we will:

Update the "Last Updated" date at the top of this Privacy Policy
Notify registered users via email if the changes are significant
Post a prominent notice on the website for non-registered users
Where required by law, obtain your renewed consent before applying the new practices to previously collected data

Continued use of the website after changes take effect constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: