Ghexoranuz

Legal & privacy

Privacy Policy

This document sets out who we are, what personal data we may process, why we do it, how long we keep it, and which rights and controls you can exercise. It is written to meet expectations under the GDPR, UK data protection law, and similar frameworks where you live.

Document date (dynamic)

Scope and commitment

We are committed to protecting personal data and to describing our practices in plain language. This Privacy Policy applies to the website and related services published by Ghexoranuz at the domain ghexoranuz.world, including the contact and informational pages you may use, and to email or other off-site communications you initiate with the contact details we publish, when those messages relate to the same relationship.

Where we use terms such as “processing,” “personal data,” “controller,” and “processor,” we intend them in the sense of the General Data Protection Regulation (EU) 2016/679 and the UK General Data Protection Regulation, unless local law in your country defines them differently, in which case the local meaning applies where it extends your protections.

The site is primarily informational. It is not a medical, therapeutic, or emergency service, and the way we use data is aligned with that limited purpose.

Data controller and how to reach us

The data controller for personal data covered by this policy is Ghexoranuz, with its principal contact address at 518A Castro St, San Francisco, CA 94114, United States. For all privacy and data protection inquiries, you may use the same channel as general correspondence:

Email: touch@ghexoranuz.world
Phone: +1 415-255-2720

If you are in the EEA, UK, or Switzerland and you wish to raise a matter with a supervisory authority, you may do so in the member state of your habitual residence, place of work, or the place of an alleged infringement. We will not retaliate against you for contacting a regulator.

Categories of personal data we may process

Depending on your interaction, we may process some or all of the following, not necessarily all for every user:

  • Identity and contact data. For example, name, email address, and similar information you type into forms or sign with when you message us. If you do business with us, we may also process billing and delivery-related identifiers where applicable.
  • Content of communications. The text of your messages, the subject line of emails, and any attachments you choose to share when they are necessary to handle your request.
  • Technical and usage data. Server log entries may include the IP address your device presents, approximate region inferred from the IP, HTTP referrer where transmitted by your browser, type and version of browser, operating system, time of access, and requested URL. When you have allowed optional analytics or marketing tools through our Cookie Policy mechanism, we or our partners may also process pseudonymous identifiers and event data associated with your browser or account.
  • Cookie and local storage data. Where you have consented to non-essential categories, or where strictly necessary storage applies, we may read and write data as described in the Cookie Policy.
  • Record-keeping and compliance data. Notes we create internally to show how we met your request, to evidence consent, or to comply with law.
We do not ask you for special categories of data (for example, data revealing racial or ethnic origin, health, or biometric data for identification) through our standard contact form. If you volunteer such data without being asked, we will limit use to what is required to process your request or to comply with a legal duty, and we may ask you to provide only what is necessary.

Where the data comes from

In most cases, we receive personal data directly from you when you fill in a form, email us, or use features on the site. In addition:

  • We may receive technical data from your device and network automatically as part of delivering pages over the internet.
  • We may receive payment status or basic fraud information from a payment service provider if you make a purchase, to the extent required to complete the transaction; that provider is also a controller for its own processing, within its own terms.
  • We do not buy marketing lists and we do not claim to have comprehensive third-party data about you. If that ever changed for a well-defined product, we would update this policy and, where required, give you a separate notice.

Purposes and legal bases of processing

We process personal data for specific purposes and, where the GDPR or UK GDPR applies, only when at least one legal basis is satisfied. The following is a high-level map; it is not meant to document every sub-task.

Responding to you and operating the service

We use your contact and message content to read your inquiry, find the right internal recipient, and reply. Contract / pre-contract Legitimate interest

Security, abuse prevention, and service improvement

We use technical and log data to protect infrastructure, block malicious access patterns, and understand aggregate load. Legitimate interest Legal obligation (security)

Analytics and product insight

Where you have consented in the cookie layer, we may use event data in aggregated or pseudonymous form to see which content is read and whether flows need adjustment. Consent

Marketing you have opted into

Where a separate, clear opt-in exists for a particular channel, we use your details only for that channel and only until you withdraw consent or unsubscribe. Consent

Legal, accounting, and dispute handling

We may retain and disclose limited data where we believe in good faith that the law compels it, a court or regulator with jurisdiction requests it, or we need to establish or defend a legal claim. Legal obligation Legitimate interest

Advertising and measurement partners

When you consent to marketing or analytics cookies (through our cookie banner), vendors such as Google may process limited technical or usage data to measure ad performance, attribute visits to campaigns, or show more relevant ads. Their use of that data is governed by their own policies (for example, Google’s Privacy & Terms) in addition to the choices you make here.

We do not use this site to collect special-category health data for advertising. If we run online ads, destination pages on this domain are written to be consistent with our Terms of Use and with platform requirements for honest, non-misleading presentation.

International transfers of personal data

Our team and primary infrastructure are in the United States. If you access the site or send us a message from the EEA, UK, Switzerland, or another region with data transfer rules, your personal data will be received in the United States or in other countries where our subprocessors host services.

Where the GDPR or UK GDPR applies, we will ensure that transfers outside the EEA/UK are covered by a valid mechanism, such as an adequacy decision, Standard Contractual Clauses approved by the European Commission, the UK Addendum, or other approved instruments, with supplementary technical and organizational measures when the export risk requires them.

You may request a copy of the relevant safeguards, with confidential terms redacted where required by the underlying agreement.

How long we keep data

We apply retention that is limited to the purpose, not an indefinite archive.

  • Form and one-to-one email threads. For routine inquiries, we often retain content for up to twenty-four months after the last message in a thread, unless a longer period is required for a contract you have with us, an ongoing dispute, or a statutory retention period.
  • Server logs and security logs. These are typically rotated on a shorter cycle (for example, weeks to a few months) depending on system design, unless a security investigation requires a longer hold.
  • Cookie consent records. We keep the fact of your choice, and may keep the timestamp, for a period that demonstrates compliance, often aligned with the life of the related cookie and a short tail period.
  • Backups. Encrypted backups may include residual copies of data for a period defined by the backup platform’s rotation policy before they are overwritten.

Security measures

We use a combination of technical and organizational measures that we consider appropriate to the nature of the data and the risk. They include, where applicable, encrypted client-to-server connections (HTTPS) for the public site, access controls and authentication for team accounts, least-privilege policies, and written agreements with vendors who process data on our instructions.

No online service can promise absolute security. If we become aware of a breach that poses a high risk to your rights, we will assess notification duties under law and, where we must, inform you and the competent authority without undue delay, taking into account any guidance to narrow notice where it would not help you.

Your rights in relation to personal data

Subject to the conditions in applicable law, you may have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to certain processing, including for direct marketing. Where we rely on consent, you may withdraw it at any time; withdrawal does not affect the lawfulness of processing before you withdrew. You may not be subject to a decision based solely on automated processing that has legal or similarly significant effects, where such a right exists.

To exercise your rights, email us and describe the request. We may ask for reasonable information to identify you, which helps avoid disclosure to the wrong person. We will respond without undue delay and within the statutory time frame that applies, typically one month with a possible extension for complex cases.

If you are in California, Colorado, Virginia, or other U.S. states with comprehensive privacy laws, you may have additional rights such as requesting categories of data collected, categories of third parties, and, in some cases, opting out of “sale” or “sharing” as those terms are defined in your state. We describe general mechanisms in the regional section below.

Regional notices and choices

EEA, UK, and Switzerland

Your local supervisory authority can accept a complaint. You also have a right to an effective remedy before a court.

United States (state privacy laws)

Where a law grants you a right to appeal a refusal, we will explain how in our response. We do not offer financial incentives in exchange for data. We do not “sell” personal information as a core business, but some analytics with consent could be reclassified under evolving definitions, which is why we use the cookie tool.

Children

The site is not directed to children, and we do not knowingly process children’s data for commercial profiling. If you are a parent or guardian and believe a child has given us data without your consent, contact us. If we must delete the account of a person under the age of digital consent in your country, we will do so in line with law.

Changes to this Privacy Policy and related documents

We may update this text when our practices, our services, or the law change. The dynamic date in the hero section reflects the day you are viewing, but substantive edits will be noted by revising the stored version of the page and, when required, by an additional on-site message or email for material restrictions on use.

Please also read the Cookie Policy, the Terms of Use, and the Refund Policy for topics that are primarily handled there.

We use necessary cookies to run the site. Optional cookies help us understand how pages are read if you allow them. You can change this anytime under Cookie Settings.