Privacy Policy

1.1 Multi-Jurisdictional Compliance: This Privacy Policy complies with applicable privacy laws including but not limited to: the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and other applicable federal and state privacy laws.

1.2 Legal Basis for Processing (GDPR Article 6): We process personal data based on the following legal grounds: (a) Consent - where you have provided specific, informed consent; (b) Contract Performance - to fulfill our contractual obligations to you; (c) Legitimate Interests - for our business operations, fraud prevention, security, and analytics; (d) Legal Obligations - to comply with applicable laws and regulations; (e) Vital Interests - to protect life or physical safety; (f) Public Task - where processing is necessary for public interest tasks.

1.3 Special Category Data: We do not intentionally collect special categories of personal data (e.g., health, racial, political data) except where legally permitted and with appropriate safeguards. If such data is inadvertently collected, we will handle it in accordance with applicable law.

1.4 Data Controller/Business Status: BarnLinking acts as a data controller under GDPR and a business under CCPA for the personal information we collect and process. We determine the purposes and means of processing your personal data.

2.1 Information You Provide Directly: We collect information you provide directly to us, including: (a) Account Information - name, email address, phone number, username, password; (b) Profile Information - biographical information, preferences, location data; (c) Business Information - business name, services, contact details, hours of operation; (d) Communication Data - messages, emails, customer service interactions; (e) Transaction Information - payment details, billing information, purchase history; (f) User-Generated Content - reviews, comments, photos, videos, listings.

2.2 Automatically Collected Information: We automatically collect technical and usage information including: (a) Device Information - IP addresses, browser types, device identifiers, operating system information; (b) Usage Data - pages viewed, click-through data, search terms, session duration, access times; (c) Location Data - GPS coordinates, IP-based location, precise geolocation (with consent); (d) Tracking Technologies - cookies, web beacons, pixels, local storage, session replay data; (e) Behavioral Analytics - usage patterns, preferences, interaction data, heatmaps.

2.3 Third-Party and Public Information: We may collect information from external sources including: (a) Social Media Platforms - profile information, connections, publicly available posts; (b) Data Brokers and Aggregators - commercial databases, marketing lists, demographic information; (c) Public Records - business registrations, professional licenses, court records, property records; (d) Business Partners - referral sources, integration partners, payment processors; (e) Publicly Available Information - publicly accessible business information, reviews, contact details from legitimate sources.

2.4 AI and Algorithmic Data Processing: Our platform utilizes artificial intelligence and automated processing systems that may: (a) analyze your behavior patterns and preferences; (b) create inferred data and predictive profiles; (c) process biometric identifiers (if applicable); (d) generate algorithmic recommendations and content personalization; (e) conduct automated decision-making that may affect your user experience.

2.5 Sensitive Information Disclaimers: While we do not intentionally collect sensitive personal information, you acknowledge that: (a) any information you voluntarily provide may become public through our platform; (b) we cannot control what information other users may share about you; (c) equestrian-related content may inadvertently contain health or injury information; (d) we are not responsible for sensitive information disclosed through user interactions.

3.1 Primary Business Purposes: We use your information for legitimate business purposes including: (a) Service Provision - providing, maintaining, and improving our platform services; (b) Account Management - creating and managing user accounts, processing transactions; (c) Communication - responding to inquiries, providing customer support, sending service-related communications; (d) Platform Functionality - facilitating connections between users and service providers, enabling reviews and feedback.

3.2 Marketing and Analytics: Subject to applicable law and your preferences, we may use your information for: (a) Direct Marketing - promotional emails, targeted advertising, special offers; (b) Analytics and Research - user behavior analysis, market research, product development; (c) Personalization - customized content, recommendations, search results; (d) Cross-Device Tracking - linking your activities across multiple devices and platforms.

3.3 Security and Legal Purposes: We use your information to: (a) Security - prevent fraud, detect abuse, protect against security threats; (b) Legal Compliance - comply with laws, regulations, legal processes, and government requests; (c) Enforcement - enforce our Terms of Service and other agreements; (d) Dispute Resolution - resolve disputes and investigate violations.

3.4 Business Operations and Development: We may use your information for: (a) Business Analytics - performance metrics, revenue optimization, market analysis; (b) Product Development - improving existing features, developing new services; (c) Business Transactions - mergers, acquisitions, asset sales, corporate restructuring; (d) AI and Machine Learning - training algorithms, automated decision-making, predictive modeling.

3.5 Broad Usage Rights: YOU ACKNOWLEDGE AND AGREE THAT WE MAY USE YOUR INFORMATION FOR ANY LAWFUL BUSINESS PURPOSE, WHETHER OR NOT SPECIFICALLY LISTED ABOVE, INCLUDING: (a) purposes disclosed at the time of collection; (b) purposes that are compatible with the original collection purpose; (c) any purpose you have consented to; (d) any purpose permitted by applicable law. We reserve the right to expand our use of information as our business evolves.

4.1 Public Platform Disclosures: BY USING OUR PLATFORM, YOU ACKNOWLEDGE THAT CERTAIN INFORMATION WILL BE PUBLIC INCLUDING: (a) Profile Information - your name, business information, location, services offered; (b) User-Generated Content - reviews, comments, photos, listings; (c) Public Communications - messages posted to public forums or visible to other users; (d) Business Listings - information we collect or create about businesses may be publicly displayed.

4.2 Service Providers and Business Partners: We share information with third-party service providers including: (a) Technology Providers - hosting, database, analytics, customer support platforms; (b) Payment Processors - for transaction processing and fraud prevention; (c) Marketing Partners - advertising networks, email marketing services, social media platforms; (d) Professional Services - legal, accounting, consulting, and other professional service providers.

4.3 Legal and Regulatory Disclosures: We may disclose your information: (a) Legal Process - in response to subpoenas, court orders, legal proceedings; (b) Government Requests - to law enforcement, regulatory agencies, government authorities; (c) Rights Protection - to protect our rights, property, safety, or those of our users; (d) Legal Compliance - to comply with applicable laws, regulations, or legal obligations.

4.4 Business Transactions and Corporate Changes: In connection with any merger, acquisition, asset sale, bankruptcy, or other business transaction, we may transfer or sell your information as part of that transaction. You acknowledge and agree that such transfers may occur without additional notice to you.

4.5 Data Sales and Commercial Transfers: TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE RESERVE THE RIGHT TO: (a) Sell or License Data - sell, license, or transfer aggregated, de-identified, or pseudonymized information to third parties for commercial purposes; (b) Marketing and Analytics Sales - share information with data brokers, advertisers, and marketing companies; (c) Research and Development - provide data to research institutions, academic partners, or technology companies for research purposes.

4.6 Broad Sharing Rights: WE MAY SHARE YOUR INFORMATION WITH ANY THIRD PARTY FOR ANY LAWFUL PURPOSE, INCLUDING: (a) with your explicit or implied consent; (b) as disclosed at the time of collection; (c) for any purpose compatible with the original collection purpose; (d) as permitted or required by applicable law; (e) to protect our legitimate business interests. We reserve the right to share information in ways not specifically enumerated above.

5.1 Tracking Technologies: We use various tracking technologies including: (a) Cookies - persistent and session cookies for authentication, preferences, analytics; (b) Web Beacons and Pixels - tracking images for email and page analytics; (c) Local Storage - browser storage for offline functionality and data caching; (d) Fingerprinting - device and browser fingerprinting for security and analytics.

5.2 Third-Party Analytics and Advertising: We work with third-party services including: (a) Google Analytics - website analytics, user behavior tracking; (b) Social Media Pixels - Facebook, LinkedIn, Twitter tracking for advertising; (c) Advertising Networks - behavioral advertising, retargeting campaigns; (d) Heat Mapping Services - user interaction recording and analysis.

5.3 Cross-Device and Cross-Platform Tracking: We may link your activities across multiple devices, browsers, and platforms to create a comprehensive profile of your interests and behavior. This includes mobile app usage, website visits, and social media interactions.

5.4 Tracking Consent and Control: BY USING OUR SERVICES, YOU CONSENT TO ALL TRACKING TECHNOLOGIES DESCRIBED ABOVE. While you may adjust browser settings or use opt-out tools, this may significantly limit platform functionality. We are not responsible for the effectiveness of third-party opt-out mechanisms.

6.1 Security Measures: We implement industry-standard security measures including: (a) encryption of data in transit and at rest; (b) access controls and authentication systems; (c) regular security audits and monitoring; (d) employee security training and background checks. However, NO SECURITY SYSTEM IS IMPENETRABLE.

6.2 Security Limitations and Disclaimers: YOU ACKNOWLEDGE AND ACCEPT THAT: (a) No Absolute Security - we cannot guarantee complete security of your information; (b) User Responsibility - you are responsible for maintaining the security of your account credentials; (c) Third-Party Risks - third-party services may have different security standards; (d) Inherent Internet Risks - internet transmission always carries security risks.

6.3 Data Breach Response: In the event of a data security incident: (a) we will investigate and assess the scope of the breach; (b) we will comply with applicable breach notification laws; (c) notification timelines will follow legal requirements (may be up to 72 hours for authorities, longer for individuals); (d) we reserve the right to determine what constitutes a reportable breach; (e) our liability for breaches is limited as set forth in our Terms of Service.

6.4 Security Incident Liability: TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR: (a) unauthorized access to or disclosure of your information; (b) security breaches caused by third parties; (c) your failure to maintain account security; (d) any damages arising from security incidents. YOU ASSUME ALL RISKS RELATED TO DATA SECURITY.

7.1 Retention Periods: We retain your information for varying periods based on: (a) Account Data - for the life of your account plus up to 7 years after deletion; (b) Business Records - up to 10 years for accounting and legal compliance; (c) Analytics Data - indefinitely in aggregated or de-identified form; (d) Legal Requirements - as required by applicable laws and regulations.

7.2 Post-Deletion Retention: EVEN AFTER ACCOUNT DELETION, WE MAY RETAIN YOUR INFORMATION FOR: (a) legal compliance and dispute resolution; (b) fraud prevention and security; (c) backup and disaster recovery systems; (d) aggregated analytics and business intelligence; (e) any other legitimate business purpose. Account deletion does not guarantee complete information removal.

7.3 Public Information Persistence: Information that was made public through our platform may remain publicly accessible even after account deletion, including: (a) reviews and comments you posted; (b) business listings created from your information; (c) cached or archived content; (d) information shared by other users about you.

7.4 Retention Flexibility: We reserve the right to: (a) modify retention periods at any time; (b) retain information longer than stated for legal or business reasons; (c) permanently retain certain information types; (d) delete information earlier than stated without notice. Retention periods are guidelines, not guarantees.

8.1 GDPR Rights (EU Residents): Under the General Data Protection Regulation, you may have the following rights: (a) Access - request access to your personal data and information about processing; (b) Rectification - request correction of inaccurate personal data; (c) Erasure ("Right to be Forgotten") - request deletion of personal data under certain circumstances; (d) Restriction - request limited processing of your personal data; (e) Portability - request transfer of your data to another controller; (f) Objection - object to processing based on legitimate interests or direct marketing.

8.2 CCPA Rights (California Residents): Under California privacy laws, you may have the following rights: (a) Right to Know - request information about the categories and specific pieces of personal information we collect; (b) Right to Delete - request deletion of personal information; (c) Right to Opt-Out of Sale - opt-out of the sale of personal information; (d) Right to Non-Discrimination - receive equal service regardless of exercising privacy rights; (e) Right to Correct - request correction of inaccurate personal information.

8.3 Other State Privacy Rights: Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have similar rights to those described above, including rights to access, delete, correct, and opt-out of certain data processing activities.

8.4 Rights Limitations and Exceptions: ALL PRIVACY RIGHTS ARE SUBJECT TO SIGNIFICANT LIMITATIONS INCLUDING: (a) Legal Exceptions - we may deny requests to comply with legal obligations; (b) Technical Limitations - some data may be technically impossible to delete or modify; (c) Business Necessity - we may retain data necessary for legitimate business purposes; (d) Verification Requirements - we must verify your identity before processing requests; (e) Fee Limitations - we may charge fees for excessive or repetitive requests; (f) Third-Party Data - we cannot control data held by third parties.

8.5 How to Exercise Rights: To exercise privacy rights: (a) email us at barnlinking@gmail.com with "Privacy Rights Request" in the subject line; (b) provide sufficient information to verify your identity; (c) specify which rights you wish to exercise; (d) we will respond within legally required timeframes (typically 30-45 days); (e) we may request additional information to verify complex requests.

8.6 Authorized Agents: You may designate an authorized agent to exercise rights on your behalf by providing written authorization. We may require verification of both your identity and the agent's authority.

9.1 Global Data Processing: Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and other countries where our service providers operate. These countries may have different data protection laws than your jurisdiction.

9.2 Transfer Mechanisms and Safeguards: When transferring personal data internationally, we may rely on: (a) Adequacy Decisions - transfers to countries deemed adequate by regulatory authorities; (b) Standard Contractual Clauses - EU-approved contractual safeguards; (c) Binding Corporate Rules - internal corporate privacy rules; (d) Certification Programs - industry-standard privacy frameworks; (e) Legitimate Interests - where necessary for our business operations.

9.3 Consent to International Transfers: BY USING OUR SERVICES, YOU EXPLICITLY CONSENT TO THE INTERNATIONAL TRANSFER OF YOUR PERSONAL INFORMATION AS DESCRIBED ABOVE. You acknowledge that other countries may not provide the same level of privacy protection as your home country.

9.4 U.S. Data Processing: If you are located outside the United States, please note that we are a U.S.-based company and your information will be processed in the United States, which may not provide equivalent privacy protections to your home country.

10.1 Third-Party Service Integration: Our platform integrates with numerous third-party services including: (a) Social Media Platforms - Facebook, Instagram, LinkedIn, Twitter for login and sharing; (b) Payment Processors - credit card processing, digital wallets, banking services; (c) Analytics Services - Google Analytics, advertising networks, user behavior tracking; (d) Communication Tools - email services, SMS providers, chat systems.

10.2 Third-Party Privacy Practices: WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OF THIRD-PARTY SERVICES. Each third-party service has its own privacy policy and data handling practices. We strongly encourage you to review the privacy policies of any third-party services you use.

10.3 Data Sharing with Third Parties: When you use third-party services through our platform: (a) your information may be shared with those third parties; (b) those third parties may collect additional information about you; (c) your use of third-party services is subject to their terms and privacy policies; (d) we may receive information about you from third-party services.

10.4 Third-Party Liability Disclaimer: TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL LIABILITY FOR: (a) privacy violations by third-party services; (b) data breaches or security incidents involving third parties; (c) unauthorized access to your information through third-party services; (d) any damages arising from your use of third-party services.

11.1 Age Requirements and COPPA Compliance: Our Service is intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete such information.

11.2 Teen Users (13-17 years old): While we do not actively verify user ages or collect parental consent during registration, we rely on users to provide accurate age representations as required by our Terms of Service. Teen users are expected to obtain parental permission before using our Service and are encouraged to involve parents/guardians in their online activities, especially those related to equestrian services.

11.3 Parental Rights and Oversight: Parents or guardians who become aware that their minor child (under 18) has created an account or provided personal information without permission may contact us to: (a) request access to their child's information; (b) request correction or deletion of their child's account and data; (c) report any safety concerns or inappropriate interactions. We will respond to verified parental requests in accordance with applicable law.

11.4 Safety Recommendations for Minor Users: We strongly recommend that users under 18: (a) discuss their use of our Service with parents/guardians; (b) never share personal contact information publicly; (c) exercise caution when arranging in-person meetings through the Service; (d) prioritize safety in all equestrian-related activities; (e) report any inappropriate behavior or safety concerns immediately.

11.5 No Active Age Verification: Currently, we do not implement active age verification systems or require parental consent verification during account creation. We rely on user representations regarding age and parental permission. However, we reserve the right to implement such systems in the future and may request age verification for certain features or account types.

12.1 Right to Modify: We reserve the right to update, modify, or replace this Privacy Policy at any time, in our sole discretion, without prior notice to you. Changes may be made for any reason including legal requirements, business needs, or service improvements.

12.2 Effective Date of Changes: Policy changes will be effective immediately upon posting on our website. We may, but are not obligated to, notify you of material changes through email, platform notifications, or other communication methods.

12.3 Continued Use Constitutes Acceptance: Your continued use of our services after any policy changes constitutes your acceptance of the updated policy. If you do not agree with changes, your sole remedy is to discontinue use of our services.

12.4 Version Control: We may maintain previous versions of this policy for reference but are not obligated to do so. The current version posted on our website is the operative version that governs your use of our services.

13.1 California Consumer Privacy Rights: California residents have specific rights under CCPA/CPRA as described in Section 8. Additionally: (a) we may sell or share personal information as defined by California law; (b) you have the right to opt-out of such sales/sharing; (c) we do not discriminate against consumers who exercise privacy rights; (d) sensitive personal information may be processed for business purposes.

13.2 Virginia Consumer Data Protection Act (VCDPA): Virginia residents have rights to access, correct, delete, and obtain a copy of personal data, as well as opt-out of targeted advertising and sales of personal data.

13.3 Colorado Privacy Act (CPA): Colorado residents have similar rights to those described above, including rights regarding automated decision-making and profiling.

13.4 Connecticut Data Privacy Act (CTDPA): Connecticut residents have rights to access, correct, delete, and port personal data, as well as opt-out of certain processing activities.

13.5 Other State Laws: Residents of other states may have additional privacy rights under applicable state laws. Contact us for information about your specific rights.

14.1 Maximum Liability Limitation: TO THE MAXIMUM EXTENT PERMITTED BY LAW, OUR TOTAL LIABILITY FOR ANY PRIVACY-RELATED CLAIMS, DAMAGES, OR LOSSES SHALL NOT EXCEED FIFTY DOLLARS ($50) PER USER, REGARDLESS OF THE THEORY OF LIABILITY.

14.2 Specific Privacy Disclaimers: WE SPECIFICALLY DISCLAIM LIABILITY FOR: (a) Data Breaches - unauthorized access, theft, or disclosure of personal information; (b) Third-Party Privacy Violations - privacy practices of integrated services or business partners; (c) User-Generated Privacy Issues - information disclosed by users or made public through platform use; (d) Technical Privacy Failures - system failures, software bugs, or technical errors affecting privacy.

14.3 Inherent Internet Privacy Risks: YOU ACKNOWLEDGE AND ACCEPT THE INHERENT PRIVACY RISKS OF INTERNET USE INCLUDING: (a) data interception during transmission; (b) device or account compromise; (c) social engineering or phishing attacks; (d) regulatory changes affecting data protection; (e) evolving cybersecurity threats.

14.4 Force Majeure Privacy Events: We are not liable for privacy issues caused by events beyond our reasonable control including natural disasters, government actions, cyberattacks, or infrastructure failures.

15.1 General Privacy Inquiries: For questions about this Privacy Policy or our privacy practices, please contact us at:

• Email: barnlinking@gmail.com
• Subject Line: "Privacy Policy Inquiry"
• Response Time: We aim to respond within 10 business days

15.2 Privacy Rights Requests: To exercise your privacy rights under applicable law:

• Email: barnlinking@gmail.com
• Subject Line: "Privacy Rights Request"
• Required Information: Full name, email address, specific request type, verification information
• Processing Time: Up to 45 days as permitted by law

15.3 European Union Representative: For EU residents, our representative for GDPR matters can be contacted through the same email address above with "EU Privacy Inquiry" in the subject line.

15.4 Regulatory Complaints: You have the right to file complaints with relevant privacy authorities including state attorneys general, the FTC, or EU data protection authorities.