Ahava 360 Inc. ("A360")

Last Updated: February 2026

1. Introduction

Ahava 360 Inc., doing business as "A360" and "Ahava360" (collectively referred to as "A360," "we," "us," or "our"), is committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ahava360.com and any related websites, applications, services, and platforms operated by A360 (collectively, the "Services"). This policy also describes your rights regarding your personal information and how you can exercise those rights.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

Please read this Privacy Policy carefully to understand our practices regarding your personal information.

2. Information We Collect

We collect information in several ways: directly from you, automatically when you use our Services, and from third-party sources.

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

a) Contact Information

Full name

Email address

Phone number

Company name

Job title

Mailing address (if provided)

b) Account Information

Username and password

Account preferences and settings

c) Inquiry and Communication Data

Messages submitted through contact forms

Email correspondence

Chat conversations

Feedback and survey responses

d) Business Information

Industry and company size

Business goals and challenges

Service requirements and preferences

e) Application and Employment Data

Resume/CV

Employment history

Education background

Professional references

Any other information you include in job applications

f) Payment Information

Billing name and address

Payment card details (processed securely through third-party payment processors)

Transaction history

g) User-Generated Content

Comments, reviews, or testimonials you submit

Content you upload or share through our Services

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

a) Device and Browser Information

Device type (desktop, mobile, tablet)

Operating system and version

Browser type and version

Screen resolution

Device identifiers

b) Usage Information

Pages visited and content viewed

Time spent on pages

Click patterns and navigation paths

Features used

Search queries within our Services

c) Location Information

IP address

General geographic location (city, region, country)

Time zone

d) Referral Information

Referring website or source

Marketing campaign identifiers

Search terms used to find our Services

e) Log Data

Access times and dates

Server logs

Error reports

2.3 Information from Cookies and Tracking Technologies

We use cookies, pixels, beacons, and similar technologies to collect information. This includes:

Session cookies (temporary, deleted when you close your browser)

Persistent cookies (remain until expiration or deletion)

First-party cookies (set by A360)

Third-party cookies (set by our partners and service providers)

For detailed information about our use of cookies, please see our Cookie Policy.

2.4 Information from Third-Party Sources

We may receive information about you from third parties, including:

a) Marketing Partners

Lead generation partners

Advertising networks

Data enrichment providers

b) Social Media Platforms

Information from social media profiles when you interact with us on those platforms

Data from social login features (if implemented)

c) Analytics Providers

Google Analytics

Other analytics services

d) Business Partners

Referral partners

Integration partners

e) Public Sources

Publicly available information

Professional networking sites

Business directories

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing and Improving Our Services

Delivering the services you request

Processing transactions and sending related information

Managing your account and providing customer support

Personalizing your experience

Improving and optimizing our Services

Developing new features and offerings

3.2 Communication

Responding to your inquiries and requests

Sending service-related announcements

Providing customer support

Sending newsletters and marketing communications (with your consent where required)

Conducting surveys and collecting feedback

3.3 Marketing and Advertising

Delivering targeted advertisements

Measuring the effectiveness of marketing campaigns

Retargeting and remarketing

Sending promotional materials (with appropriate consent)

3.4 Analytics and Research

Analyzing usage patterns and trends

Conducting market research

Generating aggregate statistics

Improving user experience

3.5 Security and Fraud Prevention

Protecting against unauthorized access

Detecting and preventing fraud

Monitoring for security threats

Enforcing our Terms of Use

3.6 Legal Compliance

Complying with applicable laws and regulations

Responding to legal requests and court orders

Protecting our legal rights

Resolving disputes

3.7 Business Operations

Managing our business operations

Processing job applications

Maintaining business records

Conducting audits

4. Legal Basis for Processing (EEA/UK/Switzerland Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

4.1 Consent

We process your data based on your explicit consent when you:

Subscribe to our newsletter or marketing communications

Accept non-essential cookies

Submit voluntary information through forms

Opt-in to specific data processing activities

You may withdraw your consent at any time by contacting us at [email protected].

4.2 Contractual Necessity

We process your data when necessary to:

Provide services you have requested

Process transactions

Manage your account

Fulfill our contractual obligations to you

4.3 Legitimate Interests

We process your data based on our legitimate business interests, including:

Improving and optimizing our Services

Marketing our services to potential customers

Preventing fraud and ensuring security

Analyzing usage patterns

Conducting business operations

We balance our interests against your rights and only rely on this basis when our interests are not overridden by your data protection rights.

4.4 Legal Obligations

We process your data when necessary to comply with legal obligations, such as:

Tax and accounting requirements

Responding to lawful requests from authorities

Maintaining required business records

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including:

Cloud hosting and storage providers

Email service providers

Payment processors

Customer relationship management (CRM) platforms

Analytics providers

Marketing and advertising platforms

Customer support tools

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Business Partners

We may share information with:

Integration partners (to enable service integrations)

Referral partners (with your consent)

Co-marketing partners (for joint promotions, with consent)

5.3 Legal Requirements

We may disclose your information when required by law or in response to:

Court orders or subpoenas

Government or regulatory requests

Legal process

To protect the rights, property, or safety of A360, our users, or others

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.6 Aggregate and De-Identified Data

We may share aggregate or de-identified information that cannot reasonably be used to identify you for research, analysis, or other purposes.

6. International Data Transfers

A360 is based in the United States and operates globally. Your information may be transferred to, stored, and processed in the United States and other countries where we or our service providers operate.

6.1 Transfers from the EEA/UK/Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, we ensure that transfers of personal data to countries outside these regions are protected by:

Standard Contractual Clauses (SCCs): We use EU-approved contractual clauses with our service providers

Adequacy Decisions: We transfer data to countries deemed adequate by the European Commission where applicable

Other Safeguards: Additional security measures and contractual protections as appropriate

6.2 Your Consent

By using our Services, you consent to the transfer of your information to the United States and other countries, which may have different data protection laws than your country of residence.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

7.1 Retention Periods

Account Information: For the duration of your account plus 3 years after closure

Transaction Data: 7 years for tax and accounting purposes

Marketing Data: Until you unsubscribe or withdraw consent, plus a suppression period to honor your preferences

Analytics Data: Typically 26 months

Communication Records: 3 years from the date of communication

Job Applications: 2 years from application date (unless hired)

7.2 Extended Retention

We may retain information longer when:

Required by law or regulation

Necessary for legal claims or disputes

Required for legitimate business purposes

You have provided consent for extended retention

7.3 Deletion

When retention periods expire, we securely delete or anonymize your personal information unless longer retention is required or permitted by law.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

8.1 Technical Safeguards

Encryption of data in transit (SSL/TLS)

Encryption of sensitive data at rest

Secure server infrastructure

Firewalls and intrusion detection systems

Regular security assessments and penetration testing

Access controls and authentication measures

8.2 Organizational Safeguards

Employee training on data protection

Access limited to authorized personnel on a need-to-know basis

Confidentiality agreements with employees and contractors

Incident response procedures

Regular policy reviews and updates

8.3 Third-Party Security

We require our service providers to maintain appropriate security measures and only process your information as instructed.

8.4 Limitations

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

9.1 Rights for All Users

All users may:

Access: Request information about the data we hold about you

Correction: Request correction of inaccurate information

Deletion: Request deletion of your information (subject to legal requirements)

Opt-Out: Unsubscribe from marketing communications

Withdraw Consent: Withdraw previously given consent

9.2 Rights for EEA/UK/Switzerland Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under GDPR:

Right of Access: Obtain confirmation of whether we process your data and request a copy

Right to Rectification: Request correction of inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten"): Request deletion of your data in certain circumstances

Right to Restrict Processing: Request limitation of processing in certain circumstances

Right to Data Portability: Receive your data in a structured, machine-readable format

Right to Object: Object to processing based on legitimate interests or for direct marketing

Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing

Right to Lodge a Complaint: File a complaint with your local supervisory authority

9.3 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect

Right to Delete: Request deletion of your personal information

Right to Correct: Request correction of inaccurate personal information

Right to Opt-Out of Sale/Sharing: Opt-out of the sale or sharing of personal information (Note: We do not sell personal information)

Right to Limit Use of Sensitive Information: Limit our use of sensitive personal information

Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Categories of Information Collected: In the preceding 12 months, we have collected the categories of personal information described in Section 2 of this Privacy Policy.

Sale of Personal Information: We do not sell personal information as defined under CCPA/CPRA.

9.4 Rights for Mexico Residents (LFPDPPP)

If you are located in Mexico, you have rights under the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), known as ARCO Rights:

Acceso (Access): Right to know what personal data we have and how it is used

Rectificación (Rectification): Right to request correction of inaccurate or incomplete data

Cancelación (Cancellation): Right to request deletion of your data

Oposición (Opposition): Right to oppose the processing of your data for specific purposes

We will respond to ARCO requests within 20 business days as required by Mexican law.

9.5 Rights for Other Jurisdictions

If you are located in other jurisdictions with data protection laws (such as Brazil's LGPD, Canada's PIPEDA, or Australia's Privacy Act), you may have similar rights. Please contact us to exercise your rights.

10. Exercising Your Rights

10.1 How to Submit Requests

To exercise any of your privacy rights, please contact us at:

Email: [email protected]

Please use the following subject lines for specific requests:

General Privacy Requests: "Privacy Request"

GDPR Requests (EEA/UK users): "GDPR Request"

CCPA Requests (California residents): "CCPA Request"

ARCO Rights Requests (Mexico residents): "ARCO Request"

10.2 Verification

To protect your privacy, we may need to verify your identity before processing your request. We may ask you to provide:

Your name and email address

Proof of identity

Specific information to help us locate your records

10.3 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. Agents must provide:

Proof of authorization (power of attorney or written permission)

Verification of the agent's identity

Verification of your identity

10.4 Response Times

We will respond to your request within:

GDPR requests: 30 days (extendable by 60 days for complex requests)

CCPA requests: 45 days (extendable by 45 days if necessary)

ARCO requests: 20 business days

10.5 Appeals

If we deny your request, we will explain the reasons. You may appeal our decision by contacting us at [email protected] with "Privacy Appeal" in the subject line.

11. Children's Privacy

Our Services are not directed to children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at [email protected]. If we learn that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

12. Third-Party Services and Links

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

12.1 Third-Party Services We Use

We use the following categories of third-party services:

Analytics: Google Analytics and similar tools

Advertising: Facebook Pixel, LinkedIn Insight Tag, Google Ads

Email Marketing: Email service providers for newsletters and communications

CRM: Customer relationship management platforms

Payment Processing: Secure third-party payment processors

Cloud Services: Hosting and infrastructure providers

12.2 Social Media Features

Our Services may include social media features (such as share buttons or links to our social profiles). These features may collect your IP address and set cookies. Your interactions with these features are governed by the privacy policies of the respective social media platforms.

13. Marketing Communications

13.1 How We Use Your Information for Marketing

With your consent (where required), we may use your information to send you:

Newsletters and updates

Information about our services

Promotional offers

Event invitations

Industry insights and resources

13.2 Opting Out

You can opt out of marketing communications at any time by:

Clicking the "unsubscribe" link in any marketing email

Contacting us at [email protected]

Updating your communication preferences in your account settings (if applicable)

Please note that even if you opt out of marketing communications, we may still send you transactional or service-related messages.

14. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. There is currently no universally accepted standard for how to respond to DNT signals. As such, our Services do not currently respond to DNT signals. However, you can manage your tracking preferences through our cookie consent mechanism and your browser settings.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

15.1 Notification of Changes

When we make material changes, we will:

Update the "Last Updated" date at the top of this policy

Post the revised policy on our website

Notify you by email (for material changes affecting your rights)

Display a prominent notice on our Services

15.2 Your Continued Use

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the changes, please stop using our Services.

15.3 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Ahava 360 Inc.

Email: [email protected]

For specific requests, please use the following subject lines:

Request TypeSubject LineGeneral Privacy Inquiries"Privacy Request"GDPR Requests (EEA/UK/Switzerland)"GDPR Request"CCPA Requests (California Residents)"CCPA Request"ARCO Rights Requests (Mexico Residents)"ARCO Request"Privacy Appeals"Privacy Appeal"Data Breach Concerns"Security Concern"

We will respond to your inquiry as promptly as possible.

16.1 Supervisory Authorities

If you are located in the EEA, UK, or Switzerland and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

By using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.