Advice Wave, LLC d/b/a MeetYourPsychic.com
1. Data Controller Information and Legal Entity
Advice Wave, LLC operates as the sole data controller for all personal information processing activities conducted through MeetYourPsychic.com and its associated services, applications, and platforms. Our principal place of business and registered office is located at 304 S. Jones Blvd #1106, Las Vegas, Nevada 89107-2623, United States of America. As a Nevada-based limited liability company conducting commercial operations across multiple international jurisdictions, we maintain comprehensive compliance obligations under federal, state, provincial, and international privacy regulations that govern our data processing activities across all territories where we provide services or have users.
Data Protection Officer and Privacy Contact: All privacy-related inquiries, data subject access requests, correction requests, deletion requests, opt-out requests, and compliance matters should be directed to our designated privacy contact at 1-877-987-7792. We maintain dedicated privacy personnel and resources for responding to all categories of privacy requests within the strict timeframes mandated by applicable law, including the 60-day maximum response requirement under Nevada Revised Statutes Chapter 603A, the 30-day requirement under the UK General Data Protection Regulation with possible extension to 90 days for complex requests, and the 30-day requirement under Canada's Personal Information Protection and Electronic Documents Act. Our privacy team conducts regular assessments of our data processing activities, maintains current documentation of all processing activities, and ensures ongoing compliance with evolving regulatory requirements across all jurisdictions where we operate or serve users.
2. Comprehensive Legal Framework and Multi-Jurisdictional Compliance
2.1 United States Federal and State Privacy Law Compliance
Our privacy practices are meticulously designed to comply with all applicable United States federal privacy laws and regulations, including but not limited to the Children's Online Privacy Protection Act (COPPA) codified at 15 U.S.C. §§ 6501-6506, which establishes strict requirements for the collection, use, and disclosure of personal information from children under 13 years of age. We implement age verification mechanisms and do not knowingly collect, process, store, or disclose personal information from individuals under 18 years of age across any of our services or platforms. Any personal information discovered in our systems that may have been provided by individuals under 18 is immediately and permanently deleted upon identification, and we implement technical measures to prevent future collection from underage individuals.
Nevada Privacy Law Comprehensive Compliance: Under Nevada Revised Statutes Chapter 603A, specifically the Nevada Privacy of Information Collected on Internet From Consumers Act (NPICICA) as comprehensively amended by Senate Bill 220 and Senate Bill 260, we provide Nevada residents with the absolute and unqualified right to opt out of the sale of their personal information to third parties for monetary or other valuable consideration. Nevada's privacy law applies directly to our operations because we operate commercial internet websites and applications, collect and maintain personal information of Nevada residents through these digital properties, and engage in commercial transactions that create sufficient connection with Nevada to establish jurisdiction. We maintain multiple dedicated mechanisms for Nevada residents to submit verified opt-out requests, including web forms, email processes, and toll-free telephone numbers, and we respond to all verified requests within the maximum 60-day timeframe required by Nevada law. Our compliance framework addresses both traditional operator obligations and enhanced data broker requirements under the amended Nevada legislation, ensuring that Nevada residents can effectively exercise their privacy rights regardless of how their personal information flows through our systems or is processed by our service providers and business partners.
Comprehensive State Privacy Law Framework: We continuously monitor and maintain compliance with the rapidly evolving landscape of state privacy legislation across all United States jurisdictions where we serve customers, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Virginia's Consumer Data Protection Act (CDPA), Colorado's Privacy Act (CPA), Connecticut's Act Concerning Personal Data Privacy and Online Monitoring (CTDPA), Utah's Consumer Privacy Act (UCPA), Texas's Data Privacy and Security Act, Oregon's Consumer Privacy Act, Delaware's Personal Data Privacy Act, Iowa's Consumer Data Protection Act, New Hampshire's Privacy Act, New Jersey's Data Protection Act, Nebraska's Consumer Data Protection Act, Tennessee's Information Protection Act, Minnesota's Consumer Data Privacy Act, and Montana's Consumer Data Privacy Act. Our comprehensive privacy framework is specifically designed to accommodate the most restrictive and protective requirements across all applicable jurisdictions simultaneously, ensuring that all users receive the highest level of privacy protection available under any applicable law, regardless of their specific geographic location or the particular combination of laws that may apply to their personal information.
2.2 United Kingdom GDPR and Data Protection Act 2018 Comprehensive Compliance
Our processing of personal data relating to individuals located in the United Kingdom is comprehensively governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as significantly amended by the Data Use and Access Act 2025 (DUAA). The substantial amendments introduced by the DUAA have modernized and refined various aspects of UK data protection law, including the introduction of more flexible and risk-based approaches to data subject access requests that require only "reasonable and proportionate" searches rather than exhaustive searches, updated and streamlined cookie consent requirements that remove blanket consent obligations for certain categories of low-risk cookies such as service-improvement cookies and basic analytics cookies, and enhanced recognition of legitimate interests for certain processing activities that serve public policy objectives or individual safety interests.
Comprehensive Lawful Basis Framework: We process personal data exclusively under clearly established and documented lawful bases as comprehensively defined in Article 6 of the UK GDPR, including: (a) freely given, specific, informed, and unambiguous consent of the data subject for particular processing activities, with clear withdrawal mechanisms available at all times; (b) processing necessary for the performance of a contract to which the data subject is party or for taking steps at the request of the data subject prior to entering into a contract, particularly for service delivery, payment processing, account management, and customer support activities; (c) processing necessary for compliance with legal obligations to which we are subject, including tax reporting requirements, anti-money laundering obligations, financial recordkeeping requirements, and regulatory reporting obligations; (d) processing necessary to protect the vital interests of the data subject or another natural person in emergency situations or circumstances involving threats to life, health, or safety; (e) processing necessary for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the controller; and (f) processing necessary for the purposes of legitimate interests pursued by us or by third parties, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject which require protection of personal data. We conduct comprehensive and documented legitimate interests assessments for all processing activities that rely on the legitimate interests lawful basis, except for processing activities that qualify as "recognised legitimate interests" under the DUAA amendments, such as responding to emergencies, safeguarding vulnerable individuals, detecting and preventing crime and fraud, and ensuring network and information security.
Enhanced Data Subject Rights Implementation: UK residents enjoy comprehensive and enhanced rights regarding their personal data under the UK GDPR framework, including the fundamental right to be informed about our processing activities through clear and accessible privacy information; the right of access to their personal data and supplementary information about our processing activities; the right to rectification of inaccurate or incomplete personal data without undue delay; the right to erasure (commonly known as the "right to be forgotten") in specified circumstances including where personal data is no longer necessary for the original processing purposes, where consent is withdrawn and no other lawful basis applies, where personal data has been unlawfully processed, or where erasure is required for compliance with legal obligations; the right to restrict processing in circumstances where accuracy is contested, processing is unlawful but erasure is not desired, data is no longer needed for our purposes but is required for legal claims, or objection to processing is pending verification; the right to data portability for personal data provided under consent or contract, allowing individuals to receive their data in structured, commonly used, and machine-readable format and to transmit such data to another controller without hindrance; the right to object to processing including absolute right to object to direct marketing, right to object to processing for legitimate interests, and right to object to processing for scientific or historical research purposes; and comprehensive rights related to automated decision-making and profiling, including the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. We maintain detailed standard operating procedures for responding to each category of rights request within the one-month timeframe required by law, with clearly documented processes for extending response periods to three months for complex requests and for handling requests that require coordination with third-party processors or controllers.
2.3 Canadian PIPEDA and Provincial Privacy Law Comprehensive Compliance
Our collection, use, disclosure, and retention of personal information of Canadian residents is comprehensively governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), which establishes ten foundational fair information principles that form the cornerstone of our privacy program and data governance framework. PIPEDA applies directly to our commercial activities because we collect personal information in the course of our commercial activities, transfer personal information across provincial boundaries within Canada, and transfer personal information across international borders as an integral part of our service delivery model and business operations.
Comprehensive Implementation of PIPEDA's Ten Fair Information Principles: (1) Accountability Principle - We have formally designated a Chief Privacy Officer who bears ultimate responsibility for our organization's compliance with PIPEDA and all applicable privacy laws, and we have implemented comprehensive policies, procedures, training programs, and governance frameworks to protect personal information at every stage of the information lifecycle; (2) Identifying Purposes Principle - We clearly identify and document the specific purposes for collecting personal information at or before the time of collection, communicate these purposes to individuals in clear and understandable language, and limit our use of personal information to these identified purposes or purposes that are compatible with the original purposes; (3) Consent Principle - We obtain meaningful, informed, and ongoing consent for the collection, use, and disclosure of personal information, ensuring that individuals understand what they are consenting to, any potential risks associated with the processing, the consequences of refusing consent, and how they can withdraw consent at any time; (4) Limiting Collection Principle - We limit our collection of personal information to that which is necessary and directly related to the purposes we have identified, and we collect personal information by fair and lawful means; (5) Limiting Use, Disclosure, and Retention Principle - We use and disclose personal information only for the purposes for which it was collected except with the consent of the individual or as required or permitted by law, and we retain personal information only as long as necessary to fulfill the stated purposes; (6) Accuracy Principle - We maintain personal information that is accurate, complete, and up-to-date to the extent necessary for the purposes for which it is to be used; (7) Safeguards Principle - We implement physical, organizational, and technological safeguards that are appropriate to the sensitivity of the personal information and the harm that could result from its unauthorized use or disclosure; (8) Openness Principle - We make information about our privacy policies and practices readily available to individuals through multiple accessible channels; (9) Individual Access Principle - We provide individuals with access to their personal information and information about how it has been and is being used, subject only to limited and specific exceptions set out in the law; and (10) Challenging Compliance Principle - We maintain accessible and effective procedures for individuals to address questions, concerns, and complaints about our compliance with these privacy principles.
Enhanced Breach Notification and Response Framework: In accordance with PIPEDA's mandatory breach notification requirements that became fully effective in 2025, we report all privacy breaches to the Office of the Privacy Commissioner of Canada and notify affected individuals when there is a real risk of significant harm resulting from the breach. Our comprehensive breach response framework includes immediate incident containment and damage limitation procedures, thorough investigation and root cause analysis, comprehensive risk assessment to determine the likelihood and severity of harm to affected individuals, prompt notification to the Privacy Commissioner of Canada and affected individuals when required, implementation of remedial measures to address the breach and prevent recurrence, detailed documentation of all breach response activities, and regular review and updating of our breach response procedures based on lessons learned and evolving best practices. We maintain detailed records of all privacy incidents, our responses to such incidents, and the outcomes of our response efforts to demonstrate accountability and continuous improvement in our privacy practices and to support regulatory compliance and oversight activities.
3. Detailed Categories of Personal Information and Comprehensive Processing Activities
3.1 Comprehensive Personal Information Collection Framework
We collect personal information through multiple channels and touchpoints for clearly defined and documented business purposes, all of which are transparently disclosed at the time of collection or comprehensively described in this privacy policy. The comprehensive categories of personal information we collect include but are not limited to: Identifiers and Contact Information including full legal names, preferred names, aliases, nicknames, postal addresses including billing and shipping addresses, unique personal identifiers, online identifiers, Internet Protocol addresses, email addresses, account names and usernames, telephone numbers including mobile and landline numbers, social media handles, and other similar contact and identification information; Demographic and Personal Characteristics including age, date of birth, gender identity, marital status, family composition, occupation, education level, income information when relevant to service delivery, language preferences, accessibility requirements, and other demographic information that enhances service personalization; Commercial and Transaction Information including detailed records of personal property relevant to our services, comprehensive records of products and services purchased, considered, or inquired about, complete payment information including credit card details and billing information, transaction histories, purchasing patterns and preferences, payment methods and preferences, refund and return information, and other commercial information that supports our business relationship; Digital Activity and Technology Information including comprehensive browsing history on our platforms, detailed search history and queries, complete information regarding interactions with our websites, mobile applications, emails, and advertisements, device information including device identifiers and characteristics, operating system information, browser information and settings, IP address and location data derived from IP addresses, cookies and similar tracking technology data, and other electronic network activity information; Location and Geographic Information including precise geolocation data when explicitly consented to and necessary for location-based services, general location information derived from IP addresses, time zone information, and other geographic indicators that support service delivery; Audio, Visual, and Communication Information including call recordings when explicitly consented to and clearly disclosed, chat transcripts and messaging communications, email communications, customer service interactions, and other communication records; Professional and Employment Information when relevant to service delivery or required for verification purposes; Education Information when relevant to service provision; and Inferences and Profiles drawn from any combination of the above information categories to create comprehensive profiles reflecting preferences, characteristics, psychological trends, predispositions, behavior patterns, attitudes, intelligence indicators, abilities, aptitudes, and other inferred characteristics that enhance service personalization and delivery.
Sensitive Personal Information Categories: We may collect certain categories of sensitive personal information as specifically defined under applicable privacy laws, including precise geolocation data when location-based services are explicitly requested and consented to, personal information revealing religious beliefs, philosophical beliefs, or spiritual practices when directly relevant to our spiritual advisory services and explicitly provided by users, personal information about health conditions or wellness concerns when relevant to holistic advisory services, and financial information beyond basic payment processing when necessary for comprehensive service delivery. All sensitive personal information is collected only with explicit, informed, and ongoing consent, is subject to enhanced protection measures including additional encryption and access controls, and is processed only for the specific purposes for which consent was provided. Canadian residents should note that we collect and process sensitive personal health information only when strictly necessary for service delivery, with appropriate safeguards as required under PIPEDA, and with enhanced consent mechanisms that clearly explain the sensitivity of the information and the purposes for which it will be used.
3.2 Comprehensive Sources of Personal Information Collection
Personal information is obtained through multiple distinct and documented sources to provide comprehensive and personalized services to our users across all platforms and touchpoints. Direct Collection from Users: The substantial majority of personal information is provided directly by users through various interaction points including website registration forms, mobile application onboarding processes, account creation and profile setup procedures, service request forms and intake questionnaires, customer support interactions including phone calls, emails, and chat sessions, survey responses and feedback forms, contest and promotion entry forms, newsletter and marketing subscription forms, social media interactions and communications, and voluntary communications through any channel. Automatic Collection Through Technology: We automatically collect certain categories of information through cookies, web beacons, pixel tags, log files, software development kits (SDKs), application programming interfaces (APIs), and similar tracking technologies when users interact with our digital properties, including unique device identifiers, browser characteristics and settings, operating system information and version details, referring URLs and website navigation patterns, pages viewed and time spent on each page, click-through patterns and user interface interactions, search queries and results, download and upload activities, error messages and technical performance data, and session information including duration and frequency of visits. Third-Party Sources and Partners: We may receive personal information from various categories of third-party sources including business partners who provide complementary services, service providers who assist with our operations, social media platforms when users choose to connect their accounts or share information, marketing partners and advertising networks, data aggregators and analytics providers, publicly available sources including social media profiles when users have made such information public, government databases and public records when required for verification or compliance purposes, and other users who may provide information about prospective users through referral programs or social sharing features.
4. Comprehensive Processing Purposes and Legal Basis Framework
4.1 Primary and Secondary Business Purposes
We process personal information for clearly defined, documented, and transparent business purposes that are communicated to individuals at the time of collection and that serve legitimate business needs while respecting individual privacy rights. Core Service Delivery and Operations: We use personal information to provide our comprehensive spiritual advisory and psychic consultation services, including sophisticated matching algorithms that connect users with appropriate advisors based on preferences, service history, advisor availability, compatibility factors, and specialized expertise areas; facilitating seamless communications between users and advisors through multiple channels including phone, video, chat, and messaging platforms; processing payments, refunds, and financial transactions securely and efficiently; maintaining detailed service quality through monitoring, feedback collection, and continuous improvement processes; and providing comprehensive customer support across all service areas and user needs. Account and Relationship Management: Personal information is essential for creating and maintaining user accounts across all platforms, verifying user identities to prevent fraud and ensure security, managing subscription services and recurring billing arrangements, processing payments and handling billing disputes, maintaining comprehensive service histories and preferences, managing communication preferences and consent settings, and providing personalized customer support that addresses individual user needs and service histories.
Communication and Marketing Activities: We use contact information and preferences to send critical service-related communications including account notifications, service updates, billing information, and security alerts; respond promptly and comprehensively to user inquiries and support requests; provide customer support across multiple channels including phone, email, chat, and social media; send promotional materials and marketing communications with appropriate consent and clear opt-out mechanisms; notify users of changes to our services, features, or policies; conduct market research and gather feedback to improve our services; and deliver personalized content and recommendations based on user preferences and service history. Legal Compliance and Safety Protection: We process personal information to comply with all applicable laws and regulations across all jurisdictions where we operate, respond promptly and completely to legal requests, court orders, and regulatory inquiries, protect our intellectual property rights and business interests, investigate and prevent fraud, abuse, and other prohibited activities, ensure platform safety and security for all users and advisors, protect the safety, security, and legal rights of our users, advisors, employees, and business partners, maintain comprehensive records as required by law, and support law enforcement and regulatory investigations when legally required. Business Operations and Analytics: Personal information supports critical business operations through comprehensive analytics and insights generation that informs business decisions, service improvement and new product development initiatives, market research and competitive analysis, quality assurance and performance monitoring, technical support and system maintenance, regulatory compliance monitoring and reporting, financial analysis and reporting, and strategic business planning and development.
4.2 Automated Decision-Making, Profiling, and Algorithmic Processing
We engage in sophisticated automated decision-making and profiling activities to enhance user experience, improve service delivery, and ensure platform safety, all subject to appropriate safeguards, transparency measures, and comprehensive user rights. Automated Matching and Recommendation Systems: We employ advanced automated systems and machine learning algorithms to match users with advisors based on complex compatibility factors including stated preferences, service history and satisfaction ratings, advisor specialties and expertise areas, availability patterns and scheduling preferences, communication style preferences, previous successful matches, and predictive compatibility modeling. Users maintain comprehensive rights regarding automated matching including the right to request human intervention in matching decisions, the right to challenge automated matching results and request manual review, the right to understand the key factors influencing matching decisions, and the right to modify preferences and criteria used in automated matching processes.
Fraud Detection and Security Systems: We employ sophisticated automated systems to detect and prevent fraudulent activities, security threats, and platform abuse, including analysis of transaction patterns to identify unusual or suspicious activities, detection of account takeover attempts and unauthorized access, identification of payment fraud and financial crimes, monitoring for spam, scams, and other prohibited content, detection of coordinated inauthentic behavior and fake accounts, and analysis of user behavior patterns to identify potential safety risks. These automated systems may result in automatic account restrictions, transaction blocks, content removal, or access limitations, but users always retain comprehensive rights to challenge such decisions, request manual review by qualified human personnel, receive explanations of the factors that influenced automated decisions, and appeal adverse decisions through our formal review processes.
UK-Specific Enhanced Automated Decision-Making Protections: Under the UK GDPR as comprehensively amended by the Data Use and Access Act 2025, we provide enhanced protections and rights for all automated decision-making activities that produce legal effects or similarly significant effects on individuals. These protections include comprehensive notification when automated decision-making is used, clear explanations of the logic involved and the significance and consequences of such processing, accessible procedures for obtaining human intervention in automated decisions, meaningful opportunities for individuals to express their point of view and challenge automated decisions, and regular testing and monitoring of automated systems for bias, accuracy, and fairness. We implement technical and organizational safeguards to prevent discriminatory effects and ensure that automated decision-making systems operate fairly and transparently across all user populations.
5. Comprehensive Data Sharing and International Transfer Framework
5.1 Categories of Recipients and Sharing Purposes
We share personal information exclusively with carefully vetted and contractually bound categories of recipients who assist us in delivering services, operating our business, and fulfilling our legal obligations, all under strict data protection and confidentiality requirements. Service Providers and Processors: We engage qualified third-party service providers for essential business functions including payment processing companies that handle credit card transactions and financial settlements, cloud hosting providers that maintain our technical infrastructure, customer relationship management vendors that support our customer service operations, email marketing platforms that facilitate our communications, analytics and business intelligence providers that help us understand service performance, customer support vendors that assist with user inquiries, fraud prevention services that protect against financial crimes, cybersecurity providers that maintain our information security, technical maintenance and development contractors that support our platforms, and legal and professional service providers who advise on compliance and business matters. All service providers are contractually bound through comprehensive data processing agreements to protect personal information, use it only for specified and authorized purposes, implement appropriate technical and organizational security measures, promptly notify us of any security incidents or breaches, cooperate with regulatory investigations and audits, and delete or return personal information upon termination of the service relationship.
Advisors and Independent Contractors: We share necessary personal information with our carefully screened network of spiritual advisors, psychic consultants, and other independent contractors to facilitate high-quality service delivery, including essential contact information such as first names and communication preferences, service preferences and areas of interest, appointment scheduling information, basic demographic information when relevant to service delivery, and general location information when necessary for time zone coordination and local cultural understanding. All advisors and contractors are bound by comprehensive confidentiality agreements and strict privacy obligations that prohibit unauthorized use or disclosure of personal information, require implementation of appropriate security measures, mandate prompt reporting of any privacy incidents, and establish clear procedures for handling and protecting personal information throughout the service relationship.
Legal and Regulatory Authorities: We may disclose personal information to law enforcement agencies, regulatory bodies, courts, government authorities, and other official entities when required by applicable law, court order, subpoena, or other legal process, when necessary to protect our legal rights, property, or legitimate business interests, when required to protect the safety, security, or legal rights of our users, advisors, employees, or the general public, when necessary to investigate, prevent, or respond to fraud, illegal activities, or violations of our terms of service, when required for regulatory compliance or reporting obligations, and when necessary to respond to emergency situations involving threats to life, health, or safety. We carefully review all legal requests to ensure they are valid and enforceable, seek to limit disclosure to information that is directly relevant and necessary, provide notice to affected users when legally permitted, and maintain detailed records of all legal disclosures for accountability and audit purposes.
5.2 International Data Transfers and Cross-Border Processing
Our global business operations necessitate the transfer of personal information across international borders to serve users worldwide and deliver high-quality services, which we conduct in full compliance with all applicable data protection laws and international transfer requirements. Transfers from the United Kingdom: All transfers of personal data from the UK to countries outside the European Economic Area (EEA) are conducted in strict accordance with Chapter V of the UK GDPR, using legally recognized and appropriate transfer mechanisms including European Commission adequacy decisions for countries deemed to provide adequate protection, UK adequacy regulations that recognize certain countries as providing essentially equivalent protection, standard contractual clauses (SCCs) approved by the UK authorities with appropriate technical and organizational measures, binding corporate rules for intra-group transfers, and other legally approved transfer mechanisms such as certification schemes or codes of conduct. We maintain comprehensive and current documentation of all international transfers including the legal basis for each transfer, the categories of personal data transferred, the purposes of processing, the safeguards implemented, and regular assessments of the ongoing adequacy of protection in destination countries.
Transfers from Canada: All transfers of personal information outside Canada are conducted in full accordance with PIPEDA's requirements and the guidance provided by the Office of the Privacy Commissioner of Canada, including obtaining explicit consent for transfers to countries that do not provide substantially similar privacy protection, implementing appropriate contractual safeguards and technical measures to ensure ongoing protection, providing clear notice to Canadian users about international transfers including destination countries and purposes, conducting regular assessments of privacy protection in destination countries, and maintaining the ability to provide meaningful recourse for Canadian users regarding their transferred personal information. We provide comprehensive notice to Canadian users when their information will be transferred outside Canada, the specific purposes for such transfers, the countries where information may be processed, and the safeguards in place to protect their information during and after transfer.
Enhanced Safeguards for International Transfers: Regardless of the specific legal mechanism used for international transfers, we implement comprehensive technical and organizational safeguards including end-to-end encryption for all data in transit and at rest, strict access controls and authentication requirements, regular security audits and penetration testing, comprehensive contractual protections with all international service providers, incident response procedures that account for cross-border notification requirements, regular training for international personnel on privacy requirements, and ongoing monitoring of geopolitical and legal developments that may affect the adequacy of protection in destination countries. We maintain the ability to suspend or terminate international transfers if we determine that adequate protection can no longer be ensured.
6. Comprehensive Data Retention and Secure Deletion Framework
6.1 Detailed Retention Periods and Legal Justifications
We retain personal information only for as long as strictly necessary to fulfill the specific purposes for which it was collected, comply with applicable legal and regulatory obligations, resolve disputes and legal claims, enforce our contractual agreements, and protect our legitimate business interests, all in accordance with comprehensive retention schedules that account for varying legal requirements across jurisdictions. Account and User Profile Information: Personal information associated with active user accounts is retained throughout the duration of the account relationship to support ongoing service delivery, and for a carefully determined period of seven years following account closure or termination to comply with financial recordkeeping requirements under various jurisdictions, address potential disputes or legal claims that may arise from the service relationship, support regulatory investigations or audits, and maintain business records as required by corporate governance standards. This retention period accounts for statute of limitations periods for contract claims, tax audit requirements, and regulatory examination procedures across all jurisdictions where we operate.
Financial and Transaction Records: Payment information, transaction records, billing data, and related financial information is retained for a minimum of ten years from the completion of each transaction to comply with tax reporting obligations under federal, state, and international tax laws, anti-money laundering recordkeeping requirements under the Bank Secrecy Act and similar international regulations, financial audit requirements under corporate governance standards, regulatory compliance obligations under consumer protection laws, and potential dispute resolution needs related to payment processing and financial transactions. This extended retention period ensures compliance with the most stringent requirements across all applicable jurisdictions and supports our ability to respond to regulatory inquiries and audits throughout the required retention period.
Communications and Service Interaction Records: Records of communications between users and advisors, customer service interactions, email exchanges, chat transcripts, and call recordings (where explicitly consented to) are retained for three years from the date of the communication to support quality assurance and service improvement initiatives, facilitate dispute resolution between users and advisors, comply with regulatory requirements for service monitoring and oversight, support customer service follow-up and relationship management, and address potential legal claims related to service delivery. This retention period balances user privacy interests with legitimate business needs for service quality and dispute resolution.
6.2 Secure Deletion Procedures and Data Minimization Practices
We implement comprehensive and systematic procedures for the secure and verifiable deletion of personal information when retention periods expire, when deletion is requested by data subjects, or when information is no longer necessary for its original processing purposes. Automated Deletion Systems: We employ sophisticated automated systems that systematically identify personal information that has exceeded its designated retention period, automatically initiate secure deletion processes according to predetermined schedules, maintain comprehensive logs of all deletion activities for audit and compliance purposes, regularly audit the effectiveness of automated deletion processes to ensure complete removal, and provide automated notifications to relevant personnel when manual review is required before deletion to ensure compliance with legal hold obligations or ongoing litigation requirements.
Manual Review and Verification Processes: Certain categories of sensitive personal information require comprehensive manual review before deletion to ensure full compliance with legal obligations including active litigation holds that may require preservation of specific information, regulatory preservation notices from government authorities, ongoing investigations that may require access to historical information, contractual obligations that may extend retention requirements, and business continuity needs that may require temporary extension of retention periods. Our manual review process includes verification of deletion completeness across all systems and backup storage, confirmation that all copies and duplicates have been identified and removed, documentation of deletion activities for regulatory compliance and audit trails, and coordination with legal counsel when deletion requests involve information subject to legal holds or regulatory requirements.
Comprehensive Data Minimization Framework: In accordance with fundamental privacy principles under GDPR, PIPEDA, and other applicable privacy laws, we conduct regular and systematic reviews of our data collection, processing, and retention practices to ensure we collect, process, and retain only the minimum amount of personal information necessary for our clearly stated and legitimate purposes. Our data minimization program includes quarterly comprehensive reviews of all data holdings to identify opportunities for reduction, implementation of technical measures and system controls to prevent the collection of unnecessary personal information, regular training for personnel on data minimization principles and practices, systematic review of third-party data collection practices to ensure alignment with minimization principles, and ongoing assessment of new technologies and business processes to incorporate privacy-by-design and data minimization principles from the outset.
7. Comprehensive Data Subject Rights and Exercise Procedures
7.1 Universal and Jurisdiction-Specific Rights Framework
We recognize, respect, and facilitate the exercise of comprehensive privacy rights for all individuals whose personal information we process, with specific attention to the enhanced and specialized rights available under different jurisdictional frameworks and legal systems. Universal Fundamental Rights: All users, regardless of their geographic location or the specific laws that may apply to their personal information, have fundamental rights including the right to know what specific categories of personal information we collect about them, the right to understand the specific purposes for which their personal information is used, the right to know the categories of third parties with whom their personal information is shared, the right to request correction of inaccurate or incomplete personal information, the right to request deletion of their personal information subject to certain legal exceptions for compliance and business operations, the right to receive clear and understandable information about our privacy practices, and the right to lodge complaints with us and with relevant regulatory authorities when they believe their privacy rights have been violated.
Enhanced Rights for UK Residents: Under the comprehensive framework of the UK GDPR and Data Protection Act 2018, UK residents enjoy additional enhanced rights including the right to restrict or suspend processing of their personal data in specified circumstances such as when accuracy is contested or processing is unlawful, the right to data portability which allows them to receive their personal data in structured, commonly used, and machine-readable format and to transmit such data to another controller without hindrance, the right to object to processing based on legitimate interests or for direct marketing purposes with immediate effect, comprehensive rights regarding automated decision-making and profiling including the right not to be subject to solely automated decisions that produce legal or similarly significant effects, the right to receive detailed explanations of automated decision-making logic and consequences, and enhanced rights to challenge and appeal automated decisions through human intervention processes.
Specific Rights for Nevada Residents: Nevada residents have specific and absolute rights under Nevada Revised Statutes Chapter 603A, most notably the unconditional right to opt out of the sale of their personal information to third parties for monetary or other valuable consideration, with no exceptions for legitimate business purposes or other considerations. This opt-out right applies to all forms of personal information sale including data broker activities, advertising and marketing partnerships, and any other transfer of personal information for valuable consideration.
7.2 Comprehensive Request Processing and Verification Framework
We maintain robust, efficient, and secure procedures for processing all categories of data subject rights requests while implementing appropriate safeguards to protect against fraudulent requests, unauthorized access to personal information, and identity theft or impersonation attempts. Multi-Factor Identity Verification: All rights requests require comprehensive verification of the requester's identity through multiple authentication factors which may include email verification sent to the email address associated with the account, account authentication using login credentials and security questions, provision of identifying information that matches our records including full name, address, and account numbers, government-issued identification verification for high-sensitivity requests, and additional verification steps for requests involving sensitive personal information or significant account changes. For requests submitted by authorized agents acting on behalf of data subjects, we require additional documentation including signed authorization letters, power of attorney documents, legal guardianship papers, or other legally recognized authority documentation, plus verification of the agent's own identity and authority to act.
Comprehensive Response Timeframes and Communication: We respond to all verified rights requests within the strict timeframes required by applicable law including 30 days under UK GDPR with possible extension to 90 days for complex requests involving multiple systems or large volumes of data, 60 days under Nevada privacy law for opt-out requests and other rights requests, 30 days under PIPEDA for access requests and other rights requests, and equivalent timeframes under other applicable state and international privacy laws. We provide immediate acknowledgment of all requests within 72 hours of receipt, regular status updates for requests requiring extended processing time, clear explanations of any delays and the reasons for such delays, and comprehensive final responses that fully address all aspects of the original request.
Appeal, Review, and Escalation Procedures: Users who are dissatisfied with our response to their rights requests have access to comprehensive internal and external appeal mechanisms including internal review processes conducted by senior privacy personnel who were not involved in the original decision, escalation to our Data Protection Officer or Chief Privacy Officer for independent review, formal complaint procedures with detailed documentation and response requirements, and the right to lodge complaints with relevant supervisory authorities including the UK Information Commissioner's Office for UK residents, the Privacy Commissioner of Canada for Canadian residents, state attorneys general for US residents, and other applicable regulatory authorities. We maintain detailed records of all appeals and complaints, our responses and resolution efforts, and outcomes to demonstrate accountability and continuous improvement in our rights response processes.
8. Advanced Information Security and Comprehensive Incident Response
8.1 Multi-Layered Technical and Organizational Security Framework
We implement comprehensive, multi-layered security measures designed to protect personal information against unauthorized access, use, modification, disclosure, destruction, or loss through a combination of advanced technical controls, organizational safeguards, and physical security measures that meet or exceed industry standards and regulatory requirements. Advanced Technical Safeguards: Our technical security infrastructure includes end-to-end encryption of personal data both in transit and at rest using industry-standard AES-256 encryption algorithms and TLS 1.3 protocols, multi-factor authentication requirements for all administrative access to systems containing personal information, advanced intrusion detection and prevention systems that monitor network traffic and system activities in real-time, automated security monitoring and alerting systems that detect and respond to potential threats, comprehensive backup systems with encrypted storage and regular testing of restoration procedures, systematic security updates and patch management for all systems and applications, regular vulnerability assessments and penetration testing conducted by qualified third-party security firms, network segmentation and access controls that limit access to personal information on a strict need-to-know basis, and advanced threat intelligence systems that identify and mitigate emerging security risks.
Comprehensive Organizational Safeguards: We maintain strict organizational controls and governance frameworks including mandatory background checks and security clearances for all personnel with access to personal information, comprehensive privacy and security training programs for all employees with regular updates and testing, role-based access controls that limit access to personal information based on job functions and business needs, regular access reviews and certification processes to ensure ongoing appropriateness of access permissions, strict contractual privacy and security obligations for all service providers and business partners, comprehensive incident response procedures with clearly defined roles and responsibilities, regular security awareness training and simulated phishing exercises, formal information security policies and procedures that are regularly updated, and independent security audits and compliance assessments conducted by qualified external auditors.
Physical and Environmental Security Controls: Our physical security measures include secured facilities with controlled access systems and visitor management procedures, comprehensive surveillance systems with recording and monitoring capabilities, environmental controls to protect against data loss from natural disasters or equipment failures, secure disposal procedures for physical media containing personal information including certified destruction services, restricted access areas for sensitive systems and data processing activities, backup power systems and disaster recovery capabilities, and comprehensive physical security assessments and regular testing of security controls and procedures.
8.2 Comprehensive Incident Response and Breach Notification Framework
We maintain a sophisticated and comprehensive incident response framework designed to quickly identify, contain, investigate, and remediate privacy and security incidents while meeting all applicable notification requirements across multiple jurisdictions and ensuring transparency with affected individuals and regulatory authorities. Advanced Incident Detection and Initial Response: Our incident response capabilities include 24/7 security monitoring and alerting systems staffed by qualified security professionals, automated threat detection systems that identify potential incidents in real-time, comprehensive incident response team including representatives from legal, technical, privacy, communications, and executive functions, immediate containment and damage limitation procedures that minimize the scope and impact of incidents, preliminary risk assessment procedures that rapidly evaluate the potential impact on affected individuals, evidence preservation procedures that maintain the integrity of forensic evidence, and activation of external resources including legal counsel, forensic investigators, and public relations support when necessary.
Regulatory Notification and Compliance Framework: We comply comprehensively with all applicable breach notification requirements across multiple jurisdictions including notification to the UK Information Commissioner's Office within 72 hours of becoming aware of a breach likely to result in risk to individuals' rights and freedoms, with detailed incident reports including the nature and scope of the breach, categories and numbers of affected individuals, potential consequences and harm to individuals, and measures taken to address the breach and prevent recurrence; notification to the Privacy Commissioner of Canada when there is a real risk of significant harm to affected individuals, with comprehensive information about the incident and our response efforts; notification to affected individuals without undue delay when the breach is likely to result in high risk to their rights, freedoms, or legitimate interests, with clear and accessible information about the incident, potential consequences, and protective measures they can take; notification to other regulatory authorities as required by applicable law including state attorneys general, sectoral regulators, and international authorities; and coordination with law enforcement when incidents involve criminal activity or threats to public safety.
Post-Incident Analysis and Continuous Improvement: Following resolution of any privacy or security incident, we conduct comprehensive post-incident reviews and analysis including detailed root cause analysis to identify the underlying factors that contributed to the incident, comprehensive assessment of the effectiveness of our incident response procedures and identification of areas for improvement, implementation of additional technical and organizational safeguards to prevent similar incidents in the future, updates to our incident response procedures and training programs based on lessons learned, communication with affected individuals about resolution and preventive measures, and regular review and testing of our enhanced security measures to ensure ongoing effectiveness. We maintain detailed records of all incidents, our response efforts, the outcomes of our investigations, and the preventive measures implemented to demonstrate accountability, support regulatory oversight, and facilitate continuous improvement in our privacy and security practices.
9. Advanced Cookies and Tracking Technologies Framework
9.1 Comprehensive Cookie and Tracking Technology Classifications
We utilize various categories of cookies and tracking technologies to enhance user experience, analyze platform performance, deliver personalized content and services, and support our legitimate business operations, all implemented with appropriate transparency, user control, and regulatory compliance across multiple jurisdictions. Strictly Necessary and Essential Cookies: These cookies are absolutely essential for the basic operation and security of our website and services and cannot be disabled without significantly impairing core functionality. Essential cookies include session management cookies that maintain user login status and shopping cart contents, authentication cookies that verify user identity and prevent unauthorized access, security cookies that protect against cross-site request forgery and other security threats, load balancing cookies that distribute user traffic across our servers for optimal performance, and basic functionality cookies that remember user interface preferences and accessibility settings. Under UK privacy law as amended by the Data Use and Access Act 2025, explicit consent is not required for these essential cookies because they are strictly necessary for providing the requested service.
Functional and Performance Enhancement Cookies: We use functional cookies with appropriate consent to enhance user experience and remember user preferences including language selection cookies that maintain user language preferences across sessions, accessibility cookies that remember user accessibility settings and requirements, customization cookies that store user interface preferences and layout selections, geographic cookies that remember user location preferences for content localization, and preference cookies that maintain user communication and notification preferences. Performance cookies help us understand how users interact with our services including analytics cookies that collect information about page views, session duration, and user navigation patterns, error tracking cookies that help us identify and resolve technical issues, and optimization cookies that support A/B testing and service improvement initiatives.
Marketing, Advertising, and Personalization Cookies: Subject to explicit user consent and with comprehensive opt-out mechanisms, we use marketing cookies to deliver personalized advertisements and marketing content including advertising cookies that track user interests and preferences for targeted advertising, conversion tracking cookies that measure the effectiveness of marketing campaigns and advertising investments, audience segmentation cookies that help us understand user demographics and interests, remarketing cookies that enable us to show relevant advertisements to users who have previously visited our services, and social media cookies that enable sharing and social media integration features. All marketing cookies are subject to user consent and can be disabled at any time through our comprehensive cookie preference center.
9.2 User Control and Consent Management Framework
We provide users with comprehensive, granular, and accessible control over cookies and tracking technologies through multiple mechanisms designed to respect user preferences, provide meaningful choice, and ensure compliance with applicable privacy laws across all jurisdictions where we operate. Advanced Cookie Preference Center: Users can access our sophisticated cookie preference center at any time through prominent links in our website footer, privacy policy, and account settings to view current cookie settings and preferences, understand the specific purpose and functionality of each cookie category, review detailed information about third-party cookies and tracking technologies, modify their consent preferences for different categories of cookies, view and manage cookies set by specific third-party partners, and receive immediate confirmation of preference changes. Changes to cookie preferences take effect immediately across all future visits and interactions, and users receive clear confirmation of their updated settings.
Browser-Level Controls and Global Privacy Mechanisms: Users can also manage cookies through their browser settings and privacy controls including blocking all cookies or specific categories of cookies, blocking third-party cookies while allowing first-party cookies, deleting existing cookies and browsing data, setting automatic cookie deletion schedules, and configuring cookie notifications and permissions. We provide comprehensive, up-to-date instructions for managing cookies in all popular browsers including Chrome, Firefox, Safari, Edge, and mobile browsers, along with clear explanations of how different cookie settings may affect website functionality and user experience. We recognize and automatically honor Global Privacy Control signals, Do Not Track requests, and other universal opt-out mechanisms that allow users to express their privacy preferences automatically across multiple websites and services.
Comprehensive Consent Documentation and Withdrawal: We maintain detailed records of user consent for cookies and tracking technologies including the specific categories of cookies consented to, the date and time of consent, the method of consent collection, any changes to consent preferences over time, and comprehensive audit trails for regulatory compliance and user transparency. Users can withdraw their consent for any or all non-essential cookies at any time through our cookie preference center, account settings, or direct contact with our privacy team, and such withdrawal takes effect immediately without any negative consequences to account access or core service functionality.
10. Enhanced Children's Privacy Protection Framework
10.1 Comprehensive Age Verification and Protection Measures
We are committed to providing the highest level of protection for the privacy of children and minors, implementing comprehensive safeguards that exceed the minimum requirements under applicable laws including the Children's Online Privacy Protection Act (COPPA), and ensuring that our services are appropriate only for adult users who can provide informed consent for data processing activities. Strict Age Restrictions and Verification: Our services are exclusively intended for individuals who are at least 18 years of age, and we implement multiple layers of age verification including explicit age affirmation during account registration processes, age verification questions integrated into onboarding workflows, systematic monitoring for indicators of underage use including behavioral patterns and communication content, automated systems that flag potentially underage accounts for manual review, and periodic re-verification of user ages through account review processes.
COPPA Compliance and Under-13 Protection: In strict compliance with the Children's Online Privacy Protection Act codified at 15 U.S.C. §§ 6501-6506, we do not knowingly collect personal information from children under 13 years of age. If we discover that we have inadvertently collected personal information from a child under 13, we immediately delete such information from our systems and take steps to prevent future collection. Parental Rights Under Enhanced COPPA Framework: Parents who believe their child has provided personal information to us may contact us to request deletion of such information and to prevent future collection. Under the 2025 amendments to the COPPA Rule, we have implemented enhanced parental rights including separate verifiable parental consent requirements for targeted advertising activities, expanded transparency obligations that require detailed disclosure of third parties who receive children's personal information, and strengthened data security requirements including mandatory written information security programs.
10.2 Enhanced Protection for Young Adults and Transitional Users
While our services are available to individuals 18 and older, we recognize that young adults may require additional privacy protections and comprehensive education about their privacy rights and the implications of data sharing in digital environments. Privacy Education and Digital Literacy: We provide clear, accessible, and age-appropriate information about privacy rights and data collection practices specifically designed for young adult users, including comprehensive explanations of consent mechanisms, detailed information about data sharing practices and their implications, educational materials about privacy settings and controls, guidance on protecting personal information in digital environments, and resources for understanding privacy rights under applicable laws.
Enhanced Consent and Control Mechanisms: For users who indicate they are between 18 and 21, we provide additional safeguards including enhanced information about the implications of consent and data sharing decisions, more prominent and accessible opt-out mechanisms for non-essential data collection and marketing communications, additional confirmation steps for sensitive data processing activities, clearer explanations of automated decision-making and profiling activities, and enhanced support for exercising privacy rights including deletion and data portability requests.
11. Comprehensive Contact Information and Regulatory Oversight Framework
11.1 Privacy Contact and Data Protection Officer
All privacy-related inquiries, data subject rights requests, compliance questions, and privacy complaints should be directed to our designated privacy contact: Email: This email address is being protected from spambots. You need JavaScript enabled to view it. Postal Address: Advice Wave, LLC, Attention: Privacy Officer, 304 S. Jones Blvd #1106, Las Vegas, Nevada 89107-2623, United States. We are committed to providing timely, professional, and comprehensive responses to all privacy inquiries within five business days of receipt, and to resolving privacy concerns and complaints in a manner that is satisfactory to all parties while ensuring full compliance with applicable legal requirements. Our privacy team maintains current expertise in privacy laws across all jurisdictions where we operate and regularly participates in continuing education and professional development to ensure the highest standards of privacy protection and regulatory compliance.
11.2 Comprehensive Regulatory Authority Information and Complaint Procedures
Users have comprehensive rights to lodge complaints with relevant privacy regulatory authorities if they believe their privacy rights have been violated, if they are unsatisfied with our response to their privacy concerns, or if they wish to seek independent review of our privacy practices. UK Residents: The Information Commissioner's Office (ICO) serves as the UK's independent data protection authority with comprehensive powers to investigate privacy complaints, conduct audits, and impose enforcement actions. Contact information: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom. Website: www.ico.org.uk. Telephone: 0303 123 1113. The ICO provides comprehensive guidance on privacy rights, complaint procedures, and enforcement actions, and maintains online resources for individuals seeking to understand and exercise their privacy rights.
Canadian Residents: The Privacy Commissioner of Canada oversees compliance with PIPEDA and other federal privacy laws, with authority to investigate complaints, conduct audits, and make recommendations for privacy protection improvements. Contact information: Office of the Privacy Commissioner of Canada, 30 Victoria Street, Gatineau, Quebec K1A 1H3, Canada. Website: www.priv.gc.ca. Telephone: 1-800-282-1376. The Privacy Commissioner provides comprehensive resources for understanding privacy rights under Canadian law, filing complaints, and accessing mediation and investigation services. US Residents: While there is no single federal privacy authority in the United States, residents may contact relevant state attorneys general, consumer protection agencies, or other regulatory bodies regarding privacy concerns. Nevada residents may contact the Nevada Attorney General's Office regarding privacy matters under Nevada law. California residents may contact the California Privacy Protection Agency regarding privacy matters under California privacy laws. Other state residents should consult their state attorney general's office or consumer protection agency for guidance on privacy complaint procedures.
12. Policy Updates, Legal Changes, and Future Compliance Framework
We reserve the right to update, modify, or revise this privacy policy at any time to reflect changes in our business practices, service offerings, legal requirements, regulatory guidance, technological developments, or industry standards, while ensuring that any material changes are communicated clearly and transparently to all affected users. Material Change Notification Procedures: Material changes to this policy that may affect user privacy rights or data processing activities will be communicated to users through multiple channels including prominent notice on our website homepage and privacy policy page, direct email notification to all registered users at their primary email addresses, in-app notifications for mobile application users, and other appropriate communication channels as necessary to ensure effective notice. Material changes affecting processing activities that are based on user consent will require new, explicit consent from affected users before such changes take effect.
Legal and Regulatory Compliance Monitoring: We maintain ongoing monitoring of legal and regulatory developments in all jurisdictions where we operate or serve users, including subscription to legal update services, participation in industry associations and privacy organizations, regular consultation with legal counsel specializing in privacy law, monitoring of regulatory guidance and enforcement actions, and participation in industry conferences and educational programs focused on privacy compliance and best practices.
Policy Version Control and Historical Record Maintenance: The effective date of any updated policy will be clearly indicated at the beginning of this document, and we will maintain archived versions of previous policies for reference, regulatory compliance, and user transparency. Users are encouraged to review this policy periodically to stay informed about how we protect their privacy and any changes to our privacy practices. This comprehensive privacy policy was last updated on July 26, 2025, and is effective immediately upon posting on our website and other digital properties.