DIVA
DIVA
DIVA

00

privacy_policy()

Information about how DIVA handles your personal data and privacy.

1) Scope; Roles; Contact

  • Scope. This Policy applies to personal information we process about visitors, account holders, purchasers, and other users of the Services.
  • Controller. For applicable privacy laws (e.g., GDPR/UK GDPR, CPRA), we act as a controller when deciding why and how personal information is processed.
  • Contact. Email contact@divazero.com or use divazero.com/contact for questions or rights requests.

2) California Notice at Collection

We collect the categories of personal information described in Sections 3–4 for the purposes in Section 5 and retain them per Section 11. We do not sell personal information and do not share it for cross-context behavioral advertising as defined by California law. If that changes, we will update this Policy and provide the required opt-out mechanisms.

3) Personal Information We Collect

Depending on how you interact with the Services, we may collect:

  • Identifiers (e.g., name, email address, account ID, IP address, device identifiers).
  • Customer records & transaction data (e.g., billing contact details, purchase history, offer IDs, delivery status). Payments are processed by a third-party processor; we do not store full payment card numbers.
  • Internet or network activity (e.g., logs, pages viewed, referring URLs, session timestamps, diagnostics).
  • Approximate geolocation derived from IP (city/region level).
  • Inferences drawn from interactions to personalize content and offers.
  • Communications (e.g., chat transcripts, support tickets, email correspondence).
  • Sensitive personal information limited to account authentication data and limited payment-verification signals; we do not collect government IDs or precise geolocation.

4) Sources of Personal Information

  • Directly from you (account creation, purchases, messages, support).
  • Automatically from your device (cookies, logs, analytics).
  • From service providers and contractors (e.g., payment, hosting, analytics).
  • From publicly visible blockchains if you later opt into NFT minting (wallet addresses and on-chain activity are public and outside our control).

5) How We Use Personal Information

  1. Provide and operate the Services, including chat, offers, checkout, and digital delivery.
  2. Fulfill transactions and provide confirmations, receipts, and support.
  3. Personalize content and inventory suggestions based on interactions.
  4. Secure the Services; detect and prevent fraud, abuse, or prohibited conduct.
  5. Analyze and improve performance, functionality, and user experience.
  6. Maintain records to comply with tax, accounting, and other legal obligations.
  7. Communicate about service updates and policy changes and—where required—send marketing with your consent.
  8. Enforce our terms, protect rights, and comply with law.

6) Disclosures of Personal Information

We do not sell personal information and do not share it for cross-context behavioral advertising.

We disclose personal information to:

  • Service providers / contractors for hosting, storage, email delivery, analytics, security, and payments. They must use data only on our instructions and protect it appropriately.
  • Legal and compliance recipients when required by law, subpoena, or to protect rights, safety, and security.
  • Business transfer recipients in connection with a merger, acquisition, or asset sale, under appropriate confidentiality and successor obligations.

We may publish aggregated or de-identified statistics (e.g., revenue totals, counts of sales). We maintain and use de-identified data in de-identified form and commit not to re-identify it.

7) Cookies and Tracking Technologies

  • Strictly necessary cookies (security, session, checkout).
  • Functional cookies (preferences, basic personalization).
  • Analytics cookies (traffic, usage, performance).

You can manage cookies in your browser settings; disabling some cookies may impair functionality. We currently do not respond to Do Not Track signals. Where required, we will honor recognized Global Privacy Control (GPC) signals for opt-out preferences that apply in your jurisdiction.

8) Automated Decision-Making and Profiling

Certain features (e.g., whether and how an offer is generated and at what price) use automated logic based on inputs such as your interactions and inventory attributes. These processes personalize and operate the Services and do not involve decisions with legal or similarly significant effects in the sense of denying access to essential services. Where required by law, you may request information about such automated processing and seek human review (see Section 12).

9) Your Choices

  • Marketing communications: unsubscribe using the link in our emails.
  • Cookies/analytics: adjust browser settings or available analytics opt-outs.
  • Account & data: request access, correction, deletion, or a copy of your data (see Section 12).

10) Security

We implement reasonable and appropriate technical and organizational measures to protect personal information (e.g., encryption in transit, access controls, least-privilege practices). No method of transmission or storage is perfectly secure.

11) Retention

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods include:

  • Account and purchase records: up to 7 years after last transaction (tax/records).
  • Chat transcripts and support tickets: up to 24 months from last interaction (or sooner if requested and not needed for legal purposes).
  • Analytics logs: typically 14–26 months (provider-dependent).
  • De-identified/aggregated data: retained without time limit, maintained in de-identified form.

We may retain limited information to honor suppression/opt-out requests.

12) Your Rights

Your rights depend on your location and may include:

  • Access/Know: obtain confirmation and a copy of personal information we maintain about you.
  • Correction: request correction of inaccurate or incomplete information.
  • Deletion: request deletion, subject to legal exceptions.
  • Portability: request a portable copy of certain information.
  • Restriction/Objection: object to or request restriction of certain processing.
  • Automated decisions: request information and, where applicable, human review.
  • Opt-outs (U.S. states): if we engage in targeted advertising, sale, or profiling producing legal/significant effects, you may have the right to opt out. We currently do not sell or share personal information under California law.
  • Appeal (e.g., VA/CO/CT): if we deny your request, you may appeal. Instructions will be provided in our response.
  • Non-discrimination: we will not discriminate against you for exercising your rights.

How to exercise your rights. Email contact@divazero.com or use divazero.com/contact. We will verify your identity and respond within the timeframe required by law. You may authorize an agent to submit requests on your behalf, subject to verification.

13) California Privacy Disclosures (CPRA)

  • No sale/sharing: we do not sell personal information or share it for cross-context behavioral advertising.
  • Sensitive PI: we do not use or disclose Sensitive Personal Information for purposes requiring a right to limit under CPRA.
  • Shine the Light: we do not disclose personal information to third parties for their own direct marketing.

14) EU/EEA and UK — GDPR Disclosures

Legal bases. We process personal data on the bases of: (a) contract (Art. 6(1)(b)) to provide the Services and fulfill purchases; (b) legitimate interests (Art. 6(1)(f)) for security, fraud prevention, service improvement, and basic personalization (balanced against your rights); (c) consent (Art. 6(1)(a)) for certain cookies/marketing; and (d) legal obligation (Art. 6(1)(c)) for record-keeping and compliance.

Transfers. We are U.S.-based. Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses and UK IDTA/Addendum).

Rights. You have GDPR/UK GDPR rights (access, rectification, erasure, restriction, portability, objection, and to withdraw consent). You may also lodge a complaint with your local Supervisory Authority.

15) International Transfers

Your information may be processed in countries with laws that differ from yours. We implement appropriate safeguards for cross-border transfers as required by law.

16) Children’s Privacy

The Services are not directed to children under 13 (or under 16 where consent is required by local law). We do not knowingly collect personal information from such children. If you believe we have done so, contact us to request deletion.

17) Third-Party Links and Services

The Services may contain links to third-party websites or services. Their privacy practices are governed by their own policies; we are not responsible for their content or practices.

18) NFTs and Blockchain (If/When Enabled)

If you later choose to mint an NFT related to your artwork, blockchain records are public and immutable, and wallet addresses may be publicly visible. We do not control third-party wallets, networks, or smart contracts and are not responsible for their security or availability. Network fees or other costs may apply.

19) Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will provide notice as required by law (e.g., prominent notice on the Site). Your continued use of the Services after the effective date constitutes acceptance.

20) How to Contact Us

Email: contact@divazero.com
Web: divazero.com/contact