Privacy Policy - TamperSure

Last Updated & Effective: December 19, 2025

At TamperSure Incorporated (“we,” “us,” or “our”), we are committed to protecting your privacy. This policy explains how we collect, use, disclose, retain, and safeguard your data when you visit www.tampersure.com (the “Website”). We comply with CCPA/CPRA (including Jan. 1, 2026 updates), CalOPPA, GDPR, PIPEDA, LGPD, POPIA, ePrivacy Directive, COPPA (including 2025 amendments), Shine the Light, Australia’s Privacy Act 1988, India’s Digital Personal Data Protection Act, 2023. By using the Website, you consent to these practices. If you disagree, please do not use it.

1. Who We Are

Company: TamperSure Incorporated
Address: 2322 Aralia Street, Newport Beach, CA 92660
Website: www.tampersure.com
Privacy Contact: Rick McCormick (Privacy Officer)
Email: rick@tampersure.com
Phone: 714-292-8688

EU/UK (GDPR): Data Controller
Canada (PIPEDA): Accountability Officer (Rick McCormick)
South Africa (POPIA): Responsible Party
Brazil (LGPD): Controlador
Australia (Privacy Act): APP Entity
India (DPDP): Data Fiduciary

2. Information We Collect

We collect personal information (PI) only as necessary. Sources include:

Type	CCPA Categories	Examples	Source	Purposes
You Provide	Identifiers, Commercial Info	Name, email, comments, uploads	Forms, accounts	Site operation, communication
Automatic	Identifiers, Internet Activity, Geolocation (approx. via IP)	IP address, browser type, pages visited, cookies	Site logs, Complianz	Performance, spam prevention
Third-Party	Identifiers (hashed)	Gravatar avatar (email hash), spam results	Gravatar, Akismet	Avatars, spam filtering

Notice at Collection: We collect this PI for Website functionality. Avoid uploading images with GPS (EXIF) data—visitors can extract it. No sensitive PI (e.g., health, biometrics) collected.

3. Do We Sell or Share Your Data?

NO. We do not sell PI or share for cross-context behavioral advertising (CCPA §1798.140). In the past 12 months, we disclosed:

Identifiers & Internet Activity to service providers (e.g., hosting for storage, Akismet for spam filtering).

These are business purposes under contract, not sales/sharing. Opt-Out: Do Not Sell or Share My Personal Information
Honors Global Privacy Control (GPC) signals automatically. Requests verified via email match or ID.

4. How We Use Your Data

Purpose	GDPR/PIPEDA/LGPD/POPIA Basis
Run site (logins, comments)	Contract / Necessary for performance
Improve performance	Legitimate Interest
Prevent spam/fraud	Legitimate Interest
Send password resets	Contract
Comply with law	Legal Obligation
Protect rights/safety	Legitimate Interest
Cookies (non-essential)	Consent (freely given, specific, informed; withdraw anytime)

No automated decision-making technology (ADMT) for significant decisions (CCPA 2026 compliant). No profiling with legal effects.

5. Who We Share With

Recipient	PI Categories (Past 12 Months)	Purpose	Safeguards
Hosting (e.g., WP Engine)	Identifiers, Internet Activity	Storage	DPA, Encryption
Akismet	Identifiers (IP), Internet Activity	Spam filter	Contract, Limited Retention
Gravatar	Identifiers (email hash)	Avatar	Anonymized Processing
Legal Authorities	As required	Compliance	Valid Order Only

No third-party marketing disclosures (Shine the Light compliant). All providers bound by contracts ensuring GDPR/PIPEDA/LGPD/POPIA standards.

6. How Long We Keep Data

We retain PI only as necessary for purposes or legal requirements.

Data	Retention	Basis
Comments	Indefinitely (threading)	Legitimate Interest
Accounts	Until deletion request	Contract
Logs (IP, usage)	90 days (security)	Legal Obligation
Backups	30 days	Legitimate Interest
Cookies	Session to 1 year	Consent/Legitimate Interest

Deletion upon request, except legal holds.

7. Your Rights

Right	Applies To	Details
Access/Know	All	Copy of PI held
Correct/Rectify	All	Fix inaccuracies
Delete/Erase	All	Subject to exceptions
Portability	GDPR, CCPA, LGPD	Structured format
Opt-Out Sale/Share	CCPA, LGPD	No discrimination
Limit Sensitive PI Use	CCPA, LGPD, POPIA	Not applicable (none collected)
Object/Restrict	GDPR, PIPEDA, LGPD, POPIA	To processing
Withdraw Consent	GDPR, PIPEDA, LGPD, POPIA	Anytime, without detriment
Non-Discrimination	CCPA	No service denial/price changes

Exercise Rights:

Email: rick@tampersure.com (Subject: “Privacy Rights Request”)
Phone: 714-292-8688
Include name, email, residence, right(s) requested. Verification: Email match or government ID. Response: 45 days (CCPA, extendable 45); 30 days (others). Appeals: Reply to denial within 90 days; we review & respond in 45 days. Agents: Written authorization required. For users in Australia (under the Privacy Act 1988) or India (under the DPDP Act, 2023), these rights align with your entitlements, such as access to personal information, correction of inaccuracies, and withdrawal of consent. We handle requests in line with applicable timelines (e.g., 30 days for Australia's Privacy Act). If you have a grievance under India's DPDP, you may also contact the Data Protection Board once established.

8. Cookies & Tracking

Managed by Complianz (ePrivacy/GDPR/CCPA compliant):

Banner: First visit; granular categories (Necessary: Legitimate Interest; Others: Consent).
No pre-ticked boxes; equal reject/accept options.
Withdrawal: Anytime via shield icon (no detriment).
Honors DNT/GPC signals.
No cookies before consent (ePrivacy).

Third-party embeds (e.g., YouTube) may track—block via Complianz. See Cookie Policy for full list.

9. Children’s Privacy (COPPA)

Website not directed to children under 13 (or 16 in some regions). We do not knowingly collect PI from children, including biometrics (e.g., fingerprints, voiceprints, facial templates—2025 amendments). If discovered, we delete immediately. Parents: Verifiable consent required for any collection; opt-in for targeted ads/third-party disclosures. Contact us to review/revoke.

10. Security

Industry standards:

Encryption: TLS 1.3 (transit), AES-256 (at rest)
Controls: Role-based access, 2FA, firewalls, monitoring
Breach Notification: Within 72 hours (GDPR); as required (CCPA/PIPEDA/LGPD/POPIA)

No system is 100% secure; we notify affected users promptly.

11. International Transfers

Data stored/processed in USA (adequate safeguards).

From	To	Safeguard
EU/UK	USA	EU Standard Contractual Clauses (SCCs)
Brazil	USA	LGPD Data Processing Agreement
South Africa	USA	POPIA Operator Agreement
Canada	USA	PIPEDA Contractual Clause

Australia	USA	Compliance with Australian Privacy Principle 8 (cross-border disclosure); Standard Contractual Clauses where required
India	USA	Compliance with DPDP Act provisions (e.g., consent-based transfers or exemptions for licensing inquiries); Data Processing Agreements

12. California-Specific (CCPA/CPRA)

Categories Collected (Past 12 Months): Identifiers, Internet Activity, Approximate Geolocation.
Purposes: As in Section 4.
Disclosed To: Service providers (categories above; no sales/sharing). Shine the Light: No disclosures for direct marketing; opt-out available upon request.

13. Changes

Updates posted here with “Last Updated” date. Material changes: Email notice (accounts) or banner. Continued use = acceptance. Review annually.

14. Contact

rick@tampersure.com (mail to: rick@tampersure.com)
2322 Aralia Street, Newport Beach, CA 92660
714-292-8688

Authorities:

CA (CPPA): cppa.ca.gov
EU: Local DPA (e.g., edpb.europa.eu)
Canada (OPC): priv.gc.ca
Brazil (ANPD): gov.br/anpd
South Africa (Regulator): inforegulator.org.za
* Australia (OAIC): [www.oaic.gov.au](https://www.oaic.gov.au)
* India (Data Protection Board): Refer to the Ministry of Electronics and Information Technology at [www.meity.gov.in](https://www.meity.gov.in) for updates on the DPDP Act implementation

Effective December 19, 2025. Next Review: December 19, 2026.
Footer: Privacy Policy | Do Not Sell/Share