PRIVACY POLICY

Effective Date: November 29, 2025

1. INTRODUCTION

Theresa Moloney Coaching Inc. ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website at theresamoloney.com, purchase or use our Programs, Products, or Services, or interact with us.

By using our website or services, you consent to this Privacy Policy. If you do not agree, please do not use our offerings.

We comply with: Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada; California Consumer Privacy Act (CCPA/CPRA); General Data Protection Regulation (GDPR) - EU/EEA; and other applicable privacy laws.

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Information: Name, email, mailing address, phone number, date of birth, username, password

Payment Information: Credit/debit card details (processed by payment processors), billing address, transaction history

Program Participation: Food journals, progress photos, measurements, workout logs, health information you voluntarily disclose (medical conditions, injuries, medications), goals, preferences, responses to surveys

Communications: Content of emails/messages, questions, feedback, Community posts and comments, testimonials

Media: Your image, voice, and likeness during coaching calls, webinars, group sessions, and photos/videos you submit

2.2 Information Collected Automatically

Device/Browser: IP address, browser type, device type, operating system, language preferences

Usage: Pages visited, time on pages, links clicked, referring website, navigation paths, date/time of visits

Cookies: See Section 3 for details

2.3 Information from Third Parties

Social media platforms (basic profile information when you interact with us)

Payment processors (transaction confirmations)

Advertising platforms (aggregated audience data)

3. COOKIES AND TRACKING TECHNOLOGIES

3.1 What We Use

(a) Essential Cookies (required): Session management, security, login authentication, shopping cart

(b) Functional Cookies: Preferences, settings, language selection, personalization

(d) Advertising Cookies:

Meta (Facebook) Pixel for retargeting, ad performance, Custom/Lookalike Audiences

Other advertising platforms (Google Ads, etc.)

3.2 Third-Party Cookies

Third parties place their own cookies: Meta (Facebook/Instagram), Google, Stripe, PayPal, email platforms (ConvertKit/Mailchimp), video platforms (Zoom, Vimeo, YouTube), membership platforms. These have their own privacy and cookie policies.

3.3 Managing Cookies

Control cookies through browser settings (Chrome: Settings > Privacy; Firefox: Options > Privacy; Safari: Preferences > Privacy; Edge: Settings > Privacy). Disabling cookies may affect website functionality.

3.4 Opting Out of Ads

Adjust Facebook/Instagram ad preferences in account settings

Visit Digital Advertising Alliance: www.aboutads.info/choices

Use browser ad-blocking extensions

Adjust device mobile ad settings (iOS: Limit Ad Tracking; Android: Opt out of Ads Personalization)

4. HOW WE USE YOUR INFORMATION

We use your information to:

Provide Services: Process purchases, deliver programs and content, provide coaching and feedback (including food journal reviews), facilitate live calls and webinars, respond to inquiries, manage accounts, process payments

Improve Offerings: Analyze usage patterns, improve website/platforms, develop new programs, conduct research (anonymized)

Marketing: Send information about new programs/offers, educational content, newsletters, success stories (with permission for identified content), surveys; show relevant ads on social media and other platforms; create Custom/Lookalike Audiences; retarget website visitors; measure ad performance

Legal/Business Purposes: Comply with legal obligations, enforce Terms, protect rights and safety, prevent fraud, resolve disputes, maintain records

You can unsubscribe from marketing emails anytime by clicking "unsubscribe" in any marketing email or contacting [email protected]. Unsubscribing won't stop transactional/program-related emails.

5. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information for others' marketing purposes.

5.1 Service Providers

We share information with third-party providers who help operate our business:

Payment Processing: Stripe, PayPal (name, email, billing address, payment info)

Email/Communications: ConvertKit, Mailchimp, or similar (name, email, engagement data)

Platforms: Website hosting, membership software, course platforms (account info, usage data)

Video: Zoom (name, email, video/audio during sessions)

Social Media: Meta/Facebook (name, email for Custom Audiences, behavioral data via Pixel)

Analytics: Google Analytics (anonymized browsing behavior, device info)

Customer Support: Email, chat, ticketing systems (contact info, inquiries)

Cloud Storage: Secure data storage providers (all platform data)

5.2 Legal Requirements

We may disclose information when required by law, court orders, government requests, law enforcement investigations, to protect legal rights/safety, prevent fraud, or enforce our Terms.

5.3 Business Transfers

If we're involved in a merger, acquisition, sale, or bankruptcy, your information may be transferred. We'll notify you of such changes.

5.4 With Your Consent

We may share information with your explicit consent (e.g., featuring named testimonials in marketing, sharing your story with media).

5.5 Aggregated/Anonymized Data

We may share aggregated or anonymized data that cannot identify you with anyone for any purpose.

6. SOCIAL MEDIA AND ADVERTISING

6.1 Meta (Facebook/Instagram) Advertising

We use Meta advertising platforms, including:

Facebook Pixel: Tracks website visits/behavior, enables retargeting, measures ad performance

Custom Audiences: Upload email lists to show ads to existing customers/subscribers or exclude them

Lookalike Audiences: Reach new potential customers similar to existing customers

Conversion Tracking: Measure ad effectiveness

6.2 How It Works

When you visit our website or interact with ads, advertising platforms place cookies and collect browsing behavior to show you relevant ads on other platforms. We receive ad performance reports.

6.3 Your Choices

Control ads by adjusting Facebook/Instagram ad preferences, visiting www.aboutads.info/choices, using browser privacy settings/ad blockers, or clearing cookies regularly.

6.4 Social Media Interactions

On social media platforms, those platforms' terms and privacy policies apply. Interactions may be public depending on your settings. We may respond to, share, or feature your comments/posts.

7. INTERNATIONAL DATA TRANSFERS

We are based in Canada. Your information may be transferred to, stored in, and processed in Canada, the United States, and other countries where service providers operate. These countries may have different data protection laws than your country.

By using our services, you consent to international data transfers. We implement appropriate safeguards including contractual protections and security measures.

8. DATA SECURITY

We implement reasonable security measures including encryption of sensitive data, SSL technology, restricted access (limited to employees/contractors who need it), regular security assessments, secure passwords, and firewall protection.

Payment security: We don't store complete credit card numbers. Payment info is processed securely by PCI DSS compliant processors using industry-standard encryption.

No guarantee: No internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

Your responsibility: Keep your password confidential, don't share login credentials, log out of shared devices, and notify us immediately of unauthorized access.

Breach notification: We'll notify you of data breaches affecting your information as required by law.

9. DATA RETENTION

We retain information as long as necessary to:

Provide services (including Lifetime Access to purchased programs)

Comply with legal obligations (7 years for tax/financial records)

Resolve disputes and enforce Terms

Fulfill purposes in this Privacy Policy

Specific periods:

Account information: 7 years after account closure

Payment records: 7 years

Program materials: Indefinitely (for Lifetime Access)

Marketing data: Until you opt out

Food journals/personal data: While you have access plus 2-3 years

After retention periods, we securely delete/destroy information or anonymize it. You can request deletion subject to legal retention requirements (see Section 10).

10. YOUR PRIVACY RIGHTS

10.1 General Rights (depending on location):

Access: Request a copy of your personal information

Rectification: Request correction of inaccurate/incomplete information

Deletion: Request deletion (subject to legal/business obligations)

Restrict Processing: Request limited use of your information

Data Portability: Request information in structured, machine-readable format

Object: Object to processing for certain purposes

Withdraw Consent: Withdraw consent for consent-based processing

10.2 How to Exercise Rights

Email: [email protected]

Mail: 1480 Nassau Rd., Douro-Dummer, Ontario K9J 6Y1

Include: full name, email associated with account, specific request, verification information. We'll respond within 45 days.

We may need to verify your identity before processing requests. We may decline requests that are unreasonably repetitive, excessive, technically infeasible, compromise others' privacy, or legally required to retain.

11. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

11.1 Categories of Information Collected (past 12 months):

Identifiers (name, email, address, phone, IP, username); Customer Records (billing, payment, purchase history); Commercial Information (purchases, transactions, preferences); Internet Activity (browsing, search, website interaction); Geolocation (general location from IP); Audio/Visual (photos, videos, voice recordings); Professional Information (if shared); Health Information (voluntarily provided); Inferences (preferences/characteristics)

11.2 Sources: Directly from you; automatically via cookies/tracking; third parties (payment processors, social media)

11.3 Purposes: As described in Section 4

11.4 Third Parties: As described in Section 5

11.5 Sale/Sharing

We don't "sell" information traditionally, but our use of advertising cookies/pixels for targeted ads may be considered "sharing" or "selling" under California law's broad definition.

11.6 California Consumer Rights:

Right to Know: Request information about categories/sources/purposes/third parties/specific pieces of data

Right to Delete: Request deletion (subject to exceptions)

Right to Correct: Request correction of inaccurate information

Right to Opt-Out: Opt out of sale/sharing for targeted advertising

Right to Non-Discrimination: Not be discriminated against for exercising rights

11.7 Exercise Rights

Submit requests via email ([privacy email]), mail ([address]), or phone ([number]). Include name, email, mailing address, and description. We'll verify identity and respond within 45 days (may extend 45 days).

11.8 Opt-Out of Sale/Sharing

Email [email protected] with "Opt-Out" in subject

Decline advertising cookies

11.9 Authorized Agent

You may designate an authorized agent. Agent must provide proof of authorization; we may require direct identity verification.

12. EUROPEAN PRIVACY RIGHTS (GDPR)

12.1 Legal Bases for Processing

Contract Performance: To provide purchased services

Legitimate Interests: For business interests (marketing, improving services, fraud prevention) when your rights don't override

Consent: Where you've given explicit consent (marketing, cookies)

Legal Obligation: To comply with legal requirements

12.2 Your GDPR Rights

In addition to Section 10 rights:

Lodge Complaint: File complaint with local data protection authority

All rights in Section 10.1 apply

12.3 Exercise Rights

Contact [email protected]. We'll respond within one month (may extend two months if complex).

12.4 Data Protection Officer

Contact our Data Protection Officer (if appointed) or privacy team at [email protected]

12.5 International Transfers

When transferring data outside EEA/UK/Switzerland, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

12.6 Supervisory Authority

You may lodge complaints with your local data protection authority if you believe we've violated your privacy rights.

13. CHILDREN'S PRIVACY

Our services are not intended for individuals under 18. We don't knowingly collect information from children under 18. If you're a parent/guardian and believe your child under 18 provided us information, contact us immediately at [email protected] and we'll promptly delete it.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in practices, technology, or legal requirements. Material changes will be posted on our website with a new "Effective Date" and communicated to active Members via email. Continued use after changes constitutes acceptance. Review periodically to stay informed.

15. CONTACT US

Privacy Questions/Concerns/Complaints:

Email: [email protected]

Mail: Theresa Moloney Coaching Inc. Attention: Privacy Officer, 1480 Nassau Rd., Douro-Dummer, Ontario K9J 6Y1 Canada

Website: theresamoloney.com

We'll respond within 30 days.

Complaints: If we haven't adequately addressed your concerns, contact:

Canada: Office of the Privacy Commissioner (www.priv.gc.ca)

California: California Attorney General (www.oag.ca.gov )

EU/EEA/UK: Your local data protection authority

LAST UPDATED: November 29, 2025

EFFECTIVE DATE: November 29, 2025