Privacy Policy

Last Updated: October 29, 2025 Effective Date: October 29, 2025

1. Introduction

Manifest Inc., doing business as The Dog Gurus and other brand names (collectively, "Manifest," "we," "us," "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our coaching and training platform, including our website, applications, and services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service.

This Privacy Policy applies to all users of the Service, including business owners, managers, employees, and staff members.

1.1 Quick Summary

Here's what you need to know:

We collect your account information, business data, learning progress, AI chat interactions, and financial KPIs you provide
We use your data to provide the Service, including AI-powered coaching recommendations
We share data with service providers (payment processing, analytics, email delivery, AI services) under strict confidentiality
We protect your data with encryption, access controls, and multi-tenant isolation
You have rights to access, delete, and control your personal information (details vary by jurisdiction)
We use cookies for authentication, session management, and analytics

For detailed information, please read the full policy below.

2. Data Controller and Contact Information

Data Controller:

Manifest Inc. 2260 Scottwood Ave Toledo, OH 43620 United States

Contact Us:

Email: support@thedoggurus.com
Support: support@thedoggurus.com
Mail: Manifest Inc., 2260 Scottwood Ave, Toledo, OH 43620

For EU/UK residents, our representative can be contacted at: support@thedoggurus.com

For privacy-related inquiries, including requests to exercise your rights, please contact: support@thedoggurus.com

3. Information We Collect

We collect several categories of information from and about users of our Service.

3.1 Information You Provide Directly

3.1.1 Account Registration Information

When you create an account, we collect:

Personal Identifiers: First name, last name, email address
Authentication Data: Password (encrypted), email verification status
Profile Information: Profile photo/avatar, job title
Business Information (for Business Owners): Business name, description, industry vertical (e.g., pet care, salon), business stage, business goals, physical address (street, city, state, postal code), phone number, website URL

3.1.2 Business Profile and Onboarding Data

During onboarding, we may collect:

Questionnaire Responses: Answers to business profile questions (text, numerical, multiple choice)
Business Goals: Growth objectives, target metrics, priorities
Staff Information: Number of employees, organizational structure

3.1.3 Business Financial Data (KPIs)

If you choose to track financial metrics, we collect:

Revenue: Monthly revenue figures
Profit: Monthly profit figures
Payroll: Monthly payroll expenses
Staff Size: Number of employees
Service Units: Business-specific operational metrics
Data Source: Whether data is manually entered, CSV imported, or synced from QuickBooks

Important: We do not collect bank account numbers, full credit card numbers, or other highly sensitive financial credentials. Payment processing is handled by Stripe (see Section 6.1).

3.1.4 User Content

You may upload or submit:

Documents: Standard operating procedures (SOPs), business procedures, training materials
Images and Videos: Business logos, learning content, coaching call recordings
AI Chat Messages: Questions, prompts, and conversations with our AI Assistant
Feedback: Comments, ratings, and suggestions about the Service

3.1.5 Learning and Training Data

As you use the Service, we collect:

Learning Progress: Courses completed, lessons viewed, time spent on content
Assessment Results: Quiz scores, test answers, completion status
Assignments: Training assigned to staff, due dates, completion status
Achievements: Badges earned, milestones reached

3.1.6 Communication Preferences

Email Preferences: Which types of emails you want to receive (assignments, reminders, newsletters)
Notification Settings: In-app notification preferences

3.2 Information Collected Automatically

3.2.1 Usage Information

When you use the Service, we automatically collect:

Device Information: Browser type, operating system, device type (desktop, mobile, tablet)
IP Address: Your Internet Protocol address (may be used to infer approximate geographic location)
Session Data: Login times, last sign-in timestamp, session duration
Interaction Data: Pages viewed, features used, clicks, navigation paths
Performance Data: Error messages, page load times, system crashes

3.2.2 Cookies and Tracking Technologies

We use cookies and similar technologies. See Section 9 (Cookies) for details.

3.2.3 Analytics Data

We use third-party analytics services (Amplitude) to collect:

Event Data: User actions (sign in, assignment created, conversation started)
User Properties: Role, subscription tier, vertical
Business Properties: Business name, subscription status, trial status
Session Information: Session ID, device ID

3.3 Information from Third Parties

3.3.1 Authentication Provider (WorkOS)

We use WorkOS for authentication. WorkOS provides:

User ID: External user identifier
Email Verification Status: Whether your email has been verified
Authentication Events: Login attempts, multi-factor authentication status

3.3.2 Payment Processor (Stripe)

Stripe processes payments and provides:

Payment Status: Subscription status, payment success/failure
Customer ID: Stripe customer identifier
Transaction Data: Billing amounts, dates, payment method type (last 4 digits only)

We do not store your full credit card numbers. Stripe securely stores payment information.

3.3.3 QuickBooks Online (Optional)

If you connect QuickBooks, we access:

Company Information: QuickBooks company ID (Realm ID)
Financial Reports: Profit & Loss statements, revenue, payroll data based on your configured account mappings
OAuth Tokens: Encrypted access and refresh tokens for API access

3.3.4 CRM Integration (HubSpot)

We may sync data with HubSpot:

Contact Records: Your email, name, business association
Company Records: Business information
Engagement Data: Email opens, clicks (tracked by HubSpot)

Note: Internal Manifest staff (manifested.com email addresses) are excluded from HubSpot syncing by default.

3.4 Sensitive Personal Information

Under certain privacy laws (e.g., CCPA), some information is considered "sensitive":

Account Credentials: Passwords (always encrypted)
Financial Data: Revenue, profit, payroll figures
Contents of Communications: AI chat messages may contain sensitive business information

We do not intentionally collect:

Social Security numbers
Driver's license numbers
Passport numbers
Precise geolocation (GPS coordinates)
Genetic or biometric data
Health information
Information about sexual orientation or religious beliefs

If you include sensitive information in coaching calls, chat messages, or uploaded documents, you consent to our processing of that information as described in this Privacy Policy.

4. How We Use Your Information

We use your information for the following purposes:

4.1 Provide and Improve the Service

Account Management: Create and manage your account, authenticate your identity, maintain user profiles
Service Delivery: Provide access to learning content, coaching materials, AI Assistant, and other features
AI Recommendations: Generate personalized coaching insights, business recommendations, and answers to your questions using our AI Assistant
Learning Tracking: Monitor learning progress, track assignments, issue certificates
Business Analytics: Display KPI dashboards, generate reports, track business goals
Personalization: Customize content and recommendations based on your vertical, role, and preferences

4.2 Process Payments and Subscriptions

Billing: Process subscription payments, manage billing cycles, issue invoices
Subscription Management: Handle upgrades, downgrades, cancellations, and renewals
Financial Reporting: Track revenue, calculate fees, manage refunds

4.3 Communicate with You

Transactional Emails: Send assignment notifications, due date reminders, password resets, billing receipts
Service Updates: Notify you of new features, service changes, maintenance windows
Marketing Communications: Send newsletters, promotional offers, educational content (you may opt out)
Customer Support: Respond to inquiries, troubleshoot issues, provide assistance

4.4 Ensure Security and Prevent Fraud

Security Monitoring: Detect and prevent unauthorized access, abuse, or fraudulent activity
Account Protection: Monitor for suspicious login attempts, verify identity
Compliance: Enforce our Terms of Service and Acceptable Use Policy

4.5 Analyze and Improve

Usage Analytics: Understand how users interact with the Service, identify popular features
Performance Optimization: Improve speed, reliability, and user experience
Product Development: Develop new features, improve AI models, enhance Learning Content
Quality Assurance: Test new features, identify and fix bugs

4.6 Comply with Legal Obligations

Legal Compliance: Respond to subpoenas, court orders, legal processes
Regulatory Requirements: Comply with tax laws, financial regulations, data protection laws
Dispute Resolution: Investigate and resolve disputes, enforce our legal rights

4.7 AI Training and Model Improvement

Aggregated Data: Use anonymized, aggregated data to improve AI models and coaching recommendations
Feedback Learning: Analyze user feedback (positive/negative ratings) to improve AI responses
Redacted Content Sharing: Use fully redacted coaching call transcripts (with all PII removed) to improve AI coaching insights across all users (see Section 8.3)

Important: We do NOT use your specific business data to train third-party AI models (OpenAI, Anthropic, etc.) without your explicit consent. Our use of third-party AI services is limited to generating responses for you.

5. Legal Basis for Processing (GDPR)

If you are located in the European Union (EU) or United Kingdom (UK), we process your personal data based on the following legal grounds under GDPR:

5.1 Contractual Necessity

We process data necessary to perform our contract with you (Terms of Service), including:

Providing access to the Service
Authenticating your account
Processing subscription payments
Delivering learning content and AI recommendations
Providing customer support

5.2 Legitimate Interests

We process data for our legitimate business interests, including:

Improving the Service and developing new features
Analyzing usage patterns and optimizing performance
Preventing fraud and ensuring security
Marketing our services to existing customers
Conducting business analytics

We balance these interests against your privacy rights and do not process data where your rights override our legitimate interests.

5.3 Consent

We process data based on your explicit consent for:

Optional integrations (e.g., QuickBooks)
Marketing communications (you may withdraw consent at any time)
Use of redacted coaching calls for AI improvement (you may opt out)
Non-essential cookies and analytics (where required by law)

5.4 Legal Obligations

We process data to comply with legal obligations, including:

Responding to legal requests and court orders
Tax and financial reporting requirements
Compliance with data protection laws

6. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

6.1 Service Providers and Business Partners

We share information with third-party service providers who perform services on our behalf under strict confidentiality obligations:

6.1.1 Authentication and Identity (WorkOS)

Purpose: User authentication, email verification, session management
Data Shared: Email, name, user ID
Location: United States
Privacy Policy: https://workos.com/privacy

6.1.2 Payment Processing (Stripe)

Purpose: Process subscription payments, manage billing
Data Shared: Email, name, business name, payment information (you provide directly to Stripe)
Location: United States (with global operations)
Privacy Policy: https://stripe.com/privacy

6.1.3 Cloud Storage (Amazon Web Services S3)

Purpose: Store user avatars, business logos, learning content, uploaded documents
Data Shared: Images, videos, documents, coaching call recordings
Location: US-East-2 (Ohio, USA)
Privacy Policy: https://aws.amazon.com/privacy/

6.1.4 Video Processing (Mux)

Purpose: Video transcoding, streaming, thumbnail generation
Data Shared: Video files, video metadata
Location: United States
Privacy Policy: https://www.mux.com/privacy

6.1.5 AI Services (External RAG Service)

Purpose: Power the AI Assistant with retrieval-augmented generation
Data Shared: Your chat messages, coaching call transcripts, business KPIs, learning content (for context retrieval and response generation)
Location: United States (AWS US-East-1 and AWS US-East-2)
AI Model Providers: Our RAG service may use OpenAI (https://openai.com/privacy/) or Anthropic (https://www.anthropic.com/privacy) for language model processing
Data Retention: AI providers do not retain your data beyond the API call (per our agreements)

Important: Our AI service has direct read/write access to our database to retrieve content and update processing status. All access is logged and audited.

6.1.6 Analytics (Amplitude)

Purpose: Understand user behavior, measure feature adoption, improve product
Data Shared: User ID, business ID, session data, event data (sign in, feature usage), user properties (role, subscription tier)
Location: United States
Privacy Policy: https://amplitude.com/privacy

6.1.7 Error Monitoring (Sentry)

Purpose: Detect and diagnose errors, monitor application performance
Data Shared: Error messages, stack traces, user ID (not PII), device/browser information
Location: United States
Privacy Policy: https://sentry.io/privacy/

Note: We sanitize error logs to remove PII (emails, phone numbers, etc.) before sending to Sentry.

6.1.8 Email Delivery (Postmark)

Purpose: Send transactional emails (assignments, reminders, notifications)
Data Shared: Email address, name, business name, email content
Location: United States
Privacy Policy: https://postmarkapp.com/privacy-policy

6.1.9 CRM and Marketing (HubSpot)

Purpose: Manage customer relationships, track engagement, marketing communications
Data Shared: Email, name, business information, engagement data
Location: United States
Privacy Policy: https://www.hubspot.com/data-privacy

Note: Internal Manifest staff are excluded from HubSpot by default.

6.1.10 Database Hosting (Render.com)

Purpose: Host PostgreSQL database
Data Shared: All user data, business data, learning progress, conversations
Location: United States
Privacy Policy: https://render.com/privacy

6.1.11 Application Hosting and CDN (Render.com, Cloudflare)

Purpose: Host web application, deliver content, improve performance
Data Shared: IP addresses, session data, user requests
Location: United States (with global edge locations)
Privacy Policies:
- Render: https://render.com/privacy
- Cloudflare: https://www.cloudflare.com/privacypolicy/

6.1.12 Queue Management (Redis Cloud)

Purpose: Manage background jobs, task queues, pubsub messaging
Data Shared: Job metadata, task identifiers, status updates
Location: United States
Privacy Policy: https://redis.io/legal/privacy-policy/

6.2 Within Your Business

Users within your Business (Business Owner, Managers, Staff) can access data based on their role permissions:

Business Owners: Access to all Business data, including KPIs, coaching calls, staff progress
Managers: Access to staff management, business metrics, learning content
Staff: Access only to their assigned learning content and progress

Business Owners are responsible for managing user access and permissions appropriately.

6.3 Manifest Staff

Manifest employees and contractors may access your data for:

Customer Support: Troubleshooting issues, answering questions
Service Maintenance: System administration, bug fixes, performance optimization
Legal Compliance: Responding to legal requests, investigating violations
Quality Assurance: Testing features, reviewing AI Assistant performance

All Manifest staff are bound by confidentiality obligations and access data only as necessary to perform their duties.

6.4 Business Transfers

If Manifest is involved in a merger, acquisition, asset sale, or bankruptcy:

We may transfer your information to the acquiring entity
The acquiring entity will be bound by this Privacy Policy
We will notify you of any change in ownership or control

6.5 Legal Requirements and Protection

We may disclose your information:

To comply with law: Subpoenas, court orders, legal processes, regulatory requirements
To protect rights and safety: Enforce our Terms of Service, investigate fraud, prevent harm, protect our legal rights
With your consent: When you explicitly authorize disclosure

6.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably identify you:

Industry benchmarks and trends
Usage statistics and analytics
Research and reporting

This data is not considered personal information and may be used for any purpose.

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect your information:

7.1 Technical Safeguards

Encryption:
- Data in transit encrypted using TLS/SSL (HTTPS)
- Sensitive data at rest encrypted in our database
- Passwords hashed using industry-standard algorithms
- OAuth tokens encrypted before storage
Access Controls:
- Role-based access control (RBAC) limits data access based on job function
- Multi-factor authentication (MFA) available for user accounts
- Database access restricted to authorized personnel
Network Security:
- Firewalls and intrusion detection systems
- Regular security monitoring and logging
- Isolated network environments
Security Headers:
- X-Frame-Options, X-Content-Type-Options, Strict-Transport-Security
- Referrer-Policy, Permissions-Policy

7.2 Administrative Safeguards

Employee Training: Staff trained on data security and privacy best practices
Confidentiality Agreements: All employees and contractors sign confidentiality agreements
Background Checks: Screening of personnel with access to sensitive data
Incident Response Plan: Procedures for detecting and responding to security incidents

7.3 Physical Safeguards

Cloud Infrastructure: Data hosted on secure cloud platforms (AWS, Render) with physical security controls
Data Centers: SOC 2 compliant facilities with access restrictions, surveillance, environmental controls

7.4 Vulnerability Management

Automated Scanning: Weekly Dependabot scans and CI/CD pipeline npm audit on every pull request
Patching SLA:
- Critical vulnerabilities (production impacted): 24 hours
- High severity: 7-30 days depending on impact
- Medium/Low: 90 days or best effort
Monthly Security Review: Audit of vulnerabilities and dependency health

7.5 Multi-Tenant Data Isolation

Database Segregation: Business data strictly isolated using business ID filters
Query Validation: Every database query validates business context
Row-Level Security: Users can only access data associated with their Business
Cross-Tenant Prevention: Safeguards prevent unauthorized cross-Business access

7.6 Limitations

No security system is impenetrable. Despite our efforts:

We cannot guarantee absolute security
Unauthorized access may occur due to circumstances beyond our control
You are responsible for protecting your account credentials

If you believe your account has been compromised, contact us immediately at support@thedoggurus.com.

8. AI Processing and Coaching Call Redaction

8.1 How the AI Assistant Works

Our AI Assistant uses Retrieval-Augmented Generation (RAG) technology:

Your Input: You ask a question or request advice
Context Retrieval: The AI searches relevant content (learning materials, coaching calls, KPIs) associated with your Business
Response Generation: An AI model (powered by OpenAI or Anthropic) generates a response based on retrieved context
Source Citations: The AI cites specific learning content where applicable

8.2 Data Sent to AI Providers

When you use the AI Assistant, we send the following to our AI service (which may use OpenAI or Anthropic):

Your Message: The question or prompt you entered
Conversation History: Previous messages in the conversation (for context)
Retrieved Content: Relevant excerpts from learning content, coaching calls, and KPIs
Metadata: Your vertical, user ID, business ID (for personalization and access control)

AI providers process this data to generate responses but do NOT use it to train their general models (per our agreements and their data processing terms).

8.3 Coaching Call Redaction and Sharing

To improve AI coaching quality across all users, we may create redacted versions of coaching call transcripts:

8.3.1 PII Redaction Process

Automatic Redaction: We use AI-powered tools to remove all personally identifiable information (PII) from coaching call transcripts, including:
- Personal names (clients, employees, family members)
- Company and business names
- Contact information (phone numbers, emails, addresses)
- Geographic identifiers (street names, neighborhoods, ZIP codes)
- Dates and timeline identifiers
- Health/medical information
- Legal case information
- Account numbers, licenses, tax IDs
Quality Check: An automated "LLM-as-a-judge" reviews redacted transcripts to detect any remaining PII
Manual Review: If PII is detected, the content is flagged for manual review and correction by Manifest staff

8.3.2 Redaction Examples

Original Text	Redacted Text
"John Smith called about..."	"[CLIENT A] called about..."
"At Paws & Claws Daycare, we..."	"At [PET CARE FACILITY], we..."
"Call me at 555-123-4567"	"Call me at [PHONE]"
"Email john@example.com"	"Email [EMAIL]"
"Located at 123 Main St, Springfield"	"Located in [CITY, STATE]"

8.3.3 How Redacted Content is Used

Your Business: You always have access to the un-redacted version of your coaching calls
Other Businesses: Other users can access a fully redacted version (with all PII removed) as AI context only
No Citations: Redacted coaching calls are never cited, linked, or directly referenced in AI responses to other users
Context Only: The AI uses redacted content to improve its general coaching knowledge, but responses are generalized (e.g., "In similar situations, businesses have found success by...")

8.3.4 Dual Vectorization

For business-specific coaching calls with redaction enabled:

Un-redacted Vector: Stored with your business ID, accessible only to your Business and Manifest staff, can be cited in your AI conversations
Redacted Vector: Stored without business ID, accessible to all users as general context only, never cited or linked

8.3.5 Opt-Out of Redacted Sharing

If you do not wish for redacted versions of your coaching calls to be used for general AI context, contact us at support@thedoggurus.com. Your request will be processed within 30 days, and redacted versions will be removed from shared AI context.

8.4 AI Data Retention

Conversation History: Retained while your account is active (you may delete conversations)
AI Provider Processing: AI providers (OpenAI, Anthropic) do not retain your data beyond the API call
AI Training: Anonymized, aggregated data may be used to improve our AI models (not third-party models)

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit.

9.2 Cookies We Use

Cookie Name	Purpose	Type	Duration	Essential?
`token`	Stores JWT token with user authentication data	Authentication	30 days	Yes
`accessToken`	Stores WorkOS access token for session management	Authentication	30 days	Yes
`organizationId`	Stores current business context for multi-tenant access	Functional	30 days	Yes
Amplitude cookies	Tracks user sessions and analytics events	Analytics	Varies	No

9.3 Cookie Properties

Authentication Cookies:

HTTPOnly: Yes (prevents JavaScript access, protects against XSS attacks)
Secure: Yes (transmitted only over HTTPS)
SameSite: Lax (protects against CSRF attacks)

9.4 Third-Party Cookies

We use third-party analytics services (Amplitude) that may set cookies to track:

User sessions
Page views
Feature usage
Conversion events

You can control third-party cookies through your browser settings:

Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies

9.5 Essential vs. Non-Essential Cookies

Essential Cookies: Required for authentication, session management, and basic functionality. You cannot opt out of essential cookies.
Non-Essential Cookies: Used for analytics and performance tracking. You may opt out via browser settings or cookie management tools.

9.6 Managing Cookies

Browser Controls:

Google Chrome: Settings > Privacy and Security > Cookies
Safari: Preferences > Privacy > Cookies and website data
Firefox: Settings > Privacy & Security > Cookies and Site Data
Edge: Settings > Privacy, search, and services > Cookies

Disabling Cookies: Disabling cookies may limit your ability to use certain features of the Service, particularly authentication.

9.7 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. We do not currently respond to DNT signals because there is no industry-wide standard for interpreting them.

10. Data Retention

10.1 Active Accounts

We retain your information while your account is active and for as long as necessary to provide the Service.

10.2 Account Deletion

When you delete your account or cancel your subscription:

Deletion Period: We delete your personal information within 30-90 days, except as noted below
Backups: Data in backup systems may persist for up to 90 days before permanent deletion
Aggregated Data: Anonymized, aggregated data may be retained indefinitely for analytics

10.3 Data Retained After Deletion

Certain data may be retained longer for legal or business purposes:

Legal Obligations: Financial records retained for 7 years (tax, accounting requirements)
Dispute Resolution: Data related to disputes, claims, or litigation retained until resolution
Fraud Prevention: Information about banned users or fraudulent activity retained to prevent re-registration
Legal Hold: Data subject to legal hold, subpoena, or court order

10.4 User-Initiated Deletion

You may request deletion of:

Conversations: Delete individual AI chat conversations from your account
User Content: Delete uploaded documents, images, coaching calls
Account: Request full account deletion (see Section 11.4)

10.5 Retention by Category

Data Type	Retention Period
Account information	Active account + 30-90 days after deletion
Learning progress	Active account + 30-90 days after deletion
Conversations (AI chat)	Active account + 30-90 days (or until you delete)
Business KPIs	Active account + 30-90 days after deletion
Uploaded files	Active account + 30-90 days after deletion
Subscription/billing	7 years (legal requirement)
Usage logs	12 months
Error logs	90 days
Analytics data (anonymized)	Indefinitely

11. Your Privacy Rights

Your rights vary depending on your location. Below are rights available by jurisdiction.

11.1 Rights for All Users (Regardless of Location)

Access Account Information: View and update your profile, business information, and preferences through Account Settings
Delete Conversations: Delete individual AI chat conversations
Unsubscribe from Marketing: Opt out of marketing emails via unsubscribe links or email preferences
Account Deletion: Request deletion of your account by contacting support@thedoggurus.com

11.2 Additional Rights for EU/UK Residents (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

11.2.1 Right of Access

Request a copy of the personal data we hold about you.

11.2.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

11.2.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.

11.2.4 Right to Restriction of Processing

Request that we limit how we use your data in certain circumstances.

11.2.5 Right to Data Portability

Request a copy of your data in a structured, machine-readable format.

11.2.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

11.2.7 Right to Withdraw Consent

Withdraw consent for processing based on consent (does not affect past processing).

11.2.8 Right to Lodge a Complaint

File a complaint with your local data protection authority:

UK: Information Commissioner's Office (ICO) - https://ico.org.uk/
EU: Your local supervisory authority - https://edpb.europa.eu/about-edpb/board/members_en

11.2.9 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not make such automated decisions.

To exercise GDPR rights, contact support@thedoggurus.com with "GDPR Request" in the subject line.

11.3 Additional Rights for California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the following rights:

11.3.1 Right to Know

Request information about:

Categories of personal information collected
Sources of personal information
Business or commercial purposes for collecting or selling personal information
Categories of third parties with whom we share personal information
Specific pieces of personal information collected about you

11.3.2 Right to Delete

Request deletion of your personal information, subject to legal exceptions.

11.3.3 Right to Correct

Request correction of inaccurate personal information.

11.3.4 Right to Opt-Out of Sale or Sharing

We do not sell personal information. However, certain analytics activities may be considered "sharing" for targeted advertising purposes under CCPA. You may opt out by:

Contacting support@thedoggurus.com
Using the "Do Not Sell or Share My Personal Information" link on our website (if implemented)

11.3.5 Right to Limit Use of Sensitive Personal Information

We do not use sensitive personal information for purposes other than providing the Service. If we do in the future, you will have the right to limit such use.

11.3.6 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not be:

Denied service
Charged different prices
Provided a different level of service quality

To exercise CCPA rights, contact support@thedoggurus.com with "CCPA Request" in the subject line.

Verification: We will verify your identity before processing requests (may require email verification or account login).

11.4 Additional Rights for Canadian Residents (PIPEDA)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights:

11.4.1 Right to Access

Request access to your personal information held by Manifest.

11.4.2 Right to Correct

Request correction of inaccurate or incomplete personal information.

11.4.3 Right to Withdraw Consent

Withdraw consent for processing, subject to legal or contractual restrictions.

11.4.4 Right to File a Complaint

File a complaint with the Office of the Privacy Commissioner of Canada:

Website: https://www.priv.gc.ca/
Phone: 1-800-282-1376

To exercise PIPEDA rights, contact support@thedoggurus.com with "PIPEDA Request" in the subject line.

11.5 How to Exercise Your Rights

To submit a privacy request:

Email: support@thedoggurus.com with request type in subject line (e.g., "GDPR Access Request")
Include:
- Your name and email address associated with your account
- Specific right you wish to exercise
- Details of your request
Verification: We will verify your identity before processing
Response Time:
- GDPR requests: 30 days (may extend to 60 days for complex requests)
- CCPA requests: 45 days (may extend to 90 days)
- PIPEDA requests: 30 days

Authorized Agents: California residents may designate an authorized agent to submit requests on their behalf. Agents must provide proof of authorization.

12. International Data Transfers

12.1 Data Location

Our primary operations are in the United States. Your data may be stored and processed in:

United States (primary data centers)
Other countries where our service providers operate

12.2 Transfers from EU/UK to the US

If you are located in the EU or UK, your data will be transferred to the United States. We rely on the following mechanisms:

12.2.1 Standard Contractual Clauses (SCCs)

We use European Commission-approved Standard Contractual Clauses with our service providers to ensure adequate protection.

12.2.2 Data Processing Agreements

We enter into Data Processing Agreements (DPAs) with service providers that handle EU/UK data, requiring them to:

Process data only on our instructions
Implement appropriate security measures
Comply with GDPR requirements

12.2.3 Adequacy Decisions

Where possible, we use service providers in countries with EU adequacy decisions (countries deemed to provide adequate data protection).

12.3 Transfers from Canada to the US

For Canadian users, we transfer data to the United States under contracts that include appropriate safeguards consistent with PIPEDA requirements.

12.4 Your Rights Regarding Transfers

If you are in the EU/UK, you may:

Request information about transfer mechanisms
Object to transfers that do not meet GDPR standards
Lodge a complaint with your supervisory authority

13. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction).

We do not knowingly collect personal information from children. If you are under 18, do not use the Service or provide any personal information.

If we learn that we have collected information from a child under 18, we will delete it promptly. If you believe we have collected information from a child, contact us immediately at support@thedoggurus.com.

14. Changes to This Privacy Policy

14.1 Right to Modify

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top
For material changes, we will provide notice by:
- Posting a notice on the Service
- Sending an email to your registered email address
- Requiring you to accept the updated Privacy Policy before continuing to use the Service

14.2 Acceptance of Changes

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

If you do not agree to the changes, you must stop using the Service and may request deletion of your account.

14.3 Material Changes

For changes that materially reduce your rights or expand our use of your data, we will provide at least 30 days' advance notice and obtain your consent where required by law.

15. Contact Us and Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@thedoggurus.com Support: support@thedoggurus.com Mail: Manifest Inc. 2260 Scottwood Ave Toledo, OH 43620 United States

For GDPR Requests (EU/UK): support@thedoggurus.com For CCPA Requests (California): support@thedoggurus.com with "CCPA Request" in subject For PIPEDA Requests (Canada): support@thedoggurus.com with "PIPEDA Request" in subject

Response Time: We aim to respond to all privacy inquiries within 10 business days.

16. Supplemental Information

16.1 California Residents: Notice at Collection

Categories of Personal Information Collected:

Category	Examples	Collected?
Identifiers	Name, email, IP address, account ID	Yes
Commercial information	Subscription history, payment status	Yes
Internet activity	Browsing history, feature usage, clicks	Yes
Financial information	Revenue, profit, payroll (entered by you)	Yes
Geolocation	Approximate location from IP address	Yes
Professional information	Job title, business role	Yes
Education information	Learning progress, assessment scores	Yes
Inferences	Preferences, coaching recommendations	Yes
Sensitive personal information	Account credentials, chat messages	Yes

Business or Commercial Purposes:

Providing the Service
Processing payments
Communicating with you
Analyzing and improving the Service
Security and fraud prevention

Categories of Third Parties with Whom We Share:

Service providers (authentication, payment, analytics, AI, email, cloud storage)
Business partners (with your consent)
Legal and government authorities (when required by law)

Data Retention: See Section 10 above.

Selling or Sharing: We do not sell personal information. Certain analytics activities may constitute "sharing" for targeted advertising purposes; you may opt out.

16.2 EU/UK Residents: Data Protection Officer

For GDPR inquiries, you may contact our Data Protection Officer:

Email: support@thedoggurus.com Mail: Data Protection Officer, Manifest Inc., 2260 Scottwood Ave, Toledo, OH 43620

16.3 Security Incident Notification

In the event of a data breach affecting your personal information:

EU/UK Residents: We will notify you and applicable supervisory authorities within 72 hours as required by GDPR
California Residents: We will notify you without unreasonable delay as required by California Civil Code § 1798.82
Other Users: We will notify you in accordance with applicable laws

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.