← Back
Last updated: 2025-09-25
Holophage Limited — Privacy Policy
This policy explains what personal data we collect, how we use it, and the choices you have. “Personal data” means any information that identifies or can be reasonably linked to an individual.
Short version: We collect only what we need to provide support and operate our site. We don’t sell or “share” your personal data for cross-context behavioral advertising. We honor Global Privacy Control signals where applicable.
At a glance
- Minimal collection: contact details you submit (e.g., support requests).
- No ads tracking: we do not run behavioral ads and do not sell or share your data.
- Essential cookies only: used only if required for site functionality; we avoid tracking cookies.
- Modern security: TLS in transit, access controls, and least-privilege practices.
1) Who we are & scope
Controller: Holophage Limited, 1942 Broadway Ste 314C, Boulder, CO 80302, USA.
This policy covers holophage.com and any pages that link to it. It does not cover third-party sites we link to.
2) Data we collect
Data you provide directly
- Contact information (e.g., email address) when you open a support ticket or otherwise contact us.
- Account or order information if you register or purchase from us (only if/when such features are available).
- Feedback & correspondence related to our products or services.
Data we may collect automatically (minimal)
To operate, secure, and measure basic performance of the site, we may process limited technical data such as:
- HTTP request data (IP address, user-agent, referrer) in server logs for security and reliability.
- Basic analytics that avoid tracking individuals where feasible (e.g., aggregated page counts). We do not profile visitors.
We avoid setting non-essential cookies or using cross-site tracking technologies.
3) Sources
- You (forms, emails, tickets, voluntary submissions)
- Automatically from your browser or device (standard HTTP requests and server logs)
- Service providers that host our site or route email (metadata only as necessary)
4) How we use personal data
- Provide and support our site, services, and customer support.
- Improve usability, reliability, and accessibility of our site.
- Security: detect, prevent, and respond to fraud, abuse, and incidents.
- Communications: respond to inquiries and send service-related messages.
- Compliance: meet legal, regulatory, and tax obligations and enforce terms.
We do not sell or “share” personal data for cross-context behavioral advertising as defined by the California Privacy Rights Act (CPRA).
5) Legal bases (EEA/UK visitors)
- Contractual necessity (e.g., to provide support you request).
- Legitimate interests (e.g., site security, minimal analytics, improving services), balanced against your rights.
- Consent (where required, e.g., non-essential cookies—rare; we avoid them).
- Legal obligations (e.g., recordkeeping, compliance requests).
6) Retention
We keep personal data only as long as necessary for the purposes described above, including to comply with legal obligations, resolve disputes, and enforce agreements. We use documented retention schedules and delete or de-identify data when it is no longer needed.
7) Sharing & processors
We do not sell personal data. We share personal data only with service providers (processors) under contracts that require confidentiality, appropriate security, and processing solely on our instructions. Typical categories include:
- Hosting & infrastructure (serve the website, store logs securely)
- Email delivery & ticketing (send/receive communications you request)
- Security & reliability (DDoS mitigation, uptime monitoring)
We may also disclose data when required by law or to protect rights, property, or safety.
8) International transfers
Where personal data is transferred across borders, we use appropriate safeguards consistent with applicable law (e.g., Standard Contractual Clauses (SCCs) for EEA/UK data). You can contact us for more information about these safeguards.
9) Cookies, local storage & signals
- Essential cookies only: the site is designed to operate without non-essential cookies. If a feature requires a cookie (e.g., session for an authenticated area), it will be limited to that purpose.
- Global Privacy Control (GPC): we honor GPC signals where applicable by treating them as an opt-out of sale/sharing and targeted advertising.
- Do Not Track (DNT): DNT is not a widely adopted standard; we instead prioritize honoring GPC and avoiding tracking by default.
10) Your privacy rights
Depending on your location, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your data (subject to legal exceptions)
- Portability (receive a copy in a portable format)
- Restrict or object to certain processing
- Withdraw consent where processing relies on consent
- Opt out of sale/sharing and targeted advertising (we do not sell or share)
To exercise rights, email [email protected]. We may need to verify your request. Authorized agents (where permitted by law) should provide proof of authorization.
Complaints
If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority. We would appreciate the chance to address your concerns first.
11) Security
We implement reasonable and appropriate safeguards to protect personal data, including:
- TLS for data in transit, with modern configurations (e.g., TLS 1.2+).
- Access controls, principle of least privilege, and multi-factor authentication for administrative systems.
- Segregated environments, audit logging, and periodic reviews.
No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal data, we will notify you and/or authorities as required by law.
12) Children
Our site and services are not directed to children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will take appropriate steps to remove it.
13) Email & unsubscribe (CAN-SPAM)
We may email you to respond to inquiries, provide updates you requested, or send important service messages. Marketing emails (if any) will include an unsubscribe link. You can also write to [email protected] to opt out. We do not use false or misleading headers, and we include our physical mailing address in commercial emails.
14) Changes to this policy
We may update this policy to reflect changes to our practices or legal requirements. We will post the updated version here and update the “Last updated” date at the top.