Privacy Policy

Website: https://heartjoytoday.com/
Effective Date: February 1, 2026
Last Updated: February 1, 2026

1. Executive Privacy Commitment

HeartJoy Transformation, LLC (“HeartJoy”) is committed to protecting the confidentiality, integrity, and availability of personal and health-related information entrusted to us.

Our privacy posture is designed to align with:

• HIPAA Privacy, Security, and Breach Notification      Rules (where applicable)
• Federal Trade Commission (FTC) consumer data      protection expectations
• Applicable Arizona data protection and breach      notification laws
• Industry-recognized security and risk management      practices

We treat privacy as a governance responsibility, not just a technical function.

2. Privacy Governance Model

HeartJoy maintains administrative, technical, and physical safeguards designed to:

• Prevent unauthorized disclosure
• Detect inappropriate access
• Support forensic reconstruction if required
• Maintain regulatory reporting capability
• Support incident response and breach notification obligations

Privacy and security controls are reviewed periodically as part of risk management activities.

3. Scope of Information Covered

This posture applies to information collected through:

• Website interactions
• Client onboarding and intake processes
• Service delivery communications
• Digital and cloud-hosted systems
• Third-party service providers acting on our behalf

4. Categories of Information Collected

Personal Identification Data

May include:

• Name
• Contact information
• Demographic information
• Service history

Health or Wellness Information (When Provided)

May include:

• Health goals
• Self-reported medical or wellness information
• Program participation data

When applicable, this may be treated as Protected Health Information (PHI).

Technical and Security Data

May include:

• IP address
• Browser and device fingerprinting data
• Session logs
• Security monitoring logs
• Access timestamps

This data supports fraud prevention, security monitoring, and system integrity validation.

5. Lawful Basis and Permitted Uses

We collect and process data only for legitimate business purposes including:

• Service delivery and client support
• Operational administration
• Security monitoring and threat detection
• Legal and regulatory compliance
• Billing and financial processing
• Quality assurance and service improvement

We do not sell personal data or health data.

6. Minimum Necessary Standard

When handling health-related or sensitive information, HeartJoy follows the principle of:

Minimum Necessary Access

Access is limited to:
• Authorized workforce members
• Approved service providers
• Regulatory authorities when required

7. Third-Party Risk Management

We may use third-party vendors for:

• Cloud hosting
• Payment processing
• Communications platforms
• Analytics services
• IT and cybersecurity support

Where applicable, we implement:

• Contractual data protection obligations
• Business Associate Agreements (if PHI is involved)
• Security due diligence reviews
• Vendor access restrictions

8. Data Security Safeguards

HeartJoy uses layered safeguards including:

Administrative Safeguards

• Workforce confidentiality requirements
• Security awareness expectations
• Access authorization controls
• Incident response procedures

Technical Safeguards

• Encryption in transit (HTTPS / TLS)
• Role-based access control
• Authentication protections
• Logging and monitoring capabilities
• Secure cloud architecture

Physical Safeguards (Where Applicable)

• Controlled device access
• Secure workspace practices
• Device protection standards

9. Logging, Monitoring, and Accountability

HeartJoy maintains system-level logging to support:

• Security event detection
• Incident investigation
• Compliance review
• Audit traceability

Log retention follows operational, legal, and security needs.

10. Data Retention and Disposal

Data is retained only as long as necessary for:

• Service delivery
• Legal and regulatory obligations
• Risk management
• Business continuity

When no longer required, data is securely deleted, destroyed, or de-identified.

11. Incident Response and Breach Notification

If a suspected or confirmed data incident occurs, HeartJoy will:

1. Investigate promptly
2. Contain and remediate exposure
3. Perform root cause analysis
4. Notify affected parties when legally required
5. Notify regulators when required by law

12. Individual Privacy Rights

Individuals may request:

• Access to their data
• Correction of inaccurate data
• Copies of stored information
• Restrictions on certain uses when applicable

Requests may be submitted to:
[Insert Privacy Contact Email]

13. Website Tracking Transparency

We may use cookies and analytics tools to:

• Maintain website functionality
• Improve user experience
• Detect abuse or fraud
• Measure service performance

Users may disable cookies via browser settings.

14. Children’s Privacy

Services are not directed to children under 13.
We do not knowingly collect children’s data.

15. Continuous Improvement and Risk Management

HeartJoy periodically reviews privacy and security controls to:

• Address emerging threats
• Improve data protection practices
• Maintain regulatory alignment
• Support operational resilience

16. Changes to This Statement

We reserve the right to update this posture as laws, risks, or technologies change.
Updates will be posted on our website.

17. Contact Information

HeartJoy Transformation, LLC
Website: https://heartjoytoday.com/
Privacy Contact: kimberly@heartjoytoday.com
Phone:602-688-2632