1. Introduction and Scope

1.1. This Privacy Policy ("Policy") describes how MockupExpo ("we," "us," "our"), operating from Edmonton, Alberta, Canada, collects, uses, stores, protects, and discloses personal information through our website MockupExpo.com ("Website").

1.2. This Policy applies to all visitors, registered users, subscribers, and anyone who accesses or uses our Website or services ("you," "your").

1.3. By accessing our Website, creating an account, subscribing to our services, or otherwise providing personal information to us, you acknowledge that you have read, understood, and agree to the practices described in this Policy.

1.4. We are committed to protecting your privacy and handling your personal information in accordance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, the General Data Protection Regulation (GDPR) of the European Union (where applicable), and other relevant privacy legislation.

1.5. We reserve the right to modify this Policy at any time. Material changes will be notified via email or prominent notice on our Website at least 30 days before becoming effective. Your continued use after changes constitutes acceptance.

2. Definitions

2.1. "Personal Information" means any information about an identifiable individual, including but not limited to name, email address, IP address, and account details.

2.2. "Processing" means any operation performed on personal information, including collection, use, storage, disclosure, or deletion.

2.3. "Data Controller" means MockupExpo, which determines the purposes and means of processing personal information.

2.4. "Data Processor" means any third party that processes personal information on our behalf.

2.5. "Cookies" means small text files placed on your device when visiting our Website.

2.6. "Subscription" means our annual access plan to download Mockups.

3. Information We Collect

3.1. Information You Provide Directly

• 3.1.1. Account Registration Information: When you create an account, we collect your full name, email address, and password (stored in encrypted form).
• 3.1.2. Profile Information: Optional information you may provide, such as company name, job title, or profile picture.
• 3.1.3. Payment-Related Information: When you subscribe, you are redirected to PayPal to complete payment. We do not collect, store, or process your credit card numbers, bank account details, or other financial information. PayPal provides us with confirmation of payment, transaction ID, subscription start date, renewal date, and your PayPal email address only.
• 3.1.4. Communications: Any information you provide when contacting us via email, support tickets, or feedback forms, including the content of your messages and our responses.
• 3.1.5. User Content: Any reviews, ratings, or comments you post on our Website.

3.2. Information Collected Automatically

• 3.2.1. Device and Usage Information: IP address, browser type and version, operating system, device type, screen resolution, language preferences, referring website, pages visited, time spent on pages, click patterns, download history, and dates/times of access.
• 3.2.2. Log Data: Server logs recording access times, pages viewed, and actions taken on our Website.
• 3.2.3. Location Information: General geographic location derived from your IP address (city/country level), not precise GPS coordinates.
• 3.2.4. Cookie and Tracking Technologies: Information collected through cookies, web beacons, pixel tags, and similar technologies as detailed in Section 6.

3.3. Information from Third Parties

• 3.3.1. PayPal: Payment confirmation, transaction ID, subscription status, and PayPal account email.
• 3.3.2. Analytics Providers: Aggregated and anonymized usage patterns from Google Analytics and other analytics services we may implement.
• 3.3.3. Email Service Providers: Engagement data (opens, clicks) when we send you emails through services such as Mailchimp, ConvertKit, SendGrid, ActiveCampaign, or other similar platforms we may adopt.

4. Legal Basis for Processing (GDPR)

4.1. We process personal information only where we have a legal basis to do so under applicable law.

4.2. Contractual Necessity: Processing necessary to perform our contract with you (providing subscription access, processing payments through PayPal, delivering customer support).

4.3. Legitimate Interests: Processing necessary for our legitimate business interests, including:

• Website security and fraud prevention
• Service improvement and analytics
• Marketing our own services to existing customers
• Legal compliance and enforcement of our terms

4.4. Consent: Processing based on your explicit consent, including:

• Placement of non-essential cookies
• Sending promotional marketing emails
• Any future processing activities requiring consent under applicable law

4.5. Legal Obligation: Processing necessary to comply with applicable laws, regulations, court orders, or tax requirements.

4.6. You may withdraw consent at any time by contacting us, though this will not affect processing already completed.

5. How We Use Your Information

• 5.1. Service Provision and Management: Creating and managing your account; providing access to Mockups; processing subscription payments through PayPal; sending subscription confirmations and renewal reminders; maintaining download history; and ensuring technical functionality.
• 5.2. Customer Support: Responding to inquiries, troubleshooting technical issues, handling complaints, and providing account assistance.
• 5.3. Billing and Payments: Managing subscription billing cycles through PayPal; sending payment confirmations and invoices; handling failed payment notifications; and maintaining financial records for accounting and tax purposes.
• 5.4. Communication: Sending service-related emails including account confirmations, subscription renewals, password resets, security alerts, and policy updates; sending marketing communications if you have opted in; and requesting feedback or reviews.
• 5.5. Analytics and Improvement: Analyzing Website usage patterns to improve user experience; identifying popular Mockups; testing new features; monitoring Website performance; and conducting research and analysis.
• 5.6. Security and Fraud Prevention: Detecting and preventing unauthorized access, fraudulent transactions, abuse of our services, and other harmful activities; monitoring for security vulnerabilities; and enforcing our Terms of Service.
• 5.7. Legal Compliance: Complying with applicable laws, regulations, and legal processes; responding to lawful requests from public authorities; protecting our rights, privacy, safety, or property; and pursuing available remedies or limiting damages.
• 5.8. Marketing and Advertising: Displaying targeted advertisements through Google Ads, Facebook Ads, or other advertising platforms we may use; measuring advertising effectiveness; and creating lookalike audiences for marketing purposes (using hashed/encrypted data only).

6. Cookies and Tracking Technologies

6.1. Types of Cookies We Use

• 6.1.1. Essential Cookies: Strictly necessary for Website operation, including session management, authentication, and security. These cannot be disabled.
• 6.1.2. Functional Cookies: Enable enhanced functionality and personalization, such as remembering preferences and login details.
• 6.1.3. Analytics Cookies: Allow us to count visits, track usage patterns, and understand how visitors interact with our Website. Currently provided by Google Analytics. We may add other analytics providers such as Hotjar, Mixpanel, or Amplitude.
• 6.1.4. Advertising Cookies: Used to deliver relevant advertisements and track ad campaign performance. We may implement cookies from Google Ads, Facebook Pixel, LinkedIn Insight Tag, Twitter Pixel, or other advertising platforms.
• 6.1.5. Social Media Cookies: Enable sharing functionality and may be placed by social media platforms when you interact with their features on our Website.

6.2. Specific Cookies Currently in Use

• 6.2.1. Google Analytics: _ga, _gid, _gat cookies for tracking Website usage. Data is anonymized where possible.
• 6.2.2. Session Cookies: PHPSESSID or similar for maintaining login sessions.
• 6.2.3. PayPal Cookies: Set during payment processing to ensure transaction security.
• 6.2.4. Future Cookies: We reserve the right to implement additional cookies from services including but not limited to: Hotjar, Crazy Egg, Facebook Pixel, LinkedIn Insight Tag, Twitter Pixel, Pinterest Tag, TikTok Pixel, Google Ads Conversion Tracking, Microsoft Advertising, and other marketing, analytics, or functionality services.

6.3. Cookie Management

• 6.3.1. Upon first visit, you will see a cookie consent banner allowing you to accept or decline non-essential cookies.
• 6.3.2. You can modify cookie preferences at any time through our cookie settings panel.
• 6.3.3. You may also disable cookies through your browser settings, though this may limit Website functionality.
• 6.3.4. To opt out of Google Analytics specifically, visit https://tools.google.com/dlpage/gaoptout.
• 6.3.5. For general opt-out from interest-based advertising, visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.eu/.

7. Information Sharing and Disclosure

7.1. Third-Party Service Providers

• 7.1.1. We share personal information only with trusted third parties who assist in operating our Website, conducting business, or serving you, subject to confidentiality agreements.
• 7.1.2. Payment Processing: PayPal Holdings, Inc. processes all payments. We receive only confirmation of payment, not your financial details. PayPal's privacy policy applies to payment processing.
• 7.1.3. Website Hosting: Our hosting provider stores all Website data on secure servers. We do not publicly name our hosting provider for security reasons, but they are contractually bound to protect your data.
• 7.1.4. Analytics Services: Google LLC (Google Analytics) receives usage data. We may also engage Hotjar Ltd., Mixpanel, Inc., or other analytics providers.
• 7.1.5. Email Marketing Services: We may use Mailchimp (The Rocket Science Group LLC), ConvertKit LLC, SendGrid (Twilio Inc.), ActiveCampaign, or similar services to send emails. These providers access your email address and engagement data.
• 7.1.6. Customer Support: We may use Zendesk, Inc., Freshworks Inc., or similar platforms to manage support tickets.
• 7.1.7. Cloud Storage: We may use Amazon Web Services, Google Cloud, Dropbox, or similar services for data backup and storage.
• 7.1.8. Additional Services: We reserve the right to engage additional service providers for functions including but not limited to: fraud detection, data enrichment, user authentication, survey distribution, affiliate tracking, and customer relationship management.

7.2. Legal Requirements

• 7.2.1. We may disclose personal information if required to do so by law or in response to valid requests by public authorities, including courts, law enforcement agencies, or regulatory bodies.
• 7.2.2. We may disclose information to protect our rights, property, or safety, or that of our users or others.
• 7.2.3. We may disclose information in connection with a merger, acquisition, or sale of assets, with notice to you where legally required.

7.3. No Sale of Personal Information

• 7.3.1. We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.
• 7.3.2. We do not share your email address with unrelated third parties for their independent use.

8. International Data Transfers

8.1. Our servers are located in Canada and may utilize content delivery networks with nodes globally.

8.2. Some service providers we use (Google, PayPal, email services) process data in the United States and other countries.

8.3. When personal information is transferred outside Canada or the European Economic Area, we ensure appropriate safeguards are in place, including:

• 8.3.1. Standard Contractual Clauses approved by the European Commission.
• 8.3.2. Privacy Shield certification (where applicable) or equivalent frameworks.
• 8.3.3. Contractual agreements requiring equivalent privacy protection.

8.4. By using our services, you consent to these international transfers. If you do not consent, you must not use our services.

9. Data Security

9.1. We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction.

9.2. Technical Measures:

• SSL/TLS encryption for all data transmission
• Password hashing using industry-standard algorithms (bcrypt/Argon2)
• Firewalls and intrusion detection systems
• Regular security assessments and vulnerability scanning
• Automated backup systems with encrypted storage
• Access controls and authentication requirements

9.3. Organizational Measures:

• Limited access to personal information on need-to-know basis
• Staff training on data protection
• Confidentiality agreements with employees and contractors
• Incident response procedures

9.4. Payment Security: All payment processing occurs through PayPal's secure servers. We never see, store, or process your credit card numbers, bank details, or other financial information.

9.5. Despite our efforts, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security.

9.6. In the event of a data breach affecting your personal information, we will notify you and applicable authorities as required by law, without undue delay and where feasible within 72 hours of becoming aware of the breach.

10. Data Retention

10.1. We retain personal information only as long as necessary for the purposes set out in this Policy, or as required by law.

10.2. Active Accounts: While your subscription is active, we retain all account information, usage history, and communications.

10.3. Cancelled Accounts: After cancellation, we retain:

• Account information: 2 years (for tax, legal, and fraud prevention purposes)
• Payment records: 7 years (as required by Canadian tax law)
• Server logs: 1 year
• Analytics data: Indefinitely in aggregated, anonymized form

10.4. Earlier Deletion: You may request earlier deletion of your personal information, and we will comply unless retention is necessary for legal obligations, dispute resolution, or enforcement of our agreements.

10.5. Once retention periods expire, personal information is securely deleted or anonymized using industry-standard methods.

11. Your Rights and Choices

11.1. Access and Portability

• 11.1.1. You have the right to request access to personal information we hold about you.
• 11.1.2. You may request a copy of your data in a structured, commonly used, machine-readable format (data portability).

11.2. Correction and Rectification

• 11.2.1. You may update or correct inaccurate information through your account settings or by contacting us.
• 11.2.2. We will respond to correction requests within 30 days.

11.3. Deletion (Right to be Forgotten)

• 11.3.1. You may request deletion of your personal information, subject to legal retention requirements.
• 11.3.2. We will comply within 30 days unless we have legitimate grounds to retain specific information.

11.4. Restriction of Processing

• 11.4.1. You may request that we restrict processing of your personal information in certain circumstances, such as when contesting accuracy or objecting to processing.

11.5. Objection to Processing

• 11.5.1. You may object to processing based on legitimate interests or direct marketing at any time.
• 11.5.2. If you object to direct marketing, we will cease all marketing communications immediately.

11.6. Withdrawal of Consent

• 11.6.1. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

11.7. Exercising Your Rights

• 11.7.1. Submit requests via email to info@MockupExpo.com with subject line "Privacy Rights Request."
• 11.7.2. We will verify your identity before processing requests to protect your privacy.
• 11.7.3. We respond to all requests within 30 days. Complex requests may require an additional 60 days, with notification of extension.
• 11.7.4. Requests are free unless manifestly unfounded or excessive.

11.8. Complaints

• 11.8.1. If you believe we have violated your privacy rights, contact us first to resolve the issue.
• 11.8.2. You have the right to complain to the Office of the Privacy Commissioner of Canada or your local data protection authority.

12. Children's Privacy

12.1. Our Website is not intended for individuals under 18 years of age.

12.2. We do not knowingly collect personal information from children under 18.

12.3. If we discover we have collected information from a child under 18, we will delete that information immediately.

12.4. If you believe we have inadvertently collected information from a child, contact us immediately.

13. Do Not Track Signals

13.1. Some browsers transmit "Do Not Track" (DNT) signals.

13.2. Our Website does not currently respond to DNT signals due to lack of standardized industry interpretation.

13.3. You may disable tracking through browser settings, cookie preferences, or opt-out tools described in Section 6.

14. Third-Party Links and Services

14.1. Our Website may contain links to third-party websites, plugins, or services (social media buttons, embedded content).

14.2. Clicking these links or interacting with these features may allow third parties to collect data about you.

14.3. We do not control third-party websites or their privacy practices.

14.4. This Policy does not apply to third-party websites. Review their privacy policies before providing personal information.

15. Changes to This Privacy Policy

15.1. We may update this Policy periodically to reflect changes in our practices, legal requirements, or service offerings.

15.2. Material changes will be notified via:

• Email to registered users at least 30 days before effective date
• Prominent notice on our Website homepage
• Notification upon login

15.3. Non-material changes (formatting, clarifications) will be posted with updated date.

15.4. Continued use after changes constitutes acceptance.

16. Contact Information

16.1. Data Controller: MockupExpo, Edmonton, Alberta, Canada

16.2. Email: info@MockupExpo.com

16.3. Response Time: We aim to respond to all privacy inquiries within 2 business days, and to formal requests within 30 days as legally required.

16.4. For legal correspondence: [Your Physical Address, if you choose to include]

17. Additional Disclosures for Specific Jurisdictions

17.1. European Economic Area (GDPR)

• 17.1.1. Legal basis for processing is detailed in Section 4.
• 17.1.2. You have the right to lodge complaints with your local supervisory authority.
• 17.1.3. We have appointed [EU Representative Name and Address, if required by GDPR Article 27] as our EU representative for GDPR matters.

17.2. California Residents (CCPA)

• 17.2.1. We do not sell personal information as defined by CCPA.
• 17.2.2. California residents may request disclosure of categories and specific pieces of personal information collected, sources, business purposes, and third parties with whom shared.
• 17.2.3. California residents may request deletion of personal information subject to exceptions.
• 17.2.4. California residents have the right to non-discrimination for exercising privacy rights.
• 17.2.5. To exercise CCPA rights, email info@MockupExpo.com with "CCPA Request" in subject line.