Privacy Policy

1. Who We Are

HERR™ is a clinical wellness platform operated by ECQO Holdings™, a Delaware corporation. HERR™ ("we," "us," or "our") provides personalized voice affirmation and identity reprogramming services through the website h3rr.com and any related applications or services (collectively, the "Service").

HERR™ was founded by Bianca D. McCall, LMFT, a Licensed Marriage and Family Therapist and clinical wellness expert. Questions about this policy may be directed to privacy@h3rr.com.

2. Information We Collect

2.1 Information You Provide Directly

• +Account Information: Name, email address, and password when you create an account.
• +Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers.
• +Clinical Assessment Data: Responses to our existential screener and wellness assessment, used to personalize your affirmation protocol.
• +Voice Recordings: Audio samples you voluntarily provide for voice cloning (HERR Personalized and HERR Elite tiers only). See Section 4 for full voice data provisions.
• +Communications: Messages you send to us via email or contact forms.

2.2 Information Collected Automatically

• +Usage Data: Pages visited, features used, session duration, and interaction patterns.
• +Device Information: Browser type, operating system, device identifiers, and IP address.
• +Cookies and Tracking: Session cookies for authentication and preference cookies for personalization. See our cookie settings for controls.
• +Referral Data: UTM parameters and referral sources to understand how users discover HERR™.

3. How We Use Your Information

We use your information to:

• +Provide and personalize the HERR™ Service, including generating your personalized affirmation library
• +Process subscription payments and manage your account
• +Deliver your personalized I AM declarations in your chosen activity modes
• +Send service communications including receipts, updates, and support responses
• +Improve and develop the platform through usage analysis
• +Ensure the security and integrity of the Service
• +Comply with legal obligations

We do not sell your personal information. We do not use your clinical assessment data or voice recordings for advertising targeting.

5. How We Share Your Information

We do not sell personal information. We share data only in the following limited circumstances:

• +Service Providers: Trusted vendors who assist in operating the Service (payment processing via Stripe, voice technology via ElevenLabs, cloud infrastructure via Supabase and Cloudflare). All vendors are bound by data processing agreements and may not use your data for their own purposes.
• +Legal Requirements: When required by law, court order, or governmental authority.
• +Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before any such transfer and provide opt-out options where required by law.
• +Protection of Rights: When necessary to protect the rights, property, or safety of ECQO Holdings™, our users, or the public.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• +Account Data: Retained for the duration of your subscription plus 90 days following cancellation, then deleted or anonymized.
• +Voice Data: Deleted within 30 days of account cancellation or written deletion request.
• +Payment Records: Retained for 7 years as required by financial regulations.
• +Assessment Data: Retained for the life of your account, then deleted. You may request deletion at any time.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• +Access: Request a copy of the personal data we hold about you.
• +Correction: Request correction of inaccurate or incomplete data.
• +Deletion: Request deletion of your personal data, subject to legal retention requirements.
• +Portability: Request your data in a structured, machine-readable format.
• +Objection: Object to certain processing activities.
• +Withdrawal of Consent: Withdraw consent at any time for processing based on consent (including voice cloning).

To exercise any of these rights, contact us at privacy@h3rr.com. We will respond within 30 days.

8. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• +Do Not Sell or Share: We do not sell or share personal information for cross-context behavioral advertising. You may still submit a Do Not Sell/Share request at privacy@h3rr.com.
• +Sensitive Personal Information: Voice data, wellness assessment data, and payment card information are considered sensitive under CPRA. We collect this data only with your explicit consent and use it only to provide the Service.
• +Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• +Authorized Agent: You may designate an authorized agent to submit requests on your behalf. We will verify the agent's authority before fulfilling requests.

9. International Users (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, our lawful bases for processing personal data include:

• +Contract: Processing necessary to provide the Service you have subscribed to.
• +Legitimate Interests: Analytics and security measures necessary to operate the platform safely.
• +Consent: Voice cloning and any optional marketing communications.
• +Legal Obligation: Financial record-keeping and regulatory compliance.

EEA/UK users have the right to lodge a complaint with their local supervisory authority. Data may be transferred to and processed in the United States. Where required, we implement Standard Contractual Clauses to ensure adequate protection.

10. Children's Privacy

HERR™ is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a minor has provided us with personal information, please contact us immediately at privacy@h3rr.com and we will delete it promptly.

11. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive data, access controls limiting data access to authorized personnel only, and regular security reviews. However, no system is completely secure. We encourage you to use a strong, unique password and to contact us immediately if you suspect unauthorized access to your account.

12. Third-Party Services

HERR™ integrates with the following third-party services. Each has its own privacy policy governing their data practices:

• +Stripe — Payment processing. Stripe Privacy Policy: stripe.com/privacy
• +ElevenLabs — Voice cloning technology. ElevenLabs Privacy Policy: elevenlabs.io/privacy
• +Supabase — Database and file storage infrastructure. Supabase Privacy Policy: supabase.com/privacy
• +Cloudflare — Content delivery and web security. Cloudflare Privacy Policy: cloudflare.com/privacypolicy

HERR™ is not responsible for the privacy practices of these third parties. We encourage you to review their policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and, for material changes, notify you by email or by displaying a prominent notice on the Service before the change takes effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

For privacy-related questions, requests, or concerns, contact us at: