Wristback

General food education only — not medical, dietary, or professional advice. Cookie Policy · Terms of Use

Legal

Privacy Policy

This document explains how Wristback collects, uses, stores, and protects your personal information when you visit our website or use our services.

Last updated:

1. Data Controller

The data controller responsible for your personal information is Wristback, operating the website at wristback.world. Our registered business address is 767 5th Ave, New York, NY 10153, United States. For privacy-related inquiries, contact us at hello@wristback.world or by phone at +1 212-336-1440.

As the data controller, we determine the purposes and means of processing personal data collected through this website. We are committed to handling your information transparently and in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR) for visitors from the European Economic Area and the California Consumer Privacy Act (CCPA) where applicable.

2. Data We Collect

2.1 Information You Provide Directly

When you submit our contact form, we collect your name, email address, and message content. If you consent to data processing via the GDPR checkbox, we record that consent with a timestamp. When you purchase consulting services or educational products, we additionally collect billing information necessary to process your transaction.

2.2 Information Collected Automatically

When you visit our website, we may automatically collect technical data including your IP address, browser type and version, operating system, referring URL, pages viewed, time spent on pages, and device identifiers. This data is collected through cookies and similar technologies as described in our Cookie Policy.

2.3 Information from Third Parties

We may receive limited information from payment processors to confirm transaction completion. We do not purchase personal data from third-party data brokers. Analytics providers may supply aggregated, non-identifiable usage statistics when you have consented to analytics cookies.

Under the GDPR, we process personal data based on the following legal grounds:

  • Consent: When you submit the contact form and check the GDPR consent box, or when you accept non-essential cookies through our cookie banner.
  • Contractual necessity: When processing is required to fulfill a consulting service agreement or deliver purchased educational products.
  • Legitimate interests: For website security, fraud prevention, and improving our educational content based on aggregated usage patterns. We balance these interests against your rights and freedoms.
  • Legal obligation: When we must retain records to comply with tax, accounting, or other regulatory requirements.

4. Purpose of Data Usage

We use your personal data exclusively for the following purposes:

  • Responding to inquiries submitted through our contact form
  • Scheduling and delivering consulting sessions and educational products
  • Processing payments and issuing invoices or receipts
  • Sending service-related communications such as appointment confirmations
  • Maintaining website functionality and security
  • Analyzing aggregated traffic patterns to improve content quality, when analytics cookies are accepted
  • Complying with legal and regulatory obligations

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell your personal information to third parties.

5. Data Retention Period

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact form submissions: Retained for twelve months from the date of submission, unless an ongoing consulting relationship extends this period.
  • Consulting client records: Retained for three years after the last session to support follow-up inquiries and comply with professional record-keeping standards.
  • Transaction and billing records: Retained for seven years to satisfy tax and accounting regulations.
  • Cookie consent records: Retained for twelve months, after which we request renewed consent.
  • Server log files: Retained for ninety days for security monitoring, then automatically deleted.

When retention periods expire, we securely delete or anonymize your data. You may request earlier deletion subject to our legal obligations as described in Section 8.

6. Data Sharing and Third Parties

We share personal data only with trusted service providers who assist in operating our website and delivering services. These include:

  • Web hosting providers that store our website and process server logs
  • Email service providers that deliver responses to your inquiries
  • Payment processors that handle transaction data securely
  • Analytics providers, only when you have consented to analytics cookies

All third-party processors are bound by data processing agreements requiring them to protect your information and process it only according to our instructions. We do not authorize third parties to use your data for their own marketing purposes.

We may disclose personal data when required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of Wristback, our users, or the public.

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Access controls limiting personal data access to authorized personnel only
  • Regular security assessments of our hosting infrastructure
  • Encrypted storage for sensitive client records
  • Employee training on data protection practices and confidentiality obligations
  • Incident response procedures for detecting and addressing potential data breaches

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords for any accounts associated with our services and to contact us immediately if you suspect unauthorized access to your data.

8. Your Rights Under GDPR and Applicable Law

If you are located in the European Economic Area, United Kingdom, or other jurisdictions with comparable data protection laws, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data when it is no longer necessary for the purposes collected, when you withdraw consent, or when processing is unlawful.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw cookie or form consent at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: File a complaint with your local data protection supervisory authority.

California residents may additionally exercise rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at hello@wristback.world with sufficient detail to verify your identity. We will respond within thirty days, or inform you if an extension is necessary.

9. International Data Transfers

Wristback is based in the United States. If you access our website from outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When transferring personal data from the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or ensure that the recipient country has been deemed to provide an adequate level of protection.

10. Children's Privacy

Our website and services are not directed at individuals under the age of sixteen. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verified parental consent, we will take steps to delete that information promptly. Parents or guardians who believe their child has provided personal data to us should contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you through a prominent notice on our website or via email for registered clients.

We encourage you to review this policy regularly. Continued use of our website after changes are posted constitutes acknowledgment of the updated policy, subject to any additional consent requirements imposed by law.

12. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data handling practices, please contact:

Wristback
767 5th Ave, New York, NY 10153, United States
Email: hello@wristback.world
Phone: +1 212-336-1440