Privacy Policy

1. Information We Collect

Information You Provide Directly

• Contact Information: Name, email address, phone number (from contact forms, account registration, and purchases)
• Billing Information: Credit/debit card details processed securely through Stripe. We never store your full card number
• Account Information: Username, password (encrypted), profile preferences, and communication settings
• Veteran Verification: Military ID, DD-214 form, or VA documentation to verify veteran status for discounts
• Service Requests: Information about suspicious items, scams you've encountered, or services you're requesting
• Communication Records: Emails, chat messages, and phone call notes from interactions with our team
• Survey Responses: Feedback, testimonials, and satisfaction ratings you choose to provide

Information Collected Automatically

• Device Information: IP address, browser type and version, operating system, device type, and screen resolution
• Usage Data: Pages visited, time spent on pages, click patterns, scroll depth, and navigation paths
• Referral Information: How you arrived at our website (search engine, social media, referral link)
• Cookies & Similar Technologies: See Section 7 for detailed information about our cookie usage
• Location Data: General geographic location based on IP address (not precise GPS location)

Information from Third Parties

• Payment Processors: Transaction confirmation, payment status, and fraud prevention signals from Stripe
• Social Media: If you connect social accounts, we may receive your public profile information
• Partner Referrals: Affiliate or partner information if you were referred through a partner program

2. How We Use Your Information

We use your information for the following purposes:

Providing Services

• Processing your orders and delivering products or services
• Scheduling and conducting training sessions
• Managing your account and subscription
• Providing customer support and responding to inquiries
• Verifying veteran status for applicable discounts

Improving Our Services

• Analyzing usage patterns to improve website functionality
• Developing new features and services based on user feedback
• Conducting research and analysis to enhance user experience
• Testing new features and improvements

Communication

• Sending transactional emails (order confirmations, receipts, appointment reminders)
• Providing security alerts and scam warnings (if opted in)
• Sending marketing communications (with your consent)
• Responding to your questions and requests

Security & Compliance

• Protecting against fraud, abuse, and unauthorized access
• Enforcing our Terms of Service and other policies
• Complying with legal obligations and regulatory requirements
• Responding to legal requests and preventing harm

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with the following service providers who process data on our behalf under data processing agreements:

• Stripe (stripe.com): Payment processing, subscription management, and fraud prevention. Stripe receives your payment card data directly; we only receive a tokenized reference. Stripe is PCI-DSS Level 1 certified.
• Supabase (supabase.com): Our primary database and authentication provider. Stores your account information, order history, and content preferences on SOC 2 Type II certified infrastructure hosted in the United States.
• Resend (resend.com): Transactional email delivery (order confirmations, appointment reminders, password resets) and newsletter distribution. Resend receives your email address to deliver messages on our behalf.
• PostHog (posthog.com): Privacy-first product analytics and session recording (sensitive inputs such as form fields are automatically masked). PostHog collects anonymized usage data to help us improve the platform. Data is anonymized after 26 months and is never sold or used for advertising.
• Various AI providers: AI-powered scam detection and educational content generation

Legal Requirements

We may disclose your information if required by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal process, court order, or government request
• Protect the rights, property, or safety of InVision Network, our users, or others
• Investigate suspected fraud or illegal activity
• Enforce our Terms of Service

Business Transfers

If InVision Network is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Security

We take the security of your personal information seriously and implement industry-standard security measures:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Password Protection: Passwords are hashed using industry-standard algorithms. We never store plain-text passwords
• Access Controls: Employee access to personal data is limited and logged
• Regular Audits: We conduct regular security assessments and vulnerability testing
• Payment Security: Payment processing is handled by PCI-DSS compliant providers (Stripe)
• Data Minimization: We only collect data necessary for the intended purpose
• Secure Storage: Sensitive documents (veteran IDs) are stored in encrypted, access-controlled storage

Important: No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Receive your data in a structured, machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time
• Restrict Processing: Request that we limit how we use your data
• Object: Object to certain types of processing
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@invisionnetwork.org. We will respond within 30 days.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law:

• Account Information: Retained while your account is active, plus 7 years after closure for legal compliance
• Transaction Records: 7 years for tax and accounting purposes
• Communication Records: 3 years after the last communication
• Veteran Documentation: Deleted after verification is complete (within 90 days) unless you request we retain it
• Marketing Preferences: Until you unsubscribe or request deletion
• Website Analytics: Anonymized after 26 months

7. Cookies & Tracking

We use cookies and similar tracking technologies to collect and track information about your use of our Services:

Essential Cookies

Required for the website to function properly. These cannot be disabled.

• Session management and authentication
• Shopping cart functionality
• Security features

Analytics Cookies (PostHog)

We use PostHog for privacy-first analytics. PostHog automatically masks sensitive form fields and does not use your data for advertising.

• Page views and navigation patterns
• Time spent on pages and feature engagement
• Error tracking and performance monitoring
• Session recordings (sensitive inputs are masked)

Managing Cookies

You can manage your cookie preferences through our cookie consent banner or through your browser settings. Note that disabling certain cookies may affect website functionality.

8. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services.

We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party services you visit.

9. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@invisionnetwork.org, and we will take steps to delete such information.

For users between 13 and 18, parental consent is required to use our Services.

10. International Users

InVision Network is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States where our servers are located.

By using our Services, you consent to the transfer of your information to the United States and acknowledge that U.S. data protection laws may differ from those in your country of residence.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request disclosure of the categories and specific pieces of personal information we've collected about you
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You can opt-out of the "sale" of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of Information Collected: Identifiers, commercial information, internet activity, geolocation data, and professional information.

To submit a CCPA request, contact us at privacy@invisionnetwork.org or call (937) 749-7579.

12. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

• Contract: Processing necessary to perform our contract with you
• Legitimate Interests: Processing for our legitimate business interests
• Consent: Processing based on your consent (marketing)
• Legal Obligation: Processing required by law

Your GDPR Rights

In addition to the rights listed in Section 5, you have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

Data Transfers

When we transfer your data outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

How we notify you of changes:

• Updating the "Last Updated" date at the top of this policy
• Posting a notice on our website for significant changes
• Sending an email notification for material changes affecting your rights

We encourage you to review this policy periodically. Your continued use of our Services after any changes indicates your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.