Privacy Policy – Rep Life

PRIVACY

Rep Life
Bold Visionary Enterprises DBA New Porch Ministries

Effective Date: December 5, 2025
Last Updated: December 5, 2025

Introduction
Scope and Application
Data Controller Information
Definitions
Information We Collect
How We Collect Your Information
Legal Basis for Processing
How We Use Your Information
Data Sharing and Disclosure
International Data Transfers
Data Storage and Retention
Data Security Measures
Cookies and Tracking Technologies
Your Privacy Rights
How to Exercise Your Rights
Children’s Privacy
Third-Party Services and Links
Marketing Communications
Automated Decision-Making and Profiling
Data Breach Notification
Changes to This Privacy Policy
Complaints and Supervisory Authority
Contact Information
Legal Disclaimers

1. INTRODUCTION

Bold Visionary Enterprises DBA New Porch Ministries (“we,” “us,” “our,” or “Company”) operates the Rep Life website (the “Website” or “Site”) and is committed to protecting and respecting your privacy and personal data.

This Privacy Policy describes our practices concerning the collection, use, disclosure, storage, and protection of personal information obtained through our Website and in connection with the sale of our inspirational products. This policy also explains your rights regarding your personal data and how you can exercise those rights.

By accessing or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Website or provide us with any personal information.

We are committed to transparency and compliance with applicable data protection laws, including:

General Data Protection Regulation (GDPR) – EU Regulation 2016/679
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Other applicable state, federal, and international privacy laws

2. SCOPE AND APPLICATION

This Privacy Policy applies to:

All visitors to the Rep Life website
Customers who purchase our inspirational products
Newsletter subscribers
Individuals who contact us through any communication channel
Any other individuals whose personal data we process in connection with our business operations

This policy does not apply to:

Third-party websites linked from our Site
Information collected offline (unless subsequently combined with online data)
Employment-related data (covered by separate policies)

3. DATA CONTROLLER INFORMATION

Legal Entity Name: Bold Visionary Enterprises DBA New Porch Ministries
Trading Name: Rep Life
Registered Address: New Porch Ministries, 1445 Woodmont Ln NW #1568, Atlanta, GA 30318
Contact Email: admin@replife.org
Data Protection Contact: admin@replife.org

Bold Visionary Enterprises DBA New Porch Ministries is the data controller responsible for your personal information collected through the Website and our business operations.

4. DEFINITIONS

For purposes of this Privacy Policy:

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person
“Processing” means any operation performed on personal data, including collection, storage, use, disclosure, or deletion
“Data Subject” means the individual to whom personal data relates
“Consent” means freely given, specific, informed, and unambiguous indication of agreement to processing of personal data
“Third Party” means any natural or legal person other than the data subject, controller, processor, and their authorized representatives
“Data Breach” means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data

5. INFORMATION WE COLLECT

5.1 Personal Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

A. Create an Account or Register:

Full name (first and last name)
Email address
Username and password
Date of birth (if required for age verification)
Account preferences

B. Make a Purchase:

Billing name and address
Shipping name and address
Phone number
Email address
Payment card information (collected and processed by our payment processor)
Purchase history and transaction details
Order preferences

C. Contact Us:

Name
Email address
Phone number
Message content
Any other information you choose to provide

D. Subscribe to Communications:

Email address
Name (optional)
Communication preferences
Interests and product preferences

E. Participate in Surveys, Contests, or Promotions:

Contact information
Demographic information
Responses and feedback
User-generated content

F. Leave Reviews or Testimonials:

Name or username
Review content
Rating information
Product feedback

5.2 Information Automatically Collected

When you access our Website, we automatically collect certain technical and usage information:

A. Device Information:

IP address
Device type and model
Operating system and version
Browser type and version
Screen resolution
Device identifiers (e.g., advertising ID)

B. Usage Data:

Pages visited and content viewed
Time and date of visits
Time spent on pages
Clickstream data
Referring and exit pages
Search queries on our Site
Links clicked
Features used

C. Location Information:

General geographic location based on IP address
Precise location (only with your explicit consent)

D. Communication Data:

Email open rates
Link clicks in emails
Communication preferences

5.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

A. Payment Processors:

Transaction verification
Fraud detection information
Payment status

B. Social Media Platforms:

Profile information (if you connect social accounts)
Public profile data
Friend lists (with permission)

C. Analytics Providers:

Aggregated usage statistics
Demographic information
Behavioral data

D. Marketing Partners:

Campaign performance data
Audience insights

E. Data Brokers and Public Sources:

Publicly available information
Demographic data for marketing purposes

5.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or sexual orientation) unless specifically required and with your explicit consent.

6. HOW WE COLLECT YOUR INFORMATION

We collect information through the following methods:

6.1 Direct Collection

Online forms (registration, checkout, contact forms)
Email correspondence
Phone conversations
Live chat interactions
Account creation and management

6.2 Automated Technologies

Cookies and similar tracking technologies
Web beacons and pixel tags
Server logs
Analytics tools
Session replay tools (with notice)

6.3 Third-Party Sources

Social media platforms
Payment service providers
Marketing and analytics partners
Public databases and sources

7. LEGAL BASIS FOR PROCESSING

Under the GDPR and other applicable data protection laws, we process your personal data only when we have a valid legal basis. Our legal bases include:

7.1 Contractual Necessity (Article 6(1)(b) GDPR)

Processing is necessary to:

Fulfill our contract with you when you make a purchase
Process and deliver your orders
Provide customer service
Manage your account
Process payments and prevent fraud

7.2 Consent (Article 6(1)(a) GDPR)

When you have given explicit, informed consent for:

Marketing communications and newsletters
Non-essential cookies and tracking
Sharing information with third parties for marketing
Collecting precise location data
Any other processing requiring consent under applicable law

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

7.3 Legitimate Interests (Article 6(1)(f) GDPR)

Processing is necessary for our legitimate business interests, including:

Improving our products and services
Website functionality and optimization
Fraud prevention and security
Network and information security
Internal business operations and administration
Analyzing usage patterns and trends
Direct marketing to existing customers (where permitted)
Enforcing legal rights and obligations

We have conducted legitimate interest assessments and will only rely on this basis where our interests are not overridden by your rights and freedoms.

7.4 Legal Obligations (Article 6(1)(c) GDPR)

Processing is necessary to comply with:

Tax and accounting requirements
Legal and regulatory obligations
Court orders and law enforcement requests
Consumer protection laws
Anti-money laundering regulations

7.5 Vital Interests (Article 6(1)(d) GDPR)

In rare circumstances, processing may be necessary to protect vital interests of you or another person.

8. HOW WE USE YOUR INFORMATION

We use your personal information for the following specific purposes:

8.1 Order Processing and Fulfillment

Process and complete your purchases
Verify payment information
Arrange shipping and delivery
Send order confirmations and updates
Handle returns, exchanges, and refunds
Maintain transaction records

8.2 Account Management

Create and manage your account
Authenticate your identity
Provide access to account features
Store your preferences and settings
Maintain order history
Enable wish lists and saved items

8.3 Customer Service and Support

Respond to inquiries and requests
Provide technical support
Resolve complaints and disputes
Process warranty claims
Conduct customer satisfaction surveys
Improve service quality

8.4 Marketing and Communications

Send promotional emails and newsletters (with consent)
Provide personalized product recommendations
Inform you about new products and special offers
Conduct marketing campaigns
Measure marketing effectiveness
Segment audiences for targeted marketing

8.5 Website Improvement and Analytics

Analyze website usage and performance
Understand user behavior and preferences
Conduct A/B testing
Improve user experience and interface
Develop new features and functionality
Optimize website performance

8.6 Security and Fraud Prevention

Detect and prevent fraudulent transactions
Protect against unauthorized access
Monitor for security threats
Investigate suspicious activity
Enforce our Terms of Service
Protect our legal rights

8.7 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and court orders
Maintain required business records
Fulfill tax and accounting obligations
Conduct audits and investigations

8.8 Business Operations

Conduct internal research and development
Perform data analysis and reporting
Manage vendor relationships
Facilitate business transactions (mergers, acquisitions)
Maintain business records
Exercise and defend legal claims

8.9 Personalization

Customize your shopping experience
Display relevant content and products
Remember your preferences
Provide location-based services (with consent)
Create user profiles for better service

9. DATA SHARING AND DISCLOSURE

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

9.1 Service Providers and Business Partners

We share personal data with trusted third-party service providers who perform services on our behalf, including:

A. Payment Processing:

Payment gateway providers
Credit card processors
Fraud detection services
Payment verification services

B. Shipping and Fulfillment:

Shipping carriers (USPS, UPS, FedEx, DHL)
Warehouse and fulfillment centers
Logistics providers
Delivery tracking services

C. Technology and Infrastructure:

Web hosting providers
Cloud storage services
Content delivery networks (CDNs)
Database management services
IT support and maintenance providers

D. Marketing and Communications:

Email service providers
SMS/text message services
Marketing automation platforms
Social media advertising platforms
Customer relationship management (CRM) systems
Analytics and attribution services

E. Analytics and Research:

Web analytics providers (e.g., Google Analytics)
Heat mapping and session recording tools
Market research firms
Data analysis services

F. Customer Service:

Help desk software providers
Live chat service providers
Customer feedback and survey tools
Call center services

G. Professional Services:

Legal advisors and attorneys
Accountants and auditors
Business consultants
Compliance advisors

All service providers are contractually bound to:

Process data only for specified purposes
Implement appropriate security measures
Comply with applicable data protection laws
Delete or return data when services end
Not use data for their own purposes

9.2 Legal and Regulatory Authorities

We may disclose your information when required or permitted by law:

In response to subpoenas, court orders, or legal processes
To comply with regulatory requirements
To respond to lawful requests from government authorities
To investigate potential violations of law
To protect against legal liability
To enforce our Terms of Service and agreements

9.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets:

Your personal data may be transferred to the acquiring entity
You will be notified via email and/or prominent notice on our Website
The acquiring entity will be bound by this Privacy Policy
You will have the opportunity to exercise your rights regarding the transfer

9.4 Protection of Rights and Safety

We may share information when we believe it is necessary to:

Protect the rights, property, or safety of Bold Visionary Enterprises DBA New Porch Ministries
Protect the rights, property, or safety of our users
Prevent fraud or illegal activity
Enforce our Terms of Service
Defend against legal claims
Protect public safety

9.5 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you:

For business analytics and reporting
With business partners for research purposes
For industry benchmarking
In public reports or presentations

This anonymized data is not considered personal information and may be used and shared without restriction.

9.6 With Your Consent

We may share your personal information with third parties when you have given specific consent:

Social media sharing features
Third-party integrations you authorize
Co-marketing partnerships (with opt-in)
Other purposes you explicitly approve

10. INTERNATIONAL DATA TRANSFERS

10.1 Transfer Outside Your Country

Bold Visionary Enterprises DBA New Porch Ministries is based in the United States. If you are accessing our Website from outside the United States, please be aware that:

Your information will be transferred to, stored, and processed in the United States
The United States may have different data protection laws than your country
Your information may be subject to access by law enforcement and government authorities in the United States

10.2 Transfers from the European Economic Area (EEA), UK, and Switzerland

For data transfers from the EEA, UK, or Switzerland to the United States or other countries without adequacy decisions, we implement appropriate safeguards, including:

A. Standard Contractual Clauses (SCCs):

We use European Commission-approved Standard Contractual Clauses
We ensure processors comply with SCCs
We conduct transfer impact assessments where required

B. Additional Safeguards:

Technical measures (encryption, pseudonymization)
Organizational measures (access controls, policies)
Contractual commitments from recipients
Regular compliance audits

C. Adequacy Decisions:

Where applicable, we rely on European Commission adequacy decisions
We monitor changes in adequacy status

10.3 Your Rights Regarding International Transfers

You have the right to:

Obtain information about safeguards in place
Request copies of appropriate safeguards (where practical)
Object to transfers in certain circumstances

10.4 Onward Transfers

When our service providers transfer data to sub-processors:

We ensure appropriate safeguards are in place
We require contractual protections
We maintain records of all transfers

11. DATA STORAGE AND RETENTION

11.1 Storage Locations

Your personal data is stored:

On secure servers in the United States
With cloud service providers meeting industry security standards
In compliance with applicable data residency requirements

11.2 Retention Periods

We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

A. Account Information:

Active accounts: Duration of your relationship with us
Inactive accounts: 3 years from last activity, then deleted or anonymized
Deleted accounts: 30 days in recoverable state, then permanently deleted (except where legal retention applies)

B. Transaction and Order Data:

Purchase records: 7 years from transaction date (tax and accounting requirements)
Payment information: Not stored by us; retained by payment processors per PCI-DSS requirements
Shipping information: 3 years from delivery
Invoice and receipt data: 7 years (legal and tax requirements)

C. Marketing and Communications:

Email marketing lists: Until you unsubscribe or request deletion
Communication preferences: Duration of relationship plus 2 years
Marketing analytics: 26 months (or as required by applicable law)

D. Customer Service Records:

Support tickets and correspondence: 3 years from closure
Chat transcripts: 2 years from conversation date
Call recordings (if applicable): 1 year, with notice and consent

E. Website Analytics and Cookies:

Analytics data: 26 months (Google Analytics default) or as configured
Cookie data: As specified in our Cookie Policy (typically 1-24 months)
Log files: 90 days for security purposes

F. Legal and Compliance:

Records subject to legal holds: Duration of legal matter plus applicable statute of limitations
Compliance documentation: As required by applicable regulations
Dispute-related data: Duration of dispute plus 6 years

G. Fraud Prevention:

Fraud and security incident data: 5 years or as required for investigations

11.3 Retention Criteria

We determine retention periods based on:

The nature and sensitivity of the information
Purpose for which information was collected
Legal, regulatory, tax, and accounting requirements
Statute of limitations periods
Legitimate business needs
Industry best practices

11.4 Data Deletion

When retention periods expire:

Personal data is securely deleted or anonymized
Backups are deleted according to backup retention schedules (typically 90 days)
Physical records are shredded or destroyed
Third-party processors are instructed to delete data

11.5 Exceptions to Deletion

We may retain certain information longer when:

Required by law or regulation
Necessary for legal proceedings or investigations
Needed to protect our rights or defend legal claims
Required to comply with law enforcement requests
Necessary to prevent fraud or enforce our policies

12. DATA SECURITY MEASURES

We implement comprehensive technical, organizational, and physical security measures to protect your personal information against unauthorized access, loss, misuse, alteration, or destruction.

12.1 Technical Security Measures

A. Encryption:

SSL/TLS encryption (256-bit) for all data transmitted to and from our Website
Encryption at rest for sensitive data stored in databases
End-to-end encryption for highly sensitive communications
Encrypted backups

B. Access Controls:

Role-based access control (RBAC) systems
Multi-factor authentication (MFA) for administrative access
Strong password policies and requirements
Regular access reviews and revocation of unnecessary privileges
Principle of least privilege (users have minimum necessary access)

C. Network Security:

Firewalls and intrusion detection/prevention systems (IDS/IPS)
Network segmentation and isolation
Regular vulnerability scanning
DDoS protection
Secure network architecture

D. Application Security:

Regular security patching and updates
Secure coding practices
Input validation and sanitization
Protection against common vulnerabilities (SQL injection, XSS, CSRF)
Regular security testing and code reviews

E. Data Protection:

Pseudonymization and anonymization where appropriate
Data minimization practices
Secure data disposal methods
Database activity monitoring
Data loss prevention (DLP) tools

12.2 Organizational Security Measures

A. Policies and Procedures:

Comprehensive information security policies
Data protection and privacy policies
Incident response procedures
Business continuity and disaster recovery plans
Vendor management and due diligence procedures

B. Employee Training:

Regular security awareness training for all employees
Specialized data protection training for staff handling personal data
Phishing simulation exercises
Confidentiality and non-disclosure agreements

C. Access Management:

Background checks for employees with access to personal data
Strict need-to-know access policies
Regular reviews of user access rights
Immediate access revocation upon termination

D. Vendor Management:

Security assessments of third-party processors
Data processing agreements with security requirements
Regular vendor security audits
Vendor compliance monitoring

E. Monitoring and Auditing:

24/7 security monitoring
Regular security audits and assessments
Logging and monitoring of data access
Periodic penetration testing
Compliance audits

12.3 Physical Security Measures

For our facilities and data centers:

Controlled physical access (key cards, biometrics)
24/7 surveillance and monitoring
Visitor logs and escort requirements
Secure document storage and disposal
Environmental controls (fire suppression, climate control)

12.4 Payment Security

A. PCI-DSS Compliance:

We do not store complete payment card information on our servers
Payment processing through PCI-DSS Level 1 certified processors
Tokenization of payment data
Secure payment forms

B. Fraud Prevention:

Real-time fraud detection systems
Address verification service (AVS)
Card verification value (CVV) checks
Transaction monitoring and risk scoring

12.5 Incident Response

In the event of a security incident:

Immediate containment and mitigation procedures
Investigation and root cause analysis
Notification to affected individuals (as required by law)
Notification to supervisory authorities (within 72 hours for GDPR breaches)
Remediation and corrective actions
Post-incident review and improvement

12.6 Limitations and Your Responsibility

Important Notice: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information.

Your Responsibilities:

Keep your account credentials confidential
Use strong, unique passwords
Enable two-factor authentication when available
Log out after using shared devices
Keep your devices and software updated
Report suspicious activity immediately to admin@replife.org

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work efficiently and provide information to website owners.

13.2 Types of Cookies We Use

A. Strictly Necessary Cookies:

Essential for website functionality
Enable core features (shopping cart, checkout, account access)
Required for security features
Cannot be disabled without affecting site functionality
Legal Basis: Legitimate interest / Contractual necessity
Retention: Session or up to 1 year

B. Performance and Analytics Cookies:

Collect information about how visitors use our Website
Help us understand user behavior and improve our services
Track page views, traffic sources, and user journeys
Examples: Google Analytics, site usage statistics
Legal Basis: Consent (in jurisdictions requiring it) or legitimate interest
Retention: Up to 26 months

C. Functionality Cookies:

Remember your preferences and settings
Enable personalization features
Recognize return visitors
Store language and region preferences
Legal Basis: Consent or legitimate interest
Retention: Up to 12 months

D. Advertising and Marketing Cookies:

Deliver relevant advertisements based on interests
Track advertising campaign effectiveness
Limit ad frequency
Enable social media features
Examples: Facebook Pixel, Google Ads
Legal Basis: Consent
Retention: Up to 12 months

13.3 Other Tracking Technologies

A. Web Beacons (Pixels):

Small graphic images embedded in emails or web pages
Track email opens and website visits
Measure campaign effectiveness

B. Local Storage:

HTML5 local storage for storing preferences
More persistent than session cookies
Used for functionality enhancement

C. Flash Cookies (LSOs):

Stored by Adobe Flash Player (if applicable)
Require different removal procedures

D. SDKs and APIs:

Software development kits for mobile functionality
Third-party integrations and services

13.4 Third-Party Cookies

We may allow third-party companies to place cookies on your device, including:

Analytics providers (Google Analytics)
Advertising networks (Google Ads, Facebook)
Social media platforms (Facebook, Instagram, Twitter)
Customer service tools (live chat providers)

These third parties have their own privacy policies governing their use of information.

13.5 Managing Cookies

A. Browser Controls:
You can control and manage cookies through your browser settings:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Options > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies

B. Cookie Consent Tool:

You can manage your cookie preferences through our cookie banner
Access cookie settings at any time through our website footer
Withdraw consent for non-essential cookies

C. Opt-Out Tools:

Google Analytics Opt-out: Browser Add-on
Network Advertising Initiative: NAI Opt-out
Digital Advertising Alliance: DAA Opt-out

D. Do Not Track:

Some browsers offer “Do Not Track” signals
There is currently no universal standard for DNT
We respect Global Privacy Control (GPC) signals where applicable

Note: Disabling certain cookies may affect website functionality and your user experience.

13.6 Cookie Duration

Session Cookies: Deleted when you close your browser
Persistent Cookies: Remain until expiration date or manual deletion
Typical duration: 1 day to 24 months, depending on purpose

14. YOUR PRIVACY RIGHTS

We respect your privacy rights and are committed to providing you with control over your personal information.

14.1 Rights Under GDPR (EEA and UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

A. Right of Access (Article 15 GDPR):

Obtain confirmation of whether we process your personal data
Access to your personal data
Information about processing purposes, categories, recipients, and retention
Receive one free copy of your data

B. Right to Rectification (Article 16 GDPR):

Correct inaccurate personal data
Complete incomplete personal data
Update outdated information

C. Right to Erasure/”Right to be Forgotten” (Article 17 GDPR):

Request deletion of your personal data when:
- Data no longer necessary for original purpose
- You withdraw consent and no other legal basis exists
- You object and no overriding legitimate grounds exist
- Data processed unlawfully
- Legal obligation requires deletion
Exceptions apply for legal compliance, legal claims, and public interest

D. Right to Restriction of Processing (Article 18 GDPR):

Request limitation of processing when:
- Accuracy of data is contested
- Processing is unlawful but you oppose deletion
- We no longer need data but you need it for legal claims
- You have objected to processing pending verification

E. Right to Data Portability (Article 20 GDPR):

Receive your personal data in structured, commonly used, machine-readable format
Transmit data to another controller without hindrance
Applies to data processed based on consent or contract
Request direct transmission where technically feasible

F. Right to Object (Article 21 GDPR):

Object to processing based on legitimate interests
Object to direct marketing at any time
Object to profiling related to direct marketing
We must stop processing unless we demonstrate compelling legitimate grounds

G. Right to Withdraw Consent (Article 7(3) GDPR):

Withdraw consent at any time for consent-based processing
Withdrawal does not affect lawfulness of prior processing
Easy withdrawal mechanism (as easy as giving consent)

H. Right Not to Be Subject to Automated Decision-Making (Article 22 GDPR):

Not be subject to solely automated decisions with legal or significant effects
Right to human intervention in automated decisions
Right to contest automated decisions
Right to express your point of view

I. Right to Lodge a Complaint:

File a complaint with your local supervisory authority
Right to judicial remedy
Does not affect other administrative or judicial remedies

14.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights:

A. Right to Know:

Categories of personal information collected
Categories of sources of personal information
Business or commercial purpose for collecting/selling
Categories of third parties with whom we share information
Specific pieces of personal information collected about you

B. Right to Delete:

Request deletion of personal information we collected from you
Subject to certain exceptions (legal obligations, fraud prevention, internal uses)

C. Right to Opt-Out of Sale/Sharing:

Opt-out of sale of personal information (we do not sell)
Opt-out of sharing for cross-context behavioral advertising
We respect Global Privacy Control (GPC) signals

D. Right to Correct:

Request correction of inaccurate personal information

E. Right to Limit Use of Sensitive Personal Information:

Limit use of sensitive personal information (if applicable)
We do not generally collect or use sensitive personal information

F. Right to Non-Discrimination:

Not be discriminated against for exercising your rights
Same service and price, subject to limited exceptions

G. Authorized Agent:

Designate an authorized agent to make requests on your behalf
We may require verification of authorization

14.3 Rights Under Other US State Laws

Depending on your location, you may have additional rights under:

Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (CPA)
Connecticut Data Privacy Act (CTDPA)
Utah Consumer Privacy Act (UCPA)
Other applicable state privacy laws

These rights are generally similar to CCPA/GDPR rights.

14.4 Rights Under Other Jurisdictions

Depending on your location, you may have rights under:

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
Brazil’s Lei Geral de Proteção de Dados (LGPD)
Australia’s Privacy Act
Other applicable privacy laws

14.5 Limitations on Rights

Your rights may be limited when:

Disclosure would reveal confidential commercial information
Disclosure would adversely affect others’ rights and freedoms
Processing is required by law
Information is subject to legal professional privilege
Information must be retained for legal proceedings

15. HOW TO EXERCISE YOUR RIGHTS

15.1 Submitting Requests

To exercise any of your privacy rights, you may contact us through the following methods:

A. Email:

Send your request to: admin@replife.org
Subject line: “Privacy Rights Request”
Include: Your full name, email address, specific request, and jurisdiction

B. Written Mail:

Bold Visionary Enterprises DBA New Porch Ministries
Attn: Privacy Rights Request
New Porch Ministries, 1445 Woodmont Ln NW #1568, Atlanta, GA 30318
Include: Your full name, contact information, and specific request

C. Online Account:

Log into your Rep Life account
Navigate to Privacy Settings or Account Settings
Use available self-service tools for certain requests

15.2 Verification Process

To protect your privacy and security, we must verify your identity before processing requests:

A. Verification Requirements:

Provide sufficient information for us to reasonably verify you are the person about whom we collected information
Match at least two or three data points we have on file
Additional verification for sensitive data or deletion requests

B. Verification Methods:

Email verification (click link sent to email on file)
Account login credentials
Last purchase information
Other identifying information

C. Authorized Agents (California):

Provide written permission signed by you
Provide proof of power of attorney
We may still require direct verification from you

15.3 Response Timeframes

A. GDPR Requests:

We will respond within one month of receiving your request
May be extended by two additional months for complex requests
We will inform you of any extension within the first month

B. CCPA/CPRA Requests:

We will acknowledge receipt within 10 days
We will respond within 45 days of receiving your request
May be extended by an additional 45 days with notice

C. Other Jurisdictions:

We will respond according to applicable legal timeframes
Typically within 30-45 days

15.4 Fees

First Request: Generally free of charge
Excessive or Repetitive Requests: We may charge a reasonable administrative fee
Request for Additional Copies: We may charge reasonable cost-based fee
We will inform you of any fees before processing your request

15.5 Request Outcomes

We will:

Confirm actions taken in response to your request
Explain reasons if we cannot fully comply
Inform you of your right to complain to supervisory authorities
Provide information in commonly used electronic format (unless otherwise requested)

15.6 Self-Service Options

You can access, update, or delete certain information directly through your account:

A. Account Information:

Log into your account
Navigate to “Account Settings” or “Profile”
Update your personal information
Change your password

B. Marketing Preferences:

Click “Unsubscribe” link in marketing emails
Update preferences in account email settings
Contact us at admin@replife.org to opt-out of all marketing

C. Cookie Preferences:

Use our cookie management tool
Adjust browser settings
Opt-out of analytics

D. Account Deletion:

Request through account settings
Contact admin@replife.org for complete deletion

16. CHILDREN’S PRIVACY

16.1 Age Restrictions

Our Website and services are not directed to children under the age of 16 years. We do not knowingly collect, use, or disclose personal information from children under 16.

Age Restrictions:

Under 13: We do not knowingly collect information from children under 13 (COPPA compliance)
13-15: We do not knowingly collect information from children under 16 (GDPR compliance)
16+: Users must be at least 16 years old to use our services

16.2 Parental Consent

If you are under 18, you must have permission from your parent or legal guardian before:

Creating an account
Making purchases
Providing any personal information

16.3 If We Discover Children’s Data

If we learn that we have collected personal information from a child under the applicable age:

We will delete the information as quickly as possible
We will terminate any account created
We will not use the information for any purpose
We will not disclose the information to third parties

16.4 Parental Rights

Parents or legal guardians may:

Review personal information collected from their child
Request deletion of their child’s information
Refuse further collection of their child’s information
Contact us at admin@replife.org with concerns

16.5 Reporting

If you believe we have inadvertently collected information from a child under the applicable age, please contact us immediately at admin@replife.org with “Child Privacy” in the subject line.

17. THIRD-PARTY SERVICES AND LINKS

17.1 Third-Party Websites

Our Website may contain links to third-party websites, applications, or services, including:

Social media platforms
Payment processors
Shipping carriers
Product review sites
Partner websites
Advertising networks

Important:

We are not responsible for the privacy practices of third-party sites
Third-party sites are governed by their own privacy policies
We encourage you to read privacy policies of all sites you visit
Linking does not imply endorsement of third-party privacy practices

17.2 Social Media Features

Our Website may include social media features, such as:

Facebook, Instagram, Twitter, Pinterest sharing buttons
Social media widgets and plugins
“Like” and “Share” buttons

These features may:

Collect your IP address and page visits
Set cookies to enable functionality
Be hosted by third parties
Transmit data directly to social media platforms

Your interactions with these features are governed by the privacy policies of the companies providing them.

17.3 Third-Party Service Providers

We use third-party service providers, including:

A. Payment Processors:

Process payments on our behalf
Have their own privacy policies and PCI-DSS compliance
May collect payment information directly from you

B. Analytics Providers:

Google Analytics and similar services
Collect usage data through cookies and similar technologies
Subject to their own privacy policies

C. Advertising Networks:

Serve targeted advertisements
Track your browsing behavior across websites
Allow you to opt-out through their privacy settings

17.4 Third-Party Applications and Integrations

If you connect third-party applications to your account:

You authorize data sharing with those applications
Review the third-party app’s privacy policy
You can revoke access through your account settings

17.5 No Control Over Third Parties

We have no control over and assume no responsibility for:

Content, privacy policies, or practices of third parties
How third parties process your information
Security measures implemented by third parties
Accuracy of information provided by third parties

18. MARKETING COMMUNICATIONS

18.1 Types of Marketing

With your consent or as permitted by law, we may send you:

Promotional emails about new products
Special offers and discounts
Newsletter and company updates
Personalized product recommendations
Abandoned cart reminders
Customer surveys and feedback requests

18.2 Legal Basis for Marketing

A. Consent (GDPR/EU):

We obtain explicit opt-in consent before sending marketing emails to EU/EEA recipients
Consent is freely given, specific, informed, and unambiguous

B. Soft Opt-In (Existing Customers):

We may email existing customers about similar products
Clear opt-out provided in every email

C. Legitimate Interest:

Marketing to existing customers (where permitted by law)
Subject to your right to object

18.3 Unsubscribe/Opt-Out

You can opt-out of marketing communications at any time:

A. Email Marketing:

Click “Unsubscribe” link at the bottom of any marketing email
Log into your account and update email preferences
Email admin@replife.org with “Unsubscribe” in the subject line
We will process opt-outs within 10 business days

B. SMS/Text Marketing:

Reply “STOP” to any text message
Contact admin@replife.org
We will process opt-outs immediately

C. Direct Mail:

Contact admin@replife.org to opt-out
Allow 6-8 weeks for processing

Note: Even if you opt-out of marketing:

We may still send transactional emails (order confirmations, account notifications)
We may still send service-related communications
You cannot opt-out of legally required communications

18.4 Personalized Marketing

We may personalize marketing based on:

Your purchase history
Browsing behavior
Product preferences
Demographic information

You can object to profiling for marketing purposes by contacting admin@replife.org.

18.5 Third-Party Marketing

We do not sell or rent your information for third-party marketing
We do not share your email address with third parties for their marketing without your explicit consent
You may receive ads on third-party platforms based on our marketing campaigns

19. AUTOMATED DECISION-MAKING AND PROFILING

19.1 What is Automated Decision-Making

Automated decision-making means making decisions solely by automated means without human involvement.

19.2 Our Use of Automated Processing

A. Fraud Detection:

We use automated systems to detect fraudulent transactions
Helps protect you and us from fraud
May result in transaction denial or additional verification

B. Personalization:

Automated recommendations based on browsing and purchase history
Personalized product suggestions
Customized content and offers

C. Risk Assessment:

Credit risk assessment (if applicable)
Account security monitoring
Spam and abuse prevention

19.3 Profiling

We may create profiles based on:

Purchase history and preferences
Website usage patterns
Demographics and interests
Marketing engagement

Purposes:

Improve user experience
Personalize marketing
Product development
Customer segmentation

19.4 Your Rights

Under GDPR Article 22, you have the right:

Not to be subject to solely automated decisions with legal or significant effects
To human intervention in the decision-making process
To express your point of view
To contest the decision
To obtain an explanation of the decision

19.5 Exercising Your Rights

If you believe you have been subject to an automated decision:

Contact us at admin@replife.org
Request human review of the decision
Provide additional context or information
Contest the decision

20. DATA BREACH NOTIFICATION

20.1 Our Commitment

We are committed to protecting your personal information and have implemented comprehensive security measures. However, no system is completely secure.

20.2 Breach Response Procedures

In the event of a data breach involving your personal information:

A. Immediate Response:

Contain and mitigate the breach
Conduct investigation to determine scope and impact
Preserve evidence for investigation
Implement remedial measures

B. Assessment:

Evaluate the nature and severity of the breach
Determine which individuals are affected
Assess risk to affected individuals
Document the breach and response

20.3 Notification to Authorities

A. GDPR Requirements:

Notify relevant supervisory authority within 72 hours of becoming aware of the breach
Provide description of breach, data affected, likely consequences, and remedial measures
May be required to notify multiple authorities for cross-border processing

B. US State Law Requirements:

Notify affected individuals and/or authorities as required by applicable state laws
Timeframes and requirements vary by state

20.4 Notification to Affected Individuals

We will notify you without undue delay if a breach is likely to result in a high risk to your rights and freedoms:

A. Notification Content:

Nature of the breach
Categories and approximate number of individuals affected
Types of data involved
Likely consequences of the breach
Measures we have taken or will take
Contact information for questions
Recommended actions to protect yourself

B. Notification Methods:

Email to address on file
Notice on our Website
Direct mail (if email unavailable)
Other appropriate means

20.5 Exceptions to Notification

We may not notify you if:

Appropriate technical and organizational protection measures were applied (e.g., encryption)
Subsequent measures ensure risk is no longer likely
Notification would require disproportionate effort (public communication may be used instead)
Required by law enforcement for investigation purposes (temporary delay)

20.6 Your Actions

If we notify you of a data breach:

Follow recommended protective measures
Monitor your accounts for suspicious activity
Consider changing passwords
Be alert for phishing attempts
Contact us with questions at admin@replife.org

21. CHANGES TO THIS PRIVACY POLICY

21.1 Right to Modify

We reserve the right to update or modify this Privacy Policy at any time to reflect:

Changes in our practices
Legal, regulatory, or operational requirements
New features or services
User feedback
Industry best practices

21.2 Notification of Changes

A. Material Changes:
For significant changes that affect your rights or how we process your data:

We will provide prominent notice on our Website (30 days before effective date)
We will send email notification to registered users
We may request renewed consent where required
Updated “Effective Date” at the top of this policy

B. Non-Material Changes:
For minor updates or clarifications:

Updated “Last Updated” date
Notice on Website
No email notification required

21.3 Review and Acceptance

Your Continued Use:

Continued use of our Website after changes constitutes acceptance
If you do not agree with changes, discontinue use and contact us to close your account
We encourage you to review this policy periodically

21.4 Prior Versions

We maintain historical versions of our Privacy Policy
You may request access to previous versions by contacting admin@replife.org

21.5 Effective Date of Changes

Changes become effective on the date specified in the updated policy
Will not retroactively apply to data collected under a previous policy without consent

22. COMPLAINTS AND SUPERVISORY AUTHORITY

22.1 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law or this Privacy Policy, you have the right to lodge a complaint.

22.2 Contact Us First

We encourage you to contact us first at admin@replife.org so we can attempt to resolve your concerns directly.

22.3 Supervisory Authorities (GDPR)

For EEA Residents:

If you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority:

Examples of Supervisory Authorities:

Austria: Österreichische Datenschutzbehörde
Belgium: Commission de la protection de la vie privée / Commissie voor de bescherming van de persoonlijke levenssfeer
France: Commission Nationale de l’Informatique et des Libertés (CNIL)
Germany: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Ireland: Data Protection Commission
Italy: Garante per la protezione dei dati personali
Netherlands: Autoriteit Persoonsgegevens
Spain: Agencia Española de Protección de Datos (AEPD)

Find Your Supervisory Authority:
A complete list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

For UK Residents:

If you are located in the United Kingdom, you may lodge a complaint with:

Information Commissioner’s Office (ICO)

Website: https://ico.org.uk
Telephone: 0303 123 1113
Online: Submit complaint through ICO website

22.4 State Attorneys General (US Residents)

For US Residents:

You may file a complaint with your state Attorney General’s office:

Contact information available through your state government website
Many states have consumer protection divisions handling privacy complaints

California Residents:

California Attorney General’s Office
Website: https://oag.ca.gov
Privacy complaint submission available online

22.5 Federal Trade Commission (US)

For US Residents:

You may also file a complaint with:

Federal Trade Commission (FTC)

Website: https://www.ftc.gov
Online: ftc.gov/complaint
Telephone: 1-877-FTC-HELP (1-877-382-4357)

22.6 Other Jurisdictions

For residents of other jurisdictions:

Contact your local data protection authority or privacy commissioner
Information typically available through your government’s website

22.7 No Retaliation

We will not retaliate against you for:

Exercising your privacy rights
Filing a complaint with supervisory authorities
Participating in investigations
Reporting privacy concerns

23. CONTACT INFORMATION

23.1 General Inquiries

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Bold Visionary Enterprises DBA New Porch Ministries
Rep Life
New Porch Ministries, 1445 Woodmont Ln NW #1568, Atlanta, GA 30318

Email: admin@replife.org
Subject Line: “Privacy Inquiry”

23.2 Privacy Rights Requests

To exercise your privacy rights (access, deletion, correction, etc.):

Email: admin@replife.org
Subject Line: “Privacy Rights Request”

Written Mail:
Bold Visionary Enterprises DBA New Porch Ministries
Attn: Privacy Rights Request
New Porch Ministries, 1445 Woodmont Ln NW #1568, Atlanta, GA 30318

23.3 Data Protection Officer

For data protection matters:

Email: admin@replife.org
Subject Line: “DPO – Data Protection Matter”

23.4 Security Concerns

To report security vulnerabilities or data breaches:

Email: admin@replife.org
Subject Line: “URGENT: Security Matter”

23.5 EU Representative (if applicable)

If we designate an EU representative for GDPR purposes, contact information will be provided here.

23.6 Response Time

We aim to respond to all inquiries within:

General inquiries: 5-10 business days
Privacy rights requests: As required by law (typically 30-45 days)
Security concerns: 24-48 hours

24. LEGAL DISCLAIMERS

24.1 Not Legal Advice

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. For specific legal questions, consult a qualified attorney.

24.2 No Warranties

This Privacy Policy is provided “as is” without warranties of any kind, express or implied. While we strive for accuracy and completeness, we make no guarantees regarding the information provided.

24.3 Jurisdictional Variations

Privacy laws vary by jurisdiction. This Privacy Policy is designed to comply with multiple legal frameworks, but specific provisions may apply differently based on your location.

24.4 Conflicts with Law

If any provision of this Privacy Policy conflicts with applicable law:

The conflicting provision will be interpreted to comply with law
The remainder of the policy remains in full effect
We will update the policy to reflect legal requirements

24.5 Relationship to Terms of Service

This Privacy Policy is incorporated into and subject to our Terms of Service. In case of conflict, the Terms of Service govern.

24.6 Language

This Privacy Policy is written in English. Translations may be provided for convenience, but the English version is the official version and will govern in case of discrepancies.

24.7 Severability

If any provision of this Privacy Policy is found to be invalid or unenforceable:

That provision will be limited or eliminated to the minimum extent necessary
The remaining provisions will remain in full force and effect

24.8 No Waiver

Our failure to enforce any provision of this Privacy Policy does not constitute a waiver of that provision or our right to enforce it in the future.

24.9 Entire Agreement

This Privacy Policy, together with our Terms of Service and Cookie Policy, constitutes the entire agreement between you and Bold Visionary Enterprises DBA New Porch Ministries regarding privacy matters.

24.10 Professional Review Recommendation

While this Privacy Policy is designed to be comprehensive and compliant with applicable laws, we recommend having it reviewed by:

A qualified privacy attorney in your jurisdiction
A data protection officer or consultant
Legal counsel familiar with your specific business operations

This is particularly important for:

Businesses operating in multiple jurisdictions
High-risk processing activities
Large-scale data processing
Processing of sensitive personal information

24.11 Binding Effect

This Privacy Policy is binding on Bold Visionary Enterprises DBA New Porch Ministries and its successors, assigns, employees, agents, and representatives.

APPENDIX A: DEFINITIONS AND TERMINOLOGY

Personal Data/Personal Information: Any information relating to an identified or identifiable natural person, including name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing: Any operation performed on personal data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

Controller: The entity that determines the purposes and means of processing personal data.

Processor: An entity that processes personal data on behalf of the controller.

Consent: Freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to processing of personal data.

Data Subject: An identified or identifiable natural person whose personal data is processed.

Supervisory Authority: An independent public authority established by an EU Member State to monitor GDPR compliance.

Cross-border Processing: Processing of personal data that takes place in more than one EU Member State or that substantially affects data subjects in more than one Member State.

Pseudonymization: Processing personal data in a way that it can no longer be attributed to a specific data subject without additional information kept separately.

Anonymization: Processing personal data in a way that it can no longer be attributed to a specific data subject, even with additional information.

Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Profiling: Any automated processing of personal data to evaluate personal aspects, particularly to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

APPENDIX B: DATA PROCESSING ACTIVITIES

Summary of Processing Activities

Purpose	Legal Basis	Data Categories	Retention Period	Recipients
Order Processing	Contract	Name, address, email, phone, purchase history	7 years	Shipping carriers, payment processors
Account Management	Contract	Name, email, password, preferences	Duration + 3 years	Hosting providers, IT support
Marketing	Consent	Email, preferences, behavior	Until withdrawal	Email service providers
Analytics	Legitimate Interest	Usage data, IP address, cookies	26 months	Analytics providers
Customer Service	Contract/Legitimate Interest	Contact details, inquiry details	3 years	Support software providers
Fraud Prevention	Legitimate Interest/Legal Obligation	Transaction data, device info	5 years	Fraud detection services
Legal Compliance	Legal Obligation	Transaction records, communications	7 years	Legal advisors, authorities

APPENDIX C: INTERNATIONAL DATA TRANSFER MECHANISMS

When we transfer personal data internationally, we use the following safeguards:

Standard Contractual Clauses (SCCs): European Commission-approved model clauses for transfers to third countries
Adequacy Decisions: Relying on European Commission adequacy decisions where applicable
Binding Corporate Rules: For transfers within corporate groups (if applicable)
Specific Derogations: In limited situations under Article 49 GDPR (explicit consent, contract performance, legal claims)
Supplementary Measures: Additional technical and organizational measures to ensure data protection

APPENDIX D: THIRD-PARTY SERVICE PROVIDERS

Categories of Third-Party Processors:

Web Hosting and Infrastructure
Payment Processing (PCI-DSS Compliant)
Shipping and Logistics
Email Service Providers
Analytics and Tracking
Customer Relationship Management (CRM)
Customer Support Software
Marketing Automation
Cloud Storage
Security Services

All third-party processors are contractually obligated to:

Process data only as instructed
Implement appropriate security measures
Maintain confidentiality
Assist with data subject rights requests
Notify us of data breaches
Delete or return data upon termination

CONSENT RECORD

By using Rep Life and providing your personal information, you acknowledge:

I have read and understood this Privacy Policy

I understand how my personal data will be collected, used, and shared

I understand my rights regarding my personal data

I understand how to exercise my rights and contact Bold Visionary Enterprises DBA New Porch Ministries

I consent to the processing of my personal data as described in this Privacy Policy

I understand I can withdraw consent at any time for consent-based processing

I understand this Privacy Policy may be updated and I should review it periodically

ACKNOWLEDGMENT

This Privacy Policy was last reviewed and updated on December 5, 2025.

Bold Visionary Enterprises DBA New Porch Ministries is committed to:

Transparency in data processing
Protecting your privacy rights
Complying with applicable data protection laws
Maintaining the security of your personal information
Respecting your choices regarding your data

Thank you for trusting Rep Life with your personal information.

For questions or concerns about this Privacy Policy, contact:

Bold Visionary Enterprises DBA New Porch Ministries
Email: admin@replife.org
Address: New Porch Ministries, 1445 Woodmont Ln NW #1568, Atlanta, GA 30318

END OF PRIVACY POLICY