Privacy Notice

Effective Date: October 24, 2025

Village Haven LLC, wholly owned by Heart Space Sanctuary, a faith-based 508(c)(1)(a) ministry.

Village Haven LLC (“Village Haven,” “we,” “our,” or “us”) is committed to honoring the dignity, privacy, and trust of each person who participates in our community. This Privacy Notice describes how we collect, use, disclose, retain, and protect personal information when you access or use our website, mobile application, or related services (collectively, the “Platform”).

We recognize that privacy is not merely a legal obligation; it is a matter of respect, stewardship, and integrity. By choosing to engage with Village Haven, you entrust us with information that reflects your life, your family, and your personal circumstances. We handle that responsibility with care and transparency.

If you do not agree with this Privacy Notice, do not use the Platform.

1. Notice At Collection

This Section 1 is our “Notice at Collection” for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”). It also provides transparency that is helpful for residents of other states.

1.1 Categories of Personal Information We Collect

We collect the categories of personal information listed below, depending on how you use the Platform (e.g., Household, Provider, subscriber, or visitor). We do not necessarily collect all categories for all individuals.

1.2 Sensitive Personal Information (SPI)

We may collect Sensitive Personal Information (“SPI”) as defined by the CCPA/CPRA, only as reasonably necessary and proportionate. SPI may include:

• A. Government ID number or image (for identity verification, if offered/required);
• B. Account log-in credentials;
• C. Precise geolocation (only if enabled by you);
• D. Background screening results, where permitted and where you provide required authorization;
• E. Payment account details handled by payment processors (we do not store full payment card numbers).

1.3 Purposes for Collection and Use

We collect and use personal information for the following business or commercial purposes:

• Provide and operate the Platform, including account creation, matching, messaging, scheduling, and support;
• Facilitate marketplace activity, including enabling Households and Providers to connect and transact;
• Verify identity and maintain community safety, including fraud prevention and trust & safety measures;
• Background checks / consumer reports (where applicable), only with required authorization and as permitted by law;
• Process payments and subscriptions via third-party payment processors;
• Communications, including transactional notices, service updates, and support responses;
• Analytics and improvement, including diagnosing technical issues and improving performance/security;
• Compliance and legal obligations, including responding to lawful requests and enforcing contracts/policies;
• Protect rights and safety, including investigating suspected misuse, prohibited conduct, or security incidents.

1.4 Retention

We retain personal information for as long as reasonably necessary for the purposes described above, including to comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and maintain required records. Retention depends on account status, information sensitivity, legal requirements, fraud/safety risk, and dispute needs.

• Account/profile data: while the account is active, plus a reasonable period after closure (often 12 months) for legal compliance and fraud prevention.
• Messages/communications: retained for safety, fraud, dispute resolution, and compliance (often 12 months).
• Background check records: retained as required by law, vendor requirements, and safety needs (often up to 5 years, where permitted).
• Payment confirmations/transaction records: retained for accounting/audit/tax and legal compliance (often up to 5 years).
• When information is no longer needed, it is securely deleted, de-identified, or anonymized.

1.5 Categories of Third Parties to Whom We Disclose Personal Information

We may disclose personal information to the following categories of third parties:

• Service providers/contractors (e.g., hosting, analytics, customer support tools, security/fraud prevention, identity verification, background check vendors, payment processors);
• Other Users (e.g., disclosures between Households and Providers as part of arranging an engagement);
• Authorities and others for legal/safety reasons (e.g., law enforcement, regulators, courts; or to prevent imminent harm);
• Professional advisors (e.g., lawyers, accountants, auditors);
• Transaction counterparties (e.g., acquirers in a merger, acquisition, or asset sale).

1.6 “Sale,” “Sharing,” and Targeted Advertising

A. Sale: Village Haven currently does not “sell” personal information as “sell” is defined under the CCPA/CPRA.

B. Sharing: Village Haven currently does not “share” personal information for cross-context behavioral advertising as “share” is defined under the CCPA/CPRA.

If this changes, we will update this Privacy Notice and provide required opt-out mechanisms, including honoring the Global Privacy Control (GPC) where applicable. See Section 9.

1.7 California Rights

California residents may have rights to: know/access, delete, correct, opt out of sale/sharing (if applicable), and limit certain uses/disclosures of SPI (where applicable), and to not be discriminated against for exercising rights. See Section 8.

2. Information We Collect

We may collect personal information that you provide, including:

• Account and profile information (name, contact details, date of birth for eligibility/age gating);
• Household needs, service requests, preferences, scheduling details, and location details you provide;
• Provider information (credentials, licensing where applicable, experience, references, availability);
• Communications and messages through Platform tools;
• Support requests and correspondence;
• Identity verification information (e.g., photo, government ID) if you choose to complete identity verification or if required.

2.2 Information We Collect Automatically

• Device and technical information (IP address, device identifiers, browser type, OS, app version);
• Usage and log data (screens viewed, features used, timestamps, crash data, referral URLs);
• Cookie and similar technology data (see Section 9).

2.3 Information from Third Parties

• Identity verification vendors;
• Background check providers / consumer reporting agencies (“CRAs”) where authorized and legally permitted;
• Payment processors and subscription/billing partners (e.g., payment confirmation, fraud signals, limited transaction details);
• Public records or other sources, where necessary for safety and compliance and permitted by law.

3. Sensitive Data, Consumer Health Data, and Caregiving Context

3.1 Sensitive Personal Information (SPI)

As described in Section 1.2, we may collect certain SPI only as reasonably necessary and proportionate for limited purposes such as identity verification, fraud prevention, payment processing, security, and legal compliance.

3.2 Caregiving Services and Health/Medical Information

• Please do not submit medical records or highly sensitive health details through the Platform unless the Platform specifically requests it for a narrow purpose (e.g., safety accommodations you choose to provide);
• If you choose to share information about health conditions, mobility needs, medications, or similar details in a service request or message, that information may be collected and used to facilitate the engagement and maintain safety.

3.3 “Consumer Health Data” Laws

We do not offer services targeted at collecting consumer health data as a business model, and we do not use consumer health data for targeted advertising.

To the extent “consumer health data” (as defined by certain state laws, including Washington's My Health My Data Act) is provided by you or generated through your use of the Platform:

• A. We process it to provide the Platform and to facilitate the engagement you request, maintain safety, prevent fraud, and comply with law;
• B. No geofencing: We do not use geofencing to identify or target individuals at or near medical facilities, or to infer health status;
• C. We do not sell consumer health data;
• D. If we implement any features that materially change how consumer health data is collected or used, we will provide additional notices and rights mechanisms as required.

4. How We Use Your Information

We collect only what is reasonably necessary and use it for compatible purposes, including to:

• Create and manage accounts, verify eligibility, and provide support;
• Facilitate connections between Households and Providers, including messaging and scheduling;
• Enable transactions and process payments/subscriptions through third parties;
• Maintain trust & safety and platform integrity, including fraud prevention and security monitoring;
• Conduct identity verification and background checks where authorized and permitted;
• Improve the Platform (debugging, analytics, performance, and feature development);
• Comply with law and enforce our terms and policies; and
• Protect the rights, safety, and integrity of Users, Providers, and the public.

We may create or use de-identified or aggregated data for analytics, safety, or improvement purposes and will not re-identify it except as permitted by law.

5. Background Checks, Consumer Reports, and FCRA Disclosures

5.1 Consumer Reports (FCRA)

When permitted by law and where applicable, Village Haven may obtain “consumer reports” and/or “investigative consumer reports” (as those terms are defined by the Fair Credit Reporting Act (“FCRA”) and analogous state laws) from one or more CRAs for purposes such as verifying identity, evaluating eligibility for certain roles or features, and promoting safety and trust.

CRAs we may use include: Checkr, Inc..

5.2 Authorization and Separate Policy

Where required, we will obtain your authorization before requesting a consumer report, and we will provide legally required disclosures. Additional details, including dispute rights and any adverse action process (if applicable), are described in our Background Check Policy: Background Checks Policy.

6. How We Disclose Personal Information

We disclose personal information only when reasonably necessary to operate the Platform, provide services, maintain safety, or comply with law.

6.1 Service Providers / Contractors

We may disclose personal information to vendors that act as our service providers or contractors to perform services on our behalf, such as:

• A. Hosting, cloud storage, databases, content delivery networks;
• B. Customer support and communications tools;
• C. Security services, fraud prevention, and monitoring; and
• D. Analytics providers (configured to avoid “sharing” for cross-context behavioral advertising.);
• E. Identity verification and background screening vendors (where applicable); and
• F. Payment processing and subscription billing providers.

Where required by applicable law (including CCPA/CPRA), we contractually require service providers/contractors to:

• A. Use personal information only to provide services for specified business purposes;
• B. Not “sell” or “share” personal information (as defined by CCPA/CPRA) except as permitted by law;
• C. Not retain, use, or disclose personal information outside the business relationship except as permitted by law; and
• D. Implement appropriate security measures and assist with rights requests as required.

6.2 Payment Processing and Financial Information

Payments and subscriptions are processed by third-party payment processors. Village Haven does not store full payment card information and does not operate as a bank, escrow, or money transmitter. Payment processing is governed by the payment processor's terms and privacy practices.

We may receive limited payment-related information (e.g., payment status, last four digits, transaction identifiers, fraud signals) for support, accounting, and fraud prevention.

6.3 Disclosures to Other Users

To facilitate an engagement you choose to pursue, we may disclose limited information to other Users. For example:

• A. Providers may see Household service request details, approximate location, scheduling details, and messages;
• B. Households may see Provider profile details, availability, general location, and messages
• C. You control much of what you share through your profile and communications.

6.4 Legal, Safety, and Compliance Disclosures

We may disclose information to comply with law, respond to lawful requests, or protect rights/safety.

6.5 Business Transfers

In a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be disclosed with appropriate protections.

7. Cookies, Analytics, Targeted Advertising, and Your Choices

7.1 Cookies and Similar Technologies

We use cookies, pixels, SDKs, and similar technologies to:

• A. Enable core functionality (authentication, session management)
• B. Support security and fraud prevention
• C. Understand usage and improve the Platform (analytics)

Where available, you may manage preferences using our cookie tool: Cookie Preferences. You can also control cookies via browser settings (though some features may not function properly).

7.2 Do Not Track

Because no consistent standard exists, we do not uniformly respond to DNT signals.

7.3 Global Privacy Control (GPC)

If “sale”/“sharing” applies, we will treat a feasible GPC signal as an opt-out for that browser/device.

7.4 Cross-Context Behavioral Advertising / Targeted Advertising

We currently do not “share” personal information for cross-context behavioral advertising. If that changes, we will provide opt-outs.

8. Your Privacy Rights

Rights depend on jurisdiction; we honor verified requests as required.

8.1 State Rights Summary

8.2 California Privacy Rights

If you are a California resident, you may have the right to:

• A. Know / Access: request the categories and specific pieces of personal information we collected, sources, purposes, and categories of third parties disclosed to;
• B. Delete: request deletion of personal information, subject to legal exceptions;
• C. Correct: request correction of inaccurate personal information;
• D. Opt out of sale/sharing: opt out of “selling” or “sharing” personal information (if applicable). We currently do not sell or share for cross-context behavioral advertising;
• E. Limit certain uses/disclosures of SPI: where applicable (we already limit SPI to permitted purposes); and
• F. Non-discrimination: you will not receive unlawful discriminatory treatment for exercising rights.

California “Shine the Light.” California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) permits certain California residents to request information about disclosures of certain categories of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes in a manner that triggers this requirement, but you may contact us as described in Section 8.6.

We do not sell or share personal information of individuals we know to be under 16. The Platform is intended for adults; see Section 12.

8.3 Colorado, Connecticut, Virginia, Texas, Oregon, Montana, Indiana, Tennessee (and Similar States)

Residents of these states (as applicable) may have rights to:

• A. Confirm/Access personal data we process;
• B. Delete personal data;
• C. Correct inaccuracies (scope varies);
• D. Data portability (obtain a copy in a portable format); or
• E. Opt out of:
• o Targeted advertising (as defined by the applicable state law);
• o Sale of personal data (as defined by the applicable state law);
• o Profiling in furtherance of decisions that produce legal or similarly significant effects (where applicable)

We do not currently engage in profiling that produces legal or similarly significant effects in a way that triggers opt-out rights; see Section 10.

8.4 Utah and Iowa

Residents may access, delete, portability, and opt out of targeted advertising and certain “sales.”

8.5 How to Exercise Rights / Submit a Request

• Privacy Request Form: Privacy Request Form
• Email: hello@villagehaven.org
• Toll-Free Phone (CA): +1 855 768 3073
• Mail: Village Haven LLC, Attn: Privacy, 30 N Gould St Ste 100, Sheridan, WY 82801
• If required, state-specific methods (e.g., “Do Not Sell or Share” link) will be at Do Not Sell or Share.

8.6 Verification of Requests

We take reasonable steps to verify identity before fulfilling requests; unverified requests may be denied.

8.7 Authorized Agents

You may designate an authorized agent; we may require proof and direct verification.

8.8 Appeals

Where required, you may appeal a denial. Appeals: hello@villagehaven.org.

9. “Do Not Sell/Share” and Targeted Advertising Opt-Out

We do not sell or share personal information for cross-context behavioral advertising. If that changes, we will update this notice, provide opt-outs (including Do Not Sell or Share), and honor GPC where required.

10. Automated Decision-Making, Profiling, and Human Review

We may use limited automated systems to support Platform operations (for example, fraud detection, account security, and matching features based on availability and preferences).

• A. No legal/similarly significant profiling: We do not use profiling in furtherance of decisions that produce legal or similarly significant effects (as those terms are defined in certain state privacy laws) in a manner that would require opt-out, such as automatic denial of housing, credit, employment, or insurance, through the Platform;
• B. Fraud and security: We may use automated tools to detect suspicious activity and help protect Users and the Platform;
• C. Human review: Where appropriate, we may provide human review of certain account actions or disputes, particularly involving safety or suspected fraud; and
• D. If this changes and a law requires additional disclosures or opt-out rights, we will provide them.

11. Retention of Personal Information

We retain personal information as long as reasonably necessary to provide the Platform, maintain safety, comply with law, and resolve disputes. Factors include account activity, relationship duration, legal requirements, dispute/fraud risk, and sensitivity.

• Account/profile data: while the account is active, plus a reasonable period after closure (often 12 months) for legal compliance and fraud prevention.
• Messages/communications: retained for safety, fraud, dispute resolution, and compliance (often 12 months).
• Background check records: retained as required by law, vendor requirements, and safety needs (often up to 5 years, where permitted).
• Payment confirmations/transaction records: retained for accounting/audit/tax and legal compliance (often up to 5 years).
• When information is no longer needed, it is securely deleted, de-identified, or anonymized.

12. Children’s Privacy and Age Limits (COPPA)

The Platform is intended for individuals 18+. We do not knowingly collect personal information from children under 13 or minors under 18 for Platform participation. If collected, we will delete it.

13. Data Security and Incident/Breach Notification

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Measures may include access controls, least-privilege practices, encryption in transit where appropriate, monitoring, and vendor security requirements.

No system can be guaranteed 100% secure. If we become aware of a data incident that triggers legal notification obligations, we will provide notice as required by applicable law, including applicable U.S. state breach notification laws.

Account responsibility. Users are responsible for maintaining the confidentiality of login credentials and for promptly notifying us of suspected unauthorized access.

14. International Users; Cross-Border Processing

The Platform is intended for U.S. use. If you access from outside the U.S., you are responsible for local compliance. Personal information may be stored/processed in the U.S. and other locations; we use appropriate safeguards where required.

15. Financial Incentives

We do not offer financial incentives or price/service differences tied to collection/sale/sharing/retention in ways that trigger CCPA/CPRA notice. If introduced, we will provide required notice and obtain consent.

16. Ministry Ownership Disclosure

Village Haven is wholly owned by Heart Space Sanctuary, a faith-based 508(c)(1)(a) ministry. Users are not required to adopt or participate in any religious belief or activity. We do not collect religious beliefs as a condition of using the Platform.

17. Changes to This Privacy Notice

We may update this Privacy Notice; updates take effect on publication (or as stated). Material changes will include additional notice as required by law.

18. Contact Information

• Village Haven LLC (wholly owned by Heart Space Sanctuary)
• Email: hello@villagehaven.org
• Privacy Request Form: Privacy Request Form
• Toll-Free Phone (CA): +1 855 768 3073
• Mailing Address: Village Haven LLC, Attn: Privacy, 30 N Gould St Ste 100, Sheridan, WY 82801

19. Arbitration / Dispute Resolution

If the Platform Terms of Service include an arbitration agreement and class action waiver, they may apply to certain privacy/Platform disputes, subject to applicable law and any nonwaivable rights. See the Dispute Resolution Policy at: Terms of Use.