Privacy Policy


Last Updated: March 30, 2026

NOTICE: We do not sell your personal data. We do not share your personal data for cross-context behavioral or targeted advertising. We may collect sensitive personal data, including financial information and precise geolocation, solely as necessary to provide our products and services. We process sensitive personal data only with your consent or as otherwise permitted by applicable law.

1. Introduction

At Ripe Vegetable Holdings LLC, d/b/a Heard (“us,” “we,” “our,” or the “Company”), we value your privacy and are committed to protecting it through our compliance with this policy. This Privacy Policy (the “Policy”) describes how we collect, process, retain, and disclose personal data when you use our websites, domains, applications, and services that link to this Policy (our “Services”), including those available at https://www.heardsomewhere.com/.

In this Policy, “personal data” refers to any information that, on its own or in combination with other available information, identifies, relates to, or describes an individual.

By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this Policy and our Terms of Use (available at https://www.heardsomewhere.com/legal/terms-of-service/). This Policy may change from time to time (see Section 11). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

We are committed to protecting your privacy in accordance with applicable data-protection laws, including:

  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, including Quebec Law 25
  • The EU General Data Protection Regulation (GDPR)
  • Brazil’s Lei Geral de Proteção de Dados (LGPD)
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) and the California Online Privacy Protection Act (CalOPPA)
  • Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), Utah Consumer Privacy Act (UCPA)
  • Texas Data Privacy and Security Act (TDPSA), Oregon Consumer Privacy Act (OCPA), Montana Consumer Data Privacy Act, Delaware Personal Data Privacy Act
  • Nebraska Data Privacy Law, New Hampshire Data Privacy Act, New Jersey Data Privacy Act, Minnesota Consumer Data Privacy Act, Maryland Online Consumer Protection Act, Kentucky Consumer Data Protection Act (KCDPA)
  • Tennessee Information Protection Act (TIPA), Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA), Indiana Consumer Data Protection Act (INCDPA), Iowa Consumer Data Protection Act (ICDPA)
  • South Africa’s Protection of Personal Information Act (POPIA), Switzerland’s Federal Act on Data Protection (FADP), Saudi Arabia’s Personal Data Protection Law (PDPL)

We may provide additional or different privacy notices for specific features, services, or activities.

Scope

This Policy applies when you interact with us by doing any of the following:

  • Making use of our applications and Services as an authorized user;
  • Visiting any of our websites that link to this Policy; or
  • Communicating with us by email, text, chat, or other electronic message.

This Policy does not apply to third-party applications, websites, products, services, or platforms that may be accessed through links we provide to you. These sites are owned and operated independently from us, and they have their own separate privacy and data-collection practices. Any personal data that you provide to these websites will be governed by the third party’s own privacy policy. We cannot accept liability for the actions or policies of these independent sites and are not responsible for the content or privacy practices of such sites.

This Policy applies only to information we collect through the Services, in communications between you and the Services, and when you interact with our advertising or applications on third-party sites that link to this Policy. It does not apply to information collected by us offline, through any other website operated by the Company or its affiliates that does not link to this Policy, or by any third party (including affiliates) through applications or content accessible from the Services.

2. Children’s and Minors’ Data

Our Services are not intended for children under the age of 13 without verifiable parental consent. We do not knowingly collect personal data from anyone under 13 without parental consent. Users under 18 may access only if enabled by a parent or legal guardian as described in our Terms of Use. If we learn that we have collected or received personal data from a child under 13 without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from or about a child under 13, please contact us using the information provided in Section 13 (Contact Us) below.

To the extent our Terms of Use permit access by users under the age of 18 with parental enablement, any personal data collected in connection with such access will be handled in accordance with COPPA, the CCPA/CPRA age-appropriate-design requirements, and other applicable children’s privacy laws. Parents or guardians who have questions about our practices with respect to minors’ data may contact us at any time.

3. Personal Data We Collect

Categories of Personal Data

The types and categories of personal data we collect or process include:

  • Account and Contact Information: name, email address, phone number, username, password, and other contact information you provide.
  • Payment Information: billing address, credit card or debit card number, and other payment-method details.
  • Financial Information: credit card numbers, transaction amounts, and related financial data.
  • Purchase and Transaction Information: order history, subscription details, and purchase information, specifically if personalized or unique.
  • Device Information: device make and model, IMEI, device identifiers, operating system and version, browser type and settings, IP address, preferred language, and hardware identifiers.
  • Location Data: general geographic location (country, state, city) and, where you have enabled and consented to collection, precise geolocation.
  • Usage Data: clickstream data, pages viewed, search terms, time stamps, time zone, session duration, login information, authentication records, and other operational data about how you interact with our Services.
  • Content and Communications: content you create through or provide to our Services, including reviews, feedback, and communications sent to us.

We also derive non-personal statistical or aggregated data from personal data (for example, the percentage of users accessing a specific feature). Statistical or aggregated data does not directly identify a specific person. If we combine or connect such aggregated data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.

Sensitive Personal Data

Some of the information identified above—including financial information and precise geolocation—may be considered sensitive personal data under certain state and international laws. We collect and process sensitive personal data only with your consent or as necessary to provide you with the products and services you have requested, and only to the extent permitted by applicable law. If you choose not to provide sensitive personal data, certain features or services may be unavailable to you.

How We Collect Your Personal Data

From You. You may provide us with personal data when you:

  • Create an account or purchase products on our website;
  • Use our products or services;
  • Create content through our products or services;
  • Download software and/or our mobile application;
  • Subscribe to our newsletter;
  • Complete a voluntary market-research survey;
  • Contact us with an inquiry or to report a problem (by phone, email, social media, or messaging service); or
  • Log in to our website via social media.

Automatically Through Our Services. As you interact with our Services, we may use automatic data-collection technologies—including cookies, server logs, web beacons, pixel tags, and similar technologies—to collect usage data, device data, and contact data. This includes information such as traffic data, location data, logs, and details of the resources and features you access. We may collect information about your online activities over time and across third-party sites or other online services (behavioral tracking). See Section 5 (Cookies, Automated Technologies, and Behavioral Tracking) for further details.

From Third Parties. We may receive personal data about you from various third parties, including:

  • Account and payment information from another individual who purchases a gift for you;
  • Device and usage data from analytics providers such as Google;
  • Account information from social-media platforms when you log in to our website using such platforms;
  • Content from communication services, including email providers and social networks, when you give us permission to access your data on such services;
  • Account and payment data from organizations (such as law-enforcement agencies), associations, and groups who share data for fraud prevention, detection, and credit-risk reduction; and
  • Account, payment, and financial data from providers of technical, payment, and delivery services.

If you provide us, or our service providers, with personal data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Policy.

4. How We Use Your Information

We use the information we collect about you or that you provide to us, including personal data, to:

  • Provide, deliver, maintain, debug, and improve our products and Services;
  • Enable you to access the Services and set up accounts;
  • Fulfill and manage purchases, orders, payments, returns, and exchanges;
  • Provide you with notices about your account, including expiration and renewal notices;
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • Notify you when Services updates are available and about changes to any products or services we offer;
  • Improve our Services by analyzing your information and creating aggregated data to develop, maintain, optimize, measure, and report on our Services;
  • Estimate our audience sizes and usage patterns;
  • Store information about your preferences to customize the Services;
  • Recognize you when you return to our Services;
  • Respond to your inquiries, comments, and requests;
  • Detect, prevent, or respond to fraud, security incidents, or other illegal activity;
  • Fulfill any other purpose for which you provide information; and
  • For any other purpose with your consent.

All of the above processing is necessary to provide products and services, maintain our relationship with you, perform our contractual obligations, and protect our business (for example, against fraud). Where consent is required to initiate services, new consent will be required if any material changes are made to the types of data collected.

5. Cookies, Automated Technologies, and Behavioral Tracking

What Are Cookies?

A cookie is a small file placed on your device when you interact with our Services. Information in this file is typically shared with the owner of the site in addition to potential partners and third parties. The collection of this information may be used in the function of the site and/or to improve your experience.

How We Use Cookies

We use the following types of cookies:

  • Strictly Necessary Cookies. These cookies are essential for our Services to function and cannot be switched off.
  • Preference Cookies. We use preference cookies to remember the way you like to use our Services, such as your preferred language or location settings, so that we can personalize content and present you with a tailored experience.
  • Analytics Cookies. We use analytics cookies to collect information about the types of visitors to our site and how they interact with it, which helps us improve our Services.

Web Beacons and Other Technologies

Some parts of the Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company to count users who have visited those pages or opened an email and to gather other related statistics, such as recording the popularity of certain content and verifying system and server integrity.

Behavioral Tracking and Third-Party Technologies

We may use automated technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Third parties that may use automatic-collection technologies when you interact with our Services include analytics companies (such as Google Analytics), your device manufacturer, and your internet or mobile-service provider. These third parties may collect information, including personal data, about your online activities and may use this information to provide you with interest-based advertising or other targeted content.

We use Google Analytics to help us understand how visitors use our site. You can read more about how Google uses your personal data at https://www.google.com/intl/en/policies/privacy/. You can opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout?hl=en.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

Managing Cookies and Opting Out

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. The Help feature on most browsers provides information on how to accept, disable, or be notified when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Services.

Some browsers include a “Do Not Track” (DNT) setting that can send a signal to online services indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services may not respond to all browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described in this Policy.

To the extent any of these automated technologies are considered a personal-data sale, targeted advertising, or profiling under applicable law, you may opt out by contacting us at [email protected]. Please note that some Services features may be unavailable as a result.

6. Data Sales, Sharing, and Targeted Advertising Disclosures

We do not sell your personal data. We do not share your personal data with third parties for cross-context behavioral advertising or targeted-advertising purposes. We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.

Who We Disclose Your Information To

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may also disclose personal data that we collect or that you provide as described in this Policy:

  • Service Providers. To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them. These may include marketing agencies, database-service providers, backup and disaster-recovery providers, email-service providers, payment processors, and analytics providers.
  • Business Transfers. To a buyer or other successor in the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, in which personal data held by the Company is among the assets transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
  • Legal Requirements. To comply with any court order, law, or legal process, including to respond to any government or regulatory request; to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our customers, or others.
  • With Your Consent. For any other purpose disclosed by us when you provide the information, or with your consent.

Where possible and practical, we will tell you in advance of any legally compelled disclosure.

Categories of Personal Data We May Disclose

The categories of personal data we may disclose to service providers and as otherwise described above include:

  • Account and contact information;
  • Payment information;
  • Financial information;
  • Purchase and transaction information;
  • Device information;
  • Location data, including general geographic location and, where consented, precise geolocation;
  • Usage data; and
  • Content and communications.

7. Retention and Deletion

We retain personal data for as long as reasonably necessary to fulfill the purposes described in this Policy or as otherwise legally permitted or required, including maintaining the Services, operating our business, complying with legal obligations, resolving disputes, and ensuring safety, security, and fraud prevention. We consider our legal and business obligations, potential risks of harm, and the nature of the information when deciding how long to retain personal data.

As a general guide:

  • Account and Contact Information: Retained for the duration of your account relationship and for a reasonable period thereafter to fulfill legal and compliance obligations.
  • Payment and Financial Information: Retained for the period required by applicable tax, accounting, and financial-reporting laws.
  • Usage and Device Data: Retained in identifiable form for up to 24 months after collection, after which it is aggregated or deleted.
  • Communications and Content: Retained for as long as necessary to resolve inquiries, disputes, or claims, and as required by applicable law.

At the end of the applicable retention period, personal data will be deleted, destroyed, or de-identified.

8. International Data Transfer and Storage

Where possible, we store and process data on servers within the general geographical region where you reside (which may not be within the country in which you reside). Your personal data may also be transferred to, and maintained on, servers residing outside of your state, province, country, or other governmental jurisdiction where data-protection laws may differ from those in your jurisdiction.

We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Policy as well as applicable data-protection law. In regions that are not considered adequate, we will enter into EU Standard Contractual Clauses (or equivalent measures) with parties outside the EEA and ensure adequate controls are in place for the security of your data. More information about these clauses can be found at https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914.

9. How We Keep Your Data Safe

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.

We require any third party contracted to process your personal data on our behalf to have security measures in place to protect your data and to treat such data in accordance with applicable law.

However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the absolute security of your personal data transmitted to, through, using, or in connection with the Services. Any transmission of personal data is at your own risk. The safety and security of your information also depends on you; you are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.

In the unfortunate event of a personal-data breach, we will notify you and any applicable regulator as required by applicable law.

10. Your Rights and Choices

Depending on your geographical location and citizenship, your rights are subject to local data-privacy regulations. This section describes the rights you may have and how to exercise them. The exact scope of these rights and any exceptions vary by jurisdiction and applicable law. We may not be obligated to fulfill every request.

Your Privacy Rights

  • Right to Access and Data Portability (PIPEDA, GDPR Art. 15, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA). You may confirm whether we process your personal data and request a copy of the personal data we process about you. To the extent feasible and required by applicable law, data will be provided in a portable format.
  • Right to Rectification (PIPEDA, GDPR Art. 16, CPRA, CPA, VCDPA, CTDPA, LGPD, POPIA). You may request that we correct inaccurate or incomplete personal data that we maintain about you.
  • Right to Deletion (Right to Be Forgotten) (GDPR Art. 17, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA). You may request that we delete personal data that we process about you, unless we need to retain such data to comply with a legal obligation or to establish, exercise, or defend legal claims.
  • Right to Restriction of Processing (GDPR Art. 18, LGPD). You may restrict our processing of your personal data under certain circumstances (to the extent applicable under GDPR, LGPD, or other international laws listed in Section 1). In this case, we will not process your data for any purpose other than storing it.
  • Right to Data Portability (PIPEDA, GDPR Art. 20, LGPD). You may obtain personal data we hold about you in a structured, electronic format and transmit it to another data controller, where applicable.
  • Right to Opt Out (CPRA, CPA, VCDPA, CTDPA, UCPA, TDPSA). You may opt out of the processing of your personal data for purposes of: (1) targeted advertising; (2) the sale of personal data; and/or (3) profiling in furtherance of decisions that produce legal or similarly significant effects. Under CPRA, you may also opt out of the sharing of your personal data to third parties and our use and disclosure of your sensitive personal data to uses beyond what is necessary to provide the products and services reasonably expected by you (see “How to Exercise Your Rights” below for how to submit your request).
  • Right to Object (GDPR Art. 21, LGPD, POPIA). Where the legal justification for our processing is our legitimate interest, you may object to such processing on grounds relating to your particular situation (to the extent applicable under GDPR, LGPD, POPIA, or other international laws listed in Section 1). We will abide by your request unless we have compelling legitimate grounds for processing that override your interests and rights.
  • Nondiscrimination and Nonretaliation (CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA). You have the right not to be denied service or have an altered experience for exercising your rights.
  • Right to Withdraw Consent. If you have consented to our processing of your personal data, you may withdraw your consent at any time, free of charge, such as where you wish to opt out from marketing messages.

How to Exercise Your Rights

You can make a request to exercise any of these rights by:

  • Emailing our privacy team at [email protected];
  • Submitting a request through the data-request form on our website; or
  • Writing to us at: Data Privacy Officer of Heard, 30 N Gould St Ste R, Sheridan, WY 82801.

For your own privacy and security, at our discretion, we may require you to verify your identity before we can process your request. We will respond to verified requests within the timeframes required by applicable law (generally within 45 days of receipt, with an extension of up to an additional 45 days where reasonably necessary).

Appeal Procedure

If we decline to take action on your request, we will inform you of the reasons for doing so and provide instructions for how to appeal our decision. You may appeal by emailing us at [email protected] with the subject line “Privacy Rights Appeal.” We will respond to your appeal within the timeframe required by applicable law (generally within 60 days).

If you are dissatisfied with the outcome of your appeal, you may contact the attorney general or relevant data-protection authority in your jurisdiction:

  • Colorado: https://coag.gov/file-complaint/
  • Virginia: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint
  • Connecticut: https://www.dir.ct.gov/ag/complaint/
  • EEA residents: https://edpb.europa.eu/about-edpb/about-edpb/members_en
  • For other states or jurisdictions, please contact us and we will direct you to the appropriate authority.

Global Privacy Control (GPC)

Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to the websites you visit, indicating your opt-out preferences for certain types of data processing, including data “sales” as defined under certain laws. When we detect a GPC signal, we will make reasonable efforts to respect your choices as required by applicable law.

Nevada Residents

Nevada law provides its residents with a limited right to opt out of certain personal-data sales. If you are a Nevada resident and wish to exercise your sale opt-out rights, you may submit a request to [email protected]. Please note that we do not currently sell personal data as defined under Nevada law.

Advertising, Marketing, and Location-Data Choices

You can set your browser to refuse all or some cookies or to alert you when cookies are being sent. You can choose whether to allow the Services to collect and use real-time information about your device’s location through your device’s privacy settings. If you block location information, some Services features may become inaccessible or not function properly.

11. Changes to This Privacy Policy

We may update this Policy from time to time, and we will provide notice of any such changes as required by law. The date this Policy was last updated is identified at the top of this document.

We will notify you of material changes by updating the “Last Updated” date and posting the updated Policy on the Services. For material changes, we may also notify you through a prominent notice within the Services or by email to the address associated with your account, where required by applicable law. Your continued use of the Services after the effective date of a revised Policy constitutes your acceptance of the changes. Where applicable law requires renewed affirmative consent for material changes, we will obtain such consent before the changes take effect.

12. Merger or Acquisition

If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred as described in Section 6 above, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding in which personal data held by the Company is among the assets transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy. Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (for example, a court or a government agency), and the successor entity may have its own privacy policy.

13. Contact Us

To exercise your rights, request a copy of your information, unsubscribe from our email list, request that your data be deleted, register a complaint, or ask a question about your data privacy, please contact us by any of the following methods:

  • Email: [email protected]
  • Data Request Form: Available on our website at https://www.heardsomewhere.com/legal/privacy-policy/
  • Mail: Data Privacy Officer of Heard, 30 N Gould St Ste R, Sheridan, WY 82801

We aim to respond to all verified requests within the timeframes required by applicable law (generally 45 days, extendable by an additional 45 days where reasonably necessary). If you have a complaint about our data-privacy practices that we have been unable to resolve, you may contact the applicable data-protection authority in your jurisdiction.