Privacy Policy

Effective Date: January 1, 2026

1. Introduction

This Privacy Policy explains how Henshin, Inc. ("Henshin", "we", "us", or "our") collects, uses, and protects your personal data when you visit our website and interact with our services.

2. Information We Collect

We may collect the following categories of information:

  • Contact Information: If you submit our contact form, we collect your name, email address, company, and message. The form includes an explicit consent checkbox.
  • Technical/Usage Data: IP address, browser/user agent, device and usage information, and pages viewed. This includes traffic handled by our CDN and security provider.
  • Consent Preferences (Cloudflare): Our site uses Cloudflare's consent tool (including Zaraz) to record and honor your consent choices for non-essential tags such as Google Analytics.
  • Blog Feed Content: To display the latest insights, your browser may request content (e.g., thumbnails) from our Substack at blog.henshin.com. In limited cases we may use a CORS proxy (AllOrigins) solely to fetch the feed; those services receive your IP address and user agent to deliver the requested content.
  • Fonts: Loading Google Fonts requires your browser to request assets from Google's servers (IP address and user agent).

3. Legal Bases for Processing (EEA/UK)

  • Consent (Art. 6(1)(a)): For non-essential cookies/tags such as Google Analytics. We only run these after you consent via the Cloudflare banner.
  • Legitimate Interests (Art. 6(1)(f)): To secure, operate, and improve the site; to prevent fraud/spam; to serve essential third-party assets (e.g., CDN, Google Fonts, Substack feed requests, and limited use of AllOrigins for CORS) needed to fulfill content you request.
  • Contract/Pre-contract (Art. 6(1)(b)): To respond to inquiries you submit via the contact form.
  • Legal Obligation (Art. 6(1)(c)): Where retention/disclosure is required by law.

4. How We Use Your Data

  • To communicate with you and respond to inquiries you submit.
  • To operate, secure, and maintain our website (including via Cloudflare).
  • To record and honor your cookie/consent preferences using Cloudflare's consent tool.
  • To fetch and display blog content from Substack that you request.
  • To improve the site and, where you consent, to run analytics (e.g., Google Analytics).

5. Data Retention

  • Contact Form Data: Retained up to 12 months after resolving your inquiry, unless a longer period is required for business or legal purposes.
  • Server/CDN Logs (incl. Cloudflare): Typically retained up to 30 days for security/troubleshooting.
  • Consent Records (Cloudflare): Stored for as long as the preference remains valid or up to 12 months, after which you may be asked again.
  • Analytics: If enabled by your consent, retained per provider defaults (e.g., up to 14 months).

6. International Data Transfers

We and some of our service providers are based in the United States and other countries. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses and/or recognized transfer frameworks to protect your data.

7. Your Rights (EEA/UK)

Subject to applicable law, you may have the right to access, rectify, erase, restrict or object to processing, and data portability. You can withdraw consent at any time via the cookie banner (or "Manage Cookies" link, where available) without affecting the lawfulness of processing before withdrawal. To exercise rights, contact privacy@henshin.com.

8. US State Privacy Rights (e.g., California, Virginia, Colorado)

Depending on your state, you may have rights to access, delete, or correct personal information and to opt-out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information. We honor supported Global Privacy Control (GPC) signals where applicable. To exercise rights, email privacy@henshin.com with the subject "US Privacy Request." We will verify and respond as required by law.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve our site. Essential cookies (e.g., security/CDN) are required for basic functionality. Non-essential cookies/tags (e.g., Google Analytics) run only after you consent via our Cloudflare consent banner. You can review or change your choices at any time via the banner (or a "Manage Cookies" link, where available). If your browser sends a supported GPC signal, we honor it to the extent our consent tool supports it.

10. Third-Party Services and Processors

  • Cloudflare (CDN, security, and consent management/Zaraz)
  • Web3Forms (contact form processing)
  • Substack (blog content at blog.henshin.com)
  • AllOrigins (CORS proxy used only if needed to fetch the Substack feed)
  • Google Fonts (font delivery)
  • Google Analytics (analytics, only after consent via Cloudflare)

Third-party sites we link to (e.g., Substack, LinkedIn, X, IMDbPro) have their own privacy practices; we encourage you to review their policies.

11. Children's Privacy

Our website is not directed to children under 13 (or other age as defined by local law), and we do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" above. Material changes will be highlighted on this page.

13. Contact Us

For questions or to exercise your rights, contact: privacy@henshin.com or write to Henshin, Inc., P.O. Box 29109, San Francisco, CA 94129-9109.