Privacy Policy

Effective Date: 2nd August, 2025
Last Updated: 2nd August, 2025

HIV Risk Report (“we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use our website (hivriskreport.com), services, or submit data through any of our forms or tools (collectively, the “Services”).

By using our Services, you consent to the data practices described in this policy.

1. Information We Collect

We may collect the following categories of personal and pseudonymous information:

a. Information You Provide Directly

  • Sexual encounter details (e.g. gender, partner status, type of sex, condom use)

  • Your email address (if submitted for report delivery or support)

  • Payment information (collected and processed securely by Stripe or third-party processors; we do not store full card numbers)

b. Automatically Collected Information

  • IP address, device type, browser type, operating system

  • Usage data such as pages visited, click activity, timestamps

  • Referrer URL and country/region based on IP

2. Legal Basis for Processing (EU/UK GDPR)

We process your information under the following lawful bases:

  • Consent – where you have explicitly provided consent (e.g. form submission)

  • Contractual necessity – to deliver services you have requested

  • Legitimate interest – to maintain, secure, and improve our platform

  • Compliance with legal obligations – as required under applicable laws

3. Use of Personal Information

We use your information to:

  • Generate and deliver personalised HIV risk assessments

  • Process and confirm payments

  • Provide customer support or respond to user inquiries

  • Improve our Services and product functionality

  • Prevent abuse, fraud, and security threats

  • Comply with applicable legal obligations

We do not sell or rent your personal information to third parties.

4. Data Sharing and Disclosure

We may share your information with:

  • Service providers (e.g. Stripe for payment processing, hosting providers)

  • Law enforcement or regulators, when legally required

  • Business transfers, in the event of an acquisition, merger, or sale of assets (with notice)

All third-party service providers are contractually obligated to protect your data and use it solely for purposes consistent with this policy.

5. Data Retention

We retain submitted data only as long as necessary to fulfill the purpose it was collected for, including legal, accounting, and operational requirements.

  • Form submissions may be deleted upon request

  • Payment transaction records may be retained to comply with tax and financial regulations

6. Your Rights (EU/UK GDPR and California CCPA/CPRA)

a. Access, Rectification, Erasure

You have the right to:

  • Request access to your personal data

  • Request correction of inaccurate or incomplete data

  • Request deletion (“right to be forgotten”)

b. Data Portability

You may request your data be transferred in a structured, commonly used format.

c. Restriction or Objection

You may object to processing or request restrictions in certain cases.

d. Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

To exercise any rights, contact us at: team@hivriskreport.com

If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

7. Cookies and Tracking Technologies

We use minimal cookies and analytics tools to monitor usage patterns and site performance. No invasive or behavioural tracking cookies are used. By using our site, you consent to the placement of functional cookies on your device.

8. Children’s Privacy

Our Services are not intended for or directed toward individuals under the age of 16. We do not knowingly collect data from minors. If we become aware that personal information has been collected from a minor without verifiable parental consent, we will delete such data immediately.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These include:

  • SSL encryption

  • Secure cloud infrastructure

  • Access controls and audit logging

However, no system is 100% secure. Users submit data at their own risk.

10. International Data Transfers

Our servers and processing infrastructure may be located outside your country. By using the Services, you consent to the transfer of your information to countries outside your jurisdiction, which may not provide the same level of data protection as your home country.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. All changes will be posted on this page with an updated “Last Updated” date. Continued use of our Services after changes constitutes acceptance of the revised terms.

12. Contact Information

If you have questions, concerns, or would like to make a data request, contact us at:

📧 team@hivriskreport.com
🌐 hivriskreport.com