This Privacy Statement is generated through our consent-management system and includes the privacy rights, cookie choices, and data request tools available to visitors. For clarity, Project Heartbeat uses service providers to operate our website, process payments, manage bookings and registrations, maintain training and certification records, send communications, secure our systems, and deliver requested items. We also use Google Analytics, Google Tag Manager, Google Ads, Google Remarketing, and Google Maps. Google Ads and remarketing may involve sharing limited online identifiers and website interaction data for cross-context behavioral advertising, subject to consent and opt-out rights. We do not sell personal information for monetary consideration.

This privacy statement was last changed on June 17, 2026, last checked on June 17, 2026, and applies to citizens and legal permanent residents of the United States.

In this privacy statement, we explain what we do with the data we obtain about you via https://projectheartbeat.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose and categories of data

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

1.1 Contact – Through phone, mail, email and/or webforms

The following categories of data are collected

  • A first and last name
  • Account name or alias
  • An email address
  • A home or other physical address, including street name and name of a city or town
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data
  • Education information
  • A signature

Retention period

We determine the retention period according to fixed objective criteria: We retain contact and inquiry records for as long as reasonably necessary to respond to the inquiry, provide requested information or services, maintain business records, comply with legal, regulatory, tax, accounting, accreditation, training-record, certification, dispute-resolution, security, and fraud-prevention obligations, and manage our relationship with the individual. Retention periods vary depending on the nature of the inquiry, the services requested or provided, applicable legal or regulatory requirements, and whether the information is needed for active business, student, training, certification, payment, audit, or legal purposes. When information is no longer reasonably necessary for these purposes, we delete, de-identify, or anonymize it where feasible.

1.2 Payments

The following categories of data are collected

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address

Retention period

We determine the retention period according to fixed objective criteria: We retain payment and transaction records for as long as reasonably necessary to process payments, provide receipts and refunds, manage bookings or enrollments, resolve billing questions, prevent fraud, handle disputes or chargebacks, maintain accounting and tax records, comply with payment-network, legal, regulatory, and financial reporting obligations, and support audits or legal claims. Payment processing is handled by our payment processor, Stripe, and we do not store full credit card numbers on our website. Stripe may retain payment and transaction information according to its own legal, regulatory, payment-network, fraud-prevention, and data-retention obligations. When payment-related information is no longer reasonably necessary for these purposes, we delete, de-identify, or anonymize it where feasible.

1.3 Registering an account

The following categories of data are collected

  • A first and last name
  • Account name or alias
  • An email address

Retention period

We determine the retention period according to fixed objective criteria: We retain account information for as long as reasonably necessary to maintain the account, provide access to our services, manage bookings, enrollments, course participation, student records, customer support, security, fraud prevention, dispute resolution, legal, regulatory, accreditation, certification, tax, accounting, and business recordkeeping obligations. Retention periods vary depending on the type of account, services requested or provided, applicable legal or regulatory requirements, and whether the information is needed for active business, student, training, certification, payment, audit, security, or legal purposes. When account information is no longer reasonably necessary for these purposes, we delete, de-identify, or anonymize it where feasible.

1.4 Newsletters

The following categories of data are collected

  • A first and last name
  • An email address

Retention period

We determine the retention period according to fixed objective criteria: We retain newsletter subscription and marketing communication information until the individual unsubscribes, withdraws consent, opts out, or the information is no longer reasonably necessary for marketing communications, relationship management, suppression-list management, legal compliance, or business recordkeeping. We may retain limited information necessary to honor unsubscribe and opt-out requests and prevent future marketing communications. When newsletter-related information is no longer reasonably necessary for these purposes, we delete, de-identify, or anonymize it where feasible.

1.5 To support services or products that a customer wants to buy or has purchased

The following categories of data are collected

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

Retention period

We determine the retention period according to fixed objective criteria: We retain service, booking, enrollment, purchase, support, and training-related records for as long as reasonably necessary to provide requested services, process bookings or enrollments, issue confirmations, receipts, course records, certificates or hard cards, provide customer support, resolve disputes, prevent fraud, and comply with legal, regulatory, tax, accounting, accreditation, certification, audit, and business recordkeeping obligations. Retention periods vary depending on the type of service requested or provided and applicable legal, regulatory, certification, accreditation, payment, audit, or dispute-resolution needs. When no longer reasonably necessary, we delete, de-identify, or anonymize the information where feasible.

1.6 Compiling and analyzing statistics for website improvement.

The following categories of data are collected

  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

Retention period

We determine the retention period according to fixed objective criteria: We retain website analytics, cookie, consent, device, browser, IP address, geolocation, and interaction data for as long as reasonably necessary to measure website performance, improve usability, troubleshoot errors, maintain security, evaluate marketing effectiveness, honor consent and opt-out preferences, and comply with privacy and consent obligations. Analytics and marketing cookies are managed through our consent tools where required. Retention periods may also depend on the retention settings and policies of the analytics, advertising, and security tools we use. When this information is no longer reasonably necessary for these purposes, we delete, aggregate, de-identify, or anonymize it where feasible.

1.7 Deliveries

The following categories of data are collected

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • A telephone number
  • An email address

Retention period

We determine the retention period according to fixed objective criteria: We retain delivery and mailing information for as long as reasonably necessary to send hard cards, certificates, course materials, receipts, notices, or other requested items; confirm delivery; resolve delivery issues; prevent fraud; provide customer support; and maintain legal, tax, accounting, audit, accreditation, certification, and business records. Retention periods vary depending on the item delivered, the service provided, delivery-confirmation needs, customer-support needs, and applicable legal, regulatory, tax, accounting, certification, accreditation, audit, or dispute-resolution requirements. When no longer reasonably necessary, we delete, de-identify, or anonymize the information where feasible.

1.8 To be able to offer personalized products and services

The following categories of data are collected

  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

Retention period

We determine the retention period according to fixed objective criteria: We retain information about inquiries, course interests, bookings, website interactions, communication preferences, prior services, and customer relationship history for as long as reasonably necessary to provide relevant course information, recommend appropriate services, personalize communications, improve user experience, respond to inquiries, manage our relationship with the individual, honor consent and opt-out preferences, and comply with legal, regulatory, security, and business recordkeeping obligations. We do not use sensitive personal information for personalization unless permitted by law or necessary to provide the requested service. When information is no longer reasonably necessary for these purposes, we delete, de-identify, or anonymize it where feasible.

1.9 To sell or share data with a third party

The following categories of data are collected

  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

Retention period

We determine the retention period according to fixed objective criteria: We do not sell personal information for monetary consideration. We may share limited personal information, online identifiers, cookie identifiers, device/browser information, IP address, website interaction data, and similar information with advertising, analytics, and measurement partners, including Google, for purposes such as remarketing, conversion measurement, campaign measurement, and cross-context behavioral advertising, where permitted by law and subject to applicable consent and opt-out rights. We retain advertising, remarketing, conversion measurement, consent, opt-out, and related online identifier data for as long as reasonably necessary to measure campaign performance, manage advertising audiences, honor consent and opt-out preferences, prevent fraud or misuse, comply with legal and privacy obligations, support audits or disputes, and maintain business records. Retention periods may also depend on the retention settings and policies of the advertising or analytics platforms we use. When this information is no longer reasonably necessary for these purposes, we delete, aggregate, de-identify, or anonymize it where feasible.

1.10 To be able to comply with legal obligations

The following categories of data are collected

  • A first and last name
  • An email address
  • A home or other physical address, including street name and name of a city or town
  • A telephone number

Retention period

We determine the retention period according to fixed objective criteria: We retain information as necessary to comply with applicable legal, regulatory, tax, accounting, accreditation, certification, payment-processing, audit, privacy-rights, dispute-resolution, security, fraud-prevention, and recordkeeping obligations. Retention periods vary depending on the type of record, applicable legal or regulatory requirement, and whether the information is needed for compliance, audits, investigations, legal claims, disputes, safety, security, or business recordkeeping. Information retained for legal or compliance purposes is used only as reasonably necessary for those purposes. When information is no longer reasonably necessary for these purposes, we delete, de-identify, or anonymize it where feasible.

2. Sharing with other parties

We only share or disclose this data to other recipients for the following purposes:

Purpose of the data transfer: Payment processing, fraud prevention, refunds, receipts, disputes, chargebacks, tax/accounting support
Country or state in which this service provider is located: United States
Purpose of the data transfer: Appointment booking, scheduling, customer management, confirmations, reschedules, staff/admin booking operations
Country or state in which this service provider is located: United States / European Union
Purpose of the data transfer: Course registration, class schedule management, roster management, and training administration.
Country or state in which this service provider is located: United States
Purpose of the data transfer: Training-record upload, certification processing, roster import/export, and AHA/RQI-related course administration.
Country or state in which this service provider is located: United States
Purpose of the data transfer: Business email, internal communications, document storage, form/booking notifications, staff collaboration
Country or state in which this service provider is located: United States
Purpose of the data transfer: Transactional email delivery and email deliverability
Country or state in which this service provider is located: United States / New Zealand
Purpose of the data transfer: Website hosting, server infrastructure, database hosting, backups, security/logging
Country or state in which this service provider is located: United States
Purpose of the data transfer: Website firewall, malware scanning, login security, bot/spam/security protection
Country or state in which this service provider is located: United States
Purpose of the data transfer: Email marketing, newsletter management, subscriber list management, marketing campaign delivery, unsubscribe/suppression management, and email engagement reporting.
Country or state in which this service provider is located: Australia / United States
Purpose of the data transfer: Consent management, cookie policy/privacy documentation, consent records, privacy-request tools
Country or state in which this service provider is located: Netherlands
Purpose of the data transfer: Site optimization, image optimization, performance tools, plugin services
Country or state in which this service provider is located: United States / Australia
Purpose of the data transfer: Mailing hard cards, certificates, receipts, course materials, or other requested items
Country or state in which this service provider is located: United States

Purpose of the data transfer: Advertising, remarketing, conversion measurement, campaign measurement, and cross-context behavioral advertising where permitted by law and subject to consent or opt-out rights
Country or state in which this third party is located: United States
Purpose of the data transfer: Website analytics, performance measurement, visitor behavior analysis, conversion measurement, and audience/advertising measurement where enabled
Country or state in which this third party is located: United States
Purpose of the data transfer: Tag management for analytics, advertising, conversion measurement, consent-controlled scripts, and third-party integrations
Country or state in which this third party is located: United States
Purpose of the data transfer: Displaying location maps, directions, and interactive map functionality
Country or state in which this third party is located: United States

3. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

4. How we respond to Do Not Track signals & Global Privacy Control

Our website responds to and supports the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences are communicated to us in the HTTP request header, and we will not track your browsing behavior.

5. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy on our Opt-out preferences webpage. 

6. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorized access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

7. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

8. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

9. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person. We shall provide the requested information only upon receipt of a verifiable consumer request. You can contact us by using the information below. You have the following rights:

9.1 You have the following rights with respect to your personal data

  1. You may submit a request for access to the data we process about you.
  2. You may object to the processing.
  3. You may request an overview, in a commonly used format, of the data we process about you.
  4. You may request correction or deletion of the data if it is incorrect or not or no longer relevant, or to ask to restrict the processing of the data.
  5. You may appeal our decision whenever we refuse to take action on a request and submit a complaint with the competent authority if your appeal is denied.

9.2 Supplements

This section, which supplements the rest of this Privacy Statement, applies to citizens and legal permanent residents of California (CPRA), Colorado (CPA), Oregon (OCPA) and Nevada (NRS 603A)

California

Right to know what personal information is being collected about you

A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following:

  1. The categories of personal information it has collected about that consumer.
  2. The categories of sources from which the personal information is collected.
  3. The business or commercial purpose for collecting or selling personal information.
  4. The categories of third parties with whom the business shares personal information.
  5. The specific pieces of personal information it has collected about that consumer.

The right to know whether personal information is sold or disclosed and to whom

A consumer shall have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to that consumer:

  1. The categories of personal information that the business collected about the consumer.
  2. The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
  3. The categories of personal information that the business disclosed about the consumer for a business purpose.

The Right to equal service and price, even if you exercise your privacy rights

A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.

A business that receives a verifiable request from a consumer to delete the consumer’s personal information pursuant to subdivision (a) of this section shall delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.

A business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:

  1. Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
  3. Debug to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
  7. Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
  8. To enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
  9. Comply with a legal obligation.
  10. Otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you. For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

Financial incentives

Selling of personal data to third parties

We have not sold consumers’ personal data in the preceding 12 months

  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • IP Address
  • Geolocation data

We have not disclosed consumers’ personal information for a business purpose in the preceding 12 months.

  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • IP Address
  • A telephone number
  • Geolocation data
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered
  • Education information
  • Professional or employment-related information

Colorado

Right to Data Portability

When exercising the right to Access personal data , you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. You may exercise this right no more than two times per calendar year.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under Colorado law this concerns the following purposes:

  1. targeted advertising;
  2. the sale of personal data; or
  3. profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

Nevada

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the Nevada Privacy Law, this concerns the sale of personal data.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

Oregon

Right to Data Portability

When exercising the right to Access personal data , you have the right to obtain the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.

We are not required to reveal any trade secret.

Right to opt-out

You may submit a request directing us not to make certain disclosures of personal information we maintain about you.

Under the OCPA this concerns the following purposes:

  1. targeted advertising; or
  2. the sale of personal data; or
  3. profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer.

For more information about the possibility of submitting an opt-out request, please refer to our Opt-out preferences page.

10. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

11. Contact details

Project Heartbeat
333 Hegenberger Rd, Suite 855, Oakland, CA. 94621
United States
Website: https://projectheartbeat.com
Email: info@ex.comprojectheartbeat.com

Phone number: 510-452-1100

12. Data Requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form

×