PRIVACY POLICY
Effective Date: 10/November/2025
This Privacy Policy (“Policy”) governs the manner in which The Dream Map (“we,” “our,” “us,” or the “Company”) collects, uses, maintains, discloses, and protects information collected from users (“you” or “your”) of our website, (the “Site”), and in connection with the purchase or use of our downloadable digital products (the “Products”).
We are committed to protecting your privacy and handling your personal information responsibly and transparently in accordance with applicable laws of the State of Washington and the United States of America.
1. PURPOSE OF THIS POLICY
This Policy explains:
a) The types of personal and non-personal information we collect;
b) How we use and safeguard such information;
c) The circumstances under which we may disclose it; and
d) Your rights and choices regarding your personal data.
By accessing our Site or purchasing our Products, you agree to the terms of this Privacy Policy.
2. CONTACT INFORMATION
Business Name: The Dream Map
Registered Address: 24617 E SR 224 NE Benton City, WA 99320
Email Address: Justine@thedreammap.com
All inquiries, requests, or complaints concerning this Policy or our data-handling practices should be directed to the contact details provided above.
3. INFORMATION WE COLLECT
We collect and process only such personal information as is reasonably necessary to provide our Products and operate our business lawfully and efficiently. The information we collect falls into the following categories:
a. Information You Provide Voluntarily
- When you interact with our Site, place an order, or contact us, you may provide:
- Your full name, email address, and billing address;
- Contact details such as phone number (if provided);
- Order and transaction details; and
- Any correspondence or messages you send to us.
We do not request or collect sensitive personal information such as social security numbers, bank account details, or government-issued identifiers.
b. Payment Information
Payments for Products are processed securely through trusted third-party payment processors. We do not store or have access to your full credit card or debit card numbers. Any payment information you provide during checkout is collected and processed directly by the payment processor in accordance with their privacy policies.
c. Automatically Collected Information
When you access our Site, we may automatically collect certain information, including:
- Your Internet Protocol (IP) address, browser type, and operating system;
- The pages you visit, the date and time of your visit, and the duration of your session; and
- Basic analytical data used to improve the functionality, content, and performance of our Site.
This information is collected through standard web technologies and cookies and does not personally identify you unless combined with other data you provide.
4. USE OF INFORMATION
We collect and use personal information for legitimate business purposes, including but not limited to:
a) Order Processing: To process transactions, deliver purchased Products, and maintain accurate purchase records;
b) Customer Support: To communicate with you, respond to inquiries, and resolve issues;
c) Legal and Regulatory Compliance: To comply with applicable accounting, tax, and data retention requirements;
d) Website Improvement: To evaluate user engagement and improve the layout, design, and user experience of the Site;
e) Security and Fraud Prevention: To safeguard against unauthorized transactions, security breaches, or fraudulent activity; and
f) Administrative Purposes: To manage business operations, perform audits, and maintain compliance with contractual obligations.
We will not use personal information for any purpose that is incompatible with these stated purposes without obtaining your prior consent.
5. LAWFUL BASIS FOR PROCESSING
We process personal information only when legally permissible under one or more of the following bases:
a) Contractual Necessity: Where processing is required to perform our contractual obligations to you, such as delivering purchased Products.
b) Legal Obligation: Where processing is necessary to comply with legal or regulatory duties, including tax and accounting laws.
c) Legitimate Interest: Where we have a legitimate business interest in ensuring network security, fraud prevention, and business improvement.
d) Consent: Where you have expressly granted permission for specific processing activities (e.g., marketing communications).
6. DISCLOSURE OF INFORMATION
We do not sell, rent, or lease your personal information. We may disclose personal data in limited and controlled circumstances, including:
a) To Service Providers: We may share data with trusted third parties that perform essential business operations on our behalf, such as hosting providers, payment processors, data storage, and email delivery services. These providers are contractually bound to handle data securely and use it only for authorized purposes.
b) To Comply with Legal Requirements: We may disclose information where required by law, subpoena, court order, or government request, or when necessary to protect our rights, property, or safety.
c) In Business Transfers: In the event of a merger, acquisition, sale of assets, or restructuring, personal information may be transferred to the successor entity, provided that the receiving entity upholds similar privacy safeguards.
7. DATA RETENTION
7.1 Retention Purpose and Legal Basis
We retain personal information only for such period as is reasonably necessary to achieve the purposes for which it was collected, including but not limited to the fulfillment of contractual obligations, accounting and tax reporting, customer support, fraud prevention, dispute resolution, and compliance with applicable federal and state laws and regulations.
7.2 Retention Duration
Unless a longer retention period is required or permitted by law, we retain transactional, billing, and sales records for a minimum of four (4) years following the end of the fiscal year in which the transaction occurred. This retention period aligns with the recordkeeping standards prescribed under Washington Administrative Code (WAC) 458-20-254 and the Internal Revenue Service (IRS) guidelines.
Certain categories of data — such as tax documentation, payment logs, and compliance correspondence — may be retained for a period of up to seven (7) years if required to comply with federal or state statutory obligations, including potential audit or enforcement inquiries.
7.3 Archiving, Deletion, and Anonymization
Upon expiration of the applicable retention period, personal information shall be:
a) Securely deleted from active systems through data erasure protocols consistent with the National Institute of Standards and Technology (NIST) SP 800-88 Guidelines for Media Sanitization;
b) Anonymized or aggregated so that the information can no longer reasonably identify an individual; or
c) Archived in an encrypted and access-restricted format if continued retention is required for legal, regulatory, or evidentiary purposes.
7.4 Retention Review
We conduct periodic reviews of retained data to ensure that it remains accurate, relevant, and necessary. Any records found to be obsolete, redundant, or no longer required are disposed of in accordance with our data destruction policies.
8. DATA SECURITY
8.1 General Security Obligations
We employ commercially reasonable technical, administrative, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
8.2 Technical Measures
Our technical controls include, without limitation:
- Use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption for data transmission;
- Implementation of firewalls, intrusion detection systems, and continuous system monitoring;
- Encryption-at-rest for stored sensitive information;
- Routine software updates, vulnerability testing, and patch management;
- Use of strong password protocols and multi-factor authentication (MFA) for administrative access; and
- Secure data backups maintained in geographically redundant facilities.
8.3 Administrative and Organizational Controls
We maintain strict access control policies that limit access to personal information to only those personnel, contractors, or service providers who have a legitimate business need. All employees handling personal data are required to undergo confidentiality and data protection training and are bound by non-disclosure obligations.
Third-party vendors and service providers with access to personal data are subject to written data processing agreements requiring them to maintain comparable levels of data protection and comply with all applicable privacy and security laws.
8.4 Limitations and Disclaimer
While we endeavor to maintain the highest standard of data protection, you acknowledge that no method of data transmission over the Internet or electronic storage system is completely secure. Accordingly, we cannot and do not guarantee absolute security. Any transmission of personal information is undertaken at your own risk.
9. DATA BREACH RESPONSE
9.1 Incident Identification and Containment
In the event that we become aware of an actual or suspected data security incident or breach involving personal information (“Data Breach”), we will immediately activate our Incident Response Protocol, which includes identifying the scope, nature, and cause of the breach; isolating affected systems; and implementing remedial actions to prevent further unauthorized access or disclosure.
9.2 Investigation and Assessment
We will conduct a prompt and thorough internal investigation to determine:
a) The type of personal information involved;
b) The number and identity of individuals affected;
c) The likely consequences and risks to data subjects; and
d) The remedial and mitigation steps to be taken.
Our assessment shall comply with the requirements under the Washington Data Breach Notification Law (RCW 19.255.010 et seq.), and applicable guidance issued by the Washington State Attorney General.
9.3 Notification Obligations
If the breach is reasonably likely to result in harm, identity theft, or financial loss to affected individuals, we shall, without unreasonable delay and within the statutory time frame, notify:
- Each affected individual whose personal information was compromised; and
- The Office of the Washington State Attorney General, if the incident affects more than 500 Washington residents, as required by RCW 19.255.010(15).
Such notifications will include, at minimum:
a) The date and nature of the breach;
b) The categories of information affected;
c) Contact information for obtaining further assistance;
d) Measures taken or planned to mitigate harm; and
e) Instructions for the individual to protect themselves against potential misuse.
9.4 Remediation and Documentation
We will take all reasonable steps to mitigate harm, such as resetting credentials, securing systems, and enhancing future safeguards.
All breach incidents and responses will be documented, reviewed, and retained for audit purposes for no less than five (5) years.
9.5 Cooperation with Authorities
We will cooperate fully with law enforcement authorities, regulatory agencies, and any data protection bodies as required by law to facilitate investigation, enforcement, and compliance measures related to the breach.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Use of Cookies
Our website (“Site”) employs cookies, web beacons, pixels, and other similar tracking technologies (collectively referred to as “Cookies”) to facilitate essential website operations, authenticate users, enhance performance, personalize user experiences, and gather aggregated analytical insights regarding Site usage patterns.
10.2 Categories of Cookies
Cookies utilized on this Site may include, but are not limited to:
a) Strictly Necessary Cookies – Required for the basic operation of the Site, including secure login, cart functionality, and session management;
b) Performance Cookies – Used to collect statistical data on user behavior to improve website functionality and optimize content delivery;
c) Functional Cookies – Enable personalization by remembering preferences such as language settings and display options;
d) Analytics and Advertising Cookies – Provided by trusted third-party service providers (e.g., Google Analytics) to assist in evaluating website performance, ad delivery, and measuring marketing effectiveness.
10.3 Cookie Management and Consent
Users are informed of cookie usage through a banner or pop-up notification upon first visiting the Site. By continuing to use or navigate the Site after being presented with this notice, you consent to our use of cookies as outlined in this Policy.
You may disable, restrict, or delete cookies through your browser or device settings; however, please note that certain essential Site features may cease to function properly if cookies are disabled.
10.4 Third-Party Tracking
Some cookies and tracking technologies may be controlled by third-party analytics or advertising partners. We do not have control over third-party cookies and recommend that users review the privacy policies of those third parties for additional information regarding their data practices.
11. CHILDREN’S PRIVACY
11.1 Scope of Applicability
Our Site and associated digital products or services are intended solely for individuals aged thirteen (13) years and above. We do not knowingly solicit or collect personal information from children under the age of 13 in accordance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §6501 et seq.
11.2 Inadvertent Collection
If we become aware that personal information has been inadvertently collected from a child under the age of 13 without verifiable parental consent, we shall take immediate and reasonable steps to:
a) Delete such information from our systems; and
b) Where applicable, notify the parent or legal guardian of the data subject.
11.3 Parental Notification
Parents or guardians who believe their child’s information has been submitted in violation of this clause may contact us to request deletion or further clarification.
12. YOUR RIGHTS
12.1 Access and Control of Personal Data
You have the right, subject to applicable law, to request:
a) Access to the personal data we maintain about you;
b) Rectification or correction of inaccurate or incomplete information;
c) Deletion or anonymization of your personal data (“Right to Erasure”);
d) Restriction on further processing under certain circumstances; and
e) Portability of your data in a structured, commonly used, and machine-readable format, where technologically feasible.
12.2 Verification and Response
To protect the integrity of your data, we may require reasonable verification of your identity before processing any data-related request. All verified requests will be addressed within thirty (30) days, or as otherwise required under applicable law.
12.3 Retention for Legal and Legitimate Interests
We reserve the right to retain certain data to the extent necessary for:
a) Compliance with statutory or regulatory obligations;
b) Enforcement of our contractual rights;
c) Resolution of disputes or legal claims; or
d) Maintenance of accurate business and financial records.
12.4 How to Exercise Your Rights
To exercise any of the above rights, please contact us in writing,clearly identifying the nature of your request and sufficient details to enable us to locate your record(s).
13. INTERNATIONAL DATA TRANSFERS
13.1 Cross-Border Processing
We may store, process, or transfer your personal data on servers located outside your jurisdiction, including within the United States and other jurisdictions that may not offer the same level of data protection as your home country.
13.2 Legal Basis for Transfers
Where such transfers occur, we ensure that appropriate contractual, technical, and organizational safeguards are in place to protect your data. These may include Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs), or other legally recognized mechanisms providing an adequate level of protection consistent with this Policy.
13.3 Third-Party Processors
When we engage third-party service providers located outside your jurisdiction, we require them, by contract, to adhere to equivalent standards of data protection and confidentiality obligations.
13.4 User Acknowledgment
By using the Site and providing your personal information, you expressly consent to the transfer and processing of your information in jurisdictions outside your country of residence, subject to the safeguards outlined above.
14. CHANGES TO THIS POLICY
14.1 Right to Modify
We reserve the exclusive right to revise, amend, or otherwise modify this Privacy Policy at any time, in our sole discretion, to reflect changes in our data practices, legal obligations, or business operations.
14.2 Notice of Material Changes
Where material changes are made, we will provide notice through one or more of the following means:
a) Posting a prominent notice on the Site;
b) Updating the “Effective Date” at the top of this Policy; or
c) Sending direct notification (e.g., email) to registered users, where appropriate.
14.3 Effective Date of Changes
All modifications shall become effective immediately upon posting, unless a later date is specified. Continued use of the Site or our products following such publication shall constitute your binding acceptance of the updated terms.
15. ACKNOWLEDGEMENT AND CONSENT
15.1 Consent to Processing
By accessing or using the Site, purchasing any digital product, or submitting personal information to us, you hereby:
a) Represent that you have read and fully understood this Privacy Policy;
b) Acknowledge that you are at least thirteen (13) years of age; and
c) Provide your informed, voluntary, and explicit consent to the collection, use, retention, processing, and disclosure of your personal information as set forth herein.
15.2 Withdrawal of Consent
You may withdraw your consent at any time by contacting us,provided that such withdrawal shall not affect the lawfulness of processing based on consent prior to its withdrawal.