Effective Date: April 21, 2026 Last Updated: April 21, 2026
This Privacy Policy describes how the owner and operator of tonyhuge.is and its affiliated subdomains, applications, and services (collectively, the “Site”; and the owner and operator, the “Company,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information about users of the Site (“you” or “User”). This Privacy Policy is incorporated into and forms part of the Terms of Use posted at tonyhuge.is/terms. Capitalized terms not defined here have the meanings given in the Terms of Use.
By accessing or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Site.
1. Scope
This Privacy Policy applies to personal information collected through the Site, through email or text-message communications with us, through any online form you submit to us, through your purchase of any product or service offered on the Site, and through your participation in any sweepstakes, contest, community, coaching program, event, survey, or affiliate program we operate. It does not apply to information collected by third parties whose websites, products, or services may be linked from the Site or who may be mentioned on the Site; those third parties have their own privacy practices.
2. Personal Information We Collect
We collect the following categories of personal information, consistent with the definitions used in the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), the General Data Protection Regulation (“GDPR”), and analogous laws:
A. Identifiers and Contact Information. Name, email address, postal address, telephone number, mobile number, country, date of birth, and username or account handle.
B. Commercial Information. Products or services purchased, considered, added to cart, or returned; purchase history; payment-card information (processed by third-party payment processors and not stored by us in complete form); shipping and billing information; refund and chargeback records.
C. Account and Authentication Information. Username, hashed password, account-creation date, last-login timestamps, account preferences, and security-question answers.
D. Internet, Device, and Network Activity. Internet Protocol (“IP”) address, device type, device identifier, operating system, browser type and version, referring URL, pages viewed, click-stream data, search queries made on the Site, time spent on pages, scroll depth, interaction events, language preference, geolocation inferred from IP (country, region, city), and crash or error logs.
E. Cookies, Pixels, and Similar Technologies. First-party and third-party cookies, pixel tags, web beacons, local storage, session storage, software development kits, and similar tracking technologies. See Section 6.
F. Audio, Visual, and Electronic Information. Any photograph, video, audio recording, or other media you submit, including content submitted to the community, testimonials, questionnaires, or customer-service interactions.
G. Professional or Employment Information. Job title, employer, and industry (only if you choose to provide it, for example in a coaching application).
H. Health-Related Self-Reported Information (Sensitive). Information you voluntarily disclose about your physical condition, training history, medications, supplements, bloodwork markers, or treatment goals, submitted for example through coaching-application forms, community posts, questionnaires, or communications with us. We do not solicit protected health information as defined under the Health Insurance Portability and Accountability Act (“HIPAA”), we are not a “covered entity” or “business associate” under HIPAA, and information you voluntarily submit is not HIPAA-protected.
I. Inferences. Inferences drawn from the categories above to create a profile reflecting your preferences, interests, characteristics, behavior, attitudes, or aptitudes.
J. Payment Information. Handled by third-party payment processors (for example, Stripe, PayPal, Shopify Payments, or their successors). We do not store complete credit-card numbers. We receive only transaction confirmation, last-four digits, card brand, and authorization tokens.
K. Social-Media Information. Public profile information you make available when interacting with our social-media accounts, commenting on our posts, or authenticating through a social-media login.
We do not knowingly collect personal information from children under the age of thirteen (13). See Section 13.
3. Sources of Personal Information
We collect personal information from the following sources: (a) directly from you, when you submit a form, register an account, subscribe to the newsletter, make a purchase, post User Content, send us an email or message, apply for coaching, or otherwise interact with us; (b) automatically, when you access the Site, through cookies, pixels, logs, and similar technologies; (c) from service providers that support the Site (for example, hosting, email-service providers, payment processors, analytics providers, customer-support platforms, and affiliate-tracking platforms); (d) from advertising and marketing partners; (e) from social-media platforms when you interact with our accounts or content; (f) from publicly available sources; and (g) from other users who choose to refer you or tag you in User Content.
4. Purposes for Which We Use Personal Information
We use personal information for the following business and commercial purposes:
1. Provide, operate, and maintain the Site and its features, including serving Content, delivering the newsletter, maintaining user accounts, and personalizing the user experience. 2. Process transactions, fulfill orders, deliver digital or physical products, administer subscriptions and memberships, process refunds, and communicate transactional information. 3. Communicate with you, including responding to inquiries, providing customer support, sending administrative messages, and delivering transactional notifications. 4. Send marketing communications, including newsletters, product announcements, research updates, promotional offers, and invitations to participate in experiments, surveys, or community programs, subject to your preferences and applicable law. 5. Personalize content and advertising shown to you on the Site and on third-party platforms. 6. Measure and analyze Site performance, traffic, engagement, conversion, and user behavior, including through first-party and third-party analytics. 7. Improve the Site, Content, products, and services based on usage patterns and user feedback.
8. Conduct research, including aggregated and de-identified analysis of user outcomes and preferences. 9. Prevent fraud, abuse, and security incidents, protect our systems and users, investigate violations of the Terms of Use, and enforce our rights. 10. Comply with legal obligations, including tax, accounting, record-keeping, regulatory-reporting, and lawful requests from governmental authorities. 11. Establish, exercise, or defend legal claims and cooperate with investigations. 12. Facilitate corporate transactions, including financings, restructurings, mergers, acquisitions, asset sales, bankruptcies, and similar transactions. 13. Any other purpose disclosed at the time of collection or to which you consent.
5. Legal Bases for Processing (GDPR / UK GDPR)
If you are a resident of the European Economic Area, the United Kingdom, or another jurisdiction whose data-protection law requires identification of a legal basis for processing, we rely on the following legal bases: (a) contract โ processing necessary to perform a contract with you or to take pre-contractual steps at your request; (b) legitimate interests โ processing necessary for our legitimate interests in operating, improving, securing, and marketing the Site, provided those interests are not overridden by your rights; (c) consent โ for marketing communications, non-essential cookies, and certain processing of sensitive information, where consent is required; (d) legal obligation โ to comply with applicable law; and (e) vital interests or public interest in limited circumstances.
You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6. Cookies and Similar Tracking Technologies
We and our service providers use cookies, pixel tags, web beacons, local storage, and similar technologies (collectively, “Cookies”) to operate the Site, authenticate users, remember preferences, measure performance, and deliver advertising. Cookies fall into the following categories:
โข **Strictly Necessary Cookies** โ required for the Site to function, including authentication and security. These cannot be disabled without breaking Site functionality.
โข **Performance and Analytics Cookies** โ help us understand how users interact with the Site, including through Google Analytics, Meta Pixel, and similar services.
โข **Functionality Cookies** โ remember preferences such as language, region, and display settings.
โข **Advertising and Targeting Cookies** โ used to deliver relevant advertising on the Site and on third-party platforms (including Meta, Google, TikTok, YouTube, and advertising-network partners), and to measure the effectiveness of advertising campaigns.
โข **Affiliate-Tracking Cookies** โ record referral sources and attribute conversions to affiliate partners.
You can manage Cookies through your browser settings, through the Cookie Banner or Preference Center (if one is displayed on the Site), or through industry opt-out tools such as the Digital Advertising Alliance WebChoices tool (optout.aboutads.info), the Network Advertising Initiative opt-out (optout.networkadvertising.org), and the European Interactive Digital Advertising Alliance (youronlinechoices.eu). Blocking Cookies may impair functionality.
Global Privacy Control. We honor Global Privacy Control (“GPC”) signals sent by your browser as an opt-out-of-sale/sharing request where required by law. We do not currently respond to Do Not Track (“DNT”) signals, which are not standardized.
7. Disclosures of Personal Information
We disclose personal information to the following categories of recipients:
โข **Service Providers and Processors** that support the operation of the Site, including hosting providers, content-delivery networks, email-service providers, SMS gateways, payment processors, customer-support platforms, analytics providers, advertising partners, affiliate-tracking platforms, fraud-prevention services, and legal, tax, and accounting professionals, each subject to confidentiality obligations and, where required, data-processing agreements.
โข **Advertising Partners,** including Meta, Google, TikTok, YouTube, X (Twitter), and advertising-network providers, for purposes of targeted advertising, conversion measurement, and custom-audience matching. Such disclosures may constitute a “sale” or “sharing” of personal information under the CCPA/CPRA and analogous laws.
โข **Affiliate and Marketing Partners,** for purposes of co-marketing, co-branded offerings, and affiliate-commission reconciliation.
โข **Professional Advisors,** including lawyers, auditors, and insurers.
โข **Corporate Transactions.** In connection with any merger, acquisition, financing, restructuring, sale of assets, bankruptcy, or similar transaction, personal information may be transferred or disclosed to counterparties, advisors, and successors.
โข **Government Authorities and Law-Enforcement,** in response to a lawful request or subpoena, or where we reasonably believe disclosure is necessary to comply with law, protect our rights, protect the safety of users or the public, investigate fraud, or respond to an emergency.
โข **With Your Consent,** to any other party you authorize.
We do not sell personal information for monetary consideration. Certain disclosures to advertising partners may constitute “sale” or “sharing” of personal information as those terms are defined under the CCPA/CPRA and similar state laws; see Section 9.
8. Retention of Personal Information
We retain personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with legal, accounting, tax, and regulatory obligations, to resolve disputes, to enforce agreements, and to satisfy legitimate business needs. Retention periods vary by data type and purpose. Where no specific period is required, we apply reasonable retention schedules based on the nature and sensitivity of the information.
9. Your California Privacy Rights (CCPA / CPRA)
If you are a California resident, you have the following rights under the CCPA/CPRA, subject to verification and exceptions:
1. Right to Know โ to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes of collection, and the categories of third parties to whom we have disclosed personal information. 2. Right to Delete โ to request deletion of personal information we have collected from you, subject to statutory exceptions. 3. Right to Correct โ to request correction of inaccurate personal information.
4. Right to Opt-Out of Sale or Sharing โ to direct us not to sell or share personal information. You may exercise this right by submitting a request through the mechanisms described below or by enabling Global Privacy Control in a supported browser. A “Do Not Sell or Share My Personal Information” link is available in the footer of the Site. 5. Right to Limit Use and Disclosure of Sensitive Personal Information โ to request that we use or disclose sensitive personal information only for purposes permitted by the CCPA/CPRA. 6. Right to Non-Discrimination โ we will not discriminate against you for exercising any of these rights. 7. Right to Designate an Authorized Agent โ to authorize another person to submit a request on your behalf, subject to verification.
To exercise any of these rights, contact us using the information in Section 16 or submit a request through the privacy-request form available on the Site. We will verify your request by asking you to confirm information we already hold about you. Authorized-agent requests must include written authorization signed by the consumer.
California Shine the Light Law. California Civil Code ยง 1798.83 permits California residents to request information about our disclosures of personal information to third parties for their direct-marketing purposes. To make such a request, contact us as provided in Section 16.
Categories of personal information collected, disclosed, sold, or shared in the preceding 12 months: Identifiers; commercial information; internet/device/network activity; geolocation (inferred); audio, visual, and electronic information; professional or employment information; inferences; and, where voluntarily submitted, sensitive personal information (account log-in credentials and self-reported health information). Purposes: as described in Section 4. Categories of recipients: as described in Section 7. We may share the foregoing categories with advertising partners, which may qualify as “sharing” under the CCPA/CPRA.
10. Your Privacy Rights in Other U.S. States
Residents of Colorado, Connecticut, Utah, Virginia, Texas, Oregon, Montana, Delaware, Iowa, New Jersey, Tennessee, New Hampshire, Minnesota, and other states that have enacted comprehensive consumer-privacy laws have rights similar to those described in Section 9, including the right to access, correct, delete, port, and opt-out of targeted advertising, sale, or certain profiling. Nevada residents may opt out of the sale of certain covered information under NRS 603A.340. To exercise any of these rights, contact us as provided in Section 16. We will respond within the period required by the applicable law.
11. Your Rights Under the GDPR and UK GDPR
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights, subject to the conditions and exceptions set forth in applicable law:
1. Right of Access โ to obtain confirmation of whether we process your personal data and a copy of that data. 2. Right to Rectification โ to request correction of inaccurate or incomplete data. 3. Right to Erasure (“right to be forgotten”) โ to request deletion of your personal data in certain circumstances. 4. Right to Restriction of Processing โ to request that we limit processing in certain circumstances.
5. Right to Data Portability โ to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. 6. Right to Object โ to object to processing based on legitimate interests or for direct-marketing purposes. 7. Right Not to Be Subject to Solely Automated Decision-Making, including profiling, that produces legal or similarly significant effects. 8. Right to Withdraw Consent โ to withdraw consent at any time, without affecting the lawfulness of prior processing. 9. Right to Lodge a Complaint with your national supervisory authority.
12. International Data Transfers
The Site is operated from the United States and Thailand, and we use service providers located in multiple jurisdictions, including the United States. If you are located outside the country where our servers or service providers are located, your personal information will be transferred to, processed in, and stored in jurisdictions that may have data-protection laws different from those of your country. Where required by law, we rely on appropriate safeguards for such transfers, including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement, adequacy decisions, and derogations permitted by applicable law. By using the Site, you consent to the transfer of your personal information as described herein.
13. Children’s Privacy
The Site is not intended for children under the age of thirteen (13), and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information. Parents or guardians who believe their child has submitted personal information to us should contact us as provided in Section 16. Separately, certain Content on the Site is intended only for adults (eighteen (18) or, where applicable, twenty-one (21) years of age or older), and minors must not access such Content.
14. Security
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, disclosure, loss, and destruction, including encryption in transit, access controls, and monitoring. No method of transmission over the internet and no method of electronic storage is one hundred percent secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and for promptly notifying us of any suspected unauthorized access.
15. Changes to This Privacy Policy
We may modify this Privacy Policy from time to time. The most current version will be posted on the Site with a revised “Last Updated” date. Material changes will be indicated by conspicuous notice on the Site or by email to registered users. Your continued use of the Site after any modification constitutes acceptance of the revised Privacy Policy.
16. Contact Us
To submit a privacy request, exercise your rights, or ask questions about this Privacy Policy, contact us at:
[INSERT LEGAL ENTITY NAME] Attn: Privacy Officer [INSERT MAILING ADDRESS, CITY, STATE, ZIP] Email: [email protected]
For GDPR/UK GDPR purposes, the data controller is [INSERT LEGAL ENTITY NAME], reachable at the address above. If required, we will designate a representative in the EU or UK under Article 27 GDPR / Article 27 UK GDPR and publish that representative’s contact details here.
17. Notice to Nevada Residents
Nevada residents have the right under NRS 603A.340 to opt out of the sale of certain “covered information” about them. To submit such a request, contact us at [email protected] with the subject line “Nevada Opt-Out Request.”
18. Notice Regarding Sensitive Health-Related Information
If you voluntarily submit information about your physical or mental condition, medications, supplements, bloodwork, training, or any other health-related matter, you acknowledge that such information is not governed by HIPAA as between you and us, and that we are not acting as a health-care provider. Information you submit may be processed, stored, and used in accordance with this Privacy Policy and the Terms of Use. Do not submit sensitive health information if you do not consent to such handling.
19. Acknowledgment
BY USING THE SITE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY, AND YOU AGREE TO THE COLLECTION, USE, DISCLOSURE, AND RETENTION OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.