Privacy Policy

Last updated: March 2026

EZBunny ("we," "us," or "our") is a product of Easy Synergy Corp. This Privacy Policy describes how we collect, use, and share your personal information when you use ezbunny.com and app.ezbunny.com (the "Service").

1. Information We Collect

We collect the following categories of personal information:

• Email address — provided when you create an account (via magic link authentication) or join our waitlist.
• Name — provided during onboarding or waitlist signup.
• Payment information — processed by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers.
• Training progress and quiz results — recorded as you complete HIPAA training modules.
• Device and browser information — collected automatically from server logs (IP address, browser type, operating system, referral URLs).

We do not collect Protected Health Information (PHI). EZBunny is a training platform and does not store, process, or transmit any patient data.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the HIPAA training service, including tracking your training progress and issuing certificates.
• Process payments and manage your subscription.
• Send transactional emails, including magic link authentication, training reminders, and certificate notifications.
• Communicate with waitlist members about product availability.
• Improve our services, diagnose technical issues, and prevent abuse.

3. Third-Party Services

We share personal information with the following third-party service providers, strictly for the purposes described:

• Stripe (payment processing) — We share your email address and payment method details with Stripe to process subscription payments. Stripe's privacy policy: stripe.com/privacy.
• Resend (transactional email) — We share your email address with Resend to deliver magic links, reminders, and notifications. Resend's privacy policy: resend.com/legal/privacy-policy.
• HubSpot (CRM) — If you join our waitlist, we share your email address and name with HubSpot for customer relationship management. HubSpot's privacy policy: legal.hubspot.com/privacy-policy.
• Google Cloud / Firestore (database and hosting) — All account data is stored in Google Cloud Firestore. Google's privacy policy: policies.google.com/privacy.
• Cloudflare (CDN and DNS) — Cloudflare processes IP addresses and request logs for our marketing site. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
• Better-Auth (authentication) — Authentication sessions are managed using Better-Auth, which stores session tokens in secure, HTTP-only cookies.

We do not sell your personal information to any third party.

4. Cookies

We use authentication session cookies only. These are HTTP-only, secure cookies required to keep you signed in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

Because we only use strictly necessary cookies, no cookie consent banner is required under current regulations.

5. Data Retention

We retain your account data for as long as your account is active. Training records and certificates are retained to provide ongoing compliance documentation for your organization.

If you request deletion of your account, we will delete your personal information within 30 days, except where we are required by law to retain certain records.

6. California Privacy Rights (CCPA 2026)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended:

• Right to Know — You can request the categories and specific pieces of personal information we have collected about you.
• Right to Delete — You can request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Correct — You can request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing — We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.

We do not sell or share your personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at privacy@ezbunny.com. We will respond to your request within 45 days as required by law. We will not discriminate against you for exercising your privacy rights.

7. Data Security

We take reasonable measures to protect your personal information:

• All data is encrypted in transit using HTTPS/TLS.
• Data at rest is encrypted by Google Cloud.
• Authentication uses secure, HTTP-only session cookies with magic link verification.
• We do not collect or store Protected Health Information (PHI).

8. Children's Privacy

EZBunny is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at privacy@ezbunny.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you have an account) or by posting a notice on our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Easy Synergy Corp
Email: privacy@ezbunny.com