Privacy Policy for The Vacuum Headquarters
Privacy Policy
Last updated: June 10, 2026
This Privacy Policy explains how The Vacuum Headquarters ("theVacHQ", "we", "us", "our") collects, uses, and shares information when you visit https://www.thevachq.com (the "Site"). It applies to all visitors worldwide and includes specific information for visitors in the European Economic Area (EEA) and the United Kingdom, as well as residents of certain US states.
We are the data controller for personal data processed through this Site.
Contact: [your contact email] or through our contact page.
1. Information We Collect
Information you provide directly:
- Email address, if you sign up for our deals newsletter.
- Name, email address, and message contents, if you contact us through our contact form or by email.
Information collected automatically when you visit:
- Usage data, such as pages viewed, links clicked (including clicks on affiliate links), referring pages, and time spent on the Site.
- Device and technical data, such as browser type, operating system, screen size, language, and general location derived from your IP address.
- Cookies and similar technologies, described in Section 3.
We do not collect special categories of personal data and we do not knowingly collect data from children (see Section 10).
2. How We Use Information and Our Legal Bases
For visitors in the EEA and UK, we rely on the following legal bases under the GDPR and UK GDPR:
| Purpose | Data involved | Legal basis |
|---|---|---|
| Operating, securing, and debugging the Site | Server logs, IP address, technical data | Legitimate interests (running a safe, functional website) |
| Measuring how the Site is used (Google Analytics) | Cookies, usage data, device data | Consent |
| Displaying advertising, including personalized advertising (Google AdSense) | Advertising cookies and identifiers, usage data | Consent, collected through our consent banner; you may choose non-personalized options |
| Testing improvements to the Site (A/B testing) | A first-party cookie (vachq_ab) and anonymous interaction events |
Legitimate interests (improving the Site); consent where required |
| Sending our email newsletter | Email address | Consent; you can unsubscribe at any time |
| Responding to your inquiries | Contact details and message contents | Legitimate interests, or steps taken at your request |
| Complying with legal obligations | Records as required | Legal obligation |
You can withdraw consent at any time (see Sections 3 and 8). Withdrawing consent does not affect processing that happened before withdrawal.
3. Cookies and Similar Technologies
When you first visit from the EEA or UK, a consent banner asks for your choices before non-essential cookies are set. You can change or withdraw your choices at any time through the banner options or your browser settings.
Cookies we use include:
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
vachq_ab |
theVacHQ | Assigns an anonymous variant so we can test improvements to the Site | 30 days |
_ga, _ga_* |
Google Analytics | Distinguishes visitors so we can measure how the Site is used | Up to 2 years |
__gads, __gpi, IDE, and similar |
Google (advertising) | Ad delivery, frequency capping, fraud prevention, measurement, and, with your consent, ad personalization | Up to 2 years |
Third-party cookie names and durations are controlled by the third parties and may change. For details on Google's cookies, see How Google uses cookies.
Most browsers let you block or delete cookies through their settings. Blocking some cookies may affect how the Site works.
4. Advertising (Google AdSense)
We use Google AdSense to display advertisements. Google and its partners use cookies and similar technologies to serve ads, measure their performance, prevent fraud, and, where you have consented, personalize ads based on your visits to this and other websites.
- Learn how Google uses data from sites that use its services: How Google uses information from sites or apps that use our services.
- Manage ad personalization in your Google account: Google Ads Settings.
- Opt out of interest-based advertising from many providers: aboutads.info/choices (US) or youronlinechoices.eu (EU).
Visitors in the EEA and UK are shown ads only in accordance with the choices made in our consent banner.
5. Affiliate Links
theVacHQ is reader-supported. As an Amazon Associate, we earn from qualifying purchases. We also participate in affiliate programs operated by Share-a-Sale, Commission Junction, and Impact Radius.
When you click an affiliate link, you leave our Site and the merchant (for example, Amazon) may set cookies on your browser to attribute your visit and any purchase to us. We receive aggregate commission reports from these programs; we do not receive your name, payment details, or full order information. The merchant's own privacy policy governs the data it collects. We record the click itself (which product link was clicked) as part of our usage analytics.
Affiliate links never change the price you pay.
6. Analytics
We use Google Analytics 4 to understand how visitors use the Site. Google Analytics 4 does not log or store individual IP addresses, and for EEA visitors, IP data is dropped before logging. You can also opt out of Google Analytics across all websites with the Google Analytics opt-out browser add-on.
7. Who We Share Information With
We do not sell personal information for money. We share information only with:
- Service providers (processors) that help us run the Site: Google (analytics, advertising, tag management), Vercel (hosting), Supabase (database, which stores newsletter signups and anonymous testing events), and Cloudinary (image delivery). Each processes data on our behalf under contractual safeguards.
- Advertising partners, as described in Section 4, in accordance with your consent choices. Under some US state laws, personalized advertising may be considered "sharing" or a "sale" of personal information; Section 9 explains how to opt out.
- Authorities or other parties where required by law, or to protect our rights, safety, or property.
8. International Transfers
We are based in the United States, and the service providers above process data on US servers. Where we transfer personal data from the EEA or UK, we rely on safeguards such as the EU-US Data Privacy Framework (and its UK extension) for certified providers, or Standard Contractual Clauses approved by the European Commission.
9. Your Rights
If you are in the EEA or UK, you have the right to:
- Access the personal data we hold about you and receive a copy.
- Correct inaccurate data and complete incomplete data.
- Have your data erased.
- Restrict or object to our processing, including any processing based on legitimate interests.
- Receive your data in a portable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local supervisory authority. A list of EEA authorities is available from the European Data Protection Board. In the UK, the authority is the Information Commissioner's Office.
To exercise any of these rights, contact us at [your contact email]. We will respond within one month. We may ask you to verify your identity before acting on a request.
If you are a resident of California or certain other US states, you may have the right to know what personal information we collect, to access or delete it, to correct it, and to opt out of the sale or sharing of personal information for targeted advertising. You can opt out through the privacy choices presented on this Site or by contacting us at [your contact email]. We will not discriminate against you for exercising these rights.
10. Children
The Site is not directed at children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it.
11. Data Retention
- Newsletter email addresses: until you unsubscribe or ask us to delete them.
- Analytics data: up to 14 months.
- Anonymous A/B testing events: up to 12 months.
- Contact correspondence: as long as needed to resolve your inquiry, normally no more than 24 months.
- Server and security logs: approximately 30 days.
12. Security
We use HTTPS encryption across the Site, restrict access to systems that hold personal data, and rely on established providers with strong security practices. No method of transmission or storage is completely secure, but we work to protect your information appropriately.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be posted on this page.