Data Protection
Personal Data Protection and Retention Program
This public summary describes how Wise Venture LLC limits, classifies, accesses, retains, deletes, corrects, and exports personal data for company-operated systems.
- Effective
- July 14, 2026
- Last Reviewed
- July 14, 2026
- Contact
- contact@wiseventureco.com
Program Summary
Wise Venture applies data minimization and retention limits to the public website, company contact channels, administrator systems, and private internal integrations. The company collects only information that is reasonably needed for a defined business, operational, security, compliance, or legal purpose.
Data Minimization and Classification
- Public: approved website content and public company information.
- Internal: ordinary business records, policy documents, operational notes, and non-sensitive application metadata.
- Restricted: credentials, secrets, tokens, TikTok authorization data, administrator account data, security records, and personal data not approved for public disclosure.
- Confidential legal or incident materials: attorney-directed records, breach analysis, and sensitive incident-response evidence.
Access and Authorization
Access to restricted data is limited to authorized administrators with a documented business need. Wise Venture currently identifies Michelle Weisner and Dusty Weisner as authorized administrators for the private Earth Angel Merch TikTok Shop integration. Additional access must be approved, documented, and reviewed.
- MFA must be enabled on GitHub, Vercel, Clerk, Sanity, Neon, Inngest, email, marketplace, and other company administration accounts where those services are used.
- Each administrator must use a unique account. Shared credentials are not permitted. Credentials must be stored in a password manager.
- Company endpoints must run macOS XProtect/Gatekeeper and automatic security updates.
- Company endpoints must have FileVault enabled, macOS firewall enabled, immediate password after lock, and inactivity lock of 15 minutes or less.
- Administrator access must follow least privilege and be reviewed at least annually.
Retention Schedules
- Contact and privacy requests: retained while active and then for a reasonable business/legal record period.
- Security, incident, access, and vendor evidence: retained for compliance, security, and legal defense needs.
- TikTok authorization credentials: deleted immediately on disconnect.
- Remaining TikTok-derived records: deleted or anonymized within 30 days after disconnect unless legally required.
- Backups: retained according to the configured provider backup lifecycle and deleted through normal rotation where immediate deletion is not technically feasible.
Deletion, Correction, Export, and Restriction
Verified persons, sellers, and platforms may request access, correction, export, restriction, or deletion. Wise Venture will verify requests, determine whether it controls the relevant data, preserve records it is legally required to retain, and complete approved requests within a reasonable period.
Use the Privacy Request page or email contact@wiseventureco.com.
Authorization Revocation and Annual Review
- Marketplace authorizations must be revoked when they are no longer needed.
- Tokens and credentials must be removed from storage immediately after disconnect.
- The Privacy and Security Officer reviews this program at least annually and after material changes to processing, vendors, or security controls.
- The dedicated privacy alias remains a configuration task until confirmed: privacy@wiseventureco.com.
These pages describe Wise Venture LLC practices and program requirements. They are not legal advice and do not create claims of certification, independent audit, or regulatory status that Wise Venture has not separately obtained.