Possibility Labs Privacy Policy

Effective Date: November 19, 2025
Last Updated: November 19, 2025

Possibility Labs (“PL,” “we,” “our,” or “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and protect your information when you visit our website, interact with our services, or communicate with us online.

We view privacy as part of our broader commitment to equity, care, and accountability — ensuring that data practices align with our mission and values.

1. Information We Collect

We collect information to maintain a secure, functional, and user-friendly website and to respond to inquiries.

a. Information You Provide Directly

This includes information you share when you:

  • Contact us
  • Join our email list
  • Submit a form
  • Leave a comment (if commenting is enabled)

This may include your name, email address, and any other details you choose to provide.

b. Information Collected Automatically

When you visit our website, certain information is automatically collected to support site performance and security. This may include:

  • IP address and approximate geographic location
  • Browser type, operating system, and device information
  • Pages viewed and referring URLs
  • Date and time of access
  • Log data used for security and performance monitoring

This information helps us maintain site security, improve performance, and understand how visitors use our site.

2. Comments and User-Generated Content

If you leave a comment on our site, we collect:

  • The information shown in the comment form
  • Your IP address
  • Your browser’s user agent string (for spam detection)

An anonymized hash of your email address may be provided to Gravatar, a service used to display profile images associated with comments. Gravatar’s Privacy Policy: https://automattic.com/privacy/

After your comment is approved, your profile image (if any) becomes publicly visible alongside your comment.

3. Media Uploads

If you upload images to the website, please avoid uploading photos containing embedded location data (EXIF GPS). Other visitors may be able to download and extract this information.

4. Data Hosting and Processing

Our website is hosted by WP Engine, a U.S.-based hosting provider that employs strict security measures and privacy practices. We also use Cloudflare for content delivery and protection from malicious traffic.

Both companies comply with applicable privacy regulations, including General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), and only process information as necessary to provide their services to us.

5. Cookies and Tracking Technologies

a. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help us improve website functionality, understand how people use our site, and maintain performance and security. Cookies may be set by:

  • Possibility Labs
  • WP Engine (hosting, caching, site performance)
  • Cloudflare (security, DDoS protection, optimization)
  • WordPress (for standard website and account functionality)

b. How We Use Cookies

Our website uses cookies for the following purposes:

  • Essential Cookies – required for the website to function properly (e.g., load balancing, security, login sessions).
  • Performance and Analytics Cookies – to help us understand visitor behavior and improve site experience.
  • Security and Optimization Cookies – through Cloudflare and WP Engine, to protect against threats and improve site speed.

We do not use cookies for advertising or tracking you across other websites.

c. WP Engine Cookies

WordPress uses cookies to support common site functions:

  • Commenter cookies: Save your name/email for future comments (1 year)
  • Login cookies:
    • Test cookie to check browser compatibility
    • Login cookie (2 days) or persistent login with “Remember Me” (2 weeks)
    • Screen preferences cookie (1 year)
  • Editor cookies: Created when editing/publishing content; contains no personal data (1 day)
  • Learn more about WP Engine Cookies and updates to WP Engine privacy policy here.

d. Performance and Security Cookies (WP Engine + Cloudflare)

WP Engine and Cloudflare use cookies to:

  • Enhance site speed
  • Safeguard against malicious traffic
  • Balance server load
  • Maintain uptime and stability

These may process technical data such as IP addresses. Learn more about Cloudflare cookies and updates to Cloudflare privacy policy here.

These providers may collect limited technical data (such as IP addresses) as part of their legitimate operations to ensure site security and stability.

e. Managing Cookies

You can manage or delete cookies via your browser settings. Disabling certain cookies may affect site functionality.

A brief cookie notice also appears in our website footer.

6. Embedded Content From Other Websites

Articles and pages on our site may include embedded content (e.g., videos, images, articles). Embedded content behaves exactly as if you visited the external website directly.

Those websites may:

  • Collect data about you
  • Use cookies
  • Embed third-party tracking
  • Monitor your interaction with their content

PL is not responsible for the privacy practices of these third parties. We encourage you to review their policies.

7. How We Use Your Information

We use collected information to:

  • Respond to inquiries and support communication
  • Improve site performance, functionality, and security
  • Prevent spam and protect against malicious activity
  • Support user account functionality (if applicable)
  • Send updates when you have opted in
  • Comply with legal obligations

We do not sell, rent, or trade your personal data.

8. Data Sharing and Disclosure

We may share limited information with trusted third-party service providers who support our website’s functionality, security, and performance. These partners must handle your data securely and solely for purposes that serve PL.

We may share data with:

  • Gravatar (Automattic): To display profile images associated with comments
  • Spam detection services: For automated moderation
  • WP Engine: For secure hosting, caching, and performance optimization
  • Cloudflare: For security, DDoS protection, and content delivery
  • Analytics tools: To understand aggregated site usage and improve user experience
  • Trusted vendors who assist with website hosting, analytics, or communications

We also may disclose data if required to comply with legal obligations or protect the rights, security, or safety of PL, our users, or the public.

PL does not sell personal information to third parties. If this ever changes, we will update this policy and provide an opt-out mechanism. All partners are contractually obligated to handle your information securely and only for the purposes outlined in this policy.

9. Data Security

We use administrative, technical, and physical safeguards to protect the information we collect. These include:

  • Encrypted data transmission (HTTPS)
  • Server security and monitoring through WP Engine
  • Firewall, caching, and DDoS protection through Cloudflare
  • Controlled access to personal data, limited to authorized staff and vetted vendors
  • Regular system monitoring and threat detection

While we follow industry-standard security practices, no system is entirely immune to risks. We encourage users to practice caution when sharing sensitive information online.

10. How Long We Retain Your Data

  • Comments: Retained indefinitely so follow-up comments can be recognized automatically.
  • User Accounts: If applicable, user profile data is stored until modified or deleted by the user or an administrator.
  • Website logs: Retained as needed for security and operational purposes.
  • Email inquiries: Retained as needed for communication, recordkeeping, or legal obligations.

11. Your Rights and Choices

Depending on your jurisdiction (including CCPA/California Privacy Rights Act (CPRA)), you may have the right to:

  • Request a copy of the personal data we hold about you
  • Request correction or deletion of personal data
  • Withdraw consent where applicable
  • Opt out of communications
  • Request export of your personal data (if you have an account or have left comments)

To exercise these rights, please contact us at pr*****@*************bs.org. We will respond in accordance with applicable laws, including the CCPA and other data protection frameworks.

12. Where Your Data Is Sent

Data may be processed through:

  • WP Engine servers
  • Cloudflare’s global network
  • Automated spam detection services

When you request an export or deletion of your data, we will fulfill it in accordance with applicable privacy laws.

13. Mobile Data Privacy

We respect your privacy and communication preferences. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging opt-in data and consent are kept confidential and will not be shared with any third parties.

14. Children’s Privacy

Our website is not directed to children under 13, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child, we will delete it promptly.

15. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Updates will be posted on this page with a revised “Effective Date.”

16. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Mailing Address: 2041 East St PMB 1468, Concord, California, 94520
Email: pr*****@*************bs.org