top of page

Terms of Use

Image by Gavin Van Wagoner

Terms & Conditions

Agreement

Privacy Policy for Hidden Canyon Kayak

Executive summary

This updated Privacy Policy is written for a U.S. small business that takes reservations, communicates by phone/email/text, and records calls. It includes the disclosures that commonly appear on U.S. websites for: customer communications (email/SMS), call recording, cookies and “Do Not Track,” third‑party sharing, security practices, payment processing, retention, breach notifications, and consumer privacy rights (including California-style rights). The legal framing for the most important sections is grounded in U.S. federal communications rules and consumer protection guidance, California online privacy requirements, and Arizona’s breach and call‑recording statutes. 

Compliance foundations behind key disclosures

U.S. business texting and customer contact practices are shaped by the Federal Communications Commission’s implementation of the TCPA, including rules that treat texts as “calls” for TCPA purposes and require that consumers can revoke consent using any reasonable method.  Messaging best practices published by CTIA reinforce the expectation of clear opt‑in/opt‑out flows (e.g., STOP/HELP, rates, frequency, and links to terms and privacy policy). 

For email marketing, the Federal Trade Commission’s CAN‑SPAM guidance emphasizes that opt‑out requests must be honored within 10 business days, and opt‑out mechanisms must remain available for a period after sending. 

For California website privacy disclosures, CalOPPA requires, among other items, disclosure of how a site responds to browser “Do Not Track” (if the operator engages in certain tracking) and whether other parties may collect personally identifiable information about online activities over time and across third‑party sites.  For consumer rights framing, the California Department of Justice summarizes rights under the CCPA/CPRA such as opting out of “selling” or “sharing” personal information (with “sharing” tied to cross‑context behavioral advertising). 

Because Hidden Canyon Kayak is located in Arizona, two state laws commonly referenced in privacy policies are: Arizona’s breach notification requirements (including a 45‑day notification timeline after determination and added regulator/CRA notices above certain thresholds) and Arizona’s interception statute underpinning one‑party-consent recording practices.  For children’s privacy, COPPA applies to certain child‑directed services and to operators with actual knowledge of collecting personal information from children under 13. 

Publish-ready Privacy Policy

Last Updated: 01/01/2026

This Privacy Policy describes how Hidden Canyon Kayak (“we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our website, contact us, make a reservation or purchase, or otherwise interact with our services (collectively, the “Services”).

Business Contact Information
Hidden Canyon Kayak
910 Coppermine Rd.
Page, AZ 86040
Phone: +1 (928) 660-1836
Email:

By using our Services, you agree to the practices described in this Privacy Policy.

Information we collect

We collect information in three main ways: (1) information you provide to us, (2) information collected automatically on our website, and (3) information from service providers (such as payment confirmation).

Information you provide. Depending on how you use our Services, we may collect:

  • Name

  • Email address

  • Phone number

  • Mailing and billing address

  • Reservation or purchase details

  • Any messages or information you submit through forms, email, text message, chat, or phone

Payment information. Payments are processed by third-party payment processors. We do not store full credit card numbers on our website servers after payment is processed. We may receive limited information related to payment status (e.g., confirmation that payment was completed) and basic billing details.

Website and device information (automatic collection). When you visit our website, we (and service providers working on our behalf) may automatically collect:

  • IP address

  • Browser and device type

  • Operating system

  • Pages viewed and links clicked

  • Approximate location derived from IP address

  • Referring/exit pages and related usage data

How we use personal information

We may use personal information to:

  • Provide and administer reservations, rentals, deliveries, and customer service

  • Send confirmations, reminders, receipts, and service updates

  • Communicate with you about your request, order, or reservation

  • Improve our website, offerings, and customer experience

  • Prevent fraud, secure our systems, and protect the safety of customers and our business

  • Send marketing communications (email and/or text messages) where permitted by law and consistent with your preferences and consent choices

  • Comply with legal obligations and enforce our policies

Call recording notice

For quality assurance, training, and security purposes, phone calls to and from our business may be monitored and/or recorded.

If you do not want a call recorded, please tell our team member at the beginning of the call and we will offer an alternative communication method when reasonably available (for example, email or text message).

Text messaging and SMS privacy

If you provide your mobile number and opt in to receive text messages from us, we may send messages such as:

  • Reservation confirmations and reminders

  • Delivery coordination messages and service updates

  • Customer support messages

  • Promotional messages (only if you specifically opt in to receive promotional/marketing texts)

Message frequency may vary. Message and data rates may apply.

Opt-out: You can stop receiving text messages at any time by replying STOP.
Help: For help, reply HELP or call us at +1 (928) 660-1836.

We may send a one-time confirmation of your opt-out.

No sharing of mobile opt-in: No mobile opt-in or text message consent will be shared with third parties or affiliates for their own marketing or promotional purposes. We may share your phone number with service providers only as necessary to deliver messages you have requested or consented to.

Cookies and similar technologies

Our website may use cookies and similar technologies to:

  • Operate and secure the website

  • Remember preferences

  • Understand website usage and performance

  • Improve functionality and customer experience

You can control cookies through your browser settings. Disabling cookies may limit certain features.

“Do Not Track” signals and third-party online tracking

Some browsers provide a “Do Not Track” (“DNT”) signal. Because there is no uniform industry standard for how DNT signals are interpreted, our website may not respond to DNT signals in the same way across all browsers.

In addition, some third parties (such as analytics or advertising partners) may use cookies or similar technologies to collect information about your online activities over time and across different websites when you use our website. We do not control these third-party practices.

How we share personal information

We do not sell personal information in exchange for money.

We may share personal information in the following situations:

Service providers. We may share personal information with companies that help us operate our business (for example, hosting, reservations, payment processing, analytics, security, and communications). These providers are permitted to use personal information only to perform services for us.

Legal and safety. We may disclose information if we believe it is necessary to comply with law, respond to lawful requests, protect rights and safety, investigate fraud, or enforce our terms and policies.

Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction.

Data security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information, such as encryption in transit (SSL/TLS) where appropriate, access controls, and security monitoring.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Data retention

We retain personal information for as long as reasonably necessary to provide the Services and for legitimate business purposes, such as:

  • Maintaining business records

  • Complying with legal and tax obligations

  • Resolving disputes and enforcing agreements

  • Maintaining suppression lists (such as email/SMS opt-out records)

Retention placeholders (to be finalized by Hidden Canyon Kayak):

  • Reservations/rental transaction records: [RETENTION_RESERVATIONS_YEARS]

  • Customer support communications: [RETENTION_SUPPORT_YEARS]

  • Call recordings: [RETENTION_CALL_RECORDINGS_DAYS]

  • SMS consent and opt-out logs: [RETENTION_SMS_LOGS_YEARS]

  • Website security logs: [RETENTION_SECURITY_LOGS_MONTHS]

When information is no longer needed, we take reasonable steps to delete or de-identify it.

Data breach notification

If we become aware of a security incident involving personal information, we will investigate and, when required by applicable law, notify affected individuals and relevant authorities. Notification timing and method depend on the circumstances and legal requirements.

Your privacy rights

Depending on where you live, you may have certain rights regarding your personal information. These rights may include the ability to request:

  • Access to the personal information we have about you

  • Deletion of certain personal information (subject to exceptions)

  • Correction of inaccurate personal information

  • Information about our sharing practices

California residents: If you are a California resident, you may have privacy rights under applicable California law, including rights often described as the right to know, delete, correct, and to opt out of certain “selling” or “sharing” of personal information, where applicable.

How to submit a request:
Email:
Mail: Hidden Canyon Kayak, 910 Coppermine Rd., Page, AZ 86040
Phone: +1 (928) 660-1836
Online request form (if available): [PRIVACY_REQUEST_FORM_LINK]

We may need to verify your identity before completing your request. We will not discriminate against you for exercising your privacy rights.

Children’s privacy (COPPA)

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will take reasonable steps to delete it.

Email communications and CAN-SPAM

If you provide your email address, we may send:

  • Transactional emails (e.g., confirmations and service updates)

  • Promotional emails (when permitted and consistent with your preferences)

You can opt out of promotional emails at any time by using the unsubscribe link in the email or contacting us. Opting out of promotional emails will not affect non-promotional, service-related emails (such as reservation confirmations).

Third-party links

Our website may include links to third-party websites. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date above indicates when the policy was last revised. Changes become effective when posted, unless otherwise stated.

Legal crosswalk for key clauses

This section documents the primary legal/authoritative bases for the main disclosures included above, so you can substantiate why each clause exists without naming any specific communications vendor.

SMS consent, opt-out, and revocation. TCPA restrictions and FCC implementing rules underpin the need for consent and practical opt-out mechanisms; FCC rules also recognize that consumers may revoke consent using any reasonable method. 

Messaging disclosures (STOP/HELP, rates, frequency) as best practice. CTIA messaging best practices describe consumer consent expectations and emphasize mechanisms to stop unwanted messages. 

Email unsubscribe timing. FTC CAN‑SPAM guidance states opt‑out requests must be honored within 10 business days. 

Cookies/Do Not Track and third-party tracking disclosure. CalOPPA requires disclosure about how DNT signals are handled (where applicable) and disclosures about tracking across sites over time by other parties. 

California consumer rights framing. California AG guidance summarizes rights to opt out of the sale or sharing of personal information and clarifies that “sharing” relates to cross‑context behavioral advertising. 

Arizona breach notification timing and additional regulator/CRA notice thresholds. Arizona statutes and Arizona AG guidance describe notification obligations, including a 45‑day timeline after determination and additional notices when more than 1,000 individuals are affected. 

Call recording legality framing in Arizona. Arizona’s interception statute requires consent of at least one party for interception in relevant contexts; providing a clear notice also reduces multi-jurisdiction risk for out-of-state callers. 

Children’s privacy. FTC COPPA rule materials describe when COPPA applies and the “under 13” framework. 

bottom of page