Privacy Policy

Who We Are. This Privacy Policy explains how [Legal name of the business (the controller) that this privacy policy describes.] collects, uses, and shares your “Personal Data” — information that is linked or reasonably linkable to an identified or identifiable individual. If you have questions about this policy or your privacy rights, contact us at [An email address consumers can use to reach the business about this policy or their privacy rights.] or [A postal address consumers can use to reach the business about this policy or their privacy rights.].

Effective Date. This Privacy Policy is effective as of [The date this privacy policy takes effect.].

Information We Collect. We collect the following categories of “Personal Data”: [The categories of personal data the business processes, as a comma-separated phrase (e.g. "identifiers, contact details, device and usage data, purchase history").]. We collect this information from the following sources: [The sources from which the business collects personal data, as a comma-separated phrase (e.g. "directly from you, automatically from your device, from our service providers").].

Sensitive Information. Some of what we collect is “Sensitive Data” — the more protected categories of personal data that we process only with your opt-in consent. We identify those categories here separately: .

Why We Collect It. We process “Personal Data” for the following purposes: [The purposes for which the business processes personal data, as a comma-separated phrase (e.g. "providing and improving our services, processing transactions, security and fraud prevention, communicating with you").].

How We Share It. We may share “Personal Data” with the following categories of third parties: [The categories of third parties with whom the business shares personal data, described in enough detail for a consumer to understand what type of entity each is, as a comma-separated phrase (e.g. "payment processors, cloud-hosting providers, analytics vendors").]. We describe each recipient category in enough detail for you to understand what type of entity it is and why it receives your information.

Your Privacy Rights. If you are a “Consumer” — an individual who is a resident of a state acting in an individual or household context — in a state with a comprehensive privacy law, you have the right to: confirm whether we process your “Personal Data” and access it; correct inaccuracies; delete it; obtain a portable copy; and opt out of “Targeted Advertising”, the “Sale” of your “Personal Data”, and “Profiling” in furtherance of decisions that produce legal or similarly significant effects. You may also opt out of our collection of “Sensitive Data” and of the use of voice- or facial-recognition features.

How to Exercise Your Rights. To exercise any of these rights, submit a request at [The web address or channel where consumers submit privacy-rights requests.]. We will not deny you goods or services, or otherwise discriminate against you, for exercising them.

Our Response. We will respond to your request without undue delay and within 45 days of receipt. When reasonably necessary we may extend this period once by 15 additional days, and we will tell you of the extension and the reason within the initial period.

Appeals. If we decline to act on your request, you may appeal at [The web address or channel where consumers appeal a refused privacy-rights request.]. We will respond in writing, with the reasons for our decision, within 60 days.

Sale of Data and Targeted Advertising. Where we “Sell” your “Personal Data” — that is, exchange it for monetary or other valuable consideration — or process it for “Targeted Advertising” — advertising selected based on personal data obtained from your activity across nonaffiliated sites or applications — you may opt out of those activities at any time at [The web address or channel where consumers submit privacy-rights requests.].

Notice of Sale of Sensitive Data. NOTICE: We may sell your sensitive personal data.

Profiling. We use “Profiling” — automated processing to evaluate, analyze, or predict an individual's characteristics — in furtherance of decisions that produce legal or similarly significant effects concerning you. You may opt out of this profiling at [The web address or channel where consumers submit privacy-rights requests.].

Universal Opt-Out Signals. We recognize and honor a “Universal Opt-Out Signal” — a user-selected browser or device control, such as the Global Privacy Control (GPC) — as a valid request to opt out of “Targeted Advertising” and the “Sale” of “Personal Data” from the browser or device that sends it.

Sensitive Data. We obtain your opt-in consent before collecting or processing your “Sensitive Data” (). You may withdraw that consent at any time at [The web address or channel where consumers submit privacy-rights requests.].

Children Under 13. We do not knowingly collect “Personal Data” from a child under 13 without verifiable parental consent, and we handle any such data in accordance with the Children's Online Privacy Protection Act (COPPA).

Biometric Data Retention. We maintain this written, publicly available policy establishing our retention schedule and guidelines for permanently destroying “Biometric Identifier”s — retina or iris scans, fingerprints, voiceprints, or scans of hand or face geometry. We destroy a “Biometric Identifier” when the initial purpose for collecting it has been satisfied or within three years of your last interaction with us, whichever occurs first.

Biometric Consent. Before we collect a “Biometric Identifier”, we inform you in writing that we are collecting it, the specific purpose, and the length of time we will store and use it, and we obtain your written release.

Consumer Health Data. We collect “Consumer Health Data” — personal data that identifies your past, present, or future physical or mental health status. This section discloses the categories we collect, the purposes for which we use them, the categories we share, the list of categories of third parties and the specific affiliates with whom we share them, and how you can exercise your rights over this data.

Consent for Health Data. We do not collect “Consumer Health Data” except with your consent for a specified purpose, or to the extent necessary to provide a product or service you have requested from us.

Website Notice. Through our website we collect the categories of covered information described above and may share them with the third-party categories described above. You may review and request changes to your information, where that process is available, at [The web address or channel where consumers submit privacy-rights requests.]. We notify you of material changes as described in Changes to This Policy. Third parties may collect covered information about your online activities over time and across different websites when you use our website.

Minors. Where we direct services to, or have actual knowledge of, users who are minors, we provide the additional disclosures required by applicable state law, including our minors' design and safety practices, the privacy protections we apply to minors, and the parental tools we make available.

Data Broker Opt-Out. As a “Data Broker” — a business that knowingly sells or licenses to third parties the personal data of consumers with whom it has no direct relationship — we let you opt out of our collection, sale, or licensing of your “Personal Data”. This section discloses the method to submit a request at [The web address or channel where consumers submit privacy-rights requests.], the activities and sales the opt-out covers, and whether an authorized third party may exercise it on your behalf.

Keeping This Policy Current. We review this Privacy Policy and refresh its disclosures at least once every 12 months. It was last updated on [The date this privacy policy was last updated.].

Changes to This Policy. When we make a material change to this Privacy Policy, we will revise it, update the Effective Date above, and take reasonable steps to notify you of the change.