Privacy policy

This Privacy Policy (“Privacy Policy”) describes how VERIDIAN FLOW LLC (“Company”, “we” or “our”) collects, uses, and discloses Personal Data (as defined below), in connection with:

Visitor of our website available at: https://annoory.com and other digital pages we operate that directs to our website, and any content, features or services included therein (“website” and “Visitors”, respectively);
Individuals who have placed an order to purchase jewelry and other available products and goods through our website (“Consumer” and “Product”).

Visitors and Consumers shall be further referred to herein as “you” and “your”. The website and any services provided therein including order placement and any services related to the Product shall be further referred to herein as “Services”.

This Privacy Policy further explains how we safeguard your Personal Data, how such data may be used or shared with others, and how you may exercise your rights related to your Personal Data, as required under applicable data protection laws.

This Privacy Policy is an integral part of our Terms of Use and Shipping and Returns Policies (collectively the “Terms”). Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms.

UNDER APPLICABLE DATA PROTECTION LEGISLATION, YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE PERSONAL DATA TO ANN. HOWEVER, IF YOU WILL NOT PROVIDE US WITH CERTAIN PERSONAL DATA, WE WILL NOT BE ABLE TO FULFILL CERTAIN PURPOSES, FOR EXAMPLE, PROVIDE CERTAIN SERVICES OR ENABLE CERTAIN USE OF OUR PLATFORM AND WEBSITE ALL AS DESCRIBED UNDER SECTION 3 “‎THE DATA WE COLLECT & PURPOSE OF COLLECTION AND USE‎” OF THIS PRIVACY POLICY.

This Privacy Policy governs the use, processing and sharing of Personal Data that applies to all individuals world-wide. It further includes disclosure specifications required under certain data protection laws (for example our lawful basis for processing Personal Data as required under the EU and UK General Data Protection Regulations (“GDPR”) and other disclosures required under the Israeli Privacy Protection Law). Certain jurisdictions require that applicable disclosures will be provided in a certain way and format, and therefore if you are a US resident refer to Section 12. Additional Notice for US Residents, which includes additional information about privacy rights for U.S. residents.

If you are a California resident – please review our CCPA Privacy Notice, which serves as a Notice at Collection as required under the California Privacy Rights Act (“CCPA”).

1. POLICY AMENDMENTS

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent ‎version of the Privacy Policy will always be posted on the website and be reflected in the “Last Amended” ‎heading. We will provide notice to you if these changes are material, and, where required by applicable law, ‎we will obtain your consent. Otherwise, any amendments to the Privacy Policy will become effective ‎immediately upon the display of the modified Privacy Policy. We recommend you review this Privacy Policy ‎periodically to ensure that you understand our most updated privacy practices.‎

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

VERIDIAN FLOW LLC is the “data controller” or “Business” (as such term is defined under privacy legislation) of the Personal Data collected by us, as detailed under this Privacy Policy.

For any question, inquiry or concern related to this Privacy Policy or the collection and use of your Personal Data, you may contact our privacy team follows:

Address: NY, New York City - 140 Broadway st, 10005, USA

Email address: privacy@annoory.com

3. THE DATA WE COLLECT & PURPOSE OF COLLECTION AND USE

Depending on your interaction with us and our Services, we may collect certain information related to such interaction and use, as follows:

“Non-Personal Data” – meaning, information which does not identify a specific natural person and cannot reasonably be used for such identification. Non-Personal Data includes technical information regarding your device or browser, type of operating system, scope, frequency, interactions with the website, and other technical information regarding the device used – all when collected on an aggregate basis, or otherwise not combined with any identifiers. We may further process and anonymize Personal Data in a manner that the data will be Non-Personal Data. Non-Personal Data may be used by us without limitation and for any purpose. Some of this information may be considered “de-identified” under U.S. privacy laws and when we rely on data that has been “de-identified”, we will take reasonable measures to ensure that the de-identified information cannot be associated with an individual, household, or device and not attempt to re-identify it.

“Personal Data” – meaning information that identifies an individual or may with reasonable effort or by reasonable means identify an individual. This may include online identifiers such as IP address, name, emails, etc., and other information that is associated with you. If we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data.

Under the table below we detail the types of Personal Data we collect and how and for which purposes we use your Personal Data.

.responsive-policy table{border-collapse:collapse;width:100%;} .responsive-policy th,.responsive-policy td{border:1px solid #ccc;padding:8px;vertical-align:top;text-align:left} .responsive-policy thead th{background:#f5f5f5} /* Small-screen stacked layout */ @media (max-width: 720px){ .responsive-policy table, .responsive-policy thead, .responsive-policy tbody, .responsive-policy th, .responsive-policy td, .responsive-policy tr{display:block;width:100%} .responsive-policy thead{display:none} .responsive-policy tr{border:1px solid #ddd;margin:0 0 12px;border-radius:8px;overflow:hidden} .responsive-policy td{border:none;border-top:1px solid #eee;padding:12px} .responsive-policy td:first-child{border-top:none} .responsive-policy td::before{ content:attr(data-label); display:block; font-weight:600; margin-bottom:6px; color:#555; } }

TYPES OF PERSONAL DATA	PURPOSE OF COLLECTION AND USE	LAWFUL BASIS FOR EEA AND UK RESIDENTS
Online Identifiers & Usage Data	When you access our website or otherwise interact with its content and features or use our Services (including if you are our Consumer and you access and interact with our website to place an order, open an account or registered to our Loyalty Program), certain information regarding your access and use is collected through use of our, or our third-party service providers’ and marketing partners’, cookies and tracking technologies (for more information, see our Cookie Policy - “Cookies and Tracking Technologies”). This information includes online identifiers associated or transmitted from your browser and device, such as Internet Protocol address (IP), a “cookie” identifier, user agent, tags, and other unique online identifiers generated (“Online Identifiers”). Online Identifiers, such as IP address, are also used to extract your approximate location (e.g., country and Zip). This also includes information regarding your use and interactions with the website including session durations and time and date stamp (i.e., when have you accessed our website or used certain Services and for how long), the content you viewed on our website, your interactions within the website (click streams, actions made, etc.), crash data, referring URL, language preferences, Products added to the cart, etc. (collectively “Usage Data”). If the Usage Data is associated with an Online Identifier it is processed by us as Personal Data. Online Identifiers and Usage Data are collected and used for the following purposes: • Services’ functionality, operation, security, fraud prevention, and to resolve errors and technical issues; • To customize the Services based on your approximate location (i.e., to present you the webpages with applicable language and currency applicable to your territory, etc.); • To have internal analytics and statistics, used by us to enhance and improve our Services; • To promote, advertise and market our website and Services. This includes targeted advertisements (which is further subject to your cookies’ settings and preferences – see section 6 of this Privacy Policy “Cookies and Similar Tracking Technologies We Use”).	Online Identifiers and certain Usage Data which are collected for the basic operation of the Services, through first party cookies, will be processed in our legitimate interest.
Contact Information & Communications	We collect contact information, such as, name, email address, phone number and address (“Contact Information”), if you contact us with any inquiries, be provided with information regarding our Product, sign up to receive our marketing materials and newsletter, contact our customer support, etc., either through an online form available on our website, by sending us an email or by any other means. We will further collect and store the content of communications with you, including email correspondence and any information you choose to share with us through your correspondence or other communications with us, and may also process data related to such communications such as interactions with email communications (access time and date), etc. (“Communications Data”). Contact Information and Communications Data are collected and used for the following purposes: • To respond to your inquiries or send you the information and to send you marketing material related to our Services in which you have shown your interest, including promotions, such as special offers. (“Direct Marketing”); • To have records of our communications, to improve our support and marketing efforts, or in the event we reasonably determine it is needed in order to comply with any regulatory requirement, or for handling and defending against any dispute you might have with us; • To have internal analytics and statistics, used by us to enhance and improve our Services; • We will further store your Contact Information in order to include you, and maintain, our marketing and mailing lists, as well as the "opt-out" list (solely the necessary information for such purpose), to ensure we respect your choice and comply with applicable laws in this regard.	In the event you contact us, we process Contact Information in order to respond to your inquiry or request, based on your consent. In other cases, including for Direct Marketing, Contact Information is processed and stored subject to our legitimate interests. You can opt-out at any time using the “unsubscribe” or other option we provide within the body of the message. Communications Data is processed subject to our legitimate interest, provided that any recording of calls or meetings shall be made subject to obtaining your consent where required under applicable laws.
Information Provided When You Place Orders	If you place an order, as part of the checkout process, you will be requested to provide us with certain information such as your full name, email address, telephone number, as well as billing and shipping address. Note that, you will further be required to provide your payment method details, however, as your payment is being processed by our third-party payment processor, we will not store have access to your full payment information, rather, where applicable, solely the 4 last digits of your payment method and expiry date which

Please note that, in addition to the purposes set forth above, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce our Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. We will not collect additional categories of Personal Data or use the Personal Data for any purpose that is materially different, unrelated, or incompatible purpose without obtaining your consent unless we are required or permitted by applicable law.

4. HOW WE COLLECT YOUR DATA

Depending on the nature of your interaction with us and our websites and Services, we may collect Personal Data as follows:

Automatically– we may use cookies or similar tracking technologies to gather some information automatically when you interact with our websites and Services (see Section 5 of this Privacy Policy “Cookies and Similar Tracking Technologies We Use”.
Provided directly by you– we will collect information if and when you choose to provide us with the information, such as where you create an Account, place and order, contact us, etc.

5. COOKIES AND SIMILAR TRACKING TECHNOLOGIES WE USE

We use “cookies” (or similar tracking technologies such as tags, pixels, etc.) when you access to, interact with, or use our websites. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your device or browser while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, enable automatic activation of certain features (e.g., shopping cart), for statistical purposes, as well as for advertising purposes.

The information generally collected and stored by cookies includes Online Identifiers (such as cookie ID, IP address, etc.) and Usage Data (such as actions made, click stream, time and date stamp, content viewed, directing URLs, etc.) – both as defined as under Section 3 of this Privacy Policy “The Data We Collect & Purpose of Collection and Use”).

Cookies can be either placed by us, or by third parties such as analytic providers, marketing partners, social media, etc. In addition, the duration of such cookies (meaning the period until such are deleted) can be either “session” – meaning deleted when you close your browser, or “persistent” – meaning longer periods according to their purpose and settings, provided however that you can delete or block cookies through your browser or device settings or as further explained below.

Please see our cookie policy: HERE which details the cookies we use on are website. You may change your cookies settings and preferences ant any time (include accept cookies, reject cookies, and opt-out) by using the cookie setting tool available on our website.

Also note that, most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. Please refer to the setting or the support page of your browser to learn more about how you can adjust your privacy and security settings.

Please note that once you choose to opt out or disable cookies, some features of our website and Services may not operate properly and your online experience may be limited. In addition, even if you do opt-out, you may still receive some content and advertising, however, it will not be targeted content or advertising.

Where we use third-party advertising cookies, such third-party may independently collect Personal Data, through the use of such tracking technologies, and may combine such information with other information they have independently collected relating to your online activities across the Internet, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of advertising campaigns you interacted with. These third parties collect and use this information under their own privacy policies and are responsible for their practices.

6. SHARING PERSONAL DATA WITH THIRD PARTIES

We share your Personal Data with third parties, including our affiliated companies, partners or service providers that help us provide, operate and manage our websites, business operation, marketing operations and our Services. The categories of such third-party recipients, the type of Personal Data we will share and the purposes for which we will share the Personal Data are as follows:

Our Service Providers and Agents - we share Personal Data with our agents and service providers to perform requested services on our behalf. These third parties may include counsels and advisors, technology and hosting providers (such as analytic tools, management or security tools, communications tools, processing payments, shipping and delivery services, etc.(. These providers are prohibited from using Personal Data we share with them for any purposes other than providing us with the requested functions and services. The type of Personal Data that will be shared can be any data processed by us, as needed for the provisions of the specific services.
Marketing Partners – we may share Personal Data with marketing partners we engage with or use their tools and services to market and promote our website and Services, for example, for our marketing campaigns and targeted online advertising. These partners may include social media platforms or other marketing services operators. The Personal Data shared may include Online Identifiers and Usage Data, (as defined under Section (3) of this Privacy Policy “Data We Collect & Purpose of Collection and Use”). These partners may combine your Personal Data with other data they collect independently from your visits and interactions across the web.
Our Company Group & Corporate Transactions - we share Personal Data, internally within our company group to fulfil certain purposes for which Personal Data is collected and retained, or in the event of a corporate transaction (for example, sale of a substantial part of business, merger, consolidation, etc.). The types of Personal Data that will be shared can be any data processed by us, as needed, however our affiliated companies or acquiring company will assume the rights and obligations as described under this Privacy Policy.
Enforcement of our Rights, Security and Fraud Prevention & Law Enforcement - we may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties as needed to comply with applicable laws or in response to a verified order. We may further Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or third parties to legal liability, and solely to the extent required. The types of Personal Data that will be shared are as needed to fulfil the purpose set forth above, for example, subject to law enforcement authority request.

For avoidance of doubt, we may further transfer and disclose or otherwise use Non-Personal Data or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at our discretion and without limitations.

7. YOUR RIGHTS RELATED TO YOUR PERSONAL DATA

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

In the table below you can review your rights depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard, any specification per geo-location or territory are available below the table:

.responsive-rights table{border-collapse:collapse;width:100%;} .responsive-rights th,.responsive-rights td{border:1px solid #ccc;padding:8px;vertical-align:top;text-align:left} .responsive-rights thead th{background:#f5f5f5} @media (max-width: 720px){ .responsive-rights table, .responsive-rights thead, .responsive-rights tbody, .responsive-rights th, .responsive-rights td, .responsive-rights tr{display:block;width:100%} .responsive-rights thead{display:none} .responsive-rights tr{border:1px solid #ddd;margin:0 0 12px;border-radius:8px;overflow:hidden} .responsive-rights td{border:none;border-top:1px solid #eee;padding:12px} .responsive-rights td:first-child{border-top:none} .responsive-rights td::before{ content:attr(data-label); display:block; font-weight:600; margin-bottom:6px; color:#555; } }

RIGHT	DESCRIPTION
RIGHT TO BE INFORMED, RIGHT TO KNOW	You have the right to confirm whether we collect Personal Data about you. Please review this Privacy Policy.
RIGHT TO ACCESS	You have the right to know which Personal Data we hold about you and receive a copy. Contact: privacy@annoory.com
RIGHT TO CORRECTION	You may correct inaccuracies in your Personal Data. Contact: privacy@annoory.com
RIGHT TO BE FORGOTTEN / DELETION	You may request erasure of certain Personal Data if conditions are met. This right is not absolute and may be denied if retention is required by law, for defense of claims, record-keeping, transactions, security, fraud prevention, free speech, research, etc. To exercise, contact: privacy@annoory.com
RIGHT TO RESTRICTION OF PROCESSING	You may limit processing if: accuracy is contested; processing is unlawful but you oppose erasure; we no longer need the data but you require it for legal claims; or you object pending verification. Contact: privacy@annoory.com
RIGHT TO PORTABILITY	You may obtain your Personal Data in a portable, readily usable format for transfer to another entity. Format will be selected by us. Contact: privacy@annoory.com
RIGHT TO WITHDRAW CONSENT / OPT OUT / OBJECT	You may withdraw consent at any time by contacting us or unsubscribe via the provided link. You may object to processing based on legitimate interests unless our grounds override your rights or processing is needed to establish/defend legal claims. We do not profile individuals with significant effects. We do not “sell” or “share” Personal Data for money or other consideration.
RIGHT TO APPEAL OR LODGE A COMPLAINT	If we decline your request, we will inform you without undue delay, provide justification, and explain how you may appeal.
NON-DISCRIMINATION	We do not discriminate against customers or users for exercising privacy rights (e.g., denying service, charging different prices). If you believe you experienced discrimination, contact: privacy@annoory.com

8. DATA RETENTION

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.

In certain circumstances, we will retain your Personal Data for longer periods of time and mainly:

Where we are required to retain Personal Data in accordance with legal, regulatory, tax, or accounting requirements;
Where we deem retention is necessary to obtain an accurate record of your dealings with us in the event of any complaints or challenges (e.g., Product adverse event); or
If we reasonably believe there is a prospect of litigation relating to your Personal Data.

Please note that except as required by applicable law, we may at our sole discretion, delete data from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

9. DATA SECURITY

Securing your Personal Data is of high priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards, such as encryption, access restrictions and permissions, etc.

Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: privacy@annoory.com, if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) if we discover a security incident related to your Personal Data.

10. INTERNATIONAL DATA TRANSFER

Our data servers in which we host and store the information are located in the US, UK and Israel. The Company's HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM and other systems. In the event that we need to transfer your ‎Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data ‎receives an adequate level of protection as required under applicable law. Furthermore, when Personal ‎Data that is collected within the European Economic Area ("EEA") is transferred outside of the EEA to a ‎country that has not received an adequacy decision from the European Commission, we will take necessary ‎steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal ‎Data, in accordance with the provision of the standard contractual clauses approved by the European Union. ‎Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal ‎Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your ‎data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the ‎European Commission. Some of these assurances are well-recognized certification schemes.‎

11. PROTECTING CHILDREN

The Services are not intended for use by children (the phrase "child" shall mean an individual that is under ‎the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the ‎US, under the age of 13), and we do not knowingly process children's information. We will discard any ‎information we receive from a user that is considered a "child" immediately upon discovering that such a ‎user shared information with us. Please contact us at privacy@annoory.com, if you have reason to ‎believe that a child has shared any information with us. ‎

12. ADDITIONAL NOTICE FOR US RESIDENTS

Residents of certain U.S. states (depending on the applicable state law, acting in an individual or household context and not in a commercial or employment context or as a representative of business), including California, Colorado, Connecticut, Virginia, and Utah, may have additional rights under applicable privacy laws and be entitled to additional disclosures.

"Personal Data" under applicable US privacy laws, generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the states laws scope, such as: HIPAA, GBPA, non-profit entities, etc.)

“Sensitive Data” means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal Data collected from a known child; Precise geolocation data.

We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.

Categories of Personal Data & Categories of third parties with whom Personal Data is shared:

Under the paragraph “‎THE DATA WE COLLECT & PURPOSE OF COLLECTION AND USE ” of this Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collecting and processing, and the purposes for which Personal Data is processed, stored or used.

Additionally, under the paragraph “SHARING DATA WITH THIRD PARTIES” of this Privacy Policy, we detail and disclose the categories of third parties we share Personal Data with for business purposes. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.

“Sale” of Personal Data:

Under US privacy laws, in principle, the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment.

Consumer Rights:

Residents of certain U.S. states, including Colorado, Connecticut, Virginia, and Utah, may have additional rights under applicable privacy laws, subject to certain limitations, which may include:

Access - the right to confirm whether we are processing their Personal Data and to obtain a copy of their Personal Data in a portable and, to the extent technically feasible, readily usable format.
Delete - the right to delete their Personal Data provided to or obtained by us.
Correct - the right to correct inaccuracies in their Personal Data, taking into account the nature and purposes of the processing of the Personal Data.

The paragraph “YOUR RIGHTS UNDER PRIVACY PROTECTION LAWS” provides additional information regarding your principal rights.

Exercising Your Privacy Rights:

You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by contacting us at: privacy@annoory.com

When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.

Authorized agents may initiate a request on behalf of another individual by contacting us at privacy@annoory.com;authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

If we decline to take action on your request, we shall so inform you without undue delay, within the timeframe set out under applicable law. Our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction.

__________________________________________________________________________________________

Veridian Flow CCPA PRIVACY NOTICE

[Last Amended: July 30,2025]

This CCPA Privacy Notice (“CCPA Notice”) applies to California residents (“Consumers” or “you”). It describes how Anoory (together with our subsidiaries and affiliates “Company”, “us” or “we”), collect, use, disclose and share “Personal Information” (as defined below) of Consumers in operating our business. Any terms defined in the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 effective January 1, 2023 (collectively “CCPA”), have the same meaning when used in this CCPA Notice.

This CCPA Notice is an integral part of our Privacy Policy, and thus, definitions used herein shall have the same meaning as defined in the Privacy Policy. When we refer to “Personal Data” under our Privacy Policy, it shall also mean “Personal Information” as defined under the CCPA.

This CCPA Notice applies to Personal Information, which is collected directly or indirectly while using our Services or in order to provide our Services.

If you wish to learn more about your California privacy rights, you may visit https://oag.ca.gov/privacy/consumer-privacy-resources.

PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES

Categories of Personal Information We Collect & Disclosure of Personal Information for Business Purpose

We collect Personal Information which is defined under the CCPA as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device, all as detailed in the table below.

Personal Information does not include: Publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; De-identified or aggregated consumer information; Information excluded from the CCPA’s scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA) and the Driver’s Privacy Protection Act of 1994.

We may disclose your Personal Information to a contractor or service provider for a business purpose (as such term is defined under the CCPA). When we disclose Personal Information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except for performing the contract. We further restrict the contractor and service provider from selling or sharing your personal information.

Below we detail the categories of Personal Information that we collect, share for a business purpose and the categories of recipients to whom we disclose (within the last 12 months)

Categories of Personal Information we collect	Collected	Categories of third-party recipients to whom we disclose Personal Information for business purpose
A. Identifiers.	Yes. For example, real name, alias, unique personal identifier, Internet Protocol (IP) address, email address, and social account information.	Different service providers such as (Advertising partners; data analytics providers; social media networks; affiliated companies; Cloud and hosting providers; payment processors, etc.
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	No.	-
C. Protected classification characteristics under California or federal law.	No.	-
D. Commercial information.	Yes. For example, records of products or services purchased.	Payment processors; CRM providers; shipping and delivery service providers, etc.
E. Biometric information.	No.	-
F. Internet or other similar network activity.	Yes. For example, Visitors’ interaction with our website.	Analytic providers; operational partners; security and fraud prevention providers; operating systems; advertising partners data analytics providers; social media networks; Payment processors; CRM; customer support; cloud computing and storage vendors; shipping and delivery service providers, etc.
G. Geolocation data.	Yes. For example, online identifiers, such as IP address, are further used to generate certain information, for example, extract your approximate location (e.g., country and Zip).	Analytic providers; operational partners; security and fraud prevention providers; operating systems; advertising partners data analytics providers; social media networks; Payment processors; CRM; customer support; cloud computing and storage vendors; shipping and delivery service providers, etc.
H. Sensory data.	No.	-
I. Professional or employment-related information.	No.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	No.	-
K. Inferences drawn from other personal information.	No.	-
L. Sensitive personal information.	No.	-

Categories of Sources of Personal Information

Information you provide us directly – for example, when you register and create an account or correspond with us.
Information we receive from third parties – for example, if you access the Services through a third-party connection or log-in, if applicable, such third party may pass certain information about your use of their service to us.
Information we receive automatically – for example, we will collect your online identifiers and usage data including analytics data (or use third-party measurement and marketing tools) automatically.

Use of Personal Information

We may use the Personal Information collected as identified above, for the following purposes: to fulfill or meet the reason you provided the Personal Information (support, respond to a query, open an account etc.); monitor and improve our Services; provide our Services; marketing our Services; analyzing your use of our Services; respond to law enforcement; or otherwise as detailed in our Privacy Policy.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sale or Share of Personal Information

We do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment.

For retargeting and analytic purposes, when we promote our Services, we use third-party providers and tracking tools, advertising networks and social media. They provide these services by placing cookies, pixel or other tracking technology on our website, and sharing with these vendors the online identifiers and online behavior information. The CCPA defines these actions as “sharing” or “selling”.

Below we detail the categories of Personal Information that we “sell” or “share” in the preceding 12 months for a business purpose (as defined under the CCPA).

Categories of Personal Information (corresponding with the table above)

Categories of third-party recipients

Purpose of Sale or Share

Category A

Category F

Category G

Analytics providers, advertising networks, social media networks, media providers, and search platforms.

Targeted advertising, cross-contextual behavioral advertising (“CCBA”), promoting the Services, analytics and security services.

Children Under Age 16

Our Services are not intended for use by children and we do not collect or maintain information about anyone under the age of 16.

Please contact us at: Privacyannoory.com if you have reason to believe that a child has shared any information with us.

Data Retention

The retention periods are determined according to the following criteria:

For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed;
To comply with our regulatory obligations;
To resolve a claim, we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we will not be obligated to retain your Personal Information for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.

PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA AND HOW TO EXERCISE THEM

Your Rights Under the CCPA

If you are a California resident, you may exercise certain privacy rights related to your Personal Information. You may exercise these rights free of charge except as otherwise permitted under applicable law, by contact us at:Privacyannoory.com.

We may limit our response to your exercise of these privacy rights as permitted under applicable law, all as detailed herein.

California Privacy Right	Details
The right to know what Personal Information the business has collected and access right.	You have the right to know what Personal Information the business has collected about the Consumer, including the categories of Personal Information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the Consumer.
Deletion rights.	You have the right to delete Personal Information that the business has collected from the Consumer, subject to certain exceptions.
Correct inaccurate information	The right to correct inaccurate Personal Information that a business maintains about a Consumer.
Rights related sharing for targeted advertising and sale of Personal Information	You have the right to opt-out of the “sharing” of your Personal Information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising” and the “sale” of your Personal Information.
Limit the use or disclosure of sensitive personal information	Under certain circumstances, if the business uses or discloses sensitive personal information, you have the right to limit the use or disclosure by the business.
Opt-out of the use of automated decision making	In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your Personal Information.
Non-discrimination	You have the right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of Services, if that difference is reasonably related to the value provided to us by your Personal Information.
Data portability	You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format.

To learn more about your California privacy rights, please visit https://oag.ca.gov/privacy/privacy-laws.

How Can You Exercise The Rights?

You may exercise your rights by contacting our privacy team at:Privacyannoory.com.

Note, certain rights can be exercised by you independently without contacting us, for example, depending on your interaction with us:

You can opt-out from receiving emails from us by clicking the “unsubscribe” link or other opt-out alternatives we make available, as detailed in the marketing communication we sent you or otherwise through the communication preferences settings we make available within your account.
You can delete, access and correct any information available in your account, through your account settings.
Opt-out from selling or sharing can be executed at any time, by using the cookie settings tool or the "Do Not Sell or Share my Personal Information" button all available through our website. Also, you do not want to receive interest-based advertisements, you can limit the collection of certain information through your device and browser settings or use the Global Privacy Control (“GPC”) signals.

Notice of Financial Incentive

We do not offer financial incentives to consumers for providing personal information.

Authorized Agents

You can designate an authorized agent to submit requests on your behalf via the methods above. However, we will require written proof of the agent’s permission to do so and verify your identity directly. We will not verify your identity if the agent provides a power of attorney documentation.

Response Timing and Format

We endeavor to respond to a verifiable Consumer request within forty-five (45) days of its receipt. If we require more time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

By email: Privacyannoory.com

By mail: NY, New York City - 140 Broadway st, 10005, USA

Updates

This notice was last updated on July 30, 2025. As required under the CCPA, we will update the CCPA Notice every 12 months, if needed. The last revision date will be reflected in the “Last Amended” heading at the top of this CCPA Notice.

PART III: OTHER RIGHTS APPLICABLE TO CALIFORNIA RESIDENTS

California Direct Marketing Requests: California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at: Privacyannoory.com

Do Not Track Settings: Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser.

As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we so not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.