PRIVACY POLICY

Last Updated: September 2025

This Privacy Policy (“Policy”) explains how SPINS LLC, its affiliates, and subsidiaries (collectively referred to as “SPINS”) collect, use, disclose, and otherwise process personal data in connection with SPINS products, services, or applications that reference or link to this Policy. We may also choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions, or states. Please refer to the Region-Specific Disclosures section below for additional disclosures that may be applicable to you.

This Policy does not address our privacy practices relating to SPINS job applicants, employees, and other employment-related individuals, nor data that is not subject to applicable data protection laws (such as de-identified or publicly available information). This Policy is also not a contract and does not create any legal rights or obligations not otherwise provided by law.

Our Collection and Use of Personal Data

The categories of personal data we collect depend on how you interact with us and our services. For example, you may provide us with your personal data directly when you interact with our services, sign up for our mailing list, register for an account, or otherwise contact us or interact with us.

We also collect personal data automatically when you interact with our websites and other services, and may also collect personal data from other sources and third parties.

Personal Data Provided by Individuals

We collect the following categories of personal data that individuals provide us:

If you choose to contact us, we may need additional information to fulfill the request or respond to your inquiry. We may provide additional privacy disclosures where the scope of the request we receive or the personal data we require falls outside the scope of this Policy. In that case, the additional privacy disclosures will govern how we may process the information you provide at that time.

Personal Data Automatically Collected

We, along with our third-party partners, automatically collect information you provide to us, as well as information about how you access and use our products and services when you engage with us. We typically collect this information through the use of a variety of our own and our third-party partners’ automatic data collection technologies, including (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies, and logging technologies. Information we collect automatically about you may be combined with other personal data we collect directly from you or receive from other sources.

We, and our third-party partners, use automatic data collection technologies to automatically collect the following data:

All of the information collected automatically through these tools allows us to improve your customer experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our products and services, to offer communications features such as live and automated chat, and to improve the effectiveness of our products, services, offers, advertising, communications, and customer service.  We may also use this information to:  (i) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (ii) provide custom, personalized content and information, including targeted content and advertising; (iii) identify you across multiple devices; (iv) provide and monitor the effectiveness of our services; (v) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website; (vi) diagnose or fix technology problems; and (vii) otherwise to plan for and enhance our products and services.

For information about the choices you may have in relation to our use of automatic data collection technologies, please refer to the Your Privacy Choices section below. For additional details about the cookies we use on our websites and to adjust your preferences with regard to those cookies, please visit our “Cookie Preferences” manager linked in the footer of our websites.

Personal Data from Other Sources and Third Parties

We may receive the same categories of personal data as described above from the following sources and other parties:

Additional Uses of Personal Data

In addition to the primary purposes for using personal data described above, we may also use personal data we collect to:

Our Disclosure of Personal Data

We disclose or otherwise make available personal data in the following ways:

Your Privacy Choices

The following privacy choices are made available to all individuals with whom we interact. You may also have additional choices regarding your personal data depending on your location or residency. Please refer to our Region-Specific Disclosures below for information about additional privacy choices that may be available to you.

Communication Preferences

Automatic Data Collection Preferences

Certain of our services may provide you with the ability to adjust your preferences regarding our use of automatic data collection technologies. For example, there is a “Cookie Preferences” manager linked in the footer of our websites that allows you to adjust your preferences regarding certain automatic data collection technologies on the specific website you are visiting for the specific device and browser you are using at that time (which means you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting).

Where a SPINS-specific preference manager or privacy setting is not available, you may be able to utilize third-party tools and features to further restrict our use of automatic data collection technologies. For example, (i) most browsers allow you to change browser settings to limit automatic data collection technologies on websites, (ii) most email providers allow you to prevent the automatic downloading of images in emails that may contain automatic data collection technologies, and (iii) many devices allow you to change your device settings to limit automatic data collection technologies for device applications. Please note that blocking automatic data collection technologies through third-party tools and features may negatively impact your experience using our services, as some features and offerings may not work properly or at all. Depending on the third-party tool or feature you use, you may not be able to block all automatic data collection technologies, or you may need to update your preferences on multiple devices or browsers. We do not have any control over these third-party tools and features and are not responsible if they do not function as intended.

Targeted Advertising Preferences

We engage third parties to help us facilitate targeted advertising, on our behalf or on behalf of our customers, designed to show you personalized ads based on predictions of your preferences and interests developed using personal data we maintain and personal data our third-party partners obtain from your activity over time and across nonaffiliated websites and other services. The data we and our third-party partners use for purposes of facilitating targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research, are primarily collected through the use of a variety of automatic data collection technologies, including cookies, web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies, and logging technologies. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help link the personal data we and our third-party partners collect to the same person or otherwise target advertising to an individual on a third-party website or platform.

In addition to taking the steps set forth in the <Automatic Data Collection Preferences section above, you may be able to further exercise control over the advertisements that you see by leveraging one or more targeted advertising opt-out programs. For example:

Please note that when you opt out of receiving interest-based advertisements through one of these programs, this does not mean you will no longer see advertisements from us or on our services.  Instead, it means that the online ads you do see from relevant program participants should not be based on your interests.  We are not responsible for the effectiveness of, or compliance with, any third parties’ opt-out options or programs, or the accuracy of their statements regarding their programs. In addition, program participants may still use automatic data collection technologies to collect information about your use of our services, including for analytics and fraud prevention, as well as any other purpose permitted under the applicable advertising industry program.

Partner-Specific Preferences

Certain of our third-party providers and partners offer additional ways that you may exercise control over your personal data, or automatically impose limitations on the way we can use personal data in connection with the services they provide:

Children’s Personal Data

Our services are not directed to, and we do not intend to, or knowingly collect or solicit personal data from children under the age of 13. If an individual is under the age of 13, they should not use our services or otherwise provide us with any personal data, either directly or by other means. If a child under the age of 13 has provided personal data to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal data from our systems. If we learn that any personal data we collect has been provided by a child under the age of 13, we will promptly delete that personal data.

Retention of Personal Data

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data, and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.

Third-Party Websites and Services

Our services may include links to third-party websites, plug-ins, applications, and other services. Except where we post, link to, or expressly adopt or refer to this Policy, this Policy does not apply to any personal data practices of third parties. To learn about the personal data practices of third parties, please visit their respective privacy policies.

Region-Specific Disclosures

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions, or states. Please refer below for disclosures that may be applicable to you:

Updates to This Policy

We may update this Policy from time to time. When we make changes to this Policy, we will change the date at the beginning of this Policy. If we make material changes to this Policy, we will notify individuals through appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact Us

If you have any questions or requests in connection with this Policy or other privacy-related matters, please contact [email protected].

 

ADDITIONAL UNITED STATES PRIVACY DISCLOSURES

These disclosures supplement the information contained in our Policy by providing additional details about the privacy rights available to individual residents of certain states in the United States, as well as our personal data processing practices related to individual residents of these states. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Policy.

Nevada Residents

If you are a resident of the state of Nevada in the United States, you have the right to opt out of the sale of your personal data. Although we do not currently sell personal data of Nevada residents (as defined under Nevada law), you may submit a request to opt out of the sale of your personal data by emailing [email protected].

California, Nebraska, and Texas Residents

If you are a resident of the state of California, Nebraska, or Texas in the United States, the following supplementary disclosures apply to you.

NOTICE: We may sell your sensitive personal data. Please read the disclosures below for more details.

Personal Data Disclosures, Sales, and Targeted Advertising

We disclose all of the categories of personal data we collect to the categories of recipients set forth in the Our Disclosure of Personal Data section of our Policy. Our disclosure of personal data to the following categories of third parties qualifies as the sale of personal data or the sharing or processing of personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”) under certain privacy laws:

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt out of the sale of personal data or the processing of personal data for purposes of targeted advertising (as described in the Your Additional U.S. Privacy Choices section below).

Please note we do not sell the personal data of individuals we know to be less than 16 years of age or share such information for targeted advertising purposes.

Sensitive Personal Data

The following personal data elements we collect may be classified as “sensitive” under certain privacy laws:

We only use or disclose sensitive personal data where reasonably necessary and proportionate for the purposes of providing products and performing services you have requested, verifying and improving the products and services we provide, detecting security incidents, fraud, and other illegal actions, ensuring the physical safety of natural persons, performing services on behalf of the business, or short-term transient use. We only collect and process account log-in information without the purpose of inferring characteristics about the relevant individual, and we do not sell account log-in information, or process or otherwise share account log-in information for the purpose of targeted advertising.

We use health information for the purposes set forth in the Our Collection and Use of Personal Data section of our Policy. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or withdraw your consent for our processing of health information (as described in the Your Additional U.S. Privacy Choices section below).

Deidentified Information

We may at times receive or process personal data to create de-identified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

Automated Decision-Making and Profiling

We do not conduct automated processing of personal data for the purposes of evaluating, analyzing, or predicting an individual’s personal aspects in furtherance of decisions that produce legal or similarly significant effects. As a result, we do not provide the right to exercise control over such forms of automated decision-making and profiling.

Your Additional U.S. Privacy Choices

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

Depending on your state of residency, you may also have the right not to receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate, or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by:

To exercise your right to opt out as it relates to the use of cookies and related technologies that involve the sale of personal data or the use of personal data for targeted advertising purposes, please click the “Cookie Settings” link in the footer of the website and adjust your preferences accordingly. If you are visiting our site with the Global Privacy Control enabled, any cookies that constitute sales or are used for targeted advertising should already be turned off automatically in our cookie preference manager. Please note this opt-out tool is website, device, and browser specific, so you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting. In addition, you can also opt out of cookie-based sales by businesses that participate in the Digital Advertising Alliance’s CCPA Opt-Out Tool by visiting https://www.privacyrights.info/. Lastly, you may follow the other steps set forth in the Automatic Data Collection Preferences and Targeted Advertising Preferences sections of the Your Privacy Choices section of our Policy to further exercise control over automatic data collection technologies.

Before processing your request to exercise certain rights (including the Right to Know, Access & Portability, Correction, and Deletion), we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we will generally either require the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests submitted through our online form to include first and last name, email address, and state of residency.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states.

Submitting Authorized Agent Requests

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above, where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request.

Additional California-Specific Disclosures

The following disclosures only apply to residents of the State of California.

California Categories of Personal Data

California law requires that we provide disclosures to you about what personal data we collect by reference to the enumerated categories of personal data set forth within California law. To address this obligation, we have identified the relevant enumerated California personal data category for the personal data described in the Our Collection and Use of Personal Data section of our Policy:

 

ADDITIONAL EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND PRIVACY DISCLOSURES

These disclosures supplement the information contained in our Policy by providing additional information about our personal data processing practices relating to individuals who access our services or otherwise interact with us from the European Economic Area (“EEA”), the United Kingdom (“UK“), and Switzerland. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Policy.

Controller Details and Privacy Contacts

EEA, UK, and Swiss Controller

SPINS LLC (“SPINS”), a company duly incorporated and organized under the laws of the United States, is the “controller” responsible for the processing of personal data in connection with our EEA, UK, and Swiss services and operations. This means SPINS determines and is responsible for how your personal data is used. You may contact SPINS via email at [email protected].

Additional Questions or Complaints

If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred. Contact details for applicable Data Protection Authorities can be found using the links below:

We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at [email protected] if you have any concerns.

Purposes and Legal Bases of Processing

When we process your personal data, we will do so in reliance on the following lawful bases:

You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our products and services. For example, we need your personal data to facilitate and deliver an order that you request. If you choose not to provide us with your personal data, we may not be able to provide you with the service or product you request. We will inform you at the point that we collect personal data from you if the provision of certain personal data is mandatory or optional for the receipt of our products and services.

Automated Decision-Making and Profiling

We do not conduct automated processing of personal data, including profiling, for the purposes of making decisions about you.

Retention of Personal Data

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

The criteria used to determine the period of time for which personal data about you will be retained vary depending on the legal basis under which we process your personal data:

In certain circumstances, we may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved. In all cases, in addition to the purposes and legal bases identified above, we consider the amount, nature, and sensitivity of personal data, as well as the potential risk of harm from unauthorized use or disclosure of personal data, in determining the relevant retention period.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.

International Transfers of Personal Data

We operate and engage third-party partners and providers in various jurisdictions. Therefore, we and our third-party providers may transfer personal data to, or store, access, or process personal data in, a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.

We may transfer personal data about you outside of the EEA, UK, and Switzerland, and when we do so, we rely on appropriate or suitable safeguards recognized under applicable law, including adequacy decisions, standard contractual clauses, and the EU-US Data Privacy Framework. If you would like more information on the specific safeguards we use (and obtain a copy of such safeguards, where applicable), please contact us at [email protected].

Adequacy Decisions

We may transfer personal data about you to countries that the relevant regulatory authority has deemed to adequately safeguard personal data, either automatically or in connection with a specific safe harbor framework.

Standard Contractual Clauses

Certain regulatory authorities have adopted standard contractual clauses, which provide safeguards for personal data transferred outside of the originating jurisdiction. We may use these standard contractual clauses when transferring personal data to a third country that has not been deemed to adequately safeguard personal data.

EU-U.S. Data Privacy Framework

The EU-U.S. Data Privacy Framework was designed by the U.S. Department of Commerce and the European Commission to ensure adequate protection for personal data transferred to a company participating in the EU-U.S. Data Privacy Framework. If we transfer any personal data about you from the EEA to a third party outside the EEA who is participating in the EU-U.S. Data Privacy Framework, we may rely on their participation in the Framework to ensure adequate protection for personal data so transferred.

Your Additional EEA, UK, and Swiss Privacy Choices

Subject to certain limitations at law, you may be able to exercise the following rights:

Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our services to you or otherwise engage with you in the same manner.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by completing our online form found here.

To exercise your right to object as it relates to the use of automatic data collection technologies (including cookies) that facilitate our online targeted advertising activities, please click the “Cookie Settings” link in the footer of the website and adjust your preferences accordingly. Please note this preferences tool is website, device, and browser specific, so you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting. In addition, you may follow the other steps set forth in the Automatic Data Collection Preferences section of the Your Privacy Choices section of our Policy to further exercise control over automatic data collection technologies.

Before processing your request to exercise certain rights (taking into account the confidential nature of any personal data we maintain), we will need to verify your identity and confirm you are accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland. In order to verify your identity, we will generally either require the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests submitted through our online form to include first and last name, email address, and state/country of residency.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity as needed to protect your personal data or locate your information in our systems, or where you are not accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland.