Privacy Policy

Last updated: December 2025

California Notice at Collection/State Law Privacy Rights: See the California Privacy Notice and Privacy Notice for Other US States sections below for important information about your rights under applicable US state privacy laws.

European Users: Please see the European Privacy Notice section below for additional information for individuals located in the European Economic Area, the United Kingdom, or Switzerland (which we refer to as "Europe," and "European" and should be understood accordingly).

Introduction

This privacy policy ("Privacy Policy") describes the collection of personal information by Veymont Ventures LLC, doing business as AdWaste AI ("AdWaste AI," "Company," "we," "us," or "our") from users ("you," "your") of our website at https://adwaste.io and https://app.adwaste.io, our related websites and each of their subdomains (together, our "Site"), along with our platforms, applications, and other services provided by us and on which a link to this Privacy Policy is displayed (collectively, our "Service" or "Services"). This Privacy Policy also describes our use and disclosure of such information. This Privacy Policy is incorporated by reference into our Terms of Service.

This Privacy Policy also describes your rights as a data subject to inquire about the personal information that we process and describes certain rights that you, as the data subject, have regarding this information. These rights include your choice to limit the use and disclosure of your information, including where your personal information may be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. To exercise these rights, you may contact us using the information in the Contacting Us section of this Privacy Policy.

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we will use it. By accepting this Privacy Policy and Terms of Service, you agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

Contacting Us

If you have any questions or comments about this Privacy Policy, please contact us using the following contact information:

• Veymont Ventures LLC
• support@adwaste.io
• https://adwaste.io

If you are located in the European Union, and pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed the European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact the EDPO regarding matters pertaining to the GDPR by using the EDPO's online request form: https://edpo.com/gdpr-data-request/, or in writing to the EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

If you are located in the UK, and pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as our UK GDPR representative. You can contact EDPO UK regarding matters pertaining to the UK GDPR by using EDPO's online request form: https://edpo.com/uk-gdpr-data-request/, or in writing to the EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

What Information Do We Collect?

We use your personal information to provide our ad-traffic firewall service, protect your Shopify store from fraudulent clicks, and improve the Service. This section describes the types and categories of personal information we may collect, and how we may use that information.

Information You Provide Us Directly

We collect personal information that you provide when you sign up, enter your information into online forms, or otherwise use the Site and Services. We use this personal information in a variety of ways, and this personal information includes the following:

• When you create an account on the Service, we collect your first name, last name, email address, and company name
• When you subscribe to the Service, we collect billing information necessary to complete payment transactions, including your first name, last name, billing address, and payment card information. We use Stripe as our third-party payment processor to handle payment data
• If you sign up for our mailing lists, provide feedback, or otherwise communicate with us, we may collect contact and business information from you, such as your first and last name, email address, phone number, and the company name with which you are associated
• If you contact us via the Site or Service regarding customer support or ask questions, we collect your name, email address, and any other content or communications that you send to or share with us
• We may also derive personal information about you in the form of inferences, which are derivations of information, data, assumptions, or conclusions from facts, evidence, or other sources of information or data about you. These inferences may be derived from the personal information that you provide to us or authorize us to collect, from the personal information automatically collected, from the personal information that we collect from third parties, as well as from the information collected by cookies, web beacons, and other tracking technologies

By voluntarily providing us with personal information, you represent that the personal information you provide is true, accurate, current, and complete, and that you are authorized to provide it to us.

Automatically Collected Information

When you use our Services or when visitors click on your advertisements and visit your Shopify store, some information is collected automatically. For example, we automatically collect:

• Visitor Traffic Data: IP addresses, device fingerprints (including browser type, screen resolution, operating system, installed fonts, canvas fingerprints), HTTP headers, user agent strings, referrer URLs, mouse movement patterns, scroll behavior, click timestamps, and session data from visitors who click on your advertisements
• Browser and Device Information: Your browser's Internet Protocol (IP) address, browser type, the nature of the device from which you are visiting the Service (e.g., a personal computer or a mobile device), the identifier for any handheld or mobile device that you may be using, operating system, device settings, and mobile carrier
• Usage Information: The website that you visited immediately prior to accessing our Service, the actions you take on our Service, the content, features, and activities that you access and participate in on our Service, and the time, frequency, and duration of those activities
• Email Interaction Data: Information regarding your interaction with email messages, such as whether you opened, clicked on, or forwarded a message

We collect this information passively in our server logs, and also collect this information using technologies such as cookies, clear image files, JavaScript tags, and device fingerprinting as described in the section Cookies and Similar Technologies in this Privacy Policy. We use passively collected information to operate our fraud detection service, improve our Service and systems, and provide the core functionality of blocking fraudulent ad clicks. If we link or associate any information gathered through passive means with personal information, or if applicable laws require us to treat any information gathered through passive means as personal information, we treat the combined information as personal information under this Privacy Policy.

Information We Collect From Third-Party Integrations

Our Service integrates with third-party platforms to provide its core functionality. We collect the following information from these platforms:

From Your Shopify Store (via Official Shopify API):

• Store configuration information (store name, domain, currency, timezone)
• Order data (order IDs, timestamps, revenue amounts, customer geographic location - we do not collect customer names, email addresses, or payment details)
• Installation metadata (app installation date, subscription status)

From Your Meta (Facebook/Instagram) Ad Account (via Official Meta API):

• Campaign names, ad set names, ad account IDs
• Aggregate spend data, click counts, impressions
• Account-level performance metrics
• We do not access your ad creatives, audience targeting lists, or billing information beyond aggregate spend data

From Your TikTok Ad Account (via Official TikTok API):

• Campaign names, ad group names, ad account IDs
• Aggregate spend data, click counts, impressions
• Account-level performance metrics
• We do not access your ad creatives, audience targeting lists, or billing information beyond aggregate spend data

Information From Other Sources

We may receive information about you, including personal information, from third parties, and may combine this information with other personal information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in a personally identifiable format.

We may also receive information about you as a result of our integrations with various third-party services. When we integrate with third-party APIs, we only collect and retain the data necessary to provide our fraud detection service.

Collection and Processing of Sensitive Information

The Service does not collect or process "sensitive information," which includes data describing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (except for device fingerprints used solely for fraud detection), personal health information and any other healthcare data or related data, data concerning a natural person's sex life or sexual orientation, and government-issued identifiers.

If you provide payment card information when subscribing to the Service, this information is processed directly by our payment processor, Stripe. We do not directly process or store your complete payment card details.

Cookies and Similar Technologies

The Service uses cookies and similar technologies to distinguish you from other users of the Service and to provide core fraud detection functionality. This enables us to identify fraudulent traffic patterns, maintain user sessions, and provide you with the functionality specifically linked to your user profile.

Types of Technologies We Use

• Cookies: Small files that allow for personalization of the Service experience by saving information such as your user ID and preferences.
• Local Storage: A related technology that allows preferences and session information to be stored locally on your computer or mobile device.
• Device Fingerprinting: For visitors who click on your advertisements, we generate a temporary device fingerprint by analyzing browser characteristics, screen resolution, installed fonts, canvas rendering, and other technical attributes. This fingerprint is used exclusively for fraud detection and is not used for cross-site tracking or advertising purposes.

Managing Cookies

You can manage or disable cookies directly through your browser settings, which may allow you to block or delete cookies. Please note, however, that if you disable cookies, certain features of the Service may not function properly. In addition, you can adjust your cookie preferences at any time by clicking on the "Cookie Settings" or the "Do Not Sell or Share My Personal Information" link in the footer of our Site.

We also honor the Global Privacy Control (GPC) signal, where supported by your browser or device. When we detect a valid GPC signal, we will treat it as a request to opt out of the sale or sharing of personal information and to limit the use of cookies or similar technologies for targeted advertising, as required by applicable law.

Please be aware that third parties, such as companies displaying advertisements on the Service or providers of third-party websites and services ("Third-Party Sites") that may be accessible from links on our Site, may also set cookies or use other tracking technologies to collect information about your use of their services, Third-Party Sites, or content. Except as otherwise described in this Privacy Policy, we do not control or have access to these third-party cookies or tracking technologies.

For more information about our use of cookies and similar technologies, please refer to our Cookie Policy at https://adwaste.io/cookies.

How Do We Use Personal Information?

We use the personal information we have collected for the following purposes:

• To facilitate the creation of your account with the Service, to secure and personalize your interaction with the Service, and to provide the fraud detection services you have requested
• To analyze visitor traffic to your Shopify store and identify potentially fraudulent clicks from your advertising campaigns
• To correlate ad spend data from Meta and TikTok with actual order conversions on your Shopify store
• To generate reports showing blocked bot traffic, traffic quality metrics, and return on ad spend calculations
• To send you a welcome email to verify ownership of the email address provided when your account was created with the Service
• To send you administrative email notifications, such as security alerts, support and maintenance advisories, and subscription-related communications
• We may also use the personal information you provide to contact you regarding your use of the Service or to solicit feedback
• When you communicate with us using one of the methods described in this Privacy Policy, we may keep a record of the time and date of any correspondence and organize this correspondence in one or more electronic filing systems, an email system, or a customer relationship management system
• We link this personal information to data about the way you use our Service and the pages you visit to help enhance, improve, operate, and maintain our Service, our platforms, websites, and other systems
• To prevent fraudulent use of our Service and other systems, and to maintain the security and integrity of our Service
• To monitor and maintain the quality of our Service, and to improve, upgrade, or enhance our Service
• To prevent or take action against activities that are, or may be, in violation of our Terms of Service or applicable law
• To investigate disputes or claims related to our Service
• To respond to legal, government, or regulatory requests
• We may also use the personal information you provide for direct marketing of our Services to you. We allow you to opt out of receiving marketing communications from us as described in the Communication Choices section below. Even if you opt out, we may continue to send you administrative and security-related emails
• For internal product development purposes, to conduct testing and research, to develop new features and services, and to improve existing ones
• To conduct analytics, including to better understand you and our other users, user needs, and usage trends
• To respond to your inquiries related to the Service
• Use your personal information for any other purpose described to you at the time the information was collected

We may also use your personal information for any other legitimate business purposes not otherwise prohibited by law.

When Do We Share Personal Information?

Except as described in this Privacy Policy, we will not disclose your personal information that we collect on the Service to third parties without your consent. Even if you provide consent, you have the choice to opt out of this sharing, and you may do so by using the information in the Contacting Us section of this Privacy Policy. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Service Providers: We may disclose personal information to third-party service providers (e.g., cloud hosting providers, database providers, payment processors, authentication services, analytics providers, and error monitoring services) who assist us in our work and who are acting as agents to perform this work on behalf of and under our instructions. We limit the personal information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such personal information as part of our contractual arrangements with these service providers. Our current service providers include:

• Vercel (application hosting and infrastructure)
• Supabase (database and data storage)
• Stripe (payment processing)
• Clerk (user authentication and account management)
• Google Analytics (usage analytics with IP anonymization)
• Sentry (error monitoring and application performance)

Data and Advertising Partners: We may disclose aggregated and anonymized information to analytics providers to improve our Service. We do not sell personal information to data brokers or use your information for unrelated advertising purposes.

Other Users: We may share your aggregated and anonymized information in aggregate reports about our Service's effectiveness. Any such sharing does not include personally identifiable information and is presented only in aggregate form.

Business Transfers: Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of company assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

To Protect Our Interests: We also disclose personal information if we believe that doing so is legally required, or is in our interest to protect our property or other legal rights (including, but not limited to, enforcement of our agreements) or the rights or property of others, or otherwise to help protect the safety or security of our Service and other users of the Service.

To Comply with the Law: We may also disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Communication Choices

If you receive marketing emails from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving marketing emails from us and any other promotional communications that we may send to you from time to time by sending your request to us by email at support@adwaste.io or by writing to us at the address given in the Contacting Us section of this Privacy Policy.

Please be aware that if you opt out of receiving marketing emails from us, it may take up to ten business days for us to process your opt-out request, and you may receive marketing emails from us during that period. Additionally, even after you opt out of receiving marketing messages from us, you will continue to receive administrative, security, and transactional messages from us regarding your use of the Service.

Rights to Access

If you have a user account and profile on our Service, you can access and update many categories of personal information by logging in and visiting your account settings. If you wish to access or amend other personal information we hold about you, contact us at support@adwaste.io.

If you request deletion of your account, we will do so within a reasonable period of time. We may, however, retain some personal information to satisfy legal obligations or where we reasonably believe we have a legitimate reason to do so. We may also retain certain account information as described in our data retention policies. For information on managing or unsubscribing from marketing communications, see the Communication Choices section. For more details about your rights, please review this Privacy Policy.

Links to External Sites

The Service may contain links to other websites, products, or services that we do not own or operate. The Service also may contain links to Third-Party Sites. If you choose to visit or use any Third-Party Sites or products or services available on or through such Third-Party Sites, please be aware that this Privacy Policy will not apply to your activities or any information you disclose while using those Third-Party Sites or any products or services available on or through such Third-Party Sites. We are not responsible for the privacy practices of these Third-Party Sites or any products or services on or through them. We encourage you to carefully review the privacy policies applicable to any website or service you visit other than the Service before providing any personal information on them.

When you connect your Shopify store or Meta/TikTok ad accounts to our Service, you do so through the official APIs provided by those platforms. You can review their privacy policies here:

• Shopify Privacy Policy: https://www.shopify.com/legal/privacy
• Meta Privacy Policy: https://www.facebook.com/privacy/policy/
• TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy

When you provide payment information through Stripe, you grant us and Stripe the right, power, and authority to act on your behalf to process your payments. You agree to your personal and financial information being transferred, stored, and processed by Stripe. You can access Stripe's privacy policy here: https://stripe.com/privacy.

How Long Do We Keep Your Personal Information For?

Unless otherwise specifically stated elsewhere in this Privacy Policy, we will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Subscriptions: Data is retained while your account is active and you maintain an active subscription.

After Cancellation: We retain account, traffic analysis data, and fraud detection logs for 12 months after subscription cancellation to allow you to reactivate your account or retrieve historical reports.

Payment Records: Kept for 7 years to comply with tax and accounting regulations.

Fraud Detection Data: Blocked bot IPs, device fingerprints, and fraud indicators are retained for 12 months to improve detection accuracy across all customers.

Aggregated and anonymized data that no longer identifies you or any other user of the Service is maintained for the purposes necessary to provide the Service and may be retained indefinitely.

What Is Our Policy on Children?

Our Services are not directed to users under the age of 18, and we do not knowingly collect personal information from children under the age of 18 without obtaining parental consent. If we learn that we have collected personal information from a child under the age of 18 on our Services, we will delete that information as quickly as possible. If you believe that we may have collected any such personal information on our Services, please notify us at support@adwaste.io.

How Do We Secure Your Personal Information?

To help protect your data, we use commercially reasonable measures to safeguard the information we collect, including personal information. These measures include protecting data against accidental loss, unauthorized use, and disclosure, as well as restricting access to personal information by our staff. The Service is hosted by third-party hosting providers (Vercel and Supabase) that we have determined maintain adequate security controls and utilize TLS 1.3+ encryption for all internet communication with the Service.

We also require all staff who administer and develop the Service to follow industry-standard security practices, such as using strong passwords, multi-factor authentication, anti-virus and anti-malware software, disk encryption, and other protective measures. In addition, we conduct vendor due diligence on the third-party processors we use to provide the Service, reviewing their security controls to ensure they meet industry standards appropriate for the types of data processed.

Please note, however, that the Service relies on software, hardware, and networks that may, from time to time, require maintenance or experience issues beyond our control. No method of data transmission over the public internet or method of electronic storage can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the absolute security of any information you provide to us, and you transmit information to us at your own risk.

European Privacy Notice

Where this European Privacy Notice applies: This European privacy notice section applies only to individuals located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland (i.e., "Europe" as defined at the top of this Privacy Policy).

GDPR Personal Data: References to "personal information" in this Privacy Policy should be understood to include a reference to "personal data" as defined in the GDPR (i.e., the General Data Protection Regulation 2016/679 ("EU GDPR")) and the EU GDPR as it forms part of the laws of the United Kingdom ("UK GDPR") and the Swiss Federal Act on Data Protection ("FADP"). For the purposes of these laws, the personal data that we collect from and about you is described in greater detail in What Information Do We Collect? above.

Controller: AdWaste AI (operated by Veymont Ventures LLC) is a "controller" in respect of the processing of your personal information covered by this Privacy Policy for purposes of the GDPR and the FADP. See the Contacting Us section above for our contact details.

Our GDPR Representatives: We have appointed representatives in Europe as required by the GDPR. You can contact them directly should you wish. See the Contacting Us section above for our representatives' contact details.

Legal Basis for Processing in Europe

If you are located in Europe, we need to inform you about the legal basis on which we collect and use your personal information. In Europe, the purposes for which we process your personal information are:

• Where we need to perform the contract we are about to enter into or have entered into with you for the Service
• For the purposes of legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests
• When we have your consent to do so. When consent is the legal basis for our processing of your personal data, you may withdraw such consent at any time
• Where we need to comply with a legal or regulatory obligation

The legal basis depends on the category of personal information being processed and the purpose for that processing. The following table indicates each category of personal information we process and the legal bases we rely on to do so. Where legitimate interest has been used as the legal basis for processing, the specific legitimate interest we use has been described.

Please contact us if you need details about the specific legal basis we are relying on to process your personal information, where one or more legal bases have been indicated.

EU Privacy Rights

If you are located in Europe, you have the following Data Subject Rights with respect to your personal information that we hold:

• Right of access: You have the right to access the personal information that we hold about you
• Right to rectification: You may have the right to require us to correct any inaccurate or incomplete personal information we hold about you
• Right to erasure: In certain circumstances, you may have the right to the erasure of the personal information we hold about you (for example, where it is no longer necessary in relation to the purposes for which it was collected or processed)
• Right to restriction: You may have the right to request that we restrict the processing of your personal information in certain circumstances (for example, where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information)
• Right to portability: In some limited circumstances, you may have the right to portability, which allows you to move, copy, or transfer personal information from one organization to another
• Right to object: You have a right to object to us processing your personal information when the processing is based on legitimate interests and also to stop us from sending you direct marketing
• Rights in relation to automated decision making and profiling: You have the right not to be subject to a decision that affects you based solely on automated processing. We do not perform any automated decision-making or profiling that produces legal effects

If you wish to exercise one of these rights, please contact us using the information in the Contacting Us section of this Privacy Policy.

Where Do We Store and Process Your Personal Information?

International Transfers: Our servers and data centers are located in the United States (US). If you choose to use the Service from outside the US, then you should know that you are transferring your personal information outside of your region and into the US for storage and processing. We may also transfer your data from the US to other countries or regions in connection with the storage and processing of data, fulfilling your requests, and operating the Service. You should know that each region can have its own privacy and data security laws, some of which may be less stringent as compared to those of your own region. If you are located in the European Union (EU), the United Kingdom (UK), or Switzerland, then the countries we may transfer your data to, including the US, may not have data protection laws as comprehensive as those in your own country. To ensure your data is protected, and that we comply with the applicable data protection laws, we have implemented the following measures:

• EU-US Data Privacy Framework: We comply with the EU-US Data Privacy Framework ("EU-US DPF"), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF") for the purposes of processing data received from the EU, UK, and Switzerland. Please see the section "US Data Privacy Framework Notice" in this Privacy Policy for more information.
• Standard Contractual Clauses: We use the Standard Contractual Clauses (SCCs) for transfers of personal information to us, and also for transfer of personal information to third-party service providers. These clauses require the recipients to protect the personal information they receive in accordance with European data protection laws and regulations. Details of our use of SCCs can be provided upon request.
• Adequacy Decisions: Where applicable, we may rely on adequacy decisions provided by the European Commission under Article 45 of the GDPR to transfer your personal information outside of the EU, the UK, or Switzerland.

US Data Privacy Framework Notice

We comply with the EU-US Data Privacy Framework ("EU-US DPF"), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework ("Swiss-US DPF") as set forth by the US Department of Commerce. AdWaste AI (operated by Veymont Ventures LLC) has certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles ("EU-US DPF Principles") with regard to the processing of personal data received from the European Union in reliance on the EU-US DPF, and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. AdWaste AI has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles ("Swiss-US DPF Principles") with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF and UK Extension to the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Onward Transfers: For personal information subject to an onward transfer by us under the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework, we will remain liable under the Data Privacy Framework Principles (the "Principles") if a recipient of your personal information processes such personal information in a manner inconsistent with the Principles, unless we are able to prove that we are not responsible for the event giving rise to the inconsistent processing.

Jurisdiction and Enforcement

As part of our participation in the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).

• For European Union residents, you also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
• For UK residents, you also have the right to lodge a complaint to the UK Information Commissioner's Office at: https://ico.org.uk/
• For Swiss residents, you also have the right to lodge a complaint to the Swiss Federal Data Protection and Information Commissioner (FDPIC) at: https://www.edoeb.admin.ch/edoeb/en/home.html
• In compliance with the EU-US DPF and UK Extension to the EU-US DPF Principles and the Swiss-US DPF Principles, we commit to resolving complaints about your privacy and our collection or use of your personal information. European Union, UK, and Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us at support@adwaste.io.
• We have further committed to refer unresolved privacy complaints under the EU-US DPF and UK Extension to the EU-US DPF Principles and the Swiss-US DPF Principles to an independent dispute resolution mechanism. If you do not receive a timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS at: https://www.jamsadr.com/DPF-Dispute-Resolution for more information and to file a complaint.
• Under certain conditions specified by the EU-US DPF and UK Extension to the EU-US DPF Principles, and the Swiss-US DPF Principles, you may also be able to invoke binding arbitration to resolve your complaint.

California Privacy Notice

This section describes how we collect, use, and share the Personal Information of California residents in our capacity as a "business" under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA") and the rights these users may have with respect to their Personal Information.

For purposes of this section, the term "Personal Information" has the meaning given in the CCPA and does not include information exempted from the scope of the CCPA.

Categories of Personal Information We Collect and Disclose

In the preceding 12 months, we have collected the following categories of personal information, as defined by the CCPA, and referencing the categories described in the What Information Do We Collect section of this Privacy Policy. The table below also describes the categories of third parties to whom we may disclose this information for business purposes and the categories of third parties to whom we sell or share personal information.

Purposes for Our Collection of Your Information

We may use your personal information for the purposes described in the How Do We Use Your Personal Information section of this Privacy Policy and for the following business purposes specified in the CCPA:

• Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing fraud detection services, internal business analytics, or providing similar services on behalf of the business or service provider
• Auditing related to our Service interactions and concurrent transactions
• Helping to ensure the security and integrity of our Sites and Services
• Debugging to identify and repair errors that impair the functionality of our Sites and Services
• Undertaking internal research for internal product development purposes
• Undertaking activities to verify or maintain the quality or safety of our Sites and Services

We do not collect or process sensitive personal information for purposes of inferring characteristics about consumers, and/or for purposes subject to the right to limit under the CCPA.

Sales and Sharing

Under the CCPA, "sales" and "sharing" are broadly defined, respectively, and include disclosing or making available personal information in exchange for monetary or other valuable consideration or for purposes of cross-context behavioral advertising. We do not sell or share your personal information as defined by the CCPA. We do not disclose personal information to third parties for monetary consideration, and we do not disclose personal information for cross-context behavioral advertising purposes. We do not have actual knowledge that we sell or share the personal information of minors under 16 years of age. For more information about our policy regarding the information of minors, please see the section What Is Our Policy on Children? in this Privacy Policy.

Retention

Unless otherwise specifically stated elsewhere in this Privacy Policy, we will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Aggregated and anonymized information that no longer identifies the user of the Services is maintained for the purposes necessary to provide the Services, and will not attempt to re-identify this information unless permitted by applicable law.

California Consumer Privacy Rights

If you reside in California, you may have the following rights:

• Right to Know: You can request the following information about how we have collected and used your Personal Information during the past 12 months:
  • The categories of personal information that we have collected
  • The categories of sources from which we collected personal information
  • The business or commercial purpose for collecting and/or selling personal Information
  • The categories of third parties with which we share personal information
  • The categories of personal information that we sold or disclosed for a business purpose
  • The categories of third parties to whom the personal information was sold or disclosed for a business purpose
• Right to Access: You can request a copy of the personal information that we have collected about you during the past 12 months
• Right to Correction: You can ask us to correct inaccurate personal information that we have collected about you
• Right to Delete: You can ask us to delete the personal information that we have collected from you
• Right to Opt-Out of the Sale or Sharing of Personal Information: While we do not currently sell or share personal information as defined by the CCPA, you may exercise this right for future changes by clicking the "Do Not Sell or Share My Personal Info" link in the footer of our homepage
• Right to Nondiscrimination: You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA

You may exercise these rights by contacting support@adwaste.io. Please note the above rights are not absolute, and we may be entitled to refuse requests in whole or in part where applicable. We will respond to verifiable requests from consumers or authorized agents as required by law.

When you submit a request to exercise your California Consumer Privacy Rights, we will take steps to verify your request by matching the request with the information in our records. Additional information may be required in some cases to verify a request or where necessary to process your request.

If you designate an authorized agent to make a request on your behalf for which verification is required, we may (1) require you to provide the authorized agent written permission to do so, and (2) require you to verify your own identity directly with us. We will not respond to your data rights request until we are able to verify your identity or confirm the validity of an authorized agent request.

If you have enabled the Global Privacy Control (GPC) universal opt-out preference signal, we will honor this signal as required by the CCPA.

Note that we do not provide financial incentive programs, such as discounts or rewards, in exchange for the collection, retention, or sale of personal information.

California Shine the Light

A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes ("California Customer") is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties' direct marketing purposes, subject to certain exceptions, as defined in California Civil Code Sec. 1798.83. We do not share Personal Information with third parties for the third parties' direct marketing purposes.

Privacy Notice for Other US States

The following State Privacy Notice supplements this Privacy Policy and applies solely to consumers located in Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Florida, Montana, Oregon, Delaware, New Hampshire, New Jersey, Kentucky, Nebraska, Rhode Island, Minnesota, Maryland, and any other US states with applicable data protection laws that address personal information collected online. The date of applicability of these regulations may vary across states.

Categories of Personal Information Collected

We may process the categories of personal information listed in the What Information Do We Collect section of this Privacy Policy.

Purposes for which Personal Information is collected

We may process the personal information we collect about you for the purposes listed in the How Do We Use Personal Information section of this Privacy Policy.

Sharing of Personal Information

As further described in the When Do We Share Personal Information section of this Privacy Policy, we may share information with third-party service providers to help us operate our fraud detection service and improve our platform. We do not sell personal information or share it for cross-context behavioral advertising.

We will not discriminate against you for exercising any of the rights that are provided to you under applicable state laws.

We do not conduct profiling in furtherance of decisions that produce legal or similarly significant effects for consumers.

To the extent we process de-identified personal information, we will maintain and use it in a de-identified form and will not attempt to re-identify it unless permitted by applicable law.

Consumer Privacy Rights

You may have certain rights pursuant to the applicable state data protection laws:

• Right to Access: You may have the right to access the personal information or categories of personal information collected about you, the personal information or categories of personal information shared with third parties, or the specific third parties or categories of third parties to which your personal information was shared, or some combination of similar information
• Right to Correct: You may have the right to correct outdated or incorrect personal information that we may have collected about you
• Right to Delete: You may have the right to request the deletion of your personal information under certain conditions
• Right to opt out of certain processing: You may have the right to opt out of processing for purposes of sale or targeted advertising or the processing of your sensitive information. We do, however, not process sensitive personal information as defined by the applicable state data protection laws, nor do we sell personal information or engage in targeted advertising
• Right to Portability: You may have the right to obtain a copy of your personal information in a portable, and to the extent technically feasible, readily usable format

You may exercise these rights by contacting support@adwaste.io. Please note the above rights are not absolute, and we may be entitled to refuse requests in whole or in part where applicable. We will respond to verifiable requests from consumers or authorized parties as required by law.

When you submit a request, and where applicable, we will take steps to verify your request by matching the request with the information in our records. Additional information may be required in some cases to verify a request or, where necessary, to process your request. If you designate an authorized agent to make a request on your behalf for which verification is required, we may (1) require you to provide the authorized agent written permission to do so, and (2) require you to verify your own identity directly with us. We will not respond to your data rights request until we are able to verify your identity or confirm the validity of an authorized agent request.

Updates to This Policy

We may occasionally update this Privacy Policy. When we do, we will also revise the "Last updated" date at the beginning of the Privacy Policy. Your continued use of our Service after such changes will be subject to the then-current Privacy Policy. If we change this Privacy Policy in a manner that is material, we will use reasonable efforts to notify you via the contact methods you have provided of the change prior to applying the change to any personal information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and disclose personal information.