Privacy Policy

We may also share your information in the following circumstances:

• Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected about you to the other company. As part of the business transfer process, we may share certain of your information with lenders, auditors, and third party advisors, including attorneys and consultants.
• In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
• To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation in which we are involved.
• Aggregate and De-Identified Information. We may share aggregate, anonymized, or de-identified information about users with third parties for marketing, advertising, research or similar purposes, except as prohibited by applicable law.
• Consent. We may also disclose your information with notice to you and your consent.

Our Use of Cookies and Other Tracking Mechanisms

We and our third party vendors use cookies and other tracking mechanisms to track information about your use of our Services. We may combine this information with other information we collect about you (and our third party vendors may do so on our behalf).

• Cookies. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. For example, if you have items in your shopping basket and then leave our Site and come back, persistent cookies will keep your items in the shopping basket. The Hypothesis uses cookies to collect information around abandoned shopping carts. A cart is considered abandoned within one hour of inactivity/lack of purchase. Once the cart is considered abandoned, an SMS message will be sent as a reminder. Please review your web browser's "Help" file to learn the proper way to modify your cookie settings. For additional information on our use of cookies, please see here. For information on your choices regarding our use of cookies, please click here. Please note that if you delete or choose not to accept cookies from the Services, you may not be able to utilize the features of the Services to their fullest potential.
• Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer's hard drive, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs, or pixel tags) to among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third party vendors also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
• Third Party Analytics. We use automated tools and applications provided by third parties—such as Adobe Analytics for website analytics and Bloomreach for site search, personalization, and merchandising—to help us understand how visitors use our Site. These tools allow us to analyze trends, evaluate Site performance, improve navigation, and enhance the user experience.

The providers of these tools may use cookies, pixels, tags, and other tracking technologies to collect information about your interactions with the Site, including pages viewed, actions taken, and device and browser information. These third parties may also combine the information they collect from our Site with information they receive from other sources in order to improve their services.

You can manage your cookie and tracking preferences through our cookie settings tool or by adjusting your browser settings. Where required by law, we honor browser-based opt-out signals such as Global Privacy Control (GPC).

• Third Party Ad Networks. We use third party advertising partners to show you ads that we think may interest you. Most of these third party advertising partners are participants of the Digital Advertising Alliance ("DAA") and/or the Network Advertising Initiative ("NAI"). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants' other customers or from other technology services).
• Do Not Track. Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit http://www.allaboutdnt.com.

Promotional Communications

• Emails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or by making a request at the following link. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or our ongoing business relations. Please note that your opt-out is limited to the email address used and will not affect subsequent subscriptions.
• Text messages. For text message communications, you may opt-out at any time by texting "STOP" to the appropriate shortcode available from our confirmation text message or by making a request at the following link and specifying you want to opt-out of text messages.

Third Party Links

Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but is instead governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

Security

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

Children

Our Services are not designed for children under the age of 13. If we discover that a child under 13 has provided us with information, we will take good faith reasonable efforts to delete such information from our systems.

We do not knowingly "sell," as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

International Transfers

We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Services from outside of the U.S., please be aware that information collected through the Services may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Privacy Policy.

Additional Information for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us at [email protected].

Additional Information for California Residents

These additional disclosures apply only to California residents. (CCPA/CPRA)

The California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”) provides additional rights to know, delete and opt-out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise these rights unless certain exceptions apply.

Portions of our Services are intended to provide information and services to clients and potential clients. If you use the Services on behalf of a client or potential client, you understand and agree that the information collected about you is solely within the context of (i) your role as an employee, owner, director, officer, or contractor ("business representative") or (ii) The Hypothesis conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

Under the CCPA/CPRA, "personal information" is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA/CPRA.

Categories of Personal Information We Collect, Disclose, Sell, and Share

The chart below describes the categories of personal information that we collect, disclose for a business purpose, and sell or share. Under the CCPA/CPRA, “sell” includes disclosing personal information in exchange for monetary or other valuable consideration, and “share” refers specifically to disclosures made for cross-context behavioral advertising. For example, certain cookies, pixels, and tracking technologies used for advertising or retargeting may be considered a “sale” or “sharing” of personal information under California law. In the chart below, we indicate which categories of personal information we may sell or share in connection with these activities.

Categories of personal information	Do we collect?	Do we disclose for a business purpose(s)?	Do we "sell"?	Categories of Third Parties to whom we may disclose or "sell" this information
Name, Contact Information, and Other Identifiers: Identifiers such as a real name, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, phone number.	YES	YES	NO	service providers affiliates and subsidiaries advertising networks
Customer Records: Paper or electronic customer records containing personal information, such as name, address, telephone number, email address, account credentials, and other information you provide in connection with creating an account, completing a purchase, interacting with customer service, or participating in our programs. This category may also include certain employment or education information if you provide it to us in connection with an application, inquiry, or other interaction.	YES	YES	NO	service providers affiliates and subsidiaries
Purchase History and Tendencies: Commercial information, including records of products or services purchased, returned, exchanged, or considered; items added to cart or saved for later; browsing and shopping preferences; frequency of purchases; purchase value ranges; interaction with promotions or discounts; and other purchasing or consumption histories or tendencies related to your use of our Site and Services.	YES	YES	NO	service providers affiliates and subsidiaries
Usage Data: Internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search queries, the pages or content viewed, time spent on pages, scrolling, swiping, and interaction patterns, mouse movements, referring and exit pages, search terms entered, how you navigate and use our Site, device and browser settings, access dates and times, IP address, error logs, diagnostic data, and information regarding your interactions with our emails, advertisements, and online content.	YES	YES	NO	service providers affiliates and subsidiaries advertising networks
Professional or Employment-related Information: Employment history, qualifications, licensing, disciplinary record	YES	YES	NO	service providers affiliates and subsidiaries
Profiles and Inferences: Inferences drawn from the information described above to create a profile about a consumer reflecting preferences, interests, shopping behavior, purchase likelihood, and predicted characteristics—for example, preferred product categories, estimated purchasing propensity, engagement levels, or the likelihood of responding to certain offers or content.	YES	YES	NO	service providers affiliates and subsidiaries advertising networks

Please see the "Information We Collect About You" and "How We Use Your Information" sections above for additional information regarding the sources from which we receive your information and the purposes for which we collect your personal information.

Please see the "How We Share Your Information" section above for additional information regarding the categories of third parties with which we share your information.

California Consumer Rights

California law grants consumers certain rights and imposes restrictions on particular business practices as set forth below.

• Right to Opt Out of Sale of Personal Information ("Do Not Sell"). California residents have the right to opt out of our sale or sharing of your personal information for cross-context behavioral advertising. You may opt out of this information sharing by clicking "Do Not Sell My Personal Information" or emailing us at [email protected], with the words "California Right to Opt-Out" in the subject line.
• Right to Know. You have the right to request that we disclose the categories of personal information we collected about you, the categories of sources from which we collected the personal information, the categories of personal information that we sold or disclosed, our business or commercial purpose for collecting and selling your personal information, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information we collected about you over the past 12 months.
• Right to Delete. Subject to certain exemptions, you have the right to request that we delete the personal information we have collected about you in the prior twelve (12) months.
• Non-Discrimination. You have the right not to be discriminated against for exercising the rights above. We will not discriminate against you if you exercise your CCPA rights.
• Right to Limit the Use of Sensitive Personal Information. We use sensitive personal information only for permitted purposes—such as processing payments, preventing fraud, and providing you requested services. Therefore, the Right to Limit does not apply.

Submitting Requests

You can exercise your rights by:

• Clicking here
• Emailing [email protected]

When you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information, use identity verification services to assist us, or, if you have created an account on our website, we may ask you to sign in to your account as part of our identity verification process. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request where we are satisfied that we have verified your identity to an appropriate degree of certainty.

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent's permission to do so and will verify your identity directly.

Additional Information for Residents of Certain U.S. States

Several U.S. states have enacted consumer privacy laws that provide residents with certain rights regarding their personal information, including the rights to access, correct, delete, or obtain a copy of their personal information, as well as the right to opt out of the sale of personal information, targeted advertising, or certain types of profiling. These rights are available to residents of states such as Colorado, Connecticut, Virginia, Utah, Oregon, Texas, and other states with similar laws.

If you are a resident of one of these states, you may exercise your rights by using the methods described in the “Submitting Requests” section above. We will verify your request and respond as required by applicable law.

Where required, we provide an appeals process if we deny your request. To submit an appeal, please respond to our request decision email or contact us at [email protected].

We do not use personal information for profiling in furtherance of decisions that produce legal or similarly significant effects, unless permitted by law.

We recognize user-enabled global privacy controls (such as Global Privacy Control) as opt-out signals for targeted advertising where required by applicable law.

Additional Information for EU/UK Residents

These additional disclosures apply only to EU/UK residents. This section provides additional information about our collection, use, and disclosure of personal data collected through the Site or in the course of our business activities conducted in the European Economic Area and the United Kingdom when our processing is governed by the General Data Protection Regulation ("GDPR"). For the purposes of this notice, "personal data" will have the same meaning as adopted by the GDPR, defined as any information relating to an identified or identifiable natural person. This notice does not apply to the information collected, stored, shared, or distributed by third-party sites.

Data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors"). The Hypothesis acts as a controller with respect to personal data collected as you interact with our websites, emails, and advertisements.

Lawful Basis for Processing

Data protection laws in Europe require a "lawful basis" for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

Your Data Subject Rights

If you are a data subject in the European Economic Area ("EEA"), you have the right to access, rectify, or erase any personal data we have collected about you through the Services, subject to certain exceptions. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Services, subject to certain exceptions. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, contact us as set forth in the section entitled "Contact Us" below and specify which European privacy right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

You may also correct and update your personal data, such as your billing address and other account information, by logging into your account. Once you have logged into your account, you can update or change your account information by accessing the My Account link at the top of every page.

Complaints

If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us. To do so, please contact us as set forth in the "Contact Us" section below or email our Data Protection Officer ("DPO") at [email protected].

Contact Us

The Hypothesis welcomes your questions and comments about privacy. If you have questions about the privacy aspects of our Site or would like to make a complaint, please send us an email via our online contact us form.

This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at [email protected].

Changes to this Privacy Policy

This Privacy Policy is current as of the Effective Date set forth above. We may change this Privacy Policy from time to time, so please be sure to check back periodically.

We will post any changes to this Privacy Policy on our Site. If we make any changes to this Privacy Policy that materially affect our practices with regard to the information we have previously collected about you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or sending you an email.