Privacy Policy

We may also share your information in the following circumstances:

• Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected about you to the other company. As part of the business transfer process, we may share certain of your information with lenders, auditors, and third party advisors, including attorneys and consultants.
• In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
• To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Privacy Policy, or as evidence in litigation in which we are involved.
• Aggregate and De-Identified Information. We may share aggregate, anonymized, or de-identified information about users with third parties for marketing, advertising, research or similar purposes, except as prohibited by applicable law.
• Consent. We may also disclose your information with notice to you and your consent.

Our Use of Cookies and Other Tracking Mechanisms

We and our third party vendors use cookies and other tracking mechanisms to track information about your use of our Services. We may combine this information with other information we collect about you (and our third party vendors may do so on our behalf).

• Cookies. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. For example, if you have items in your shopping basket and then leave our Site and come back, persistent cookies will keep your items in the shopping basket. The Hypothesis uses cookies to collect information around abandoned shopping carts. A cart is considered abandoned within one hour of inactivity/lack of purchase. Once the cart is considered abandoned, an SMS message will be sent as a reminder. Please review your web browser's "Help" file to learn the proper way to modify your cookie settings. For additional information on our use of cookies, please see here. For information on your choices regarding our use of cookies, please click here. Please note that if you delete or choose not to accept cookies from the Services, you may not be able to utilize the features of the Services to their fullest potential.
• Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer's hard drive, clear GIFs are embedded invisibly on web and app pages. We may use clear GIFs (a.k.a. web beacons, web bugs, or pixel tags) to among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third party vendors also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
• Third Party Analytics. We use automated devices and applications provided by third parties, such as Google Analytics, to evaluate usage of our Site. We also may use other, third-party provided analytic means to evaluate our Site. We use these tools to help us improve our Site, performance, and user experiences. The entities providing these tools may use cookies and other tracking technologies to perform their services. Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout, by Google Analytics for Display Advertising or the Google Display Network at https://www.google.com/settings/ads/onweb/, or downloading the Google Analytics Opt-out Browser Add-on.
• Third Party Ad Networks. We use third party advertising partners to show you ads that we think may interest you. Most of these third party advertising partners are participants of the Digital Advertising Alliance ("DAA") and/or the Network Advertising Initiative ("NAI"). To learn more about the targeted ads provided by these companies, and how to opt out of receiving certain targeted ads from them, please visit: (i) for website targeted ads from DAA participants, https://www.aboutads.info/choices; and (ii) for targeted ads from NAI participants, https://www.networkadvertising.org/choices/. Opting out only means that the selected participants should no longer deliver certain targeted ads to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., in connection with the participants' other customers or from other technology services).
• Do Not Track. Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit http://www.allaboutdnt.com.

Promotional Communications

• Emails. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or by making a request at the following link. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or our ongoing business relations. Please note that your opt-out is limited to the email address used and will not affect subsequent subscriptions.
• Text messages. For text message communications, you may opt-out at any time by texting "STOP" to the appropriate shortcode available from our confirmation text message or by making a request at the following link and specifying you want to opt-out of text messages.

Third Party Links

Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but is instead governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

Security

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

Children

Our Services are not designed for children under the age of 13. If we discover that a child under 13 has provided us with information, we will take good faith reasonable efforts to delete such information from our systems.

We do not knowingly "sell," as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

International Transfers

We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Services from outside of the U.S., please be aware that information collected through the Services may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Services or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Privacy Policy.

Additional Information for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us at [email protected].

Additional Information for California Residents

These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 ("CCPA") provides additional rights to know, delete and opt-out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise these rights unless certain exceptions apply.

Portions of our Services are intended to provide information and services to clients and potential clients. If you use the Services on behalf of a client or potential client, you understand and agree that the information collected about you is solely within the context of (i) your role as an employee, owner, director, officer, or contractor ("business representative") or (ii) The Hypothesis conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

Under the CCPA, "personal information" is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. It does not include publicly available data as defined by the CCPA.

Categories of Personal Information We Collect, Disclose, and Sell

The chart below describes the categories of personal information that we collect, disclose for a business purpose, and "sell." Note that under the CCPA's definition of "sell," using cookies for website analytics and targeted ads may be considered a "sale." In the chart below, the categories of personal information that we "sell" are related to these transactions.

Categories of personal information	Do we collect?	Do we disclose for a business purpose(s)?	Do we "sell"?	Categories of Third Parties to whom we may disclose or "sell" this information
Name, Contact Information, and Other Identifiers: Identifiers such as a real name, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address	YES	YES	YES	service providers affiliates and subsidiaries advertising networks
Customer Records: Paper and electronic customer records containing personal information, such as name, signature, education, current employment, employment history	YES	YES	NO	service providers affiliates and subsidiaries
Purchase History and Tendencies: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies	YES	YES	NO	service providers affiliates and subsidiaries
Usage Data: Internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident's interaction with an internet website, application, or advertisement, including access logs and other activity information related to your use of our Site and online services	YES	YES	YES	service providers affiliates and subsidiaries advertising networks
Professional or Employment-related Information: Employment history, qualifications, licensing, disciplinary record	YES	YES	NO	service providers affiliates and subsidiaries
Profiles and Inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes	YES	YES	YES	service providers affiliates and subsidiaries advertising networks

Please see the "Information We Collect About You" and "How We Use Your Information" sections above for additional information regarding the sources from which we receive your information and the purposes for which we collect your personal information.

Please see the "How We Share Your Information" section above for additional information regarding the categories of third parties with which we share your information.

California Consumer Rights

California law grants consumers certain rights and imposes restrictions on particular business practices as set forth below.

• Right to Opt Out of Sale of Personal Information ("Do Not Sell"). California residents have the right to opt out of our sale of their personal information. You may opt out of this information sharing by clicking "Do Not Sell My Personal Information" or emailing us at [email protected], with the words "California Right to Opt-Out" in the subject line.
• Right to Know. You have the right to request that we disclose the categories of personal information we collected about you, the categories of sources from which we collected the personal information, the categories of personal information that we sold or disclosed, our business or commercial purpose for collecting and selling your personal information, the categories of third parties with whom we shared your personal information, and the specific pieces of personal information we collected about you over the past 12 months.
• Right to Delete. Subject to certain exemptions, you have the right to request that we delete the personal information we have collected about you in the prior twelve (12) months.
• Non-Discrimination. You have the right not to be discriminated against for exercising the rights above. We will not discriminate against you if you exercise your CCPA rights.

Submitting Requests

You can exercise your rights by:

• Clicking here

When you submit your request, we will take steps to attempt to verify your identity. We will seek to match the information in your request to the personal information we maintain about you. As part of our verification process, we may ask you to submit additional information, use identity verification services to assist us, or, if you have created an account on our website, we may ask you to sign in to your account as part of our identity verification process. Please understand that, depending on the type of request you submit, to protect the privacy and security of your personal information, we will only complete your request where we are satisfied that we have verified your identity to an appropriate degree of certainty.

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent's permission to do so and will verify your identity directly.

Additional Information for EU Residents

These additional disclosures apply only to EU residents. This section provides additional information about our collection, use, and disclosure of personal data collected through the Site or in the course of our business activities conducted in the European Economic Area and the United Kingdom when our processing is governed by the General Data Protection Regulation ("GDPR"). For the purposes of this notice, "personal data" will have the same meaning as adopted by the GDPR, defined as any information relating to an identified or identifiable natural person. This notice does not apply to the information collected, stored, shared, or distributed by third-party sites.

Data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as "controllers") and organizations that process personal data on behalf of other organizations (known as "processors"). The Hypothesis acts as a controller with respect to personal data collected as you interact with our websites, emails, and advertisements.

Lawful Basis for Processing

Data protection laws in Europe require a "lawful basis" for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

Your Data Subject Rights

If you are a data subject in the European Economic Area ("EEA"), you have the right to access, rectify, or erase any personal data we have collected about you through the Services, subject to certain exceptions. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you through the Services, subject to certain exceptions. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, contact us as set forth in the section entitled "Contact Us" below and specify which European privacy right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

You may also correct and update your personal data, such as your billing address and other account information, by logging into your account. Once you have logged into your account, you can update or change your account information by accessing the My Account link at the top of every page.

Complaints

If you have any issues with our compliance, you have the right to lodge a complaint with an EEA supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us. To do so, please contact us as set forth in the "Contact Us" section below or email our Data Protection Officer ("DPO") at [email protected].

Contact Us

The Hypothesis welcomes your questions and comments about privacy. If you have questions about the privacy aspects of our Site or would like to make a complaint, please send us an email via our online contact us form.

This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at [email protected].

Changes to this Privacy Policy

This Privacy Policy is current as of the Effective Date set forth above. We may change this Privacy Policy from time to time, so please be sure to check back periodically.

We will post any changes to this Privacy Policy on our Site. If we make any changes to this Privacy Policy that materially affect our practices with regard to the information we have previously collected about you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or sending you an email.