Privacy Policy

Last updated March 23, 2026

Thank you for choosing NEWITY LLC and its affiliates (“NEWITY”, “we”, “us”, “our”). We are committed to protecting your personal and business information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal and business information, please contact us at [email protected].

When you visit and use our website newitymarket.com (the “Website”), use our mobile application, as the case may be (the “App”), and more generally, use any of our services (the “Services”, which include the Website and App), we appreciate that you are trusting us with your personal and business information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it.

This privacy notice applies to all information collected through our Services (which, as described above, includes our Website and App), as well as any related services, sales, marketing, or events.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE USE YOUR INFORMATION?
3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?
4. DO WE “SELL” OR “SHARE” YOUR PERSONAL INFORMATION OR USE IT FOR TARGETED ADVERTISING?
5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6. HOW LONG DO WE KEEP YOUR INFORMATION?
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
8. DO WE COLLECT INFORMATION FROM MINORS?
9. WHAT ARE YOUR PRIVACY RIGHTS?
10. CONTROLS FOR DO-NOT-TRACK AND GLOBAL PRIVACY CONTROL FEATURES
11. CALIFORNIA PRIVACY RIGHTS
12. OTHER U.S. STATE PRIVACY RIGHTS
13. DO WE MAKE UPDATES TO THIS NOTICE?
14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal and business information you disclose to us

We collect personal and business information that you provide to us.

We collect personal and business information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services or otherwise when you contact us.

The personal and business information that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use. The personal and business information we collect may include the following:

Personal and Business Information Provided by You. We collect names; phone numbers; email addresses; mailing addresses; job titles; usernames; passwords; contact preferences; contact or authentication data; billing addresses; SSN/TIN; business information; and other similar information.

All information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal and business information.

Categories of Personal Information Collected (12-Month Disclosure).

In the preceding 12 months, we have collected the following categories of personal information. For each category, we describe the purposes for which we use that information and the categories of third parties to whom we disclose it.

Personal Identifiers.

• Examples: Name, alias, postal address, email address, phone number, account name/username, IP address, device identifiers, online identifiers, and other similar identifiers.
• Purposes: Account registration and authentication; providing and personalizing the Services; customer support; communications; security and fraud prevention; marketing (with consent); legal compliance.
• Categories of Third Parties: Service providers (hosting, analytics, email/SMS delivery, customer support); marketing partners; financial service providers; affiliates; business transfer recipients; legal/regulatory authorities.

Government-Issued Identifiers and Formal Identification.

• Examples: Social Security Number (SSN), Taxpayer Identification Number (TIN), driver’s license number, state ID number, passport number.
• Purposes: Identity verification; underwriting and credit evaluation; fraud prevention; anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance; regulatory obligations; tax reporting.
• Categories of Third Parties: Identity verification vendors; credit bureaus; financial institutions; regulatory and law enforcement authorities; affiliates involved in underwriting/servicing.

Financial and Transaction Information.

• Examples: Bank account numbers and routing information, credit/debit card information, transaction history, payment history, credit scores, credit reports, account balances, loan application data, underwriting decisions.
• Purposes: Processing transactions; underwriting and creditworthiness assessment; providing financial products and services; fraud detection and prevention; collections and servicing; legal and regulatory compliance (including GLBA, FCRA, state lending laws).
• Categories of Third Parties: Payment processors; financial account aggregators (g., Plaid); credit bureaus (Experian, Equifax, TransUnion); lending partners and institutional investors; loan servicers; collections agencies; affiliates; regulatory authorities.

Commercial Information.

• Examples: Records of products or services purchased, obtained, or considered; application and inquiry history; customer preferences; contract information.
• Purposes: Providing and improving the Services; customer support; analytics and research; marketing (with consent); business operations.
• Categories of Third Parties: Service providers (CRM, analytics); lending partners; marketing partners; affiliates; business transfer recipients.

Internet or Other Electronic Network Activity.

• Examples: Browsing history, search history, clickstream data, interaction with our website/app/advertisements, device information, log files, cookies, pixels, web beacons, usage data.
• Purposes: Operating and maintaining the Services; security and fraud prevention; analytics and service improvement; debugging; advertising and marketing (including cross-context behavioral advertising).
• Categories of Third Parties: Analytics providers (Google Analytics); advertising networks and partners; social media platforms; service providers (hosting, CDN, security); affiliates.

Professional or Employment-Related Information.

• Examples: Job title, employer name, business contact information, employment history, income information, business ownership details.
• Purposes: Account administration; underwriting and credit evaluation; business-to-business marketing; service customization; regulatory compliance.
• Categories of Third Parties: Credit bureaus; underwriting partners; business information vendors; affiliates; regulatory authorities.

Inferences and Profiles.

• Examples: Profiles reflecting preferences, characteristics, behavior, creditworthiness, likelihood to engage with certain products, risk assessments.
• Purposes: Personalizing the Services and communications; underwriting and credit decisions; marketing and advertising (including targeted and lookalike audiences); service improvement.
• Categories of Third Parties: Analytics providers; advertising networks; credit bureaus; underwriting partners; affiliates.

Sensitive Personal Information.

Certain categories of personal information listed above are considered “sensitive personal information” under applicable privacy laws (e.g., California CPRA). Sensitive personal information we collect includes: Social Security Number, Taxpayer Identification Number, driver’s license number, state ID number, passport number, financial account numbers and access credentials, precise geolocation data (if collected), and account log-in credentials in combination with passwords or security codes.

We use and disclose sensitive personal information only for the following purposes permitted by law: (a) to perform the services or provide the goods you reasonably expect (including financial products, underwriting, and servicing); (b) to detect, prevent, and investigate security incidents and fraudulent or illegal activity; (c) to ensure physical safety; (d) for short-term, transient use; (e) to verify or maintain the quality and safety of our Services; (f) for compliance with federal, state, and local laws and regulations; and (g) to our service providers who perform services on our behalf and are contractually obligated to use such information only as directed.

California residents have the right to limit our use and disclosure of sensitive personal information to these purposes. See Section 11 (California Privacy Rights) for how to exercise this right.

Information automatically collected

Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information), but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies, including third-party cookies that may provide such information to third parties. The information we collect includes:

• Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services, recorded in log files. This log data may include your IP address, device information, browser type and settings, information about your activity in the Services (such as date/time stamps, pages and files viewed, searches, features used), and device event information (such as system activity, error reports, hardware settings).
• Device Data. Information about your computer, phone, tablet, or other device you use to access the Services, including hardware model, operating system and version, unique device identifiers, mobile network information.
• Location Data. Information about your device’s location, which can be precise (GPS) or imprecise (IP address-based), if you have granted permission or if derived from your IP address for security and service delivery purposes.

Information collected from other sources

We may collect limited data from public databases, credit bureaus, financial institutions, marketing partners, and other outside sources.

In order to provide financial services, conduct underwriting and credit evaluation, prevent fraud, comply with legal and regulatory requirements (including GLBA, FCRA, BSA/AML, and state lending laws), enhance our marketing, and update our records, we may obtain information about you from the following categories of third-party sources:

• Credit Bureaus and Consumer Reporting Agencies. We may obtain credit reports, credit scores, and related information from Experian, Equifax, TransUnion, and other consumer reporting agencies to evaluate creditworthiness, verify identity, detect fraud, and comply with lending regulations.
• Financial Institutions and Account Aggregation Services. We use vendors such as Plaid, Inc., Heron, and similar service providers to access your bank accounts, verify account ownership, confirm account balances, retrieve transaction history, and analyze cash flow for underwriting purposes. By using the Services, you grant us and these vendors the right, power, and authority to act on your behalf to access and transmit your personal and financial information from the relevant banking and other financial institutions. Your information is transferred, stored, and processed by these vendors in accordance with their respective privacy policies (g., Plaid Privacy Policy at https://plaid.com/legal/).
• Identity Verification and Fraud Prevention Services. We use vendors that provide identity verification, authentication, watchlist screening, fraud detection, and risk assessment services.
• Data Brokers and Marketing Partners. We may obtain demographic, intent, and behavioral data from data brokers, joint marketing partners, and affiliate programs for purposes of targeted advertising, event promotion, and lead generation. This information includes mailing addresses, job titles, email addresses, phone numbers, social media profiles, and custom audience data.
• Public Databases and Government Records. We may access publicly available information from government records, business registries, property records, and other public sources for identity verification, underwriting, compliance, and fraud prevention.
• Social Media Platforms. If you interact with us through social media or link your social media accounts to the Services, we may receive information from those platforms consistent with your privacy settings.
• Business Partners and Referral Sources. We may receive information from lending partners, institutional investors, loan servicers, and other business partners in connection with providing and servicing financial products.

2. HOW DO WE USE YOUR INFORMATION?

We process your information to provide financial services, fulfill our contract with you, comply with legal and regulatory obligations (including GLBA, FCRA, BSA/AML, and state lending laws), pursue legitimate business interests, and with your consent for marketing purposes.

We use personal and business information collected via our Services for a variety of business purposes described below. We process your personal and business information in reliance on our legitimate business interests, to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations.

Specific purposes include:

• To provide and deliver financial products and services, including processing loan applications, underwriting, credit decisions, funding, servicing, and collections.
• To facilitate account creation, registration, authentication, and logon processes.
• To verify your identity, conduct appropriate due diligence (including KYC/CDD), and maintain current customer information in compliance with BSA/AML, OFAC, and other regulatory requirements.
• To evaluate creditworthiness, assess risk, and make underwriting decisions using information from credit bureaus, financial institutions, and other sources.
• To detect, prevent, and investigate fraud, money laundering, identity theft, and other illegal activity.
• To protect the security and integrity of our Services, prevent unauthorized access, and monitor for security incidents.
• To comply with federal, state, and local laws and regulations, including but not limited to GLBA, FCRA, ECOA, TILA, state lending and consumer protection laws, and tax obligations.
• To respond to legal requests, subpoenas, court orders, and governmental inquiries, and to enforce our agreements and policies.
• To manage user accounts, provide customer support, and respond to inquiries.
• To send administrative information, including product and service updates, changes to terms and policies, security alerts, and transactional communications.
• To process payments, billing, and financial transactions through third-party payment processors.
• To send marketing and promotional communications (with consent where required), including information about our products, services, events, and offers from us and our partners. You may opt out at any time.
• To conduct analytics, research, and data analysis to evaluate and improve our Services, develop new products and features, understand usage trends, and measure the effectiveness of our campaigns.
• To create inferences, profiles, and risk models for underwriting, personalization, and marketing purposes.
• To facilitate business transfers, including in connection with mergers, acquisitions, asset sales, or bankruptcy proceedings.
• To post testimonials (with prior consent) and enable social sharing features.
• To operate, maintain, debug, and improve the functionality and performance of our Services.
• For other business purposes disclosed at the time of collection or otherwise with your consent.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data based on: consent, performance of a contract, legal obligations, legitimate business interests, or vital interests. We may share information in connection with business transfers, with vendors and service providers (including prospective lenders, payment processors, financial account aggregators, credit bureaus, identity verification services, analytics providers, marketing partners, and hosting/infrastructure providers), and with affiliates. Examples include payment processing, data analysis, email and SMS/text message delivery, hosting services, customer service, and marketing efforts. Notwithstanding the foregoing, we will not share, sell, or disclose any mobile telephone number, SMS/text message opt-in data, or SMS/text message consent information to any third parties or affiliates for their own marketing or promotional purposes. Any sharing of such mobile information with third-party subcontractors or service providers shall be limited to those performing services on our behalf (such as SMS delivery platforms), and such parties are prohibited from using this information for any purpose other than delivering the services we have engaged them to provide.  See Section 1 for categories of third parties.

4. DO WE “SELL” OR “SHARE” YOUR PERSONAL INFORMATION OR USE IT FOR TARGETED ADVERTISING?

Certain U.S. state privacy laws (including California, Colorado, Connecticut, Oregon, Texas, and Virginia) define “sale” and “sharing” of personal information broadly to include certain disclosures for consideration or for cross-context behavioral advertising, even when no money is exchanged.

Sale and Sharing of Personal Information.

We do NOT sell your personal information for monetary consideration. However, in the preceding 12 months, we have disclosed certain categories of personal information to third parties in ways that may be considered a “sale” or “sharing” under some state laws:

• Personal Identifiers (g., email address, IP address, device identifiers, online identifiers) to advertising networks, social media platforms, and analytics providers for purposes of targeted advertising, measurement, and audience building.
• Internet or Other Electronic Network Activity (g., browsing behavior, interactions with our website/app, clickstream data) to advertising networks, social media platforms, and analytics providers for cross-context behavioral advertising and analytics.
• Commercial Information (g., products/services viewed or considered) to advertising networks and marketing partners for targeted advertising and retargeting.
• Inferences (g., profiles reflecting preferences, characteristics, behavior) derived from the above categories to advertising networks and social media platforms for lookalike audience creation and targeted advertising.

We do NOT sell or share sensitive personal information (such as SSN, financial account credentials, precise geolocation, or government-issued IDs).

We do NOT knowingly sell or share personal information of individuals under 16 years of age.

Your Right to Opt Out.

You have the right to opt out of the “sale” or “sharing” of your personal information and the use of your personal information for targeted advertising (also called cross-context behavioral advertising). You may exercise this right through the following methods:

• Visit our “Do Not Sell or Share My Personal Information” page at https://www.newitymarket.com/privacy-request-opt-out/ and submit your request using the online form.
• Enable the Global Privacy Control (GPC) or similar universal opt-out signal in your browser or browser extension. We will process a valid GPC signal as a request to opt out of sale/sharing for that specific browser or device.
• Email us at [email protected] with the subject line “Opt Out of Sale/Sharing” and provide your name, email address, and state of residence.
• Adjust your cookie and advertising preferences through the cookie preference center on our Website (if available) and through your browser settings to block or delete third-party advertising cookies.

Once we receive and verify your opt-out request, we will stop selling or sharing your personal information as defined under applicable state law. Please note that opting out of sale/sharing does not opt you out of all advertising; you may still see contextual ads and ads based on your current session activity.

We do not use or disclose your sensitive personal information for purposes other than those permitted under California law and other state privacy laws. California residents have the right to limit our use and disclosure of sensitive personal information. See Section 11 for more information.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons, pixels, and tags) to access or store information. This includes first-party cookies for essential functions (authentication, security, preferences) and third-party cookies for analytics, advertising, and social media features. Specific information about how we use such technologies and how you can refuse certain cookies is set out in Section 9 (What Are Your Privacy Rights?) and Section 4 above.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We retain personal and business information for as long as necessary to achieve the purposes described in this privacy notice, including providing the Services, complying with legal and regulatory obligations (including record retention requirements under federal and state banking, lending, tax, and consumer protection laws), resolving disputes, enforcing our agreements, and protecting our legal rights. Retention periods vary by type of information and purpose:

• Account and Profile Information: Retained for the life of your account and for up to 7 years after account closure or relationship termination, or longer if required by law or needed for legal, audit, or regulatory purposes (g., GLBA, state lending law record retention).
• Transaction, Loan, and Financial Records: Retained for at least 5-7 years after the transaction or account closure to comply with federal and state financial services regulations, tax laws (IRS requirements), FCRA dispute requirements, statutes of limitations, and audit/examination requirements.
• Identity Verification and Due Diligence Records (KYC/CDD): Retained for at least 5 years after the relationship ends, as required by BSA/AML regulations and OFAC compliance.
• Credit Reports and Underwriting Data: Retained in accordance with FCRA requirements and lender record retention policies, typically 25-36 months from date of adverse action or longer if part of an active loan file.
• Communications and Customer Service Records: Retained for up to 3-5 years or as needed for dispute resolution, quality assurance, and compliance purposes. Call recordings retained for 6-12 months unless needed for investigation or legal hold.
• Marketing Contact Information: Retained until you opt out or unsubscribe, or for up to 3 years of inactivity, whichever is earlier, unless you request earlier deletion.
• Technical, Usage, and Analytics Data: Retained for 12-24 months for security monitoring, fraud prevention, analytics, debugging, and service improvement, unless aggregated/anonymized (which we may retain indefinitely).
• Cookies and Similar Technologies: Retained according to the specific cookie or technology type, typically from session-only to 24 months. See our cookie preference center for details.
• Legal Hold and Litigation Data: Retained for the duration of any investigation, litigation, audit, or regulatory inquiry, plus applicable statutes of limitations.

When we no longer need personal and business information for the purposes described above, we will delete or anonymize it, or, if deletion is not possible (for example, because information has been stored in backup archives or is subject to legal hold), we will securely store it, isolate it from further processing, and delete it as soon as practicable.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

We aim to protect your personal and business information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal and business information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years of age. If we learn that personal and business information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

9. WHAT ARE YOUR PRIVACY RIGHTS?

You may review, change, or terminate your account at any time. Depending on where you live, you may have additional rights under applicable U.S. state laws.

If you have questions or comments about your privacy rights, you may email us at [email protected].

Depending on your state of residence, you may have the following rights regarding your personal information:

• Right to Know/Access: Request to know what personal information we have collected about you, including categories, sources, purposes, and third parties to whom we disclose it. You may also request a copy of the specific pieces of personal information we have collected.
• Right to Correction: Request that we correct inaccurate personal information we maintain about you.
• Right to Deletion: Request that we delete personal information we collected from you, subject to certain exceptions (g., to complete transactions, detect security incidents, comply with legal obligations, exercise free speech, conduct research, or for internal uses reasonably aligned with your expectations).
• Right to Data Portability: Request a copy of your personal information in a portable, machine-readable format (where technically feasible).
• Right to Opt Out of Sale/Sharing: Opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising. See Section 4.
• Right to Opt Out of Targeted Advertising: Opt out of the processing of your personal information for targeted advertising purposes. See Section 4.
• Right to Opt Out of Profiling: Opt out of automated profiling in furtherance of decisions that produce legal or similarly significant effects (currently, we do not engage in such automated decision-making without human involvement).
• Right to Limit Use of Sensitive Personal Information: Limit our use and disclosure of your sensitive personal information to purposes permitted by law. See Section 11 for California-specific information.
• Right to Non-Discrimination: Not be discriminated against for exercising any of your privacy rights. We will not deny goods or services, charge different prices, or provide a different level of quality based solely on your exercise of privacy rights.
• Right to Appeal: If we deny your request in whole or in part, you have the right to appeal that decision. See below for appeal procedures.

How to Exercise Your Rights.

To exercise any of the rights described above, you may submit a request through the following methods:

• Online Form: Visit https://www.newitymarket.com/privacy-request-opt-out/.
• Email: Send an email to [email protected] with the subject line “Privacy Rights Request” and include: (a) your full name, (b) email address and/or phone number associated with your account, (c) your state of residence, (d) the specific right(s) you wish to exercise (g., access, deletion, opt-out), and (e) sufficient detail for us to locate your information.
• Mail: Send a written request to: NEWITY LLC, Attn: Privacy Rights, 1123 W. Washington Blvd, 3rd Floor, Chicago, IL 60607, United States.

Verification Process.

To protect your privacy and security, we will verify your identity before fulfilling your request. Verification may require you to: (a) provide information that matches our records (e.g., name, email, account details), (b) respond to a verification email or SMS sent to the email or phone number on file, or (c) provide additional documentation (e.g., government-issued ID) for sensitive requests or if we cannot verify your identity through other means. If you are an authorized agent acting on behalf of a consumer, you must provide proof of your authority (e.g., a signed permission letter or power of attorney) and we may require the consumer to verify their identity directly with us.

Response Timeframes.

We will acknowledge receipt of your request within 10 business days and respond substantively within the timeframe required by applicable law (typically 45 days, with the possibility of a 45-day extension for complex requests). If we need to extend the response time, we will notify you of the reason and extension period.

Appeal Process.

If we deny your request in whole or in part, our response will explain the reason for the denial and your right to appeal. To appeal, email [email protected] with the subject line “Privacy Rights Appeal” within 30 days of our decision, and include: (a) your original request details, (b) our denial response, and (c) the reason you believe the denial was incorrect. We will respond to your appeal within 45-60 days (depending on state requirements) and provide a final decision. If your appeal is denied, you may have the right to contact your state attorney general or data protection authority to file a complaint. Because we operate exclusively online and maintain a direct relationship with our users, we satisfy CCPA/CPRA request method requirements through an email address and online request forms, and we are not required to provide a toll-free number.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings or contact us using the contact information provided.

Cookies and similar technologies

Most Web browsers are set to accept cookies by default. You can set your browser to remove cookies and reject cookies, though this could affect certain features of our Services. You can signal digital interest-based advertising opt-out requests at http://www.aboutads.info/choices/ and https://optout.networkadvertising.org/.

Opting out of email and SMS marketing

You can unsubscribe from our marketing email list at any time by clicking the unsubscribe link or contacting us. You can unsubscribe from SMS marketing by replying “STOP” to any message. We may still send you Service-related (non-marketing) communications.

10. CONTROLS FOR DO-NOT-TRACK AND GLOBAL PRIVACY CONTROL FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature. At this stage, no uniform technology standard for DNT has been finalized, and we do not currently respond to DNT signals.

However, where required by applicable law (e.g., California, Colorado, Oregon, Texas), we recognize and process valid Global Privacy Control (“GPC”) signals as requests to opt out of the “sale” or “sharing” of your personal information and the use of your personal information for targeted advertising for the specific browser or device sending the signal. To use GPC, install a GPC-enabled browser or browser extension and enable the setting. For more information about GPC, visit https://globalprivacycontrol.org/.

11. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

This section provides additional details required by the CCPA/CPRA for California residents. The CCPA grants California consumers the following rights:

• Right to Know: You have the right to request that we disclose: (a) the categories of personal information we collected about you; (b) the categories of sources from which the personal information is collected; (c) our business or commercial purpose for collecting, selling, or sharing personal information; (d) the categories of third parties to whom we disclose personal information; and (e) the specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request that we delete personal information we collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale/Sharing: You have the right to opt out of our “sale” or “sharing” of your personal information for cross-context behavioral advertising. See Section 4 and our “Do Not Sell or Share” page.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of your sensitive personal information to purposes permitted under CPRA Section 7027(m). Because we already limit our use of sensitive personal information to these permitted purposes (see Section 1), exercising this right will not change our practices. However, you may still submit a request if you wish to confirm this limitation.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Authorized Agents: You may designate an authorized agent to make a request on your behalf by providing written authorization or a power of attorney. We may require verification of both your identity and the agent’s authority.

California 12-Month Disclosure.

In the preceding 12 months, we have collected, disclosed for business purposes, and sold or shared (for cross-context behavioral advertising) the following categories of personal information from California consumers:

Categories Collected: Personal Identifiers; Government-Issued Identifiers; Financial and Transaction Information; Commercial Information; Internet/Network Activity; Professional/Employment Information; Inferences.

Categories Disclosed for Business Purposes: All of the above categories may be disclosed to service providers (hosting, analytics, customer support, payment processing, identity verification, credit bureaus, financial institutions), affiliates, and as required by law.

Categories Sold or Shared: Personal Identifiers (online identifiers, email, device IDs), Internet/Network Activity (browsing, interactions), Commercial Information (interests, product views), and Inferences — disclosed to advertising networks, social media platforms, and analytics providers for targeted advertising and analytics. We do NOT sell or share Sensitive Personal Information.

We collect personal information from the following categories of sources: directly from you; automatically from your device; from credit bureaus and consumer reporting agencies; from financial institutions and account aggregators; from identity verification and fraud prevention services; from data brokers and marketing partners; from public databases; and from social media platforms.

We do not knowingly sell or share personal information of consumers under 16 years of age.

How to Exercise Your California Rights.

To exercise your CCPA rights, use the methods described in Section 9 above, or visit:

• Do Not Sell or Share My Personal Information: https://www.newitymarket.com/privacy-request-opt-out/
• Limit the Use of My Sensitive Personal Information: https://www.newitymarket.com/privacy-request-opt-out/
• Access, Deletion, or Correction Requests: https://www.newitymarket.com/privacy-request-opt-out/

We will respond to your request within 45 days (with a possible 45-day extension for complex requests). We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

Shine the Light Law. California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the information in Section 14.

12. OTHER U.S. STATE PRIVACY RIGHTS

Certain other U.S. state laws, including those in Colorado, Connecticut, Delaware, Iowa, Indiana, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states, grant residents rights that are substantially similar to those described in Sections 9 and 11 above.

Subject to certain limitations, these rights may include: confirmation of processing, access, correction, deletion, data portability, opt-out of targeted advertising, opt-out of sale or sharing, opt-out of certain automated profiling, and the right to appeal. To exercise these rights, use the methods described in Section 9. If we deny your request, you may appeal as described in Section 9, and if the appeal is denied, you may contact your state attorney general.

13. DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this notice as necessary, including to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date and will be effective as soon as it is accessible. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at [email protected] or by post to:

NEWITY LLC
Attn: Privacy
1123 W. Washington Blvd, 3rd Floor
Chicago, IL 60607
United States

15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state, you may have the right to request access to the personal and business information we collect from you, change that information, or delete it. To request to review, update, or delete your personal and business information, please use the methods described in Section 9 above. We will respond to your request within the timeframe required by applicable law.