PRIVACY POLICY.

Last Updated: February 29, 2024

This Privacy Policy (“Privacy Policy”) explains how CrdFrm.com, and its related organizations, affiliates, and partners (collectively the “CrdFrm.com”, “we” “our” or “us”) collects, uses and shares personal information that we collect.

TRANSPARENCY.

We respect your privacy rights and are committed to transparency in how we collect, use and share your personal information. This Privacy Policy applies to our collection, use and sharing of personal information that we collect and receive about our current, prospective, and former customers, users, visitors, and guests, such as users of our products and services offered through the Website (the "Services"), in the course of our business including: (i) through our website crdfrm.com along with other affiliated and co-branded websites (collectively the "Website"), (ii) through and in connection with our marketing activities, (iii) through and in connection with providing the Services, including information collected from third-parties, (iv) directly from you, including through interacting with the Website and/or Services, participating in surveys, requesting Services or information, or as otherwise provided to us, and (v) from any other source where use of the information has been authorized. By using the Website and/or Services and thereby or otherwise agreeing to this Privacy Policy, you expressly consent to our use and disclosure of information pursuant to this Privacy Policy. If you have any questions or concerns about your personal information or this Privacy Policy, email us at compliance@crdfrm.com. Use of the Website and/or Services is also subject to our Terms of Use available at https://www.crdfrm.com/terms-of-service.asp.

THE INFORMATION WE GATHER.

Voluntarily Provided Information. The types of personally identifiable information that you voluntarily provide us include, but may not be limited to:

  • Contact and identity information such as name, address, email address, phone number, billing address, or other physical address;
  • Social security number, date of birth, or driver’s license number;
  • Profile Information such as a username and password;
  • Transaction, payment and billing information such as product selections, order history, credit card number and expiration date, referring URL, IP address, occupation, personal interests, and information about your interests in and use of various products, programs and services;
  • Communications such as market research, surveys, or telephone calls with customer service;
  • Marketing information such as advertising preferences.

Use of Third Parties to Collect Information. We may receive personal information about you from other sources, such as data providers, marketing partners and affiliates, and publicly accessible sources, such as social media platforms.

Automatically Provided Information. We may automatically receive and store the following types of information about you, your computer or device, and your activity whenever you use the Website, Services or interact with us and other online services:

  • Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, language preferences, IP address, cookie identifiers, ISP or mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, date and time of visits, unique identifiers, general location information such as city or town and other device identifiers and features that are automatically assigned to your computer or device when you access the Internet.
  • Usage data, such as the websites you visited, pages or screens you viewed, time spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

Some of the information may be provided to us through the following:

  • Cookies, which are small pieces of information stored on your device that uniquely identifies your browser and settings within your browser for the purpose of helping you navigate between pages efficiently and remembering your preferences, enabling functionality, helping us understand user activity and patterns, facilitating online advertising and measuring the effectiveness of our ads. Users can also express their choices for display advertising, through the following platforms: Digital Advertising Alliance opt-out platform or the Network Advertising Initiative opt-out platform. To opt-out of these cookies, please go to http://www.aboutads.info/choices.
  • Web Beacons, also known as pixel tags or clear GIFs, are used to count and recognize users to a website, or demonstrate that a webpage or email was accessed or opened, or that certain content within it was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.
  • Javascript libraries, which are snippets of code within web pages that execute when certain actions take place.

Mobile Subscriber Authorization. We may request information from your wireless carrier for identification and fraud detection purposes. You authorize your wireless carrier to disclose information about your account, such as subscriber status, payment method and device details, including but not limited to your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber details, if available, to support identity verification, fraud avoidance and other uses in support of transactions for the duration of your business relationship with us. This information may also be shared with other companies to support your transactions with us and for identity verification and fraud avoidance purposes.

USE OF INFORMATION.

We may use or disclose your personal information for the following business purposes or as otherwise described to you at the time of collection:

  • Delivery of Services. We use your personal information to provide, operate, maintain, and improve the Services, to communicate with you regarding the Services including providing you information about potential or future Services, to process transactions and payments for the Services you purchase, to personalize your experience with the Services, verify individual identity, communicate about accounts and activities on the Website and/or Services, ensure quality control and to provide support for the Services.
  • Operation of the Website. We use your personal information to provide, operate, maintain and improve the Website and/or Services, to personalize your experience with the Website and/or Services, and to provide support for the Website and/or Services.
  • Research and Development. We may use your personal information for research and development purposes, including to analyze and improve the Services and develop other products and services. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
  • Marketing. We and our third party advertising partners may collect and use your personal information for marketing and advertising purposes. If you request information from us, use the Services or participate in our surveys, promotions or events, we may send you marketing communications as permitted by law but will provide you with the ability to opt out. We may also contract with third-party advertising and social media companies to display ads on our Services and other sites. These companies may use cookies and similar technologies to collect information about you (including the device data and online activity data described above) over time across our Services and other sites and services or your interaction with our emails and use that information to serve ads that they think will interest you.
  • Compliance and Protection. We may use your personal information to protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims), to audit our internal processes for compliance with legal and contractual requirements and internal policies, to enforce our Terms of Use, to protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft, and to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
  • Other Uses. We may also use personal information for which we have a legitimate interest, such as anti-fraud protection, security and investigations, or any other purpose disclosed to you at the time you provide personal information or with your consent.

SHARING OF INFORMATION.

We do not share the personal information that you provide us except as described in this Privacy Policy. We may share your personal information with the following parties and as otherwise described in this Privacy Policy:
  • Service Providers. We may employ third party companies and individuals to help provide the Website or Services, such as providing marketing and advertising, website analytics, research, IT, customer support, hosting, data, information, email delivery, analysis, audit, fraud detection and payment processing. They are restricted from using your personal information except as authorized to perform these tasks in a manner consistent with this Privacy Policy.
  • Integrations and Third-party Services.. We may use third-party application programming interfaces (“APIs”) in connection with the Services that we offer you. User data collected via the API is subject to the privacy policies of those third parties and CrdFrm.com does not own or control those third parties.
  • Payment Processors. Any payment card information you use to make a purchase on the Website or through the Services is collected and processed by our payment processors. Our processors are committed to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Our processors may use your payment information in accordance with their own privacy policies.
  • Advertising Partners. We work with third party advertising companies that collect information about your activity on the Website and other online services to help us advertise our services and deliver ads to them and similar users on their platforms.
  • Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for use consistent with this Privacy Policy.
  • Professional Advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they render to us.
  • Compliance and Protection. We may disclose your personal information as we believe appropriate (i) for compliance and protection purposes, (ii) as required by law, lawful requests or legal process, such as to respond to subpoenas or requests from government authorities; (iii) where permitted by law in connection with any legal investigation; (iv) to respond to your requests; (v) to protect yours’, ours’ or others’ rights, property, or safety; (vi) to collect amounts owed to us; (vii) to prosecute or defend legal claims; and (viii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
  • Business Transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business deal (or potential business deal) such as a merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.

THIRD PARTY SITES AND SERVICES.

We may establish relationships with third parties by creating links between the Website and Services to their websites and services, such as social media platforms, advertising services or other websites and applications. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control and we are not responsible for the content, maintenance or privacy policies of those websites or the actions of those third parties. Other websites and services follow different rules regarding their collection, use and disclosure of your personal information. We encourage you to read their privacy policies to learn more. We are not responsible for any transactions that occur between you and a third party website or service. Should you purchase any products or services from a third party, you must contact the third party site directly regarding any disputes that might occur, including but not limited to delayed shipping, missing products, damaged goods or pricing and billing discrepancies.

CHILDREN'S ONLINE PRIVACY PROTECTION ACT.

The Federal Trade Commission, United States' consumer protection agency, enforces the Children's Online Privacy Protection Act (COPPA), which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not knowingly market to or collect personally identifiable information from children under the age of 16. We encourage parents and legal guardians to monitor their children's Internet use. Also, we strongly encourage parents to help us enforce this Privacy Policy by instructing their children never to provide personal information on the Website without permission. It is possible that due to fraud or deception by others, we may unknowingly receive information pertaining to children under the age of 16. If we learn that any user of the Service is under the age of 16, we will take appropriate steps to delete that individual’s personal information and restrict that individual from future access to the Service.

PUBLIC FORUMS.

The Website may have chat rooms, forums, message boards and newsgroups available to its users. Please remember that any information disclosed in these areas becomes public information. Exercise caution when deciding to disclose your personal information. If you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return. As these forums are public and open for users to interact with each other, we expect all its users to respect the rights of others. By using these forums, you agree that we are not responsible for any information that you disclose or communicate in such forums, and any disclosures you make are at your own risk.

INTERNATIONAL INFORMATION TRANSFERS.

CrdFrm.com operates in the United States and has operations, affiliates and service providers in other countries, and your personal information may be collected, used and stored in the United States or other locations. While we are committed to providing your information with a high level of privacy protection, you should know that the general level of privacy protection for personal information in the United States may not be the same as that provided in other countries. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the Website or our Services and/or providing us with personally identifiable information, you fully understand and unambiguously consent to this transfer and the collection and processing of information in the United States.

SECURITY.

We place a priority on the security of personal information and we have security measures in place to protect the loss, misuse and alteration of the information under our control. We are able to keep your personal information safe and secure by utilizing the industry standard technology, including password protected member records, firewalls, secure servers and Secure Sockets Layer (SSL) encryption technology. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we are committed to protecting your information, we cannot ensure or warrant the security of any information you transmit to us.

CHANGES TO THIS PRIVACY POLICY.

We reserve the right to change or modify this Privacy Policy at any time and without prior notice. Please review the Website and this Privacy Policy periodically for the latest information on our privacy practices. Any changes and/or modifications shall become effective immediately upon posting thereof. Without limiting the foregoing, we may occasionally notify you by email (if you have a registered account) or another manner through the Website or the Services about changes to the Privacy Policy, including providing notices of changes or links to notices to you generally on the Website. Your continued use of the Website and Services after the posting of the updated Privacy Policy shall constitute your agreement and acceptance of the update.

MAKING CHANGES TO YOUR PERSONAL INFORMATION.

We offer you choices regarding the collection, use, and sharing of your personal information. You may update or edit the information you previously provided in your account, or discontinue your account at any time. If you would like to edit or cancel your account, discontinue marketing communications from us or third parties, discontinue any sharing or personally identifiable information with third parties, or ask any technical questions, please email info@crdfrm.com. Keep in mind, however, that even if you delete information from your profile, we may retain your personal information in conformance with our data retention policy and personal information may remain within our databases, access logs, and other records. In addition, we are not responsible for updating or removing your personal information contained in the lists or databases of third parties who have been provided information as permitted by this Privacy Policy.

CONTACT US.

For further information or questions about this Privacy Policy, you may contact our Privacy Officer at compliance@crdfrm.com, or via written correspondence to CrdFrm.com, Attn: Business & Legal Affairs; 643 East Avenue Suite 4 Warwick, RI 02886.

IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS.

This section applies solely to visitors, users, and others who reside in the State of California ("consumers" or "you") and supplements the information contained in the Privacy Policy above. It describes how we collect, use and share personal information of California residents in operating our business, and their rights with respect to that personal information. We adopt this notice to comply with the California Consumer Privacy Act ("CCPA") and other California privacy laws.

YOUR CALIFORNIA PRIVACY RIGHTS.

If you are a California resident, you can make certain requests regarding your personal information. We will fulfill each of these requests to the extent required by law.

Access to Specific Information and Data Portability Rights. You can ask us what personal information we have about you, and how we have used it in the past 12 months. If you make this request, we will return to you the following (to the extent required by law):

  • The categories of personal information we have collected about you.
  • The categories of sources from which we collect your personal information.
  • The business or commercial purpose for collecting or selling your personal information.
  • The categories of third parties with whom we share personal information.
  • The specific pieces of personal information we have collected about you.
  • Whether we have sold your personal information, and if so, the categories of personal information that we have sold, along with the category of any third party we sold it to.
  • Whether we have disclosed your personal information for a business purpose, and if so, the categories of personal information disclosed, along with the category of any third party we shared it with.

You can ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to personal information we collected about you in the previous 12 months.

Deletion Request Rights. You have the right to ask that we delete your personal information. Once we receive a request, we will delete the personal information (to the extent required by law) we hold about you as of the date of your request from our records and direct any service providers to do the same. Deleting your personal information will not cancel memberships you have purchased.

Non-Discrimination. We will not discriminate against you for exercising your rights. This generally means we will not deny you goods or services, charge different prices or rates, provide a different level of service or quality of goods, or suggest that you might receive a different price or level of quality for goods. Please know, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require usage of your personal information to function.

Right to Opt-out of the Sale of CCPA Personal Information. You have the right to know if your personal information may be sold and the right to opt out of such sale. If you are a California resident, to opt-out of the sale of your personal information, submit such request compliance@crdfrm.com.

How to Exercise Your Rights. You may submit a request to exercise your information, access or deletion rights by visiting emailing compliance@crdfrm.com or calling us toll-free at (866) 456-0441. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.

CCPA PERSONAL INFORMATION WE COLLECT, USE AND DISCLOSE.

Information we collect. We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“CCPA personal information”). We have collected the following categories of CCPA personal information from consumers within the last twelve (12) months:

  • Identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  • Commercial information.
  • Internet or other electronic network activity.
  • Geolocation data.
  • Professional or employment-related information

Business Uses of CCPA personal information. We use personal information to provide, analyze, administer, enhance and personalize our services and marketing efforts, to process your registration, your orders and your payments, and to communicate with you. For example, we use such information to:

  • Fulfill or meet the reason for which the information is provided.
  • Provide marketing and advertising services.
  • Assist with research and development of our products and services.
  • Provide you with information, products or services that you request from us.
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • Determine your general geographic location.
  • Prevent, detect and investigate potentially prohibited or illegal activities, including fraud, and to enforce our terms.
  • Analyze and understand our audience, improve our website and our service and optimize content selection and delivery.
  • Communicate with you concerning our service so that we can send you news, details about new features and content available, special offers, promotional announcements, consumer surveys, and to assist you with operational requests such as password reset requests.
  • As necessary or appropriate to protect the rights, property or safety of us, our customers or others.

Sources of CCPA personal information. We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our consumers or their agents when they provide us CCPA personal information directly, such as information that our customers provide to us related to the services for which they engage us.
  • Indirectly and/or automatically from our consumers or their agents based on their interactions with us during the use of the Services, such as use of and submissions through the Website.
  • From third-parties that interact with us in connection with the Services.

Disclosure of CCPA personal information. We disclose the categories of CCPA personal information listed above for business purposes. When we disclose personal information for a business purpose, we describe the purpose to the recipient and require the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  • Commercial information.
  • Internet or other electronic network activity.
  • Geolocation data.
  • Professional or employment-related information

We disclose your personal information for a business purpose to the following categories of third parties:

  • Advertising and marketing partners.
  • Service providers.
  • Payment processors.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.

In the preceding twelve (12) months, we have sold personal information.