Welcome to the website of Kept, Inc., a company that provides a web interface that facilitates the administration of continuation benefits under health benefit plans under the Consolidated Omnibus Budget Reconciliation Act (COBRA), insurance premium billing, and alternatives to continuation benefits like health insurance found and purchased on state and federal marketplaces as well as directly from insurers. As used in this Privacy Notice, the terms “Kept,” “we” and “us” refer to Kept, Inc. dba Kept Insurance Services, Inc. To the extent applicable, they also refer to our affiliates, service providers and licensors, and their respective officers, directors, employees, contractors and agents. If you are accepting the terms of this Privacy Notice as an employee or representative of a company or other legal entity, the terms "you" and "your" will refer to both you, personally, and the entity you represent.

‍

Kept is committed to protecting and respecting your privacy. This Privacy Notice describes how we collect, use, protect and share information about you that we obtain when you access and use our Website (defined below), including when you register for an account, set up benefits plans, COBRA rights, participant information, request a quote, or submit questions or feedback (where applicable). This Privacy Notice also applies to information that we obtain when you communicate or interact with us outside of the Website, including by e-mail, telephone and otherwise.

‍

Your use of our Website is also governed by our Kept User License Agreement (the “Terms of Use”), any additional terms made available to you in connection with certain features, functionality, tools, content and promotions available on or through the Website (“Supplemental Terms”), and any and all policies and rules referenced herein or therein, posted on the Website, or otherwise communicated to our Users (the "Website Policies"). To the extent that a provision of the Terms of Use, Supplemental Terms or Website Policies conflicts with this Privacy Notice, such provision shall control.

‍

Please read this Privacy Notice carefully before you use our Website or communicate with us. Changes to this Privacy Notice are discussed at the end of this document.For purposes of this Privacy Notice:

‍

“Users” means any and all individuals that access or use the Website, including applicants for health insurance, brokers, administrators of benefits plans, employers and other registered users. References to "access" and/or "use" of the Website (and any variations thereof) include the acts of accessing or browsing the Website, and accessing or using the services, information, content, features, functionality, tools and promotions available on or through the Website.

‍

“Website” refers to any website owned, operated or powered by Kept (including the website currently located at https://www.kept.io). References to the "Website" include any and all services, information, content, features, functionality, tools and promotions available on or through each such website.

‍

BY ACCESSING OR USING OUR WEBSITE OR COMMUNICATING WITH US OUTSIDE OF THE WEBSITE, YOU ARE ACCEPTING AND CONSENTING TO THE PRACTICES DESCRIBED IN THIS PRIVACY NOTICE, WHICH MAY BE UPDATED AND AMENDED FROM TIME TO TIME. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY NOTICE, YOU MUST NOT ACCESS OR USE OUR WEBSITE OR OTHERWISE COMMUNICATE WITH US.‍

‍

Information We Collect‍

‍

Information You Provide to Us‍

‍

We collect information that you provide directly to us, including when you register for an account and (as applicable) solicit a health insurance quote, prepare or submit a health insurance application directly or on behalf of another individual, review COBRA rights, enroll in, manage, or cancel COBRA coverage, pay for COBRA coverage, set up a benefits plan, add COBRA eligible individuals and use the Website, update your email preferences, respond to a survey or provide other feedback about the Website, or contact us with questions or comments about the Website.

‍

We may also collect information about you when you opt in to receive text messages from us (for example, when you sign up for health insurance). You may opt in to receive such updates and offers by providing your mobile telephone number through the Website.

‍

We may also collect information about you if a company or organization authorizes you to manage its account or use our Website on its behalf.‍

‍

Personally Identifiable Information‍

‍

Some of the information we collect through your use of our Website or communications with us may personally identify you (“Personally Identifiable Information”). The types of Personally Identifiable Information you may submit in connection with use of the Website include, but are not limited to:

‍

1. contact information (such as name, address, email address and telephone number);
2. date of birth;gender;
3. account passwords for the Website;
4. payment card information and other billing information (such as card image, card number, cardholder name, expiration date and card verification code) associated with your account;
5. social security number;
6. health or medical history; and
7. geographic location.‍

‍

Information Generated from Use of the Website‍

‍

We also collect certain technical information when you access, browse and use our Website, including information that we automatically receive and record from your browser or mobile platform on our server logs. This technical information helps us operate and provide our Website to you, and includes standard information about visits and system capabilities, such as:

‍

1. information about the device(s) you use to access our Website, including MAC address, IP address, browser type and version, your location, time zone setting, browser plug-in types and versions, operating system and platform, device type, device and application identifiers, operating information, mobile carrier, and cookies;
2. information about your visits to the Website, including the full URL clickstream to, through, and from the Website, including dates and times;
3. information we need and use to facilitate your use of our Website (including to provide access to third party websites and services), such as URL requests, destination IP addresses, or device configuration details;
4. pages you view, searches you run, length of time browsing search results, specific search results you select to view, length of visits to other pages, page interaction information (such as scrolling, clicks, and mouse-overs), your engagement with certain variable/dynamic elements of a page and methods used to browse away from the page;
5. page response times and download errors; and
6. information generated using cookies and beacons. See below for more details regarding our use of cookies and beacons, and your choices with respect to such tracking technologies.

‍

Technical information from your use of the Website is treated as "Non-Personally Identifiable Information," unless it is combined with Personally Identifiable Information, or unless otherwise required by applicable law.‍

‍

Information from Other Sources‍

‍

We may receive certain information about you from the organizations or entities on behalf of which we provide the Website to you and/or on behalf of which you access or use the Website. We may also supplement the technical information we collect from your use of the Website with information collected by third parties. Such third parties may include service providers, such as Google Inc., advertising partners, and ad networks that help us understand our Users and provide better service to our Users.

‍

On occasion, we may compare or combine Personally Identifiable Information from third party sources to/with other information we have collected. For example, we may obtain contact information from other sources in order to contact you if we think you or the company you represent would be interested in our Website.‍

‍

‍How Information May Be Used

‍

‍Personally Identifiable Information

‍

‍We may use the Personally Identifiable Information we collect, to:

‍

1. create and manage your account;
2. provide the Website to you;
3. operate our Website, including, without limitation, providing COBRA services, providing quotes, and submitting and monitoring health insurance applications, access management, payment processing, Website administration, internal operations, troubleshooting, data analysis, testing, research, statistical and survey purposes;
4. send you information that enables you to use our Website;
5. contact you about activity on your account;
6. provide you access to, and updates regarding health insurance and other related offers via text message;
7. respond to your requests, feedback or inquiries;
8. notify you about updates, information, or alerts regarding our Website;
9. process payments;
10. protect and enforce our rights and the rights of other Users against unlawful activity, including identify theft and fraud, and other violations of our Terms of Use;
11. protect and enforce our rights arising under any agreements entered into between you and us, including billing and collection;
12. protect the integrity and maintain the security of our Website, including secured areas of the Website;
13. operate, evaluate and improve our business, including conducting surveys and market research, developing new products, services, and promotions (such as, for example, special events, programs, offers, contests), analyzing and enhancing existing products, services, and promotions, managing our communications; performing accounting, auditing, and other internal functions;
14. provide you with information and advertisements about products, services, and promotions, from us or third parties, that may interest you; and
15. administer your participation in such products, services, and promotions.

‍

In addition, we may use your information as described in any notice provided at the time you provide the information and for any other purpose for which you may provide consent.‍

‍

Non-Personally Identifiable Information‍

‍

In addition to the uses described above, we may also use Non-Personally Identifiable Information to:

‍

1. deliver content (including advertising) tailored to your interests and the manner in which you use our Website;
2. present content in a manner that is optimized for your device; and
3. measure and analyze the effectiveness of advertising we serve you.

‍

We may also combine technical information, or Non-Personally Identifiable Information, about your use of our Website with information that we obtain from other Users to use in an aggregate or anonymous manner for similar purposes.

‍

‍How Information May Be Shared

‍
Personally Identifiable Information‍

‍

We will not sell or share your Personally Identifiable Information with third parties for the third party's own direct marketing purposes without your express consent. We may share your Personally Identifiable Information with:

‍

• Any partner that is involved in enrolling you in health insurance or other products you express interest in (including but not limited to HealthSherpa);
• the organizations or entities on behalf of which we are providing the Website to you and/or on behalf of which you access or use the Website, such as your employer, and other companies associated with those organizations or entities in order to enable their systems to operate with the Website;
• third party insurance companies to which you submit an application for health insurance on or through the Website or elect COBRA insurance;
• your employer(s), affinity group, and/or benefits administrators or consultants, if you are referred to the Website by such respective parties;
• your licensed insurance agent, if applicable;
• our service providers to the extent reasonably necessary to enable us operate our business and provide our Website to you, as described in this Privacy Notice (e.g., to an email service provider in order to enable us to email you);
• a buyer or other successor in interest to Kept in the event of a merger, divestiture, restructuring, reorganization, dissolution, liquidation, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personally Identifiable Information held by us about our Users is among the assets transferred;
• other third parties with your express consent for any purpose disclosed by us when you provide the information; and
• you, upon your written request.

‍

We may also share Personally Identifiable Information with law enforcement agencies, government officials, or other third parties as necessary for the purpose of:

‍

1. complying with any court order, law or legal process, including to respond to any government or regulatory request;
2. preventing fraud protection and credit risk reduction;
3. investigating potential unauthorized access or misuse of our Website or other breach of our Terms of Use, Supplemental Terms, Website Policies or other agreements;
4. protecting the assets or property, and enforcing the rights of Kept, including for billing and collection purposes; and
5. protecting the rights, property, or safety of our Users or others.‍

‍

Non-Personally Identifiable Information‍

‍

In addition, we may share Non-Personally Identifiable Information, including aggregated or anonymized data:

‍

1. with our partners about how our Users collectively use our Website, so that our partners may also understand how often people use their services and our Website;
2. with analytics companies, search engines, or other service providers that help us improve our Website;
3. to report to our affiliates, licensors and service providers, advertising partners and ad networks about the use of various aspects of the Website;
4. with other Users or prospective Users of the Website; and
5. to advertisers and advertising networks to select and serve relevant advertisements.‍

‍

Notice to California Residents / Your California Privacy Rights‍

‍

The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights with respect to their personal information that is collected by businesses. If you are a California resident, please review the addendum below for California residents.‍

‍

Cookies and Beacons‍

‍

We may use cookies, beacons and similar automatic data collection technologies, now or in the future, to support the functionality of our Website. These technologies help us provide a better experience when you visit our Website and allows us to improve our Website. The technologies we may use for this automatic data collection may include:

‍

‍Browser Cookies. A browser cookie is a small file placed on the hard drive of your computer. That cookie then communicates with our servers or those of other companies that we authorize to collect data for us, and allows recognition of your personal computer. We associate cookies with Personally Identifiable Information only if you use the logged in areas of the Website, order a Service, use the personalization services available as part of the Website, or ask us to contact you with additional marketing information. We do not otherwise collect Personally Identifiable Information from browser cookies and we do not associate browser cookies with your Personally Identifiable Information. You may use the tools available on your computer or other device to set your browser to refuse or disable all or some browser cookies, or to alert you when cookies are being set. However, if you refuse or disable all browser cookies, you may be unable to access certain parts or use certain features or functionality of our Website. Unless you have adjusted your browser settings so that it refuses all cookies, we may use cookies when you direct your browser to our Website.

‍

‍Beacons. Our Website and emails may contain small electronic files known as beacons (also referred to as web beacons, clear GIFs, pixel tags and single-pixel GIFs) that permit us to, for example, count Users who have visited those pages or opened an email and for other website-related statistics. Beacons in email marketing campaigns allow us to track your responses and your interests in our content, offerings and web pages. You may use the tools in your device to disable these technologies as well.

‍

‍Other Tracking Technologies. Our Website may also use other tracking technologies such as embedded scripts, location-identifying technologies, and other similar technologies. These technologies execute on our Website or in your browser and allow us to recognize you when you return to the Website and understand how our users use and interact with our Website.

‍

Our service providers, advertising partners and ad networks may use cookies, beacons, and other similar tracking technologies to collect and share Non-Personally Identifiable Information about your activities both on our Website and on other websites, including, for example, to provide you targeted advertising based upon your interests. In addition, third parties that are unaffiliated with us may also collect information about you, including tracking your browsing history, when you use our Website. We do not have control over these third-party collection practices. If you wish to minimize these third-party collections, you can adjust the settings of your browsers or install plug-ins and add-ins.‍

‍

Your Choices‍

‍

We offer you certain choices in connection with the information we collect from you.‍

‍

Limit Use of Information for Health Insurance Purposes‍

‍

You may request that we limit the collection, creation, disclosure, access, maintenance, storage and use of your Personally Identifiable Information for the sole purpose of our assisting you in applying for health insurance, obtaining an eligibility determination, facilitating payment, or managing your COBRA, assisting you in updating or canceling your enrollment in a health insurance plan, and for performing other authorized functions specified in our agreements with partners. You may request such a limitation by sending an email to privacy@kept.io or calling us at (877) TRY-KEPT.‍

‍

Email Communications‍

‍

You may have the opportunity to receive certain communications from us related to our Website. If you provide us with your e-mail address in order to receive communications, you can opt out of marketing emails at any time by following the instructions at the bottom of our emails and adjusting your email preferences. Please note that certain emails may be necessary for the operation of our Website. You will continue to receive these emails, if appropriate, even if you unsubscribe from our optional communications.‍

‍

Cookies and Beacons‍

‍

If you wish to minimize information collected by cookie or beacon, you can adjust the settings of your browsers to notify you when you receive a cookie, which lets you choose whether or not to accept it. You can also set your browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that some features and services on our Website may not work properly if we are not able to recognize and associate you with your account. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.‍

‍

Network Advertising Initiative‍

‍

Certain websites you visit may provide options regarding advertisements you receive. If you wish to minimize the amount of targeted advertising you receive, you can opt out of certain network advertising programs through the Network Advertising Initiative (NAI) Opt–Out Page. Please note that even if you choose to remove your information (opt out) you will still see advertisements while you're browsing online. However the advertisements you see may be less relevant to you. For more information or to opt out of certain online behavioral advertising, please visit http://www.aboutads.info.

‍

Additionally, many advertising network programs allow you to view and manage the interest categories that they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The NAI Opt–Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.‍

‍

Do Not Track‍

‍

Some browsers support a “Do Not Track” (or, DNT) feature, a privacy preference that Users can set in certain web browsers, which is intended to be a signal to websites and services that you do not wish to be tracked across different websites or online services you visit. Our Website does not currently recognize or respond to DNT signals, so DNT settings do not change the way the Website operates.

‍

Please note that we cannot control how third-party websites or online services you visit through our Website respond to Do Not Track signals. Check the privacy policies of those third parties for information on their privacy practices.‍

‍

Text Alerts‍

‍

You may have the opportunity to receive certain information, updates and/or offers from us via text communications. If you provide us with your mobile number in order to receive such communications, you can opt out of receiving text messages at any time by contacting us at support@kept.io.‍

‍

Updating Information‍

‍

The accuracy of the information we have about you is very important. To review, correct or delete your Personally Identifiable Information, please contact us at support@kept.io. For more information about your choices, or to review or correct your Personally Identifiable Information, please follow the prompts on the Website, or contact us as indicated in the “Contact Us” section of this Privacy Notice.

‍

We will retain your information for as long as your account is active or as needed to provide the Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.‍

‍

Securing Your Information‍

‍

The security of your information is important to Kept, and we have established administrative, technical, and physical safeguards designed to protect your Personally Identifiable Information against unauthorized alteration, access, loss, theft, use or disclosure. Unfortunately, no system can guarantee complete security of your information. As a result, Kept cannot ensure or warrant that your information, including your Personally Identifiable Information, is secure from unauthorized third parties. Thus, your use of the Website and communication with us about them is at your own risk.

‍

You are responsible for protecting your password(s) and for the security of information that you transmit to us over the internet.‍

‍

Children‍

‍

Our Website is directed to and is intended to be used only by persons who are 18 years of age or older. We do not knowingly collect information from children under 18. If you are under 18 years of age, you are not permitted to register for an account or otherwise submit any Personally Identifiable Information to us, including your name, address or email address. By registering for an account or submitting any Personally Identifiable Information to us, you represent and warrant that you are 18 years of age or older.

‍

If we discover that we have received any Personally Identifiable Information directly from a child under the age of 18, we will suspend the associated account and remove that information from our database as soon as possible. By registering for an account or otherwise submitting any Personally Identifiable Information to us, you represent and warrant that you are 18 years of age or older. For the avoidance of doubt, this restriction does not apply to information collected from a parent or legal guardian who provides information regarding a dependent child under the age of 18 in connection with a health insurance application, COBRA administration, or other related purpose.‍

‍

Links to Third Party Websites‍

‍

Our Website may contain links to third party websites and services, including those of third-party insurance providers and advertisers. Please note that these links are provided for your convenience and information, and the websites and services may operate independently from us and have their own privacy policies or notices, which we strongly suggest you review. This Privacy Notice applies to Kept and our Website only. We do not accept any responsibility or liability for the policies or practices of any third parties. If you choose to access any websites or services linked from our Website, please check the applicable policies before you use or submit any personal data to such website or service.‍

‍

International Jurisdictions‍

‍

The Website is hosted in the United States of America and is subject to U.S. state and federal law. The Website is not intended to subject Kept to the privacy laws or jurisdiction of any state, country or territory other than that of the United States, including the European Union. Kept does not represent that the Site is appropriate for use in any particular jurisdiction. Those who access the Site do so at their own initiative and are responsible for complying with all local laws, rules and regulations. If you are accessing our Website from other jurisdictions, please be advised that you are transferring your personal information to us in the United States, and by using our Website, you consent to that transfer and use of your personal information in accordance with this Privacy Notice. You also agree to abide by the applicable laws of applicable states and U.S. federal law concerning your use of the Website and your agreements with us. Any persons accessing our Website from any jurisdiction with laws or regulations governing the use of the Internet, including personal data collection, use and disclosure, different from those of the jurisdictions mentioned above may only use the Website in a manner lawful in their jurisdiction. If your use of the Website would be unlawful in your jurisdiction, you may not use the Website.‍

‍

Changes to Our Privacy Notice‍

‍

Kept may, in its sole discretion, change this Privacy Notice from time to time. Any and all changes to this Privacy Notice will be reflected on this page and the Effective Date will be stated at the top of this Privacy Notice. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. Users should regularly check this page for any changes to this Privacy Notice. Kept will always post new versions of the Privacy Notice on the Website. In the event that an amendment materially alters your rights or obligations, we may notify you of the amendment, such as by posting a notification to the home page of the Website, or sending a notification to you at the address we have on file for you, if any.Your continued use of the Website or communication with us after the updated Privacy Notice has been posted (or any other indication of your consent) will constitute your acceptance of the updated Privacy Notice.

‍

Please note that we may condition your continued access to our Website on your consent to changes to this Privacy Notice.‍

‍‍

Contact Us‍

‍

If you have questions or comments relating to this Privacy Notice, or if you would like us to update information we have about you or your preferences, please contact us by email at privacy@kept.io, or call us at (877) TRY-KEPT, or write to us at:

‍

Kept, Inc.

Attn: Legal Department

668 N Coast Hwy Unit 1311

Laguna Beach, CA 92651‍‍

‍

‍Kept Privacy Notice Addendum for California Residents‍

‍

‍Last updated and effective: January 1, 2024

‍

This Privacy Notice Addendum for California Residents (the “California Privacy Addendum”) supplements the information contained in Kept’s Privacy Notice (the “Privacy Notice”) and describes our collection and use of Personal Information. This California Privacy Addendum applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this notice.Note that this California Privacy Addendum does not apply to employment-related personal information collected by a company or other organization about its employees, job applicants, contractors, or similar individuals used to administer those individuals’ (or their dependents’) benefits. Please contact your local human resources department if you are a California employee and would like additional information about how we process your Personal Information.

‍

Where noted, this California Privacy Addendum also does not apply to personal information reflecting a written or verbal business-to-business communication (“B2B Personal Information”) between you and Kept, which includes the personal information of applicable broker, benefits administrator, or employer.‍

‍‍

Information We Will Collect‍

‍

Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, Kept’s Website collects, and over the prior twelve (12) months have collected, the following categories of personal information from our consumers:‍

‍

Category & Applicable Pieces of Personal Information Collected‍

‍

A. Identifiers.

‍

A real name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, employee number (when applicable), or other similar identifiers.

‍

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

‍

A name, signature, Social Security number, physical characteristics or description, address, telephone number, insurance policy number, employment, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

‍

C. Protected classification characteristics under California or federal law.

‍

We may collect your age, medical condition, physical or mental disability, and sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions) as necessary to request an insurance quote or enroll in insurance. You may also voluntarily disclose your race, color, ancestry, national origin, citizenship, religion or creed, marital status, veteran or military status, genetic information (including familial genetic information), and sexual orientation.

‍

D. Commercial information.

‍

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

‍

E. Internet or other similar network activity.

‍

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

‍

F. Professional or employment-related information.

‍

Current or past job history or performance evaluations.

‍

Personal information does not include:

‍

1. Publicly available information from government records.
2. De-identified or aggregated consumer information.
3. Information excluded from the CCPA’s scope, like: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.‍

‍

Use of Personal Information‍

‍

We may use, “sell” for monetary or other valuable consideration, or disclose the personal information we collect and, over the prior twelve (12) months, have used, “sold” for monetary or other valuable consideration, or disclosed the personal information we have collected, for one or more of the business or commercial purposes described in our Privacy Notice.

‍

Kept will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.‍

‍‍

Sources of Personal Information

Kept obtains the categories of personal information listed above from the categories of sources described in our Privacy Notice.‍

‍

Sharing Personal Information‍

‍

Kept may disclose your personal information to a third party for a business purpose or “sell” your personal information, subject to your right to opt-out of those sales (see Opt-Out and Opt-In Rights). When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.‍

‍‍

Disclosures of Personal Information for a Business Purpose‍

‍

In the preceding twelve (12) months, Kept has disclosed the following categories of personal information for a business purpose to the listed categories of third parties:

‍

A. Identifiers - Categories of Third Parties: Service providers; employers (when applicable); insurance companies and agents; affiliates, parents, and subsidiary organizations of Kept; and CMS and other government entities.

B. California Customer Records personal information categories - Categories of Third Parties: Service providers; employers (when applicable); insurance companies and agents; affiliates, parents, and subsidiary organizations of Kept; and CMS and other government entities.

C. Protected classification characteristics under California or federal law - Categories of Third Parties: Service providers; employers (when applicable); insurance companies and agents; affiliates, parents, and subsidiary organizations of Kept; and CMS and other government entities.

D. Commercial information - Categories of Third Parties: Service providers; employers (when applicable); insurance companies and agents; affiliates, parents, and subsidiary organizations of Kept; and CMS and other government entities.

E. Internet or other similar network activity - Categories of Third Parties: social media companies, Internet cookie information recipients, such as analytics and behavioral advertising services.

F. Professional or employment-related information - Categories of Third Parties: Service providers; employers (when applicable); insurance companies and agents; affiliates, parents, and subsidiary organizations of Kept; and CMS and other government entities.‍

‍

Sales of Personal Information‍

‍

As noted in our general Privacy Notice, we do not sell your personal information as the term “sell” is commonly understood to require an exchange for money. However, the California State Attorney General may issue guidance on whether the use of advertising and analytics cookies on our Website may be considered a “sale” of Personal Information as the term “sale” is broadly defined in the CCPA to include both monetary and other valuable considerations. Until such guidance has been issued, we continue to consider it a “sale” (subject to the below exceptions) in order to be as transparent as possible with users of our Website and will comply with the restrictions of the “sale” of this information to the extent technologically feasible. [This “sale” would be limited to our use of third-party advertising and analytics cookies and their use in providing you behavioral advertising and their use in understanding how people use and interact with our Website(s).

‍

However, the CCPA does not consider a disclosure to a third party when you use or direct us to intentionally disclose personal information or to interact with the third party as a “sale” of personal information, provided that the third party does not further “sell” your personal information. Accordingly, we do not consider any information that you provide to us for the purpose of disclosing it to insurance companies and agents in order to receive a quote or enroll in their insurance programs as a “sale” and will not be subject to the obligations below.In the preceding twelve (12) months, Kept has “sold” the following categories of personal information to the following categories of third parties for monetary or other valuable consideration:

‍

Internet or other similar network activity - Categories of Third Parties: Advertisers and advertising networks, Social media companies, Internet cookie information recipients, such as analytics and behavioral advertising services.‍

‍

Your Rights and Choices‍

‍

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights. You may exercise these rights yourself or through your authorized agent.‍

‍

Access to Specific Information and Data Portability Rights‍

‍

You have the right to request that Kept disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

‍

1. The categories of personal information we collected about you.
2. Our business or commercial purpose for collecting or selling that personal information.
3. The categories of sources for the personal information we collected about you.
4. The categories of third parties with whom we share that personal information.
5. The specific pieces of personal information we collected about you (also called a data portability request). We will not disclose your social security number, financial account number, health insurance or medical identification number, or your account password or security question or answers. We will also not provide specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to your personal information, your account with Kept, or the security of our systems or networks.
6. If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
   ‍

We do not provide these access and data portability rights for B2B personal information.‍

‍

Deletion Request Rights‍

‍

You have the right to request that Kept delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

‍

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

‍

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
3. Debug products to identify and repair errors on our Website that impair existing intended functionality.
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
7. Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
8. Comply with a legal obligation.
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

‍

We do not provide these deletion rights for B2B personal information.‍

‍

Exercising Access, Data Portability, and Deletion Rights‍

‍

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

‍

1. Calling us at (877) TRY-KEPT.
2. Emailing us at support@kept.io.

‍

If you (or your authorized agent) submit a request to delete your information online, we will use a two-step process in order to confirm that you want your personal information deleted. This process may include verifying your request through your email address on record, calling you on your phone number on record (which may include the use of an automated dialer), sending you a text message and requesting that you text us a confirmation, or sending you a confirmation through US mail.

‍

If you fail to make your submission in accordance with the ways described above, we may either treat your request as if it had been submitted with our methods described above, or provide you with information on how to submit the request or remedy any deficiencies with your request.

‍

Only you, or your agent that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child, where applicable. To designate an authorized agent, see Authorized Agents below. We may request additional information so we may confirm a request to delete your personal information.

‍

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

‍

1. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. This may include: We will verify you against confidential information we have on file.
2. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

‍

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

‍

For instructions on exercising sale opt-out rights, see Opt-Out and Opt-In Rights.‍

‍

Authorized Agents‍

‍

You may authorize your agent to exercise your rights under the CCPA on your behalf by registering your agent with the California Secretary of State. You may also provide your authorized agent with power of attorney to exercise your rights. If you authorize an agent, we may require that your agent provide proof that they have been authorized to exercise your rights on your behalf. We may request that your authorized agent submit proof of identity. We may deny a request from your agent to exercise your rights on your behalf if they fail to submit adequate proof of identity or adequate proof that they have the authority to exercise your rights.‍

‍

Response Timing and Format‍

‍

We will respond to a verifiable consumer request within ten (10) days of its receipt. We will generally process these requests within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option.

‍

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

‍

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.‍

‍

Opt-Out and Opt-In Rights Regarding the “Sale” of Your Personal Information‍

‍

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

‍

To exercise the right to opt-out, you (or your authorized representative) may adjust your cookie preferences by setting your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Website or other websites. You can find more information about cookies at http://www.allaboutcookies.org and http://youronlinechoices.eu.‍

‍

Non-Discrimination

‍
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

1. Deny you goods or services.
2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
3. Provide you a different level or quality of goods or services.
4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.‍

‍

Changes to This California Privacy Addendum

‍‍

Kept reserves the right to amend this California Privacy Addendum as described in our Privacy Notice. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this California Privacy Addendum, the ways in which Kept collects and uses your information described above and in the Privacy Notice, your choices and rights regarding such use, please do not hesitate to contact us through any of the contact information provided in the Privacy Notice.