California Privacy Notice.
This California Privacy Notice supplements the information contained in ThriveConnect.io's general Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act (CPRA). Any terms defined in the CCPA/CPRA have the same meaning when used in this notice.
Effective Date: June 8, 2025
Updated Date: June 8, 2025
At ThriveConnect.io ("ThriveConnect," "we," "us," or "our"), we understand that privacy is especially important when it comes to intimate wellness products. We are committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data. This notice explains your California privacy rights and how to exercise them.
B. Information We Collect (Categories of PI & SPI, Sources)
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal information"). We also collect "sensitive personal information" as defined by the CPRA.
We collect personal information from various sources, including:
Directly from you: When you create an account, make a purchase, sign up for our newsletter, contact us for support, or provide marketing preferences.
Automatically from your device: As you interact with our website, through cookies and other tracking technologies.
From our service providers: Entities that assist us in operating our business, such as payment processors and analytics providers.
The following tables detail the categories of personal information and sensitive personal information we have collected from California consumers in the preceding 12 months, along with the sources of that information.
Table 1: Categories of Personal Information Collected by ThriveConnect.io
| Category of Personal Information (CCPA/CPRA) | Specific Examples Collected by ThriveConnect.io | Sources of Collection | Collected in Past 12 Months |
|---|---|---|---|
| Identifiers | First name, last name, email address, IP address, device identifiers | Directly from you, Automatically from your device | Yes |
| Commercial Information | Billing address, shipping address, payment information (processed by partners), order details, purchase history | Directly from you | Yes |
| Internet or Other Electronic Network Activity Information | Browser type, operating system, pages visited, time spent on pages, links clicked, referring website addresses, analytics data | Automatically from your device | Yes |
| Geolocation Data | IP address (general location), billing/shipping addresses (precise location for order fulfillment) | Automatically from your device, Directly from you | Yes |
| Inferences Drawn from Other Personal Information | Profiles reflecting preferences, behaviors, or characteristics (e.g., product interests based on browsing/purchase history) | Automatically from your device, Directly from you | Yes |
Table 2: Categories of Sensitive Personal Information Collected by ThriveConnect.io
| Category of Sensitive Personal Information (CPRA) | Specific Examples Collected by ThriveConnect.io | Sources of Collection | Collected in Past 12 Months |
|---|---|---|---|
| Financial Account Information (combined with access credentials) | Payment information (processed securely by payment partners; ThriveConnect.io does not store full payment card details) | Directly from you (via payment partners) | Yes |
| Precise Geolocation | Shipping and billing addresses provided for order fulfillment | Directly from you | Yes |
| Information concerning a consumer's health, sex life, or sexual orientation | Potentially inferred from purchase history of intimate wellness products (e.g., specific product types may suggest health conditions or sexual orientation) | Directly from you (via purchase data) | Potentially |
We do not knowingly collect personal information from individuals under 18 years of age. During checkout, you are required to confirm that you meet this age requirement. If we learn we have collected information from someone under 18, we will delete that information promptly.
C. How We Use Your Information (Business & Commercial Purposes)
We use the personal information and sensitive personal information we collect for various "business purposes" and "commercial purposes" as defined by the CCPA/CPRA.
Business Purposes are operational activities that are reasonably necessary and proportionate to achieve the purpose for which the information was collected. These include:
Auditing: Verifying ad impressions, ensuring compliance with regulations, and internal controls.
Security: Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Debugging and Repair: Identifying and repairing errors that impair existing intended functionality.
Performing Services: Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services (non-targeted), providing analytic services, or providing similar services on our behalf.
Internal Research: Undertaking internal research for technological development and demonstration.
Quality and Safety Maintenance: Activities to improve, upgrade, or enhance our website and services, or to verify or maintain the quality or safety of a service or device.
Commercial Purposes are activities designed to advance our economic interests, such as inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services. These include:
Targeted Advertising (Cross-Context Behavioral Advertising): Using personal information to create personalized marketing campaigns and deliver tailored advertisements based on your activity across different websites, applications, or services.
Product Recommendations: Leveraging your purchase history and browsing behavior to suggest complementary products or services (upsell/cross-sell).
Data Monetization: (We do not sell your personal information in exchange for monetary compensation, but we may "share" it for targeted advertising as described below).
The following table details the specific purposes for which we collect and use each category of personal information and sensitive personal information:
Table 3: Purposes for Collecting and Using Personal Information by ThriveConnect.io
| Category of Personal Information / Sensitive Personal Information | Purpose of Collection/Use | Type of Purpose | Used in Past 12 Months |
|---|---|---|---|
| Identifiers (Name, email, IP address, device IDs) | Account creation, order processing, customer support, sending transactional emails, marketing communications, website improvement, security, fraud prevention, analytics | Business Purpose, Commercial Purpose | Yes |
| Commercial Information (Purchase history, billing/shipping, payment info) | Order processing & fulfillment, customer support, tax & legal compliance, product recommendations, internal research, quality control | Business Purpose, Commercial Purpose | Yes |
| Internet or Other Electronic Network Activity Information (Browsing history, usage data, analytics) | Website improvement, understanding user interaction, internal research, security, fraud prevention, targeted advertising | Business Purpose, Commercial Purpose | Yes |
| Geolocation Data (IP address, billing/shipping addresses) | Order fulfillment, fraud prevention, website improvement (regional content) | Business Purpose | Yes |
| Inferences Drawn from Other Personal Information (Profiles reflecting preferences) | Product recommendations, personalized marketing, website improvement | Commercial Purpose, Business Purpose | Yes |
| Financial Account Information (via payment partners) | Payment processing, fraud prevention | Business Purpose | Yes |
| Information concerning a consumer's health, sex life, or sexual orientation (Potentially inferred from purchase history) | (If inferred) Product recommendations, personalized content | Commercial Purpose | Potentially |
D. How We Share Your Information (Categories of Recipients, Purposes)
We value your privacy and limit the sharing of your information. We may disclose your personal information to certain categories of third parties for business or commercial purposes.
Clarification of "Sharing": The CPRA defines "sharing" as sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. This means that even if we do not "sell" your data in exchange for money, certain transfers of personal information for targeted advertising purposes are considered "sharing" under California law.
We may share your data with the following categories of recipients for the purposes described:
Service Providers: We work with trusted third parties who perform services on our behalf and are contractually obligated to protect your data and use it only for the purposes for which we provide it. These include:
Payment Processing: Squarespace Payments and PayPal process payments securely on our behalf.
Email Services: Beehiiv or Mailchimp help us send transactional and marketing emails and manage our mailing list.
Analytics: Google Analytics helps us understand website usage and traffic patterns.
Shipping Partners: Carriers like USPS, UPS, or FedEx deliver your orders.
Marketing Partners: (If applicable) Entities that assist with targeted advertising based on your preferences and online activity.
Legal Requirements: We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: If we sell or transfer our business, assets, or operations (e.g., in a merger, acquisition, or bankruptcy), your information may be included as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
The following table details the categories of personal information we have disclosed, sold, or shared in the past 12 months, and with whom.
Table 4: Categories of Personal Information Disclosed, Sold, or Shared in the Past 12 Months
| Category of Personal Information | Categories of Third Parties to Whom Disclosed/Shared | urpose of Disclosure/Sharing | Disclosed/Shared in Past 12 Months |
|---|---|---|---|
| Identifiers | Service Providers (Payment Processors, Email Services, Analytics Providers, Shipping Partners, Marketing Partners), Legal Authorities, Acquiring Entities (in business transfer) | Order fulfillment, customer support, marketing communications, website analytics, targeted advertising, fraud prevention, legal compliance, business operations | Yes |
| Commercial Information | Service Providers (Payment Processors, Email Services, Analytics Providers, Shipping Partners, Marketing Partners), Legal Authorities, Acquiring Entities | Order fulfillment, customer support, marketing communications, website analytics, targeted advertising, fraud prevention, legal compliance, business operations | Yes |
| Internet or Other Electronic Network Activity Information | Service Providers (Analytics Providers, Marketing Partners), Legal Authorities, Acquiring Entities | Website analytics, targeted advertising, website improvement, fraud prevention, legal compliance, business operations | Yes |
| Geolocation Data | Service Providers (Shipping Partners, Analytics Providers), Legal Authorities, Acquiring Entities | Order fulfillment, website analytics, fraud prevention, legal compliance, business operations | Yes |
| Inferences Drawn from Other Personal Information | Service Providers (Marketing Partners, Analytics Providers), Acquiring Entities | Targeted advertising, personalized content, website improvement, business operations | Yes |
| Financial Account Information | Service Providers (Payment Processors) | Payment processing, fraud prevention | Yes |
| Information concerning a consumer's health, sex life, or sexual orientation (Potentially inferred) | Service Providers (Marketing Partners, Analytics Providers) | Targeted advertising, personalized content | Potentially |
We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.
E. Data Retention Periods
We retain your personal information and sensitive personal information only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide you with services (e.g., for as long as you have an account with us).
Whether there is a legal obligation to which we are subject (e.g., certain laws require us to keep records of your transactions for a certain period before we can delete them).
Whether retention is advisable in light of our legal position (e.g., for statutes of limitations, litigation, or regulatory investigations).
The following table details our data retention periods by category of personal information:
Table 5: Data Retention Periods by Category of Personal Information
| Category of Personal Information / Sensitive Personal Information | Retention Period | Reason for Retention |
|---|---|---|
| Account Information (Identifiers) | Active accounts plus 3 years after closure | Account management, customer support, fraud prevention |
| Order History (Commercial Information) | Typically 7 years | Tax and legal compliance, customer support, warranty purposes |
| Marketing Data (Identifiers, Commercial, Internet Activity, Inferences) | 2 years from last interaction, unless you opt out sooner | Marketing analysis, personalized communication |
| Payment Information (Financial Account Information) | We do not store full payment card details; our payment processors retain this data according to PCI DSS requirements. | Payment processing, fraud prevention, legal compliance |
| Device and Browser Information, Usage Data, Analytics Data (Internet Activity, Geolocation) | Up to 26 months (for Google Analytics data), or as necessary for security and website improvement | Website improvement, security, fraud prevention, analytics |
| Communication Data (Identifiers) | As long as necessary to address inquiries, typically up to 3 years after resolution | Customer support, record keeping |
| Inferred SPI (Health, Sex Life, Sexual Orientation) | As long as the underlying PI is retained for marketing purposes, unless you limit its use | Personalized content, marketing analysis |
F. Your California Privacy Rights
As a California resident, you have specific rights regarding your personal information under the CCPA/CPRA. These rights include:
The Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose:
The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling/sharing that personal information.
The categories of third parties with whom we disclose, sell, or share that personal information.
The specific pieces of personal information we collected about you (also known as a data portability request).
The Right to Delete: You have the right to request that we delete any of your personal information that we collected from you, subject to certain exceptions. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may seriously impair or render impossible the research's achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
The Right to Correct Inaccurate Personal Information: You have the right to request that we correct inaccurate personal information that we maintain about you.
The Right to Opt-Out of Sale or Sharing: You have the right to direct us to stop selling or sharing your personal information. This means that whenever you request us to stop selling or sharing your personal information for cross-context behavioral advertising, we will abide by your request. Such requests can be made freely, at any time, without submitting any verifiable request.
The Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): You have the right to direct us to limit the use and disclosure of your sensitive personal information to only that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer who requests such goods or services.
The Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. Unless permitted by the CCPA/CPRA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate of goods or services or a different level or quality of goods or services.
The Right to Data Portability: You have the right to request your personal information in a portable, readily usable format that allows you to transmit it to another entity without hindrance.
The Right to Access Information about Automated Decision-Making: You have the right to request information about our use of automated decision-making technology, including profiling, and the likely outcomes of such processes.
G. How to Exercise Your California Privacy Rights
To exercise the rights described above, please submit a verifiable consumer request to us by using one of the following designated methods:
Toll-Free Number:
Online Web Form:
Email: privacy@thriveconnect.io
Mailing Address:
ThriveConnect.io
Lindenhurst, IL 60046
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
Verification Process: To protect your privacy, we will need to verify your identity before processing your request. We will ask for sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. This may include matching information you provide with personal information we already have on file. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timelines:
For Right to Know, Delete, and Correct requests, we will endeavor to respond within 45 calendar days of receiving your verifiable request. If we require more time (up to an additional 45 days), we will inform you of the reason and extension period in writing.
For Opt-Out requests, we will comply with your request within 15 business days of receipt. We will wait at least 12 months before asking whether you have changed your mind about opting out.
Right to Appeal: If we deny your request, you may have the right to appeal our decision. We will provide you with information about how to appeal our decision at the time of denial.
H. "Do Not Sell or Share My Personal Information" & "Limit the Use of My Sensitive Personal Information"
We provide you with mechanisms to exercise your rights to opt-out of the sale or sharing of your personal information and to limit the use of your sensitive personal information.
"Do Not Sell or Share My Personal Information": While we do not sell your personal information in exchange for monetary compensation, we may "share" your personal information for cross-context behavioral advertising purposes (e.g., through the use of analytics and marketing partners). You have the right to opt-out of this sharing. To exercise this right, please click on the "Do Not Sell or Share My Personal Information" link prominently displayed on our website homepage (usually in the footer) or use the designated methods listed in the "How to Exercise Your California Privacy Rights" section above.
"Limit the Use of My Sensitive Personal Information": If we collect or process Sensitive Personal Information about you, you have the right to limit its use and disclosure to only those purposes necessary to perform the services or provide the goods you requested. To exercise this right, please click on the "Limit the Use of My Sensitive Personal Information" link prominently displayed on our website homepage (usually in the footer) or use the designated methods listed above. If we do not process your sensitive personal information for purposes that would trigger this right, we will communicate that clearly to you.
I. Children's Privacy (Minors under 16)
Our website and products are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected personal information from someone under 18, we will delete that information promptly.
For minors between 13 and 16 years of age, we would obtain opt-in consent before selling or sharing their personal information. For minors under 13 years of age, we would obtain opt-in consent from a parent or legal guardian before selling or sharing their personal information. If a minor opts out of the sale or sharing of their personal information, we are required to wait 12 months before requesting consent again. Please be aware that the CPRA increases penalties for violations involving minors.
J. Changes to This Policy
We may update this California Privacy Notice from time to time to reflect changes in our practices or relevant laws. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date at the top of this notice. We encourage you to review this policy periodically to stay informed about how we are protecting your information. We are committed to reviewing and updating this policy at least every 12 months to ensure ongoing compliance.
K. Contact Us
If you have questions about this California Privacy Notice or our privacy practices, please contact us:
Email: privacy@thriveconnect.io
Toll-Free Number:
Mailing Address:
ThriveConnect.io
Lindenhurst, IL 60046
For privacy-related requests, we will respond within 30 days.