Privacy Policy

Last Modified: September 11, 2025

This Privacy Policy (“Privacy Policy”) describes the types of information Pagoda Labs and any of its subsidiaries or affiliates (collectively, “Company”, “we”, “us”, or “our”) collects, uses, and shares about you when you visit or use our website at https://www.getpagoda.com/ (the “Site”) and all related products, services, features, tools, web applications, and content offered by Company or when you otherwise contact or interact with us (collectively, the “Services”). The terms “you” and “your” refers to you, the user. If you are using the Service on behalf of a business, association, or other entity, “you” or “your” will also refer to such business, association, or other entity, unless the context clearly dictates otherwise. You agree that you are authorized to consent to these terms on behalf of such business, association, or other entity, and we can rely on this. This Privacy Policy also explains how Company may use and share your Personal Information (as defined in Section 1), as well as the choices available to you. 

By using/continuing to use the Services, you acknowledge you have read and understand and agree to the collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy, and you agree to our Terms of Service which are incorporated by reference. If you do not agree, please do not access or use the Services. 

Eligibility to Use the Services

To use the Services you must be, and represent and warrant that you are, at least the age of majority in your state, province or jurisdiction of residence and competent to agree to these terms; or if you are under the age of majority in your state, province or jurisdiction of residence, you represent and warrant that your parent or legal guardian has reviewed this Privacy Policy with you and accepts them on your behalf; parents or legal guardians are responsible for the activities of their minor dependents while using the Services.

Terms and Conditions

If you choose to access or use the Services, your access and use, and any dispute over privacy is subject to this Privacy Policy and our Terms of Service, including, but not limited to, limitations on damages and resolution of disputes. 

1. Personal Information We Collect

Generally, we collect four (4) types of information about you: (A) information and content you give us directly; (B) information we obtain automatically when you use our Services; (C) demographic information; and (D) information we get about you from other sources. When we talk about “Personal Information” in this Privacy Policy, we are talking about any information collected in accordance with this section. Please see below for more information on each category.

A. Information and Content You Give Us Directly

  1. Personal Information. Personal information, such as your name, address, e-mail address, username, password, phone number, contractor licensing information, and any other information you directly provide us on or through the Services. 
  2. Email Correspondences. Records and copies of your email messages together with your email address and our responses, if you choose to correspond with us through email.
  3. Transaction Information. We or service providers working on our behalf may collect information and details about any purchase or transactions made on the Service. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping, and contact details. We do not collect or store payment card information ourselves; rather we rely on third party payment processors (e.g., Braintree (PayPal) and Amazon Pay) to store and process this information as part of the Service.  

B. Information We Obtain Automatically When You Use Our Services

  1. Activity Information. Details of your visits to our Services, including the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; the time, frequency, and duration of your activities; and other information about your use of and actions on the Services.
  2. Equipment Information. Information about your computer and internet connection, including your device or computer operating system, IP address, browser type, and browser language.
  3. Location Information. Information about the location of your device, including GPS location, for purposes of enhancing or facilitating the Services. For example, we may use information about the location of the device you are using to help us understand how the Services and functionality are being used and to deliver more relevant advertising. If you do not want to share your location, you can disable location sharing in the settings on your device.
  4. Cookies, Pixel Tags/Web Beacons, and Other Technologies. Cookies, pixel tags, web beacons, clear GIFs, javascript, entity tags, HTML5 local storage, resettable device identifiers, or other similar technologies (collectively, the “Technologies”) may be used by us, as well as third parties that provide the content, advertising, or other functionality on the Services to automatically collect information through your use of the Services. Please see Section 8 for more information on the technologies we may use for this automatic data collection.

C. Information We Get About You from Other Sources

We may receive information about you from other sources and add it to our information, including from third-party services and organizations who have the right to provide us with such information. We protect this information according to the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. These sources may include: online and offline data providers, from which we obtain demographic, interest-based, and online advertising related data; publicly-available sources such as open government databases or social networks; and service providers who provide us with information, and updates to that information, based on their relationship with you. By gathering additional information about you, we can correct inaccurate information, enhance the security of your transactions, and give you product or service recommendations and special offers that are more likely to interest you.

D. Demographic Information

We may collect demographic, statistical, or other aggregate information that is about you, but individually does not identify you. Some of this information may be derived from Personal Information, but it is not Personal Information and cannot be tied back to you. Examples of such aggregate information include gender, age, and race.

2. How We Use Your Information

We may use the information we collect about you in a variety of ways, to provide our Services, for administrative purposes, and to market and advertise our Services and products.

A. We Use Your Personal Information to Provide Our Services

We may use your Personal Information to:

  1. provide the Services (including facilitating transactions) and its content to you.
  2. respond to comments, questions, and provide customer service.
  3. communicate with you about an account. 
  4. inform you about important changes to, or other news about, the Services or any of its features or content.
  5. fulfill any other purpose for which you provide Personal Information.

B. We Use Your Information for Administrative Purposes

We may use your Personal Information to:

  1. operate, maintain, improve, personalize, and analyze the Services.
  2. monitor and analyze trends, usage, and activities for marketing or advertising purposes.
  3. detect, prevent, or investigate security breaches, fraud, and other unauthorized or illegal activity.
  4. carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  5. maintain appropriate records for internal administrative purposes.
  6. allow you to participate in interactive features on the Services (including to post testimonials).
  7. develop, improve, train, and analyze our predictive and non-predictive models, both experimental and underlying the Service.

C. We Use Your Information to Market and Advertise Our Services and Products.

We may use your Personal Information to: 

  1. send promotional communications, such as information about features, newsletters, offers, promotions, contests, and events.
  2. share information across Services and devices to provide a more tailored and consistent experience on the Services.
  3. develop, test, and improve new products or services, including by conducting surveys and research and testing and troubleshooting new products and features.

3. How We May Share or Disclose Your Information 

We may share or disclose aggregated or anonymized information about our users to third parties for a variety of business purposes without any restrictions, including to provide our Services and/or to protect us or others. We may also share or disclose information in the event of a major business transaction such as a merger, sale, or asset transfer. The following circumstances describe in additional detail the ways we may share or disclose your Personal Information that we collect or that you provide under this Privacy Policy:

A. We Disclose Your Information to Provide Our Services

  1. Subsidiaries and Affiliates. We may share your Personal Information with our parent companies, subsidiaries, joint ventures, and affiliated companies for purposes of management and analysis, decision-making, and other business purposes, consistent with this Privacy Policy. Legal basis: Art. 6(1)b GDPR (situation similar to contract).
  2. Service Providers. We may share your Personal Information with our third-party service providers, contractors, and any other similar third parties that help us provide our Services. This may include service providers that help us with analytics services or support services, website hosting, email and postal delivery, location mapping, product and service delivery. Service providers are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. Some of our aspects of our Services utilize framing techniques to serve content to you from our third-party providers, while preserving the look and feel of the Services. In such cases, please note that the information you provide is being provided to the third party. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
  3. Advertising/Marketing Service Providers. We may share your Personal Information with marketing service providers to assess, develop, and provide you with promotions and special offers that may interest you, administer contests, sweepstakes, events, or for other promotional purposes. Legal basis: Art. 6(1)f GDPR (legitimate interest).
  4. Business Partners. We may share your Personal Information with our business partners to provide you with a product or service that you have requested, consistent with this Privacy Policy and the required purpose. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
  5. Consent or to Fulfill the Purpose that Information was Provided. We may share your Personal Information to fulfill the purpose for which you provide that information, with your consent, or for any other purpose disclosed by us when you provide the information. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
  6. Improvement of Artificial Intelligence (“AI”). We may share your Personal Information with our third-party service providers of products, features, and/or tools powered by AI, machine learning, or similar technologies to assess, develop, improve, train, and exchange predictive/generative modeling and data analytics for purposes of improving outcomes. For example, we may use your Personal Information as a part of a data set that will be used to improve the accuracy of our product outcomes predictive/generative modeling algorithms (e.g., AI search functionality). Legal basis: Art. 6(1)f GDPR (legitimate interest). 

B. We May Disclose Your Information in the Event of a Merger, Sale or Other Asset Transfers

If we become involved in a merger, acquisition, financing due diligence, divestiture, restructuring, reorganization, bankruptcy, dissolution, sale, or transfer of some or all of our assets (whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding), or transition of Services to another provider, your Personal Information may be sold or transferred to business entities or people involved in such process. Legal basis: Art. 6(1)f GDPR (legitimate interest).

c. We Disclose Your Information to Protect Us or Others

  1. When Required by Law. We may share your Personal Information to comply with any court order, law, or legal process, including to respond to any government or regulatory request. Legal basis: Art. 6(1)c GDPR (legal obligation).
  2. To Enforce Our Rights. We may share your Personal Information to enforce or apply this Privacy Policy, our Terms of Service, and other agreements, including for billing and collection purposes. Legal basis: Art. 6(1)b GDPR (situation similar to contract).
  3. To Protect Lawful Interests. We may share your personal information if we believe disclosure will help us protect the rights, property, or safety of Company, our users, partners, agents, and others. This may include exchanging information with other companies and organizations for fraud protection, and spam and malware prevention. Legal basis: Art. 6(1)b GDPR (situation similar to contract); Art. 6(1)f GDPR (legitimate interest).

Personal Information that you post on or through the public areas of the Services (e.g., blog comments, testimonials, forums, chat rooms, bulletin boards, and discussion groups) are generally accessible to, and may be collected and used by, others which may result in unsolicited messages or other contact from others. Users of the Services are encouraged to exercise caution when providing personal information about themselves in public or interactive areas.

4. Your Privacy Choices and Rights

You have certain choices and rights with respect to your privacy. For example, you may be able to opt out of receiving marketing messages from us, make choices regarding cookies, and exercise other privacy rights under applicable law.

1. Mechanisms to Control Your Information

  1. Cookies and Other Tracking Technologies. You may be able to set your browser to reject cookies and certain other technologies by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers have preferences that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed, or allow you to remove or reject the use or installation of certain technologies altogether. We recommend that you refer to the “Help” menu in your browser to learn how to modify your browser settings. If you disable or refuse cookies, please note that some parts of the Services may become inaccessible or may not function properly.
  2. Communications from Company. If you do not wish to have your contact information used by Company to promote our own or third-party products or services, you can opt-out by: (1) informing us of your preference at the time you sign up for your Services account (if applicable), or complete any other form on or through the Services which we collect your data; (2) modifying your user preferences in your account profile by checking or unchecking the relevant boxes (if applicable); (3) following the opt-out instructions at the bottom of the promotional emails or text messages we send you; or (4) sending us an email stating your request. Please note that we may also send you non-promotional communications, however you will not be able to opt-out of these communications (e.g., transactional communications, including emails about your account; communications regarding our Services; and communications about updates to this Privacy Policy and the Terms of Service). 
  3. “Do Not Track”. "Do Not Track" (“DNT”) is a privacy preference you can set in certain web browsers. When you turn on this preference, it sends a signal or message to the websites you visit indicating that you do not wish to be tracked. Please note that we currently do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiativethe Digital Advertising Alliancethe European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

B. Accessing and Correcting Your Information

In accordance with applicable law, you may have the right to: 

  1. Access Personal Information. You may access Personal Information about you, including: (1) confirming whether we are processing your Personal Information; (2) obtaining access to or a copy of your Personal Information; and (3) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (the "right of data portability"). 
  2. Request Correction of Personal Information. You may request correction of your Personal Information where it is inaccurate, incomplete, or improperly possessed.
  3. Request Deletion/Erasure of Personal Information. You may request deletion/erasure of your Personal Information held by us about you. Please note: we cannot delete your Personal Information except by also deleting your account.
  4. Restrict/Opt-out of Processing. You may request to restrict/opt-out of the processing of your Personal Information, including for the purpose(s) of: (1) targeted advertising; (2) sale or sharing of personal information; or (3) profiling to make decisions that have legal or other significant effects on you. 
  5. Withdraw Consent. You may have the right to withdraw consent where such consent is required to share or use Personal Information.

If you would like to exercise any of these rights, you may send us an email at contact@getpagoda.com to request access to, correction of or removal of any Personal Information that you have provided to us. We will process such requests in accordance with applicable law. 

The following are additional consumer privacy rights:

  1. Non-Discrimination. Residents have the right not to receive discriminatory treatment by covered businesses for the exercise of their rights conferred by the applicable privacy law.
  2. Verification. To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include asking you to answer questions regarding your account (if applicable) and use of our Services.

C. State Specific Privacy Rights

A number of states require us to provide residents of those states with additional information and rights. Please go to the end of the document to see a list of those states and links to the state-specific disclosures. 

D. Your Right to Appeal

If you are dissatisfied with the refusal of Company to take action in accordance with the exercise of your rights in the “Accessing and Correcting Your Information” section above, you may request reconsideration by Company, by sending a written request for reconsideration to the mailing address found in the “Contact Information” section below. Within sixty (60) days (or such shorter period of time as required by applicable law) of Company’s receipt of such written request for reconsideration, Company shall inform you in writing (at the address indicated in your initial written request) of any action taken or not taken in response to your request for reconsideration, including a written explanation of the reasons for the decision. In addition, if your request for reconsideration is denied, you have the right to appeal to the applicable supervisory authority in your jurisdiction of residence (see subsection (E) below and the state-specific privacy notices for more information).

E. Complaints to Data Protection Authority

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

5. How We Protect Your Information

We have implemented safeguards reasonably designed to secure your Personal Information. Such safeguards include the implementation of various technical, physical, administrative and organizational security measures intended to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information. All information you provide to us is stored on our secure servers behind firewalls.

The safety and security of your information is also dependent on you. If we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

While we have employed security technologies and procedures to assist safeguarding your Personal Information, no system or network can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.

6. International Transfer of Personal Information

If you provide Personal Information through the Services, you acknowledge and agree that such Personal Information may be transferred from your current location to the offices and servers of Company and the other third parties referenced in this Privacy Policy located in the United States, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of such laws, where applicable. 

7. Personal Information Retention Period

We keep your information for the length of time needed to carry out the purpose outlined in this Privacy Policy and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations. Where we retain data, we do so in accordance with our record retention policies and any limitation periods and records retention obligations that are imposed by applicable law.

8. Cookies and Other Technologies

A. Description of the Technologies. We as well as third parties that provide the content, advertising, or other functionality on the Services may use Technologies to automatically collect information through your use of the Services. The following describes some of these Technologies we may use for this automatic data collection:

  1. Cookies. A cookie is a small data file stored on the hard drive of your computer either for (1) the duration of your visit on a website ("session cookies") or (2) for a fixed period ("persistent cookies"). Cookies contain information that can later be read by a web server. We may use cookies to provide you with a more personal and interactive experience on the Services. 
  2. Web Beacons. Web beacons are small files that are embedded in webpages, applications, and emails (also known as "clear gifs", "pixel tags", "web bugs", and "single-pixel gifs") that collect information about engagement on our Services. For example, web beacons allow us to track who has visited those webpages or opened an email, to test the effectiveness of our marketing, and for other related website statistics.
  3. JavaScripts. JavaScripts are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components.
  4. Entity Tags. Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or "cached" within your browser and validates these caches when the website is opened, accelerating website performance since the web server does not need to send a full response if the content has not changed.
  5. HTML5 Local Storage. HTML5 local storage allows data from websites to be stored or "cached" within your browser to store and retrieve data in HTML5 pages when the website is revisited.
  6. Resettable Device Identifiers. Resettable device identifiers (also known as "advertising identifiers") are similar to cookies and are found on many mobile devices and tablets (for example, the "Identifier for Advertisers" or "IDFA" on Apple iOS devices and the "Google Advertising ID" on Android devices), and certain streaming media devices. Like cookies, resettable device identifiers are used to make online advertising more relevant.

B. Our Uses of the Technologies. We may also use these technologies for security purposes, to facilitate navigation, to display information more effectively, and to better serve you with more tailored information, as well as for Site administration purposes (e.g., to gather statistical information about the usage of the Site in order to continually improve the design and functionality), to understand how users use the Site, and to assist us with resolving questions regarding use of the Site.

C. Mechanisms to Control Cookies and Other Technologies. You may be able to set your browser to reject cookies and certain other technologies by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers have preferences that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed, or allow you to remove or reject the use or installation of certain technologies altogether. We recommend that you refer to the “Help” menu in your browser to learn how to modify your browser settings. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of the Service may become inaccessible or may not function properly.

D. Third Party Technologies. This Privacy Policy covers the use of cookies by Company and does not cover the use of tracking technologies by any third parties. The Services may contain links, content, advertising, or references to other websites or applications run by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you interact with their content on the Services, such as customer recruitment vendors using Web beacons and cookies on our contact pages. The information they collect may be associated with your Personal Information or they may collect information about your online activities over time and across different websites. Please be aware that we do not control these third parties' tracking technologies or when and how they may be used. Therefore, Company does not claim nor accept responsibility for any privacy policies, practices, or procedures of any such third party. We encourage you to read the privacy statements and terms and conditions of linked or referenced websites you enter. We do not endorse, screen, or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk. If you have any questions about an ad or other targeted content, you should contact the responsible provider directly.

E. Google, Meta and Other Analytics. The Services may use Google Analytics, Meta Pixel and other analytic service providers, which use cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. These services may also collect information regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout. You can learn about Meta’s practices by going to https://www.facebook.com/privacy/center/

9. Children Using or Accessing The Services

We are especially committed to protecting the privacy of children. Company’s Services are directed at a general audience over the age of eighteen (18) and are not intentionally targeted to children, and Company does not knowingly collect personal information directly from children under the age of thirteen (13) (“Child” or “Children”) without the consent of the Child’s parent or legal guardian. If we learn that we have inadvertently collected or received Personal Information from a Child without such consent, we will use reasonable efforts to immediately remove such information, unless we have a legal obligation to keep it. If you are a parent or legal guardian and think your Child has given us information without your consent, please contact us via the information found in the “Contact Information” section below. 

10. Changes to Our Privacy Policy

We reserve the right to update this Privacy Policy from time to time in order to reflect, changes to our practices or for other operational, legal, or regulatory reasons. When we do update this Privacy Policy, we will post the updates and changes on the Site. We may elect to notify you of material changes by mail, email, posting of modified Privacy Policy, or some other similar manner. However, it is your responsibility to check the Site regularly for changes to this Privacy Policy. Your continued use of or access to the Services following the posting of any changes to this Privacy Policy constitutes acceptance of those changes.

11. Third-Party Websites and Applications

Our Services may offer links to websites or applications that are not run by us but by third parties. These third-party services, websites or applications are not controlled by us, and may have privacy policies that differ from our own. We encourage our users to read the privacy policies and terms and conditions of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk.

12. Contact Information 

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at contact@getpagoda.com

California Privacy Notice

California law requires us to disclose certain information related to our privacy practices. This California Privacy Notice (the “CA Notice”) supplements the information contained in the Pagoda Labs Privacy Policy (the “Privacy Policy”) and applies solely to all visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA), and California Privacy Rights Act of 2020 (CPRA) (together, the “CCPA”) and any terms defined under the CCPA have the same meaning when used in this CA Notice. Capitalized terms used but not defined herein shall have the respective meanings set forth in the Privacy Policy. As used in this CA Notice only, “personal information” has the meaning set forth in the CCPA. 

To understand our privacy practices, you should refer to our Privacy Policy in addition to this supplement applicable to California residents.

1. Categories of Personal Information Collected and Disclosed 

The CCPA provides California residents with the right to know what categories of personal information covered businesses have collected about them and whether such businesses have disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding twelve (12) months. This information can be found in the table below: 

table of privacy policy terms, discussing the category of Information collected along with It's third party disclosures

We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the personal information was collected. The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in "Personal Information We Collect" and "How We Use Your Information" of the Privacy Policy, respectively.

We may share any of the information listed above with service providers, which are companies that we engage for business purposes to conduct activities on our behalf. Service providers are restricted from using personal information for any purpose that is not related to our engagement.

2. “Sales” or “Sharing” of Personal Information under the CCPA 

California residents have the right to opt out of the “sale” or “sharing” of their personal information to third parties. The CCPA defines “sale” to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for monetary or other valuable consideration (which may be considered “sales” under the CCPA even if no money is exchanged). The CCPA defines “sharing” to mean sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration. We have "sold" or “shared” personal information with the following third parties in the preceding twelve (12) months: 

table of privacy policy terms, discussing the category of Information sold and shared along with It's third party disclosures

3. Other California Consumer Privacy Rights 

California residents have additional rights regarding their personal information. This section describes those additional rights and explains how to exercise those rights.

  1. Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth in “Contact Information” in the Privacy Policy and provide written authorization signed by you and your designated agent.
  2. California Shine the Light. The California "Shine the Light" law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. If you are a California resident and would like to exercise any of your rights under the law, please contact us as set forth in the "Contact Information" section of the Privacy Policy. We will process such requests in accordance with applicable laws.
  3. Opt-out of "Sales or Sharing". California residents may opt-out of the "sale or sharing" of their personal information by contacting us as set forth in the "Contact Information" section of the Privacy Policy. California residents (or their authorized agent) may also exercise your right to limit the disclosure of your sensitive personal information, by clicking on this Limit the Use of My Sensitive Personal Information link. Please note: You may also broadcast an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal).

Multi-State Privacy Notice

Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia may have additional rights under relevant privacy laws, including under the Colorado Privacy Act (“CPA”), Connecticut Data Privacy Act (“CTDPA”), Delaware Personal Data Privacy Act (“DPDPA”), Iowa Consumer Data Protection Act (“ICDPA”), Minnesota Consumer Data Privacy Act (effective July 31, 2025) (“MNCDPA”), Montana Consumer Data Privacy Act (“MTCDPA”), Nebraska Data Privacy Act (“NDPA”), New Hampshire Consumer Data Privacy Act (“NHCDPA”), New Jersey Data Protection Act (“NJDPA”), Oregon Consumer Privacy Act (“OCPA”), Tennessee Information Protection Act (effective July 1, 2025) (“TIPA”), Texas Data Privacy and Security Act (“TDPSA”), Utah Consumer Privacy Act (“UCPA”), and Virginia Consumer Data Protection Act (“VCDPA”), as applicable. The following additional information is required to be provided by covered businesses under applicable state laws. This Multi-State Privacy Notice (the “Multi-State Notice”) supplements the information contained in the Pagoda Labs Privacy Policy (the “Privacy Policy”) and applies solely to all visitors, users, and others who reside in the States of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia ("consumers" or "you"). We adopt this notice to comply with relevant privacy law. Capitalized terms used but not defined herein shall have the respective meanings set forth in the Privacy Policy.

To understand our privacy practices, you should refer to our Privacy Policy in addition to this supplement.

1. Sharing / Disclosing Personal Data

The CPA, CTPDA, DPDPA, ICDPA, MNCDPA, MTCDPA, NDPA, NHCDPA, NJDPA, OCPA, TIPA, TDPSA, UCPA and VCDPA  requires covered businesses to provide residents of their respective states with the right to know the categories of “personal data” (as defined under applicable law) covered businesses shared with /disclosed to third parties and the categories of third parties with whom such personal data has been shared / disclosed. Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia can find this information below: 

table of privacy policy terms, discussing the category of Information sold and shared along with It's third party disclosures

2. “Sales” or Processing for Targeted Advertising

Residents of Colorado, Connecticut, Delaware, Iowa, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah and Virginia have the right to opt-out of the “sale” of their personal data to third parties or the processing of their personal data for targeted advertising (see the “Accessing and Correcting Your Information” section above). For purposes of this paragraph the definition of “targeted advertising”, “sale”, “sell” or “sold” has the meaning set forth in applicable privacy law. However, please note, in accordance with applicable privacy law certain specific exceptions to “sale” and/or “targeted advertising” may apply, including the disclosure of personal data to a processor that processes personal data on behalf of a controller. If a consumer wishes to exercise their right to opt-out of the sale of personal data or processing of personal data for targeted advertising, they may do so by following this Data Opt Out link. The categories of personal data “sold” or processed for targeted advertising personal data in the preceding twelve (12) months can be found below: 

table of privacy policy terms, discussing the category of Information sold and shared along with It's third party disclosurestable of privacy policy terms, discussing the category of Information sold and shared along with It's third party disclosures

3. State-Specific Rights to Opt-Out

  1. Colorado, Connecticut, Delaware, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas and Virginia. Residents of Colorado (or an authorized agent thereof), Connecticut (or an authorized agent thereof), Delaware, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Montana, Oregon, Tennessee, Texas and Virginia may request to opt-out of the processing of your personal data for the purpose(s) of: (i) targeted advertising; (ii) sale of personal data; or (iii) profiling to make decisions that have legal or other significant effects on you. If you would like to exercise this right, you may send us an email to request to opt-out. We will process such requests in accordance with applicable law. Please note: You may broadcast an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). 
  2. Iowa and Utah. Iowa and Utah residents may request to opt-out of the processing of your personal data for the purpose(s) of: (i) targeted advertising; or (ii) sale of personal data. If you would like to exercise this right, you may send us an email to request to opt-out. We will process such requests in accordance with applicable law.

4. Connecticut Right to Appeal a Denied Appeal

If you are a resident of the State of Connecticut and your request for reconsideration of Notable’s refusal to take action in accordance with the exercise of your rights in the “Accessing and Correcting Your Personal Information” section of the Privacy Policy is denied, you have the right to file a complaint with the Connecticut Office of the Attorney General by visiting the “File a Compliant” page here or contacting the Consumer Assistance Unit at 860-808-5420.

5. Additional Minnesota Rights

If you are a resident of the State of Minnesota, you have the right to: (a) request the specific third parties to whom Company has disclosed Personal Information; and/or (b) question the results of Company’s profiling to the extent it produced legal effects.

Nevada Privacy Notice

Nevada law requires us to provide all visitors, users, and others who reside in the State of Nevada ("you") certain additional privacy rights. This Nevada Privacy Notice (the “NV Notice”) supplements the information contained in the Pagoda Labs Privacy Policy (the “Privacy Policy”) and applies solely to you. If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to sell or license that Personal Information, even if your Personal Information is not currently being sold. If you would like to exercise this right, please contact us via the information found in the “Contact Information” section of the Privacy Policy.