Version: 2026-04-02

Privacy Policy

Last updated on: April 2, 2026

Contents

This privacy policy ("Policy") explains how the Quincy News family of companies, including Quincy News, LLC, Quincy Data, LLC, McKay Brothers, LLC, McKay Brothers International SA, and our respective affiliates (collectively, "Quincy", "McKay", "we", "us" or "our") collects, stores, uses, and discloses personal data about you, how we use it, how and when it may be shared, the rights and choices you have with respect to your personal data, how we communicate with you and how you can make requests or submit inquiries to us about your personal data.

What Does This Policy Cover

This Policy applies to personal data we collect both online and offline, including personal data we collect through our customer portal and public-facing websites (collectively the "Sites") in connection with products and services we offer to you or the entity you represent (together with the Sites, the "Services"), and any other interactions you may have with us including at or through conferences, events, electronic newsletters or communications, or job postings and applications.

In this Policy, "personal data" means any information that identifies, relates to, describes, is reasonably capable of being associated with or reasonably can be used to identify an individual or household and other data that is linked to personal data or is otherwise defined as "personal data," "personal information," or "personally identifiable information" by applicable laws.

You have choices when it comes to the use of our Services and the data you share. When we ask you to provide personal data, you can decline. Our products and services may require some personal data to provide you with the service or access to a service. If you choose not to provide data required to provide you with a product or feature, you cannot use that product or feature. Similarly, where personal data collection is necessary to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or, if this relates to an existing product or service, we may have to cancel or suspend it.

How This Policy Is Updated

We may modify this Policy from time to time. If we make changes, we will revise the "Last Updated" date at the top of the Policy on our Sites and, where necessary or required, use reasonable efforts to provide you additional notification by sending you an email. We encourage you to review this Policy regularly to stay informed of our privacy practices and the choices available to you.

Information We Collect

The personal data we collect about you depends on how you interact with us. We describe below the categories of personal data we collect and the sources of this information.

Information You Provide to Us

We collect personal data from you when you visit our Sites, including purchasing a subscription through our online store, accessing our customer portal, requesting a passwordless "magic link," sending us an email, filling out a form, subscribing to our newsletter, responding to a survey or job posting, interacting with us on social media, or otherwise communicating with us. Types of personal data we may collect include:

  • Contact information such as your name, email address, telephone number, and mailing address;
  • Account and authentication information such as the email address you use to request a portal magic link, and related security information (for example, IP address and user-agent associated with a request). We do not require you to create a password for the portal;
  • Billing and subscription information such as the plan(s) you purchase, usage information you provide during checkout (for example, display vs. non-display usage and associated counts), and subscription status;
  • Payment information. Payment card details are processed by our payment processor (Stripe), and we do not store full card numbers. We may receive limited payment-related information from Stripe such as payment status and limited payment method details (for example, card brand and last four digits);
  • API key and credential information such as API key name, token prefix, creation time, revocation time, and last-used time. We store API keys in hashed form and do not email full API keys;
  • Marketing preferences such as whether you opt in to receive promotional emails (for example, if you check a consent box during Stripe Checkout, including if you begin checkout but do not complete a purchase). We record your consent decision along with the IP address, user agent, and timestamp at which you made the selection for audit and compliance purposes;
  • Professional status attestations. If you purchase a non-professional license, we record your attestation (including the checkbox text you agreed to, your IP address, user agent, and timestamp) for regulatory compliance and license verification;
  • Terms acceptance records. When you register for an account or complete a purchase, we record which version of our terms and policies you accepted, along with the IP address, user agent, and timestamp of acceptance. These records are retained for legal compliance and audit purposes;
  • Communications with us including via email, through our customer portal, feedback, and survey responses;
  • Government-issued identification such as social security number, driver's license, or state-issued identification number (only where needed for compliance or similar purposes);
  • Job Application and Employment Information such as employment history, medical, health and disability information, passport information, and emergency contact information;
  • Social and community content such as posts, photos, videos, or audio files that you may provide through our social media pages; and
  • Any additional information that you choose to provide.

Information Collected Automatically When You Interact With Us

We and our service providers may automatically log personal data about you, your computer or mobile device, and your interaction over time with us, such as:

  • Device information: Information about your device(s) such as Internet Protocol ("IP") addresses, browser type, domain names, access times, log information, error messages, device type, unique device identifiers, and other technical information;
  • Usage information: Information about your use of our Services such as pages viewed, headlines clicked, search queries, your interest in particular services or products we provide, the referring website addresses and links which you interacted with;
  • Session and security information: Authentication cookies (such as qn_portal_session), event timestamps related to portal sign-in and other security events, and real-time connection status (for example, we monitor active WebSocket connections to enforce our single-session-per-account policy and may disconnect prior sessions when you sign in on a new device);
  • Client-side preferences: Certain preferences you set (such as your preferred color scheme) may be stored locally in your browser using standard web storage APIs. This data is not transmitted to our servers;
  • Delivery and performance metrics: We may record timestamps related to when content was delivered to your browser, including delivery latency measurements, for the purpose of monitoring and improving service quality; or
  • Information Collected by Cookies and Other Tracking Technologies: As outlined in the section, "Cookies and Other Information Collection Tools".

Information We Collect From Other Sources

We may also collect personal data about you from other sources, including publicly available databases, and combine that with information we collect from you and through your use of the Services. For example, we may use information from LinkedIn to update information about you in our contact database and we may use a third party to recruit talent to fill any of our employment opportunities.

Sanctions and compliance screening. As part of our legal and regulatory compliance obligations, we screen customers against government sanctions lists (such as those maintained by the U.S. Office of Foreign Assets Control) and other restricted-party databases. To perform this screening, we transmit your name, email address, IP address, and (where available) billing address and country to our screening provider, sanctions.io. Screening results, including any match details and the screening determination (cleared, pending, or denied), are stored in our systems for compliance and audit purposes. We may re-screen customers periodically or when supplemental information becomes available (such as a billing address provided after checkout).

IP geolocation and risk assessment. We use ipinfo to determine the approximate geographic location associated with your IP address and to assess certain risk signals (such as whether the IP address is associated with a VPN, proxy, Tor exit node, or hosting provider). This information is used to enforce geographic restrictions, detect potential fraud, and comply with sanctions regulations. IP risk assessment results are stored alongside your screening records.

In some cases, we may also collect information about you provided by others, such as an administrator for your company's account who provides information about other personnel at your company.

We may also receive information from payment processors and related service providers (for example, Stripe) about your purchase and subscription status, such as confirmation that a payment succeeded or failed, and identifiers associated with your customer account and subscription.

Information We Infer or Derive

We may derive information or draw inferences about you based on the personal data we collect or have otherwise received about you. For example, we may infer your approximate location based on your IP address, or that you are interested in participating in an event based on your browsing behavior on our Sites or response to our social media posts.

How We Use Your Personal Data

Depending on how you interact with us, we may use your personal data to:

  • Provide and Improve Products and Services. Provide, activate, operate, maintain, develop, enhance, improve, and manage our Services, your customer account(s) and experience, monitor and analyze trends, usage, and activities, and to provide Services requested by you;
  • Process payments and manage subscriptions. Create and manage subscriptions purchased through our online store, process payments, send receipts and invoices, and provide access to billing management features (including a Stripe-hosted billing portal);
  • Authenticate you and secure the portal. Send passwordless "magic links," set and manage authentication/session cookies, verify account access, enforce single-session-per-account limits (including monitoring real-time connections and disconnecting prior sessions), prevent abuse, and enforce subscription entitlements;
  • Issue and manage API credentials. Generate, display, rotate, revoke, and monitor API keys and related usage to provide access to our real-time services;
  • Perform compliance screening. Screen your identity against government sanctions lists and restricted-party databases before activating your subscription, and periodically thereafter, to comply with applicable trade sanctions and anti-money-laundering regulations;
  • Assess IP-based risk. Determine approximate geographic location from your IP address, detect VPN/proxy/Tor usage, and evaluate other risk signals to enforce geographic restrictions and prevent fraud;
  • Record legal agreements. Record which versions of our terms, policies, and attestations you have accepted, along with associated metadata (IP address, timestamp, user agent), to maintain an auditable compliance trail;
  • Respond to You. Provide technical, product and other support and respond to your requests, inquiries, comments and concerns;
  • Provide Service Communications. Notify you about changes, updates and other announcements related to our Services and send you technical notices, updates, billing notices, or security alerts;
  • Send promotional emails (where permitted). If you opt in to promotional communications (for example, via a consent checkbox during Stripe Checkout), we may send you promotional messages such as product updates, newsletters, special offers, or recovery emails (for example, if you started checkout but did not complete a purchase). When promotional consent is collected through Stripe Checkout, we use the information provided through that consent feature only for sending news and promotional emails unless you separately provide additional consent. You can opt out at any time by using the unsubscribe mechanism included in the message;
  • Fulfill Employment Purposes. Communicate with you about job postings and other opportunities that may interest you, assess job applications, and make hiring decisions;
  • Ensure Safety and Security. Detect and protect against fraud or illegal activities, security incidents, and harm to rights, property or safety of Quincy, McKay, or others;
  • Research and Develop. Conduct research and development and develop new products and services;
  • Facilitate Corporate Transactions. Facilitate a merger, sale of our assets, financing or acquisition of all or a portion of our business to another company, or other corporate transactions;
  • Comply with Legal and Financial Obligations. Comply with our legal and financial obligations, resolve disputes, enforce our agreements, and exercise our legal rights;
  • Your Consent. Process your personal data in accordance with your consent, or when you direct or instruct us to do so; and
  • Other Notified Purposes. Carry out any other purpose conveyed to you at the time the information was collected.

Disclosure of Personal Data

We may disclose your personal data with the entities listed below or as otherwise described in this Policy:

  • Affiliates. Our affiliates for the purposes described in this Policy;
  • Third Parties You Intentionally Interact With. Third parties, when you use our Services to intentionally interact with those third parties or direct us to interact with those third parties;
  • Payment processors and billing providers. We use Stripe to process payments and to provide billing management features such as the Stripe Billing Portal. Stripe may process personal data (including payment and identifying information) in order to provide these services. We may share identifiers such as your email address and subscription details with Stripe, and Stripe may provide us with information such as your payment status and subscription status. If you opt in to promotional emails during Stripe Checkout, Stripe may also share your opt-in/out selection with us;
  • Sanctions and compliance screening providers. We use sanctions.io to screen customers against government sanctions lists and restricted-party databases. We transmit your name, email address, IP address, and (where available) billing address and country to sanctions.io for this purpose. Screening results are returned to us and stored in our systems;
  • IP intelligence providers. We use ipinfo to determine the approximate geographic location of your IP address and to assess IP-based risk signals (such as VPN, proxy, or Tor detection). Your IP address is transmitted to ipinfo for this purpose;
  • DNS and infrastructure providers. Our websites use Cloudflare for DNS resolution and related infrastructure services. Cloudflare may process request metadata (such as IP addresses and request headers) in connection with routing traffic to our servers;
  • Bot detection providers. We may use Friendly Captcha or similar services to distinguish human visitors from automated bots. These services may process information about your interaction with the challenge (such as device characteristics) to make this determination;
  • Email and communications providers. We use service providers such as SendGrid to send certain emails (for example, portal magic-link sign-in emails). These providers process your email address and related metadata to deliver messages;
  • Vendors and Service Providers. Our vendors and service providers (for example, cloud hosting, analytics, customer support, and security providers), to perform the functions for which we engage them;
  • Corporate Transactions. As part of, in connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business to another company, or other corporate transactions;
  • Analytics Providers. Our analytics partners, such as Fathom Analytics (see the Cookies and Other Information Collection Tools section below). In addition to Fathom, we operate our own internal analytics infrastructure to track usage patterns, delivery performance, and service quality. Our internal analytics store events with associated user identifiers, IP addresses, and timestamps;
  • Professional Advisors. Professional advisors — our lawyers, accountants, financial, insurance, and other advisors in connection with managing our business or operations;
  • Third-Party Partners. Unaffiliated third party companies or individuals we partner with to provide certain products, services, or experiences to you;
  • Law Enforcement and Individuals Involved in Legal Proceedings. When we believe doing so is reasonably necessary to comply with applicable law or legal process or other lawful reasons, including: to comply with a subpoena, court order, or other applicable law, regulation or legal process; to enforce, remedy, or apply our agreements and contractual rights; to protect our property or protect the rights, property or safety of others; to support external auditing, compliance and corporate governance functions; and to prevent, detect, and remedy fraud, cybersecurity attacks or illegal activity.
  • With your Consent or Direction. With your consent or at your direction, including if we notify you that your personal data will be shared in a particular manner and you provide such personal data.

We may also disclose aggregated, anonymized, or de-identified information, which cannot reasonably be used to identify you. We do not sell your personal data. We do not share your personal data with third parties for those third parties' direct marketing purposes.

How We Protect Your Personal Data

We implement appropriate physical, technical and administrative measures to help protect personal data from unauthorized access or use. If you have questions about the security of the personal data we collect, please contact us using the information provided below.

Cookies and Other Information Collection Tools

What are cookies? A cookie is a small file containing a string of characters that is sent to your computer when you visit a website or use an online service. When you visit the website or use the online service again, the cookie allows that website or online service to recognize your browser or device. Cookies may store unique identifiers, user preferences and other information.

The types of cookies we may use include:

  • Necessary Cookies. These cookies are strictly necessary to make our Sites function properly, including basic functionalities and security features.
  • Functional Cookies. Functional cookies help to perform certain functionalities like sharing the content of the Sites on social media platforms, collecting feedback, and other third-party features.
  • Performance Cookies. Performance cookies are used to understand and analyze the key performance indexes of the Sites which helps in delivering a better user experience for visitors and customers.
  • Analytics Cookies. Analytical cookies are used to understand how visitors interact with the Sites. These cookies help provide information on metrics, the number of visitors, bounce rate, traffic source, etc.
  • Duration of Cookies. We may use "session cookies" or "persistent cookies." Session cookies are temporary and expire once you close your browser or once your session ends. Persistent cookies remain on your device for longer or until you or your browser erases them. Persistent cookies have varying durations that are dependent on their expiration date.

Cookies and local storage we use

Our customer portal and feed viewer use the following client-side storage:

  • qn_portal_session: an HttpOnly session cookie used for authentication and security. It generally lasts up to 7 days (or until you sign out or clear cookies).
  • Color scheme preference: if you select a preferred color scheme (light or dark mode), this preference is stored in your browser's local storage. It is not transmitted to our servers.
  • Tab coordination: our feed viewer uses the browser's BroadcastChannel API to coordinate between multiple open tabs (for example, to enforce single-session limits). No data is transmitted to our servers through this mechanism.

Analytics

We use Fathom Analytics to understand website traffic in a privacy-friendly way. Fathom does not use cookies for analytics on our Sites. Your IP address may be briefly processed to determine a general location and to provide aggregated analytics, but we do not use Fathom to identify you.

In addition to Fathom, we operate our own internal analytics infrastructure (hosted on Azure Data Explorer and PostgreSQL) to monitor service quality, track content delivery performance, and understand usage patterns. Our internal analytics may record events associated with your user identifier, IP address, browser information, and timestamps. This data is used for service improvement, debugging, and capacity planning and is not shared with third parties for their own purposes.

Stripe Checkout and Billing Portal

When you purchase a subscription (Stripe Checkout) or manage billing (Stripe Billing Portal), you may be redirected to Stripe's hosted pages. Stripe may use cookies or similar technologies on Stripe-hosted pages. Please review Stripe's documentation and policies for more information about how Stripe uses cookies.

How do you control cookies? Web browsers allow some control of most cookies through the browser settings. Although users are not required to accept cookies, blocking or rejecting necessary cookies may prevent access to, or impair the functionality of, some features available through our Sites (including the customer portal).

Do Not Track: Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" signals.

Social Media and Other Third Party Links and Services

Occasionally, at our discretion, we may include links to other websites. The privacy practices of these third parties will be governed by the parties' own privacy notices. We are not responsible for the security or privacy of any information collected by these third parties, and disclaim all responsibility and liability for the content, services, and activities of such third parties. You should review the privacy notices or policies applicable to these third party products and/or services. Some aspects of our website may allow you to interface with social media services such as Facebook, LinkedIn, and X (formerly known as Twitter). By using these interfaces, you allow us to access information about you from those social media services, including information and other content that you submit to those social media services. For a description on how such social media services and other third-party platforms, plug-ins, integrations, and applications handle your information, please refer to their respective privacy policies and terms of use, which may permit you to modify your privacy settings with that service or platform.

Retention of Personal Data

We may retain your personal data in compliance with applicable law for as long as is necessary to fulfill the purpose for which this data was collected and for the business purposes explained in this Policy.

Examples of how retention can work for our store and portal include:

  • Account data: we generally retain account information (such as email) for as long as your account is active, and for a reasonable period after to support security, audits, and customer support.
  • Magic-link sign-in records: one-time login links expire quickly (typically within minutes). We may retain hashed token records and related request metadata (for example, IP address and user-agent) longer to help prevent fraud and to investigate security incidents.
  • Portal session cookie: the qn_portal_session cookie is stored in your browser and generally expires within about 7 days (or when you sign out or clear cookies).
  • Billing records: we and our billing providers (such as Stripe) may retain billing and transaction records as required by law (for example, accounting and tax requirements) and to handle disputes or chargebacks.
  • API keys and access logs: we retain API key metadata (for example, token prefix, creation time, revocation time, and last-used time) and related logs as needed for security, troubleshooting, and entitlement enforcement.
  • Sanctions screening records: we retain the results of sanctions and compliance screenings (including match details, IP risk assessments, and screening determinations) for as long as required by applicable trade sanctions, anti-money-laundering, and record-keeping regulations, and for a reasonable period thereafter to support audits and legal obligations.
  • Terms and attestation acceptance records: we retain records of which terms, policies, and attestations you accepted (including the version accepted, IP address, timestamp, and user agent) for as long as your account exists and for a reasonable period thereafter to demonstrate compliance with our legal obligations.
  • Marketing consent records: we retain records of your marketing consent decisions (including IP address and timestamp) for as long as necessary to demonstrate compliance with applicable email marketing and data protection laws.
  • Internal analytics data: we retain usage analytics, delivery performance metrics, and related event data for as long as necessary for service improvement, debugging, and capacity planning, typically no longer than 24 months for identifiable data.

In cases where we keep personal data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law. Where feasible and appropriate, we delete or de-identify personal data when it is no longer needed.

Your Privacy Rights and Choices

Consistent with applicable law, you may exercise the rights described in this section. Please note that the rights may vary depending on your country or state of residence. Please see the Region Specific Terms section below. To exercise your privacy rights please contact us as listed below. While it is our policy to respect the rights of individuals under applicable law, please be aware that your exercise of these rights is subject to certain exemptions and exceptions. For example, some of these rights might be limited (e.g., the right to withdraw consent) where we are required or permitted by law to continue processing your personal data to deliver services to you, defend our rights or meet our legal and regulatory obligations. If you contact us to exercise any of these rights, please note that we only implement requests with respect to the personal data associated with you as an individual. We may need to verify your identity before implementing your request and will try to comply with your request as soon as reasonably practicable and in accordance with the timelines required under applicable law. If we cannot verify your identity or your ownership rights to the data, we may not be able to service your request until you provide proper documentation.

Opt Out of Direct Marketing

You may opt out of receiving direct marketing or promotional communications from us by following the unsubscribe instructions contained within the communication, or if you or your organization are a current subscriber to our Services, by changing your account settings through the customer portal. You may also contact us using the information in the Contact Us section below to request removal from our marketing lists. Please note that there are certain communications we are required to send you (or that are necessary to provide the Services) that you may not be able to opt out of (for example, transactional emails such as receipts, security notices, and other important legal notices).

Access, Correct or Delete your Personal Data

You may have the right to request access to, and receive details about, the personal data we maintain about you and how we process it, correct inaccuracies, or request that we delete your personal data by contacting us as indicated below. If you or the organization you represent are a subscriber to our Services, you can also sign into the customer portal and update any of your personal data stored in the customer portal.

Delete Your Account (Self-Service)

If you have a Quincy News account, you may request deletion of your account and associated personal data directly through the account portal. When you delete your account, we scrub personally identifiable information (such as your email address) from our active systems. Certain records may be retained in anonymized or aggregated form, or where required by law (for example, billing records and compliance screening records).

Withdraw Consent

Where you have provided your consent for us to use your personal data, subject to applicable law, you have the right to withdraw your consent and we will apply that preference going forward.

Right to Erasure ('right to be forgotten')

In certain circumstances depending on your jurisdiction, you are entitled to request us to erase any personal data we hold about you. You may submit a deletion request through the self-service account deletion feature in the account portal, or by contacting us using the information in the Contact Us section below. Please note, we may require additional information in order to process your request. Certain data may be retained where required by law (see "Retention of Personal Data" above).

Additional Rights

Depending on your location and the applicable law, you may have additional rights as outlined in the Region Specific Terms.

Children's Privacy

We provide low-latency bandwidth and market data solutions for professional trading firms. We do not knowingly collect information from, or aim our services or products towards, children under the age of 18 or the age of majority as defined under applicable law.

International Data Transfers

We may process and store your personal data in the United States and other countries which may have less protective data protection laws than the region in which you are situated. Please note that this processing, including storage, may involve cross-border transfers of your personal data. In certain situations, we may be required to disclose personal data in response to lawful requests from officials (such as law enforcement or security authorities). Where applicable law requires a data transfer mechanism, we use one or more of the following:

  • Transfers to certain countries or recipients that are recognized as having an adequate level of protection for personal data under applicable law;
  • EU Standard Contractual Clauses approved by the European Commission;
  • International Data Transfer Addendum issued by the UK Information Commissioner's Office; or
  • Other legal methods available to us under applicable law.

Our third-party data processors (including Stripe, sanctions.io, ipinfo, SendGrid, Fathom Analytics, Cloudflare, and our cloud infrastructure providers) may process personal data in jurisdictions outside your country of residence. We require our processors to maintain appropriate safeguards for the protection of personal data.

Contact Us

For questions or concerns regarding this Policy, your privacy rights, or to exercise your rights as identified herein, you may contact us directly using the information below or submitting a request here.

For US:

Quincy News, LLC, McKay Brothers, LLC and Quincy Data, LLC

2355 Broadway, Suite 206, Oakland, CA 94612

Attn: Privacy Compliance

Email: privacy@mckay-brothers.com

Phone: 1-888-510-1381

For outside the US:

McKay Brothers International SA

1, Avenue Saint Paul, 1223 Cologny, Switzerland

Attn: Privacy Compliance

Email: privacy@mckay-brothers.com

For the EEA:

Decyben SAS

23 Avenue Jean Moulin, 75014 Paris, France

Attn: Privacy Compliance

Email: privacy@mckay-brothers.com

Region Specific Terms

Additional Information for Residents of the EEA, UK and Switzerland

If you are a resident of the European Economic Area ("EEA"), Switzerland or the United Kingdom, you may have certain rights and protections under applicable law regarding the processing of your personal data. In the event of a conflict with the rest of our Policy, this Additional Information for Residents of the EEA, UK and Switzerland notice will prevail as to data subjects and their rights under the applicable privacy law.

Legal Basis of Processing

Regulations require data processors to have a legal basis to process personally identifiable information. We rely on the following legal bases to process your information:

  • Processing on the basis of performance of a contract: where your information is necessary to enter into or perform our contract with you or the organization you represent;
  • Processing data on the basis of consent: where you have given us consent for us to process your personal data for a specific purpose. When processing is based on consent, you have the right to revoke such consent at any time;
  • Processing data on the basis of our legitimate interests: where we use your information to achieve a legitimate interest, including providing, improving and maintaining our Services, communicating with our current and prospective customers, suppliers and partners, managing our relationships with our customers, vendors and partners, sharing your personal data with our affiliates as well as service providers and vendors, and developing new Services; and
  • Processing data because we have a legal obligation to do so: We process your personal data when it is necessary for us to defend a claim or resolve a dispute or when we need to use your personal data to comply with our legal obligations, including payment of taxes, responding to law enforcement agencies and other governmental bodies (when required by applicable law), retaining business records required to be retained under applicable law, and complying with court orders and other legal process.

If you have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside.

Jurisdiction Data Protection Authority
EEA https://edpb.europa.eu/about-edpb/board/members_en
Switzerland https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
UK https://ico.org.uk/global/contact-us/

Additional Information for Residents of the United States

If you are a "consumer" (or analogous term) as defined under applicable state privacy laws in the United States, you may have certain rights and protections under applicable law regarding the processing of your personal data. In the event of a conflict with the rest of our Policy, this Additional Information for Residents of the United States, notice will prevail as to consumers and their rights under the applicable U.S. state privacy laws. We do not "sell" or "share" your personal data (as these terms are defined under U.S. state privacy laws). We also do not knowingly "sell" or "share" personal data about consumers under the age of 16. We do not use or disclose "sensitive personal information" for the purposes of inferring any characteristics about you or for any purposes that would require a user to exercise a right to limit according to California law.

Data Practices for Specific Categories of Data

Some privacy laws require a description of data practices using specific categories. The table below uses these categories to organize the information in this Policy. In the last 12 months, we collected and disclosed the following categories of personal data for the business or commercial purposes listed in this Policy. For more detailed information about the categories of sources, categories of personal data we collect, and the business or commercial purposes for collecting your personal data, please review the Information We Collect, How Do We Use Your Personal Data and Disclosure of Personal Data sections above.

Categories of Personal Data Examples of Personal Data Collected Categories of Recipients Business Purposes
Identifiers
  • Name
  • Email address
  • Mailing address
  • Phone number
  • User name and password
  • Affiliates
  • Service providers and vendors
  • Analytics partners
  • Marketing and advertising partners
  • Sanctions screening providers
  • Providers of third-party app integrations
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Provide, maintain and improve our services
  • Communicate with you
  • Identify, report and repair errors
  • Protect against security threats, abuse, and illegal activity
  • Sanctions and compliance screening
  • Analyze trends, auditing and measurement
  • Research and development
  • Advertising and marketing
  • Legal and financial reasons
  • Comply with law
Internet or other electronic network activity information
  • IP address
  • Server information
  • Log information
  • Device information
  • Web analytics
  • Browsing behavior
  • IP geolocation and risk signals
  • Affiliates
  • Analytics companies
  • IP intelligence providers
  • Sanctions screening providers
  • DNS and infrastructure providers
  • Marketing and advertising partners
  • Providers of third-party app integrations
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Provide, maintain and improve our services
  • Identify, report and repair errors
  • Protect against security threats, abuse, and illegal activity
  • Sanctions and compliance screening
  • IP geolocation and risk assessment
  • Analyze trends, auditing and measurement
  • Research and development
  • Advertising and marketing
  • Legal and financial reasons
  • Comply with law
Commercial Information
  • Services purchased
  • Transaction information
  • Business address
  • Payment methods
  • Subscription and entitlement status
  • Affiliates
  • Service providers and vendors
  • Payment processors
  • Marketing and advertising partners
  • Others as required by law
  • Provide, maintain and improve our services
  • Analyze trends, auditing and measurement
  • Personalize and improve the services
  • Research and development
  • Protect against security threats, abuse, and illegal activity
  • Legal and financial reasons
  • Comply with law
Audio, electronic, visual or similar information
  • Customer support call recordings
  • Personal data collected from visitors to our offices/premises
  • Affiliates
  • Service providers and vendors
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Provide, maintain and improve our services
  • Analyze trends, auditing and measurement
  • Personalize and improve the services
  • Research and development
  • Protect against security threats, abuse, and illegal activity
  • Legal and financial reasons
  • Comply with law
Characteristics of Protected Classifications under California and Federal Law (For Employees and Job Applicants)
  • Age
  • Race
  • Ancestry
  • National origin
  • Citizenship
  • Religion
  • Marital status
  • Medical condition
  • Physical disability
  • Mental disability
  • Sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation
  • Affiliates
  • Service providers and vendors
  • Others as required by law
  • Recruit and process employment applications
  • Conduct employee onboarding
  • Maintain and administer payroll and employee benefit plans
  • Analyze trends
  • Auditing and measurement
  • Comply with law
Professional and employment-related information (For Employees and Job Applicants)
  • Job history information
  • Biographical information
  • Affiliates
  • Service providers and vendors
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Recruit and process employment applications
  • Conduct employee onboarding
  • Maintain and administer payroll and employee benefit plans
  • Analyze trends
  • Auditing and measurement
  • Comply with law
Categories of Personal Information in Cal. Civ. Code Section 1798.80(e) (For Employees and Job Applicants)
  • Social security number
  • Passport number
  • Driver's license or state identification card number
  • Insurance policy number
  • Bank account number or any other financial information
  • Medical information
  • Health insurance information
  • Affiliates
  • Service providers and vendors
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Recruit and process employment applications
  • Conduct employee onboarding
  • Maintain and administer payroll and employee benefit plans
  • Analyze trends
  • Auditing and measurement
  • Comply with law
Non-public Education information (For Employees and Job Applicants)
  • Educational information
  • Certifications obtained
  • Transcripts
  • Report cards
  • Affiliates
  • Service providers and vendors
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Recruit and process employment applications
  • Evaluate suitability for hiring and promotions
  • Analyze trends
  • Auditing and measurement
  • Comply with law
Other personal data
  • Product feedback
  • Survey results
  • Affiliates
  • Service providers and vendors
  • Marketing and advertising partners
  • Government entities including regulators and law enforcement
  • Others as required by law
  • Provide, maintain and improve our services
  • Analyze trends, auditing and measurement
  • Personalize and improve the services
  • Research and development
  • Protect against security threats, abuse, and illegal activity
  • Legal and financial reasons
  • Comply with law

Retention

We store personal data for as long as necessary to carry out the purposes for which we originally collected it and for other business purposes explained in this Policy.

Your Additional Privacy Rights

Under certain circumstances and in accordance with applicable privacy laws, you may have the following additional rights:

  • Nondiscrimination. We will not discriminate against you for exercising your privacy rights.
  • Authorized Agent. You can designate an authorized agent to submit a privacy rights request on your behalf. We may ask authorized agents to submit proof of their authority to make a request, such as a valid power of attorney or proof that they have signed permission from the consumer who is the subject of the request. In some cases, we may be required to contact the consumer to verify his or her identity or confirm the authorized agent has permission to submit the request. Authorized agents can submit rights requests by following the instructions provided above.
  • Access, Correction, and Deletion. You have the right to (1) request to know more about and access your personal data, including in a portable format, (2) request deletion of your personal data, and (3) request correction of inaccurate personal data. To request access, correction, or deletion of your personal data, you may contact us at the information listed above. We will verify your request by asking you to provide certain information to compare that information with our records. Please note that you can also access, correct, or delete certain information stored within your customer portal at any time by logging into your account.

Your Right to Appeal

If we deny your request to exercise any of the rights you may have under applicable state law, you may appeal our decision by contacting us at the information listed above. If you have concerns about the results of an appeal, you may contact the attorney general or other regulatory authority in the state where you reside.

Other Applicable Laws

McKay also monitors and establishes other compliance measures for laws pertaining to privacy other than those set out in this Policy. Concerning such laws, McKay conducts annual training for applicable employees.