Neoss Inc. (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information, and outlines your rights under applicable U.S. federal and state privacy laws.

This Policy is designed to meet or exceed the requirements of all U.S. states, including specific requirements in: California (CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Florida, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, Kentucky, New Hampshire, New Jersey, Minnesota, Maryland, Nebraska, Nevada, North Carolina, and South Dakota, as well as other applicable state laws.

1. Scope

This Policy applies to personal information collected from individuals residing in U.S. states with comprehensive consumer privacy laws, whether through our websites, mobile applications, in-store visits, events, customer service interactions, or other communication channels.

2. Categories of Personal Information We Collect

We may collect:
– Identifiers – name, postal address, email address, phone number, account login credentials
– Commercial Information – purchase history, order details, warranty claims
– Internet/Network Activity – browsing history, interactions with our website or social media platforms, IP address
– Geolocation Data – general location from IP or device
– Audio/Visual Information – customer service call recordings, event photographs
– Inferences – profile information inferred from your preferences or behaviors
– Sensitive Personal Information (SPI) – payment card numbers, government ID, health-related data if voluntarily provided

3. How We Collect Your Information

– Directly from you – orders, account creation, forms, communications
– Automatically – cookies, analytics, tracking pixels
– From third parties – service providers, business partners, publicly available sources

4. How We Use Your Information

We use personal information to:
– Provide, personalize, and improve our products and services
– Process transactions and manage your account
– Communicate with you about your orders, account, and customer support requests
– Conduct analytics and improve website functionality
– Market products and services (with opt-out options)
– Detect, prevent, and investigate fraud or security issues
– Comply with legal and regulatory obligations

5. Marketing & Communications

We may send promotional communications via email, phone, or mail. You can opt out at any time by:
– Clicking “unsubscribe” in emails
– Emailing marketingusa@neoss.com
– Adjusting your cookie preferences
We do not sell your personal information but may “share” certain data for cross-context behavioral advertising where allowed by law.

6. Cookies & Tracking

Our site uses:
– Strictly Necessary Cookies – for core functionality
– Preference Cookies – to remember settings
– Statistics Cookies – for analytics
– Marketing Cookies – to tailor advertising
You may disable non-essential cookies via our Cookie Declaration Page.

Your consent applies to the following domains:

shop-us.neoss.com, shop-gb.neoss.com, shop-se.neoss.com, neoss-nz.myshopify.com, shop-it.neoss.com, shop-de.neoss.com, shop-au.neoss.com, info.neoss.com, www.neoss.com

We are not responsible for external sites linked on our website. Please review their privacy terms individually.

7. How We Share Information

We may disclose information to:
– Service providers, contractors, and business partners
– Regulatory or legal authorities when required
– In connection with mergers, acquisitions, or business transfers

8. Data Retention

We retain personal information only as long as needed to fulfill purposes described here or as required by law. Retention periods may vary by category of data.

9. Security Measures

We use reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

10. Your Privacy Rights

Depending on your state, you may have the right to:
– Access your personal information
– Correct inaccuracies
– Delete your personal data
– Port your data to another provider
– Opt out of targeted advertising or data sharing
– Limit use of Sensitive Personal Information (SPI)
– Non-discrimination for exercising your rights

To exercise your rights:
Visit: https://www.neoss.com/en-us/privacy-policy-cookie-information/
Email: marketingusa@neoss.com
Phone: +1 866 626-3677

Verification may be required. Authorized agents may act on your behalf.

11. State-Specific Requirements

Some states grant additional rights.  See Appendix 1 for specific requirements that apply to the following states:

California (CPRA) – Requires “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” links; Global Privacy Control (GPC) signal honored.
Colorado, Connecticut, Virginia, Utah, Texas – Right to opt out of targeted advertising, sale, or profiling; right to appeal denials within 45 days.
Florida, Oregon, Montana, Tennessee – Similar rights; different timelines for response.
Indiana, Iowa, Kentucky, Delaware, Maryland, New Hampshire, New Jersey, Minnesota, Nebraska – CPRA/VCDPA-like rights with minor variations.

12. Children’s Privacy

We do not knowingly collect personal information from children under 13 (or 16 where required by law). If such collection occurs, we will delete the data.

13. Changes to This Policy

We may update this Policy periodically. Updates will be posted here with a revised effective date.

14. Contact Us

Neoss Inc.
1900 West Park Drive, Suite 165
Westborough, MA 01581
Email: marketingusa@neoss.com
Phone: +1 866 626-3677

Appendix 1 – State-by-State Compliance Matrix

State	Core Rights	Business Thresholds / Notes	Response Timelines
California (CPRA)	Access, deletion, correction, portability, opt-out of sale/sharing, limit SPI use, GPC signal	For-profit with $25M+ revenue, or 100,000+ consumers/households, or 50%+ revenue from selling/sharing PI	45 days; one 45-day extension allowed with notice
Virginia (VCDPA)	Access, deletion, correction, portability, opt-out of targeted advertising/sale/profiling	100,000+ consumers or 25,000+ with 50%+ revenue from sale	45 days; one 45-day extension allowed with notice
Colorado (CPA)	Similar to Virginia; includes universal opt-out mechanism	100,000+ consumers/year or 25,000+ with sale of PI	45 days; one 45-day extension allowed with notice
Connecticut (CTDPA)	Similar to Virginia; extra protections for minors	100,000+ consumers/year or 25,000+ with sale of PI	45 days; one 45-day extension allowed with notice
Utah (UCPA)	Access, deletion, portability, opt-out of targeted advertising/sale	$25M+ revenue and 100,000+ consumers/year or 25,000+ with 50%+ revenue from sale	45 days; one 45-day extension allowed with notice
Texas (TDPSA)	Similar to Virginia	50,000+ consumers (excluding employees/B2B) or >25% revenue from sale of PI. Examples: Retailer with 60,000 Texas customers; SaaS with 30% revenue from PI sales	45 days; one 45-day extension allowed with notice
Florida	Access, deletion, correction, portability, opt-out of targeted advertising/sale, limit SPI use	$1B+ revenue and certain data activities	45 days; one 15-day extension allowed
Oregon	Similar to Virginia; opt-out of profiling with legal/significant effects	100,000+ consumers/year or 25,000+ with sale of PI	45 days; one 45-day extension allowed with notice
Montana	Similar to Virginia; strong opt-out rights	50,000+ consumers/year or 25,000+ with sale of PI	45 days; one 45-day extension allowed with notice
Tennessee	Similar to Virginia; annual data protection assessments	$25M+ revenue and 175,000+ consumers/year	45 days; one 45-day extension allowed with notice
Indiana, Iowa, Kentucky, Delaware, Maryland, New Hampshire, New Jersey, Minnesota, Nebraska, Nevada, North Carolina, South Dakota	Rights similar to CPRA/VCDPA	Thresholds vary; typically 100,000+ consumers/year or 25,000+ with sale of PI	45 days; one 45-day extension allowed with notice