Overseas Privacy Terms
Last updated April 22, 2026
1. What legal bases do we rely on to process your information?
1.1 If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
(a) Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
(b) Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
(c) Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
(d) Send users information about special offers and discounts on our products and services
(e) Analyze how our Services are used so we can improve them to engage and retain users
(f) Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
(g) Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
In legal terms, we are generally the "data controller" under European data protection laws of the personal information described in this Privacy Notice, since we determine the means and/or purposes of the data processing we perform. This Privacy Notice does not apply to the personal information we process as a "data processor" on behalf of our customers. In those situations, the customer that we provide services to and with whom we have entered into a data processing agreement is the "data controller" responsible for your personal information, and we merely process your information on their behalf in accordance with your instructions. If you want to know more about our customers' privacy practices, you should read their privacy policies and direct any questions you have to them.
1.2 If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
(a) If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
(b) For investigations and fraud detection and prevention
(c) For business transactions provided certain conditions are met
(d) If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
(e) For identifying injured, ill, or deceased persons and communicating with next of kin
(f) If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
(g) If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
(h) If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
(i) If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
(j) If the collection is solely for journalistic, artistic, or literary purposes
(k) If the information is publicly available and is specified by the regulations
(l) We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments
2. What are your privacy rights?
(a) In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right:
(i) to request access and obtain a copy of your personal information,
(ii) to request rectification or erasure;
(iii) to restrict the processing of your personal information;
(iv) if applicable, to data portability; and
(v) not to be subject to automated decision-making. If a decision that produces legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a simple way to request human review. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided.
(b) We will consider and act upon any request in accordance with applicable data protection laws.
(c) If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
(d) If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
3. Do United States residents have specific privacy rights?
3.1 Categories of Personal Information We Collect
The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the main body of the Privacy Policy.
Category: Identifiers
Collected: YES
Examples: Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name
Category (B): Personal information as defined in the California Customer Records statute
Collected: YES
Examples: Name, contact information, education, employment, employment history, and financial information
Category (C): Protected classification characteristics under state or federal law
Collected: YES
Examples: Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data
Category (D): Commercial information
Collected: NO
Examples: Transaction information, purchase history, financial details, and payment information
Category (E): Biometric information
Collected: NO
Examples: Fingerprints and voiceprints
Category (F): Internet or other similar network activity
Collected: YES
Examples: Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements
Category (G): Geolocation data
Collected: YES
Examples: Device location
Category (H): Audio, electronic, sensory, or similar information
Collected: YES
Examples: Images and audio, video or call recordings created in connection with our business activities
Category (I): Professional or employment-related information
Collected: YES
Examples: Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us
Category (J): Education Information
Collected: NO
Examples: Student records and directory information
Category (K): Inferences drawn from collected personal information
Collected: YES
Examples: Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual's preferences and characteristics
Category (L): Sensitive personal Information
Collected: YES
Examples: Account login information, contents of email or text messages, health data, precise geolocation, racial or ethnic origin, sex life or sexual orientation, union membership and status as transgender or nonbinary
We only collect sensitive personal information, as defined by applicable privacy laws or the purposes allowed by law or with your consent. Sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information.
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
(a) Receiving help through our customer support channels;
(b) Participation in customer surveys or contests; and
(c) Facilitation in the delivery of our Services and to respond to your inquiries.
We will use and retain the collected personal information as needed to provide the Services or for:
(a) Category A - As long as the user has an account with us
(b) Category B - As long as the user has an account with us
(c) Category C - As long as the user has an account with us
(d) Category F - As long as the user has an account with us
(e) Category G - As long as the user has an account with us
(f) Category H - As long as the user has an account with us
(g) Category I - As long as the user has an account with us
(h) Category K - As long as the user has an account with us
(i) Category L - As long as the user has an account with us
3.2 Sources of Personal Information
Learn more about the sources of personal information we collect in the main body of the Privacy Policy.
3.3 How We Use and Share Personal Information
(a) Learn more about how we use your personal information in the main body of the Privacy Policy.
(b) We collect and share your personal information through:
(i) Targeting cookies/Marketing cookies
(ii) Beacons/Pixels/Tags
3.4 Will your information be shared with anyone else?
(a) We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the main body of the Privacy Policy.
(b) We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
(c) We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
(i) Category A. Identifiers
(ii) Category B. Personal information as defined in the California Customer Records law
(iii) Category C. Characteristics of protected classifications under state or federal law
(iv) Category F. Internet or other electronic network activity information
(v) Category G. Geolocation data
(vi) Category H. Audio, electronic, visual, and similar information
(vii) Category I. Professional or employment-related information
(viii) Category K. Inferences drawn from collected personal information
(ix) Category L. Sensitive personal information
(d) The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found in the main body of the Privacy Policy.
3.5 Your Rights
(a) You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:
(i) Right to know whether or not we are processing your personal data
(ii) Right to access your personal data
(iii) Right to correct inaccuracies in your personal data
(iv) Right to request the deletion of your personal data
(v) Right to obtain a copy of the personal data you previously shared with us
(vi) Right to non-discrimination for exercising your rights
(vii) Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
(b) Depending upon the state where you live, you may also have the following rights:
(i) Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)
(ii) Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)
(iii) Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)
(iv) Right to review, understand, question, and correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Minnesota)
(v) Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)
(vi) Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)
3.6 How to Exercise Your Rights
(a) To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at privacy@refresh.tech, or by referring to the contact details in the main body of the Privacy Policy.
(b) Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.
3.7 Request Verification
(a) Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.
(b) If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.
3.8 Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at privacy@refresh.tech. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
3.9 California "Shine The Light" Law
California Civil Code Section 1798.83, also known as the"Shine The Light"law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the main body of the Privacy Policy.
3.10 Cookies and other tracking technologies
To the extent these online tracking technologies are deemed to be a "sale"/"sharing" (which includes targeted advertising, as defined under the applicable laws) under applicable US state laws, you can opt out of these online tracking technologies by submitting a request by emailing us at privacy@refresh.tech or by referring to the contact details in the main body of the Privacy Policy.
4. Do other regions have specific privacy rights?
1.1 New Zealand
(a) We collect and process your personal information under the obligations and conditions set by New Zealand's Privacy Act 2020 (NZ Privacy Act).
(b) This Privacy Notice satisfies the notice requirements defined in the NZ Privacy Act, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.
(c) If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the New Zealand Privacy Principles to the Office of New Zealand Privacy Commissioner.
5. How can you contact us about this notice?
(a) If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at taylor@refresh.tech, by phone at +1 (801) 391-1705, or contact us by post at:
ReFresh OS Pty Ltd
Data Protection Officer
425 W 200 N
Unit 477
Salt Lake City, UT 84103
United States
(b) If you are a resident in the European Economic Area, we are the "data controller" of your personal information. We have appointed Euverify Ltd to be our representative in the EEA. You can contact them directly regarding our processing of your information, by email at gdpr@euverify.com, or by post to:
Unit 3D, North Point House
North Point Business Park
New Mallow Road, Corn T23 AT2P
Ireland
(c) If you are a resident in the United Kingdom, we are the "data controller" of your personal information. We have appointed Euverify Ltd to be our representative in the UK. You can contact them directly regarding our processing of your information, by email at gdpr@euverify.com, or by post to:
3rd Floor, 86-90 Paul Street
London, United Kingdom EC2A 4NE
England
6. How can you review, update, or delete the data we collect from you?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.
7. Controls for Do-Not-Track features
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.
8. Is your information transferred internationally?
(a) If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then the countries that we listed in our privacy policy may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Policy and applicable law.
(b) We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.