PRIVACY POLICY

Effective Date: September 24, 2025

kitchenbathprogram.org ("Company," "we," "us," or "our") operates as a marketing, advertising, and lead generation platform. This Privacy Policy ("Policy") describes our comprehensive data collection, usage, sharing, and monetization practices across our websites, platforms, and services (collectively, the "Platform").

BY USING OUR PLATFORM, CLICKING ANY BUTTON, SUBMITTING ANY INFORMATION, OR CONTINUING TO BROWSE, YOU EXPRESSLY CONSENT TO ALL DATA PRACTICES DESCRIBED IN THIS POLICY.

1. OUR BUSINESS MODEL AND DATA MONETIZATION

1.1 Lead Generation Business

IMPORTANT: We operate a lead generation and marketing platform. Our primary revenue source is selling, licensing, and distributing consumer information ("leads") to third-party service providers. When you submit information, you become a "lead" that we monetize through:

  • Direct lead sales to service providers
  • Subscription-based lead distribution services
  • Pay-per-lead and pay-per-contact arrangements
  • Referral fees and commission-based partnerships
  • Advertising revenue from targeted marketing campaigns

1.2 Data as Our Primary Asset

Your personal information is our core business asset. We collect, process, analyze, enhance, and distribute your data to generate revenue. This includes creating detailed consumer profiles, behavioral analytics, and predictive marketing models.

2. COMPREHENSIVE INFORMATION COLLECTION

2.1 Information You Directly Provide

When you interact with our Platform, we collect:

  • Contact Information: Name, email address, phone numbers (mobile, home, work), mailing address, ZIP code
  • Project Details: Service interests, project descriptions, timelines, budgets, property information
  • Demographic Data: Age, income estimates, homeownership status, household composition
  • Communication Preferences: Preferred contact methods, times, and frequency
  • Verification Data: Information used to verify your identity and contact details

2.2 Automated Data Collection

We automatically collect extensive technical and behavioral data:

  • Device Information: IP address, device type, operating system, browser type and version, screen resolution
  • Usage Analytics: Pages visited, time spent, click patterns, scroll behavior, form interactions
  • Location Data: Precise geolocation (when permitted), approximate location from IP address
  • Session Data: Date/time of visits, referring URLs, exit pages, search terms used
  • Tracking Technologies: Cookies, web beacons, pixels, local storage, session storage, device fingerprinting

2.3 Third-Party and Enhanced Data

We obtain additional information from:

  • Data Brokers: Demographic, lifestyle, and consumer behavior data
  • Marketing Partners: Cross-platform user identification and behavioral insights
  • Public Records: Property ownership, tax records, permit applications, contractor licenses
  • Social Media Platforms: Profile information and advertising interaction data
  • Credit and Financial Services: Credit scores, payment history, financial capacity indicators
  • Previous Service Providers: Service history, preferences, and satisfaction ratings

2.4 Inferred and Derived Data

We create additional data through analysis and profiling:

  • Predictive models about service needs and purchasing behavior
  • Consumer segmentation and lifetime value calculations
  • Risk assessments and fraud detection scores
  • Marketing responsiveness and conversion probability ratings

3. EXTENSIVE DATA USAGE PURPOSES

We use your information for unlimited business purposes including:

3.1 Core Lead Generation Services

  • Creating and distributing leads to multiple service providers simultaneously
  • Matching consumers with providers based on location, services, and capacity
  • Facilitating initial contact between consumers and providers
  • Tracking lead performance and conversion metrics

3.2 Marketing and Advertising Operations

  • Delivering targeted advertisements across multiple platforms and devices
  • Creating lookalike audiences for advertising campaigns
  • Retargeting and remarketing to previous visitors
  • Cross-selling and upselling additional services
  • Building comprehensive consumer profiles for marketing optimization

3.3 Platform Operations and Enhancement

  • Improving user experience and Platform functionality
  • Conducting A/B testing and conversion optimization
  • Fraud detection and prevention
  • Security monitoring and threat assessment
  • Legal compliance and dispute resolution

3.4 Business Intelligence and Analytics

  • Market research and competitive analysis
  • Consumer trend identification and forecasting
  • Revenue optimization and pricing strategies
  • Performance measurement and reporting to partners

3.5 Communication and Customer Service

  • Unlimited contact via phone, email, text message, and other channels
  • Automated messaging and drip marketing campaigns
  • Customer support and dispute resolution
  • Service updates and platform notifications

4. COMPREHENSIVE DATA SHARING AND MONETIZATION

4.1 Service Provider Network

We share your information with an extensive network including:

  • Licensed Contractors: Home improvement, repair, and maintenance professionals
  • Service Companies: HVAC, plumbing, electrical, roofing, and specialty service providers
  • National Franchise Networks: Large-scale service provider organizations
  • Regional and Local Providers: Independent contractors and small businesses
  • Emergency Service Providers: 24/7 and urgent service specialists

IMPORTANT: The same lead may be sold to multiple competing providers simultaneously. We do not guarantee lead exclusivity unless specifically contracted.

4.2 Marketing and Advertising Partners

Your data is shared with:

  • Digital Advertising Networks: Google, Facebook, Microsoft, Amazon, and hundreds of other platforms
  • Data Management Platforms: Companies that create audience segments for advertising
  • Marketing Technology Providers: Email, SMS, and automated marketing platforms
  • Analytics Companies: Firms that analyze consumer behavior and platform performance
  • Lead Generation Networks: Other platforms operating in complementary industries

4.3 Data Enhancement Partners

We work with data brokers and enhancement services to:

  • Append additional demographic and lifestyle information to your profile
  • Verify and update contact information accuracy
  • Cross-reference your data across multiple databases
  • Create comprehensive consumer profiles for improved targeting

4.4 Financial and Business Partners

Information may be shared with:

  • Financing Companies: To facilitate project funding and payment plans
  • Insurance Providers: For coverage verification and claims processing
  • Background Check Services: For provider verification and consumer protection
  • Legal and Compliance Partners: For regulatory compliance and dispute resolution

4.5 Business Operations Partners

We share data with:

  • Technology Vendors: Cloud hosting, database management, and software providers
  • Professional Services: Legal, accounting, consulting, and advisory firms
  • Merger and Acquisition Partners: In connection with business transactions
  • Subsidiaries and Affiliates: Related companies and business entities

5. DETAILED LEGAL BASIS AND CONSENT

5.1 Consent-Based Processing

By using our Platform, you provide explicit, informed consent for:

  • Collection and processing of all personal information described in this Policy
  • Sharing information with unlimited third parties for business purposes
  • Use of information for marketing, advertising, and lead generation activities
  • Contact from us and third parties via automated systems and prerecorded messages
  • Cross-device tracking and behavioral profiling across multiple platforms

5.2 Legitimate Business Interests

We process your information based on our legitimate business interests in:

  • Operating and improving our lead generation platform
  • Generating revenue through data monetization
  • Providing valuable services to consumers and service providers
  • Maintaining security and preventing fraudulent activity
  • Complying with legal obligations and enforcing our rights

5.3 Contractual Necessity

Information processing is necessary to:

  • Fulfill our Terms of Use agreement with you
  • Provide lead generation and referral services
  • Facilitate communication between consumers and providers
  • Process payments and manage business relationships

6. STATE PRIVACY LAW COMPLIANCE

6.1 California Consumer Privacy Rights (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act and California Privacy Rights Act:

Categories of Personal Information Collected:

  • Identifiers (name, email, phone, address, IP address, device IDs)
  • Commercial information (service interests, purchase history, preferences)
  • Internet or network activity (browsing history, interactions with advertisements)
  • Geolocation data (precise and approximate location information)
  • Sensory data (call recordings, if applicable)
  • Professional or employment information (if provided)
  • Inferences drawn from personal information (consumer profiles, preferences)

Categories of Sensitive Personal Information:

  • Precise geolocation data
  • Communications content (when applicable)
  • Financial account information (if provided)

Business Purposes for Information Use:

  • Lead generation and distribution services
  • Marketing and advertising operations
  • Platform security and fraud prevention
  • Legal compliance and business operations
  • Service provider matching and facilitation

Third-Party Categories Receiving Information:

  • Service providers and contractors in various industries
  • Advertising networks and marketing platforms
  • Data analytics and enhancement companies
  • Technology vendors and business partners
  • Legal and professional service providers

Sale and Sharing Definitions:

Under California law, we "sell" and "share" personal information by:

  • Providing leads to service providers for monetary compensation
  • Sharing data with advertising partners for targeted marketing
  • Cross-platform data sharing for behavioral advertising
  • Data enhancement partnerships that provide mutual value

6.2 Virginia, Colorado, Connecticut, and Utah Privacy Rights

Residents of these states have rights to:

  • Confirm whether we process their personal data
  • Access personal data we maintain about them
  • Correct inaccurate personal data
  • Delete personal data under certain circumstances
  • Obtain a portable copy of personal data
  • Opt out of targeted advertising and profiling
  • Opt out of the sale of personal data

6.3 Other State Privacy Laws

We comply with applicable privacy laws in all states where we operate, including:

  • Nevada revised statutes regarding sale of covered information
  • Illinois Biometric Information Privacy Act (BIPA) requirements
  • New York SHIELD Act data security requirements
  • Massachusetts Data Protection Act provisions

7. INTERNATIONAL DATA TRANSFERS AND GDPR

7.1 Cross-Border Data Processing

Your information may be transferred to and processed in:

  • Countries where our service providers, partners, or technology vendors operate
  • Jurisdictions that may not provide equivalent data protection laws
  • Cloud computing environments with global data storage and processing

7.2 GDPR Compliance (EU Residents)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation:

  • Right to Access: Obtain confirmation of processing and copies of your data
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure: Delete your data under specific circumstances
  • Right to Restrict Processing: Limit how we use your information
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Oppose processing based on legitimate interests
  • Right to Lodge Complaints: File complaints with supervisory authorities

Legal Bases for Processing Under GDPR:

  • Consent for marketing communications and non-essential processing
  • Legitimate interests for lead generation and business operations
  • Contract performance for service delivery
  • Legal compliance for regulatory requirements

8. ADVANCED TRACKING AND PROFILING TECHNOLOGIES

8.1 Comprehensive Tracking Methods

We employ sophisticated tracking technologies including:

  • First-Party Cookies: Essential for Platform functionality and user preferences
  • Third-Party Cookies: Advertising, analytics, and cross-site tracking
  • Web Beacons and Pixels: Email opens, page visits, and conversion tracking
  • Local Storage: HTML5 local storage, session storage, and IndexedDB
  • Device Fingerprinting: Unique device identification through technical characteristics
  • Cross-Device Tracking: Linking activities across multiple devices and platforms

8.2 Behavioral Profiling and AI Processing

We use artificial intelligence and machine learning to:

  • Create detailed behavioral profiles and consumer segments
  • Predict service needs and purchasing propensity
  • Optimize lead matching and distribution algorithms
  • Personalize marketing messages and advertising content
  • Detect patterns for fraud prevention and security

8.3 Biometric and Voice Data

When applicable, we may collect:

  • Voice recordings from phone interactions (where legally permitted)
  • Behavioral biometrics from typing patterns and mouse movements
  • Other biometric identifiers as technology evolves

9. DATA RETENTION AND DELETION

9.1 Retention Periods

We retain your information for extended periods including:

  • Active Lead Data: Minimum 7 years from last interaction
  • Marketing Data: Indefinitely unless deletion is requested
  • Analytics Data: Aggregated data retained permanently
  • Legal Compliance Data: As required by applicable laws (potentially decades)
  • Backup Data: Technical backups retained for up to 10 years

9.2 Deletion Challenges

Complete data deletion may be limited by:

  • Technical requirements for backup and disaster recovery systems
  • Legal obligations for record retention
  • Third-party processing where data has been shared
  • Aggregated or anonymized data that cannot be attributed to individuals
  • Active business relationships requiring data retention

10. SECURITY MEASURES AND LIMITATIONS

10.1 Security Safeguards

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest using industry-standard protocols
  • Access controls and authentication systems for employee access
  • Regular security assessments and vulnerability testing
  • Incident response procedures and breach notification protocols
  • Third-party security audits and compliance certifications

10.2 Security Limitations

IMPORTANT DISCLAIMER: Despite our security efforts:

  • No system can guarantee 100% security against all threats
  • Data breaches, cyberattacks, and unauthorized access remain possible
  • Third parties receiving your data maintain their own security practices
  • We are not liable for security incidents beyond our direct control

11. CHILDREN'S PRIVACY AND AGE RESTRICTIONS

11.1 Age Limitations

Our Platform is designed for adults aged 18 and older. We:

  • Do not knowingly collect information from minors under 18
  • Require age verification for certain services
  • Delete information if we discover it was provided by minors
  • Comply with COPPA requirements for children under 13

11.2 Parental Rights

Parents and guardians may:

  • Request information about data collected from their children
  • Demand deletion of children's information
  • Prohibit further collection of children's data

12. YOUR PRIVACY RIGHTS AND LIMITATIONS

12.1 Available Rights (Subject to Legal Requirements)

Depending on your location, you may request to:

  • Access personal information we maintain about you
  • Correct inaccurate or incomplete information
  • Delete your information under specific circumstances
  • Restrict certain types of processing
  • Opt out of marketing communications
  • Opt out of targeted advertising and profiling
  • Receive a portable copy of your data

12.2 Rights Limitations and Exceptions

Your rights may be limited when:

  • Information is required for legal compliance
  • Data is necessary for contract performance
  • Processing is based on legitimate business interests
  • Information has been anonymized or aggregated
  • Third parties have independent legal bases for processing
  • Deletion would compromise security or fraud prevention

12.3 Rights Exercise Process

To exercise privacy rights:

  • Submit requests to privacy@kitchenbathprogram.org
  • Provide sufficient information to verify your identity
  • Specify the exact rights you wish to exercise
  • Allow up to 45 days for initial response (may be extended)
  • Understand that some requests may be denied or limited

13. MARKETING COMMUNICATIONS AND OPT-OUT

13.1 Communication Types

You may receive various communications including:

  • Direct Marketing: Promotional emails, text messages, and phone calls
  • Transactional Messages: Service confirmations, updates, and notifications
  • Third-Party Marketing: Communications from service providers and partners
  • Automated Campaigns: Triggered messages based on behavior and preferences

13.2 Opt-Out Methods and Limitations

You can opt out of marketing communications by:

  • Clicking unsubscribe links in emails
  • Replying "STOP" to text messages
  • Contacting privacy@kitchenbathprogram.org
  • Adjusting preferences in your account (if available)

IMPORTANT LIMITATIONS:

  • Opt-out requests may take up to 10 business days to process
  • Transactional and service-related messages cannot be opted out
  • Third parties may have separate opt-out requirements
  • Previously shared data may continue to be processed by third parties
  • Opt-out may not prevent all forms of advertising or contact

14. THIRD-PARTY SERVICES AND LINKS

14.1 Third-Party Integrations

Our Platform integrates with numerous third-party services including:

  • Analytics platforms (Google Analytics, Adobe Analytics, etc.)
  • Advertising networks (Google Ads, Facebook, LinkedIn, etc.)
  • Customer relationship management systems
  • Communication and marketing platforms
  • Payment processing and financial services

14.2 Third-Party Privacy Policies

Third-party services maintain separate privacy policies and practices. We encourage you to review:

  • Google Privacy Policy (https://policies.google.com/privacy)
  • Facebook Data Policy (https://www.facebook.com/privacy/policy)
  • Other relevant third-party privacy policies for services you use

14.3 Third-Party Links

Our Platform may contain links to external websites. We are not responsible for:

  • Privacy practices of linked websites
  • Content or services provided by third parties
  • Data collection by external sites
  • Security of third-party platforms

15. POLICY UPDATES AND CHANGES

15.1 Modification Rights

We reserve the right to modify this Privacy Policy at any time by:

  • Posting updated versions on our Platform
  • Changing the "Effective Date" to reflect updates
  • Notifying users of material changes (when required by law)
  • Continuing to process data under revised terms

15.2 Change Acceptance

Your continued use of the Platform after policy changes constitutes:

  • Acceptance of all modifications
  • Consent to revised data processing practices
  • Agreement to updated sharing and usage terms
  • Waiver of any objections to changes

15.3 Material Change Notifications

For significant policy changes, we may provide notice through:

  • Email notifications to registered users
  • Prominent Platform notices or banners
  • Direct mail for certain types of changes
  • Other communication methods as appropriate

16. CONTACT INFORMATION AND COMPLAINTS

16.1 Privacy Contact Information

For privacy-related inquiries, requests, or complaints:

  • Email: privacy@kitchenbathprogram.org
  • Phone: 1-800-HOME-EFF (1-800-466-3333)
  • Mailing Address:
    kitchenbathprogram.org Privacy Office
    123 Main Street, Suite 456
    Wilmington, DE 19801, USA

16.2 Response Timeframes

We will respond to privacy inquiries:

  • Within 45 days for most requests (may be extended to 90 days)
  • Within 10 business days for urgent security matters
  • According to applicable law requirements for specific jurisdictions
  • With regular updates for complex or lengthy investigations

16.3 Complaint Resolution

If you believe we have violated your privacy rights:

  • Contact our Privacy Office first for direct resolution
  • File complaints with applicable regulatory authorities
  • Consult with legal counsel regarding your options
  • Understand that arbitration clauses in our Terms of Use may apply

17. ADDITIONAL DISCLOSURES

17.1 Do Not Track Signals

Our Platform does not respond to "Do Not Track" browser signals. To limit tracking:

  • Adjust browser privacy settings
  • Use advertising opt-out tools provided by industry organizations
  • Install privacy-focused browser extensions
  • Review and modify cookie preferences regularly

17.2 Accessibility

We strive to make our privacy practices accessible to users with disabilities. If you need this Policy in an alternative format, contact privacy@kitchenbathprogram.org.

17.3 Language and Translation

This Policy is provided in English. Translated versions are for convenience only, and the English version controls in case of conflicts.

This Privacy Policy is effective as of September 24, 2025.

Copyright © 2025 kitchenbathprogram.org. All rights reserved.