State Privacy Notice

(All States)

This State Privacy Notice (this “Notice”) supplements the information
contained in the Privacy Policy of BeniVita, Inc. (“BeniVita,” “we,” “us,” or “our”) and
applies to residents of certain U.S. states (“consumers” or “you”).
We adopt this Notice to address and comply with applicable U.S. state
comprehensive consumer privacy laws and certain state online/internet privacy
requirements, including (as applicable): the California Consumer Privacy Act of
2018, as amended by the California Privacy Rights Act of 2020 (together, the
“CCPA”); the Virginia Consumer Data Protection Act (“VCDPA”); the Colorado Privacy
Act (“CPA”); the Connecticut Data Privacy Act (“CTDPA”); the Utah Consumer Privacy
Act (“UCPA”); the Texas Data Privacy and Security Act (“TDPSA”); the Oregon
Consumer Privacy Act (“OCPA”); the Montana Consumer Data Privacy Act
(“MCDPA”); the Iowa Consumer Data Protection Act (“ICDPA (Iowa)”); the Indiana
Consumer Data Protection Act (“ICDPA (Indiana)”); the Tennessee Information
Protection Act (“TIPA”); the Florida Digital Bill of Rights (“FDBR”, for certain entities);
the Delaware Personal Data Privacy Act (“DPDPA”); the New Jersey Data Privacy Act
(“NJ DPA”); the New Hampshire privacy law effective in 2025 (“NHPA”); the
Minnesota Consumer Data Privacy Act (“MCDPA (Minnesota)”); and any other
enacted comprehensive state consumer privacy laws effective as of December 1,
2025 (collectively, “State Privacy Laws”).
Some terms used in this Notice (such as “personal information,” “personal
data,” “sale,” “share,” “targeted advertising,” “sensitive data,” and “profiling”) may
be defined differently under different State Privacy Laws. Where required, we
apply the meaning provided by the applicable law for your state of residence.
If you have a disability and need this Notice in an alternative format, please
contact us at privacy@benivita.com or write to us at: BeniVita, Attn: Privacy
Manager, 1095 East Shaw Avenue, Fresno, California 93710.
1. Scope
This Notice describes how we collect, use, disclose, “sell” and “share”
Personal Information/Personal Data of state residents when we act as a “business,”
“controller,” or similar regulated entity under applicable State Privacy Laws, and
explains your rights with respect to that information.
This Notice covers Personal Information/Personal Data we collect about
consumers who:
Visit, use, or interact with our websites, including Ambassador replicated
websites, mobile sites, mobile applications, and other online services
(collectively, the “Websites”);
Purchase our products or services; or
Participate in our Ambassador program or otherwise interact with us
offline or online.
This Notice does not apply to information that is exempt under applicable law,
which may include (depending on the state and context):
Publicly available information;
Deidentified or aggregated information;
Information governed by certain sector-specific laws (e.g., HIPAA, GLBA,
FCRA, FERPA); and
Certain information we collect and use in the context of employment or
applicant relationships, which may be covered by separate notices.
2. Applicability by State (Who This Notice Covers)
This Notice is intended to provide the state-specific disclosures and rights
required by State Privacy Laws to the extent they apply to our processing of your
Personal Information/Personal Data. California residents: The CCPA-specific
disclosures and rights are described in Sections 8–11, and additional multi-state
disclosures in Sections 12–20 also apply.
Residents of other states with comprehensive privacy laws (including those
listed above): The disclosures and rights described in Sections 12–20 apply to you
to the extent required by the law of your state and to the extent we process your
Personal Data in a manner that makes us subject to that law.
Residents of states without comprehensive privacy laws: We may still
provide certain choices and disclosures described in this Notice as a matter of
transparency and good practice.
If a specific provision applies only in certain states, we note that in the
relevant section.
3. Categories of Personal Information/Personal Data We Collect
In the past 12 months, we have collected the following categories of
Personal Information/Personal Data about consumers (as applicable):
Identifiers - Examples: name, alias, postal address, unique personal
identifier, online identifier, Internet Protocol (IP) address, email address,
account username and password, Ambassador ID, and similar identifiers.
Customer Records (e.g., California Civil Code § 1798.80(e)) / Transaction
and Account Data Examples: telephone number, billing and shipping
address, payment card information (processed by our payment
processors), tax identification numbers for Ambassadors (e.g., Social
Security Number or Federal Tax ID), and other information you provide
to us in connection with your relationship with us.
Protected Classification Characteristics (to the extent you voluntarily
provide them, where permitted) Examples: age (40 years or older),
gender, and marital status.
Commercial Information/Purchase and Use Data Examples: records of
products or services purchased, obtained, or considered, purchasing
history, dates and amounts of purchases, and information about your
Ambassador business activity.
Internet or Other Electronic Network Activity Information Examples:
browsing history, search history, and information regarding your
interactions with the Websites, our emails, and advertisements, including
pages viewed, links clicked, referring/exit pages, and identifiers
associated with your devices.
Geolocation Data Examples: approximate location derived from your IP
address, and if you enable location services, more precise location data
from your device (e.g., GPS, Wi Fi, Bluetooth).
Professional or Employment Related Information Examples: occupation,
and information related to your role and activities as an Ambassador
(such as rank and sales/recruitment data).
Inferences Drawn from Other Personal Information/Personal Data
Examples: inferences reflecting preferences, characteristics, and
interests (for example, inferred product or lifestyle preferences used to
personalize your experience or marketing).
Sensitive Personal Information/Sensitive Data
Some State Privacy Laws regulate Sensitive Personal Information or Sensitive Data
(terms vary by law). Depending on your interactions with us, we may collect
sensitive data such as:
Government identifiers (e.g., Social Security Number) from Ambassadors
for tax reporting;
Precise geolocation (if enabled on your device);
Account log-in credentials (which may be treated as sensitive under
certain laws); and
Any other categories treated as “sensitive” under applicable law.
We do not use or disclose sensitive personal information for the purpose of
inferring characteristics about you. To the extent we collect sensitive data, we use
it only as permitted by applicable law, including for providing requested
products/services, security and fraud prevention, legal compliance, and other
purposes described in Section 5.
Where required by law (which may vary by state), we will obtain your
affirmative express consent (opt-in) before processing sensitive data for certain
purposes, or we will provide a right to limit use and disclosure.
We do not intentionally collect biometric identifiers or biometric information
for the purpose of uniquely identifying you, unless expressly disclosed at the time
of collection and processed in compliance with applicable law. If we begin
collecting biometric data in a way regulated by a State Privacy Law, we will provide
additional notices and obtain any required consent.
4. Sources of Personal Information/Personal Data
We collect the categories of Personal Information/Personal Data identified
above from the following categories of sources:
Directly from you – for example, when you create an account, enroll as
an Ambassador, make a purchase, contact us, participate in promotions
or surveys, or otherwise interact with us.
Automatically from your devices – for example, through cookies, pixels,
web beacons, log files, software development kits (SDKs) and other
tracking technologies when you use the Websites or open our emails.
From Ambassadors – for example, when an Ambassador provides us with
your contact information in connection with referrals, orders, events, or
network-building activities.
From service providers and business partners – for example, payment
processors, analytics providers, advertising networks, social media
platforms, logistics providers, and others who assist us in operating our
business.
From public or commercially available sources – for example, public
databases, joint marketing partners, and social media platforms, where
permitted by applicable law.
5. Purposes for Collecting and Using Personal Information/Personal Data
We collect, use and disclose Personal Information/Personal Data for the
following business and commercial purposes (as applicable):
Providing and improving our products and services – operating,
maintaining and improving the Websites; processing and fulfilling
orders; providing customer support; customizing content and
experiences.
Managing accounts and relationships – creating and managing your
account or Ambassador business; communicating with you about your
account, purchases, rewards, promotions, and the Ambassador program.
Marketing and advertising – sending promotional communications and
offers; personalizing advertising and content; measuring and
understanding the effectiveness of our campaigns; market research and
analytics.
Operating our Customer Program, Ambassador program and network
marketing business – assigning leads; operating Ambassador locator
tools; providing upline/downline reporting; commission and incentive
calculations; business planning, training, and recognition.
Security and fraud prevention – detecting, investigating, and preventing
fraudulent, harmful, unauthorized, unethical or illegal activity; protecting
systems, networks and data; enforcing terms and policies.
Legal, compliance and safety – complying with legal obligations,
responding to lawful requests and legal process, protecting rights,
property and safety.
Debugging, research and development – identifying and repairing errors;
testing, research, analysis and product development.
Short term, transient use and other internal business purposes – internal
analytics, audits, and general business operations reasonably aligned
with your relationship with us.
We may also use Personal Information/Personal Data for any other
purpose described to you at the time of collection or for which you
provide consent, where required.
6. Disclosure of Personal Information/Personal Data for Business Purposes
We disclose the categories of Personal Information/Personal Data described
in Section 3 for one or more of the purposes described in Section 5 to the following
categories of recipients:
Service providers and contractors/processors – including payment
processors, fraud prevention providers, hosting and cloud providers,
analytics providers, marketing and advertising partners, email and SMS
providers, customer support providers, and logistics and fulfillment
providers.
Ambassadors and other business partners – including your sponsor,
applicable upline/downline Ambassadors, and partners who help operate
the Ambassador program and support your Ambassador business, as
described in our Privacy Policy.
Advertising and analytics partners – including third parties that provide
interest based/targeted advertising, cross device linking, measurement,
and analytics services.
Social media platforms – when you interact with social media plugins, log
in using social media credentials, or when we use ad tools offered by
these platforms.
Government authorities and legal parties – as required or permitted by
law, or to protect rights.
Successors in interest – in connection with, or during negotiations of, any
merger, acquisition, sale of assets, financing, reorganization, bankruptcy,
or similar event.
When we disclose Personal Information/Personal Data to a service
provider/contractor/processor, we use contracts and appropriate safeguards as
required by applicable law.
7. Sale, Sharing, Targeted Advertising, and Profiling (Cross Context
Behavioral Advertising)
State Privacy Laws may provide the right to opt out of certain disclosures
and uses of Personal Information/Personal Data, including:
“Sale” (which may include disclosures for monetary or other valuable
consideration, and may be defined broadly in some states);
“Sharing” for cross context behavioral advertising (a California
concept); and/or
Targeted advertising (interest-based advertising), including based on
your activities across unaffiliated websites or online services; and/or
Profiling in furtherance of decisions that produce legal or similarly
significant effects (as defined under some State Privacy Laws).
We do not sell or share your Personal Information in the traditional sense of
selling customer lists for money. However, we use certain third party cookies,
pixels and similar technologies on our Websites (including from analytics and
advertising partners such as, for example, Google, Facebook and others) that may
result in the “sale,” “sharing,” or use of Personal Information/Personal Data for
targeted advertising under some State Privacy Laws.
In the past 12 months, we have “sold” and/or “shared” (as those terms are
defined under applicable law) the following categories of Personal
Information/Personal Data:
Identifiers;
Internet or other electronic network activity information; and
Inferences drawn from such information.
We disclose these categories to the following categories of third parties in
ways that may be considered “sale,” “sharing,” and/or “targeted advertising”:
Advertising networks;
Analytics providers; and
Social media platforms and partners that provide marketing and
advertising services.
Profiling
We may use Personal Information/Personal Data to personalize content,
offers, or advertising. To the extent such activity constitutes “profiling” under
applicable law, you may have the right to opt out of profiling in furtherance of
decisions that produce legal or similarly significant effects. We do not engage in
profiling that produces legal or similarly significant effects (such as decisions about
employment, housing, insurance, credit, or similarly significant eligibility decisions)
based solely on automated processing without human involvement, except where
disclosed and permitted by law.
8. Retention of Personal Information/Personal Data
We retain Personal Information/Personal Data for as long as reasonably
necessary to achieve the purposes described in this Notice or in our Privacy Policy,
or as otherwise required by law. We use criteria such as:
The nature of our relationship with you (e.g., Ambassador, customer,
website visitor);
The type and sensitivity of the information;
The purposes for which we collect and use it;
The potential risk of harm from unauthorized use or disclosure; and
Our legal and regulatory obligations.
When we no longer need Personal Information/Personal Data, we will delete,
deidentify, or aggregate it, subject to applicable legal requirements.
9. Your California Privacy Rights (CCPA) (California Residents)
If you are a California resident, you may have the following rights with
respect to your Personal Information, subject to exceptions and limitations:
Right to Know / Access - You have the right to request disclosure of
information about our collection and use of your Personal Information
over the past 12 months (or longer as required by law), including
categories collected, sources, purposes, categories of third parties,
categories sold/shared/disclosed, and specific pieces of Personal
Information.
Right to Delete - You have the right to request deletion of Personal
Information we collected from you, subject to certain exceptions.
Right to Correct - You have the right to request correction of inaccurate
Personal Information we maintain.
Right to Opt Out of Sale or Sharing - You have the right to direct us not to
sell or share your Personal Information for cross context behavioral
advertising.
Right to Limit Use and Disclosure of Sensitive Personal Information - If
we use or disclose sensitive personal information beyond permitted
purposes, you have the right to limit such use and disclosure. As noted
above, we do not use or disclose sensitive personal information to infer
characteristics.
Right to Non Discrimination - We will not discriminate against you for
exercising your CCPA rights.
10. How to Exercise Your California Privacy Rights (CCPA)
Submitting Requests to Know/Access, Correct or Delete
To exercise your rights, submit a request by:
Email: privacy@benivita.com with subject line “California Privacy
Request”; or
Webform: [PRIVACY REQUEST WEBFORM URL].
In your request, please:
Indicate which right(s) you are exercising (know/access, deletion,
correction);
Provide your full name, email address, telephone number, and any other
information we may reasonably require to verify your identity; and
For access requests, indicate whether you are requesting categories of
information and/or specific pieces of information.
We will verify your request using information you previously provided. We will
respond to verifiable consumer requests within time periods required by the CCPA
(generally within 45 days, with a possible 45-day extension where permitted).
Authorized Agents
You may designate an authorized agent to make a request on your behalf.
We may require proof of written permission and may require you to verify your
identity directly with us.
11. How to Exercise Your Right to Opt Out of Sale or Sharing (California)
To exercise your right to opt out, you may:
Visit our “Do Not Sell or Share My Personal Information” link (or similar)
on our Websites: [DO NOT SELL OR SHARE URL];
Email: privacy@benivita.com with subject line “CCPA Opt Out Request”;
and/or
If you have enabled a browser based opt out preference signal (such as Global
Privacy Control) that is recognized under CCPA regulations, we will treat that signal
as a request to opt out of sale/sharing for the browser or device that sends the
signal, to the extent required by law.
12. Additional State Privacy Rights (Non California Comprehensive Privacy
Laws)
If you are a resident of a state with a comprehensive privacy law (e.g.,
Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana,
Tennessee, Florida (for certain entities), Delaware, New Jersey, New Hampshire or
Minnesota), you may have the following rights, subject to exceptions and
limitations under applicable law:
Right to Confirm and Access - Confirm whether we process your Personal
Data and access that data.
Right to Delete - Delete Personal Data we maintain about you (in some
states limited to data you provided; other states extend to data obtained
from other sources).
Right to Correct - Correct inaccuracies in your Personal Data (available in
many states).
Right to Data Portability Obtain a copy of certain Personal Data you
provided to us (and/or that we process), in a portable and readily usable
format, where required.
Right to Opt Out of Targeted Advertising Opt out of processing for
targeted advertising.
Right to Opt Out of Sale Opt out of “sale” of Personal Data as defined by
your state law.
Right to Opt Out of Certain Profiling Opt out of profiling in furtherance of
decisions that produce legal or similarly significant effects, where
applicable.
Right to Opt In / Consent for Sensitive Data (Certain States) Some states
require opt-in consent to process sensitive data (or sensitive data for
certain purposes). Where required, we will obtain consent before such
processing.
Right to Appeal (Certain States) If we deny your request, you may have
the right to appeal our decision (see Section 15).
These rights may not apply in all circumstances, and we may decline requests as
permitted by law (for example, where necessary to complete transactions, detect
security incidents, comply with legal obligations, or protect against fraud).
13. How to Exercise State Privacy Rights (All States)
You may submit a request to exercise applicable privacy rights by:
Webform: [PRIVACY REQUEST WEBFORM URL]
Email: privacy@benivita.com
Mail: BeniVita, Attn: Privacy Manager, 1095 East Shaw Avenue, Fresno,
California 93710
Please include:
Your full name and the email address (and/or other identifier) associated
with your account or interaction with us;
Your state of residence;
The right you wish to exercise; and
Sufficient information for us to reasonably verify your identity and locate
your information.
Identity Verification
We will take reasonable steps to verify your identity before responding to
certain requests. The information we request for verification will depend on the
nature of the request and the sensitivity of the data. If we cannot verify your
identity, we may deny your request.
Authorized Agents
Where permitted by law, you may use an authorized agent. We may require
proof of authorization and may require you to verify your identity directly with us.
14. Opt-Out Methods; Global Privacy Control; Universal Opt-Out Mechanisms
Cookie-Based Opt-Outs and Preference Centers
You may be able to manage certain cookie and tracking preferences
through:
A cookie banner or cookie preference manager on our Websites:
[COOKIE PREFERENCES URL]; and/or
Device and browser controls (note: these controls may not be effective
for all technologies).
Global Privacy Control/Universal Opt-Out Signals
Some State Privacy Laws (including California, Colorado, Connecticut, Delaware,
Montana, New Jersey, Oregon, Texas, and others) require or recognize universal
opt-out mechanisms for targeted advertising and/or sale.
Where required by applicable law, we will process a recognized opt-out
signal (such as Global Privacy Control (GPC)) as a valid request to opt out of:
Sale of Personal Information/Personal Data (as defined by applicable
law), and/or
Sharing/Targeted advertising, for the browser or device that sends the
signal, and in some cases for associated accounts where required or
where we can reasonably do so.
If you use multiple devices or browsers, you may need to enable the signal on each
device/browser.
15. Appeals Process (Where Required)
If we deny your privacy rights request (in whole or in part) and your state
law provides an appeals right, you may appeal our decision.
How to appeal: Submit your appeal by email to privacy@benivita.com with
the subject line “Privacy Request Appeal,” or via [PRIVACY APPEAL WEBFORM URL].
What to include: Identify the original request, the date submitted, and why
you believe the decision should be reconsidered.
Timeline: We will respond to your appeal within the period required by
applicable law, generally within 45 days (or earlier if required), and may extend
where permitted with notice.
Regulator complaint option: If your appeal is denied, we will provide (as
required by applicable law) information on how to contact your state Attorney
General or other regulator to submit a complaint.
16. Required Disclosures: Categories of Personal Data, Purposes, and Third
Parties (Multi State)
To support transparency under State Privacy Laws, we provide the following
summary:
Categories of Personal Information/Personal Data processed: See Section
3.
Purposes of processing: See Section 5.
Categories of third parties to whom we disclose Personal
Information/Personal Data: See Section 6.
Sale/Sharing/Targeted advertising disclosures: See Section 7.
Sensitive Data Purposes and Controls
We process sensitive data only as needed for purposes such as:
Tax reporting and compliance for Ambassadors;
Account security, fraud prevention, and identity verification;
Providing requested services; and
Other purposes permitted by applicable law.
Where required, we provide opt-in consent and/or the ability to limit sensitive data
processing.
17. Children’s Data
Our Websites and offerings are not directed to children under 13, and we do
not knowingly collect personal information from children under 13. If we learn that
we have collected personal information from a child under 13, we will take steps to
delete it.
Some State Privacy Laws provide heightened protections for minors (for
example, opt-in consent for certain targeted advertising or sale involving known
minors under a specified age). We do not have actual knowledge that we sell or
share the Personal Information/Personal Data of consumers under 16 years of age
(consistent with the CCPA statement above). If we obtain actual knowledge that we
are processing data of a minor in a manner that triggers special obligations, we
will comply with applicable law, including obtaining any required consent.
18. Shine the Light (California Civil Code § 1798.83)
Separately from your CCPA rights, California’s “Shine the Light” law permits
California residents to request certain information regarding our disclosure of
Personal Information to third parties for their own direct marketing purposes.
As described in our Privacy Policy, California residents may request a Notice
of Information Sharing Disclosure once per calendar year by writing to us at
BeniVita, Attn: Privacy Manager, 1095 East Shaw Avenue, Fresno, California 93710,
or by emailing privacy@benivita.com. We will respond to such requests as required
by law.
19. Privacy Metrics (Where Required)
Some laws or regulations may require businesses to compile and disclose
metrics regarding consumer privacy requests (for example, certain CCPA
regulations applicable to some businesses).
To the extent required by applicable law, we will publish required privacy
request metrics in a location accessible from our Privacy Policy or this Notice:
[PRIVACY METRICS URL].
20. Updates to This State Privacy Notice
We may update this Notice from time to time to reflect changes in our
practices, technologies (including cookies/targeted advertising), or applicable law.
When we make changes, we will revise the “Last Updated” date below and, where
appropriate, provide additional notice (such as by posting a statement on our
Websites).
Your continued use of the Websites after we make changes is deemed to be
acceptance of those changes, to the extent permitted by applicable law.

Last Updated: December 1, 2025