PRIVACY POLICY
Last Updated: April 27, 2026
1. Introduction
We are committed to protecting your privacy and providing a valuable user experience. This Privacy Policy explains how we collect, use, and share personal information in accordance with applicable privacy laws and the rights you may have.
The website www.newmaterial.xyz and related digital properties, including content hosted on theimmaterial.substack.com (collectively, the “Website”), are owned and operated by Material Form, LLC, doing business as “New Material” (the “Company,” “we,” “us,” or “our”). This Privacy Policy ("Policy") applies to all Website visitors ("you" or "users"), including those who access our content, newsletters, communications, information, materials, goods, services, digital products, and functionality offered by the Company (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read and understood the practices described in this Privacy Policy, which should be read together with our Terms of Use and Website Disclaimer. The disclosures and descriptions in this Policy reflect our processing activities during the preceding 12 months, or another period as required by applicable law. Any links, section headers, resources, or examples are provided for reference, convenience, organizational, or illustrative purposes only and do not modify or expand the scope of this Privacy Policy.
“Personal information” and “personal data” means information that identifies, relates to, describes, or could reasonably be linked to an individual. This Policy also does not apply to information you make publicly available through comments, posts, or other interactive features of the Services.
“Third party” means any person or entity other than the Company and you, including service providers, partners, advertisers, analytics providers, and external platforms. This Privacy Policy does not apply to third-party websites, platforms, or services that may be accessible through this Website. We are not responsible for the content or practices of those third parties, and we encourage you to review their policies separately.
2. Information We Collect
We may collect information about you in several ways, including information you provide directly, information collected automatically, and information received from third parties.
A. Information You Provide
When you subscribe to communications, participate in interactive features, and purchase our products or Services, you may provide personal information including:
· Contact information, such as your name, email address, phone number, and the contents of messages or inquiries you submit through forms or other communications
· Newsletter or subscription information, such as your email address, name, and preferences when you subscribe to newsletters, mailing lists, or other content
· Account information, including email address and password when creating a profile
· Payment and billing information, such as address and transaction details when processing payments, and purchasing our Services, products, or content
· Social media information, if you interact with us through social platforms or link an account, including publicly available profile information
· User-submitted content, including comments, testimonials, case studies, feedback, survey responses, or other information you submit
· Audio or video content, if you participate in or create media associated with our Services
· Communications, including email correspondence and messages you send to us
B. Information Collected Automatically
When you access or use our Website, certain information may be collected automatically through cookies, analytics tools, and other tracking technologies, including:
· Internet Protocol (IP) address and approximate geographic location
· Device information (e.g., type, browser, operating system, and identifiers)
· Usage data (e.g., pages visited, time spent, interactions such as clicks, scrolling, video plays, and downloads)
· Referral source information
· Search terms
· Clickstream and log data reflecting page navigation
· Cookies and similar tracking technologies that enable functionality, analyze usage, and improve our Services
C. Information From Third Parties
We may also receive information about you from third parties that help operate our Website or provide services on our behalf. Third parties collect or process information in accordance with their own privacy policies and terms. Examples may include:
· Analytics providers and performance monitoring, such as Google Analytics or similar technologies reporting website usage and visitor interactions
· Advertising or tracking providers, such as Meta Pixel used for marketing and analytics
· Affiliate platforms or partners, such as ShopMy or Amazon Associates, which may provide referral or transaction information related to affiliate links
· Email service providers, such as Mailchimp or ConvertKit, which help manage newsletters and communications
· Substack, which provides subscriber information and engagement data related to content it distributes
· Scheduling platforms, such as Calendly, which provide appointment information or contact details related to booking requests
· Website hosting providers, such as GoDaddy or Amazon Web Services, which support Website operation and infrastructure
· Financial service providers or payment platforms, such as Plaid or Shopify Payments, that facilitate secure connections between financial institutions and payment systems
· Payment processors, such as Stripe, PayPal, and Square, which may facilitate payments and provide limited transaction-related information
· Content delivery networks and caching services, which improve Website performance and availability
· Customer support platforms, to manage inquiries and communications
· Security and fraud prevention services, such as Cloudflare or reCAPTCHA, to detect malicious activity, protect our Website, and maintain platform integrity
· Cloud storage and collaboration platforms, to store documents, manage projects, or facilitate internal operations
3. How We Use Your Information
Where permitted by law, we may use the information we collect for the following purposes:
· To provide, operate, maintain, and improve our Services
· To respond to inquiries and provide customer support
· To send newsletters, updates, and marketing communications you have opted in to
· To schedule appointments or book our Services
· To process payments and purchases of goods, services, digital products, or content, and send transactional communications
· To analyze how you use our Services and optimize user experience
· To conduct marketing analytics and personalize content, including through advertising, recommendations, and retargeting technologies
· To conduct research and measure effectiveness and engagement with our communications
· To detect, prevent, and address fraud, security risks, or technical issues
· To comply with legal obligations, and enforce our terms, policies, and other agreements
· To display testimonials, case studies, or user-generated and submitted content
· To generate aggregated or de-identified insights for research, analytics, and service improvement
· For any other purpose you authorize at the time of collection
Personal information may be processed on the following legal bases:
· Consent for a specific purpose, such as subscribing to our communications, placing non-essential cookies, or engaging in targeted advertising and retargeting, and you may withdraw your consent at any time.
· Contract to provide our Services and fulfill our duties.
· Legal obligation to comply with applicable laws, regulations, or legal processes.
· Legitimate interests of ours or a third party, such as operating and improving our Services, conducting analytics, maintaining security, preventing fraud or abuse, and responding to inquiries, provided such interests are not overridden by your rights.
· Additional bases where required or permitted by applicable law.
Our data processing activities primarily occur in the United States, although our hosting and service providers may store or process data in other jurisdictions. By accessing or using our Services, you acknowledge that your information may be processed and stored in the jurisdictions where these providers operate.
A. Opt-In and Opt-Out of Email Marketing and Newsletters
When you subscribe to our email marketing, newsletters, or contact lists, you consent to receive periodic communications from us. You may opt out at any time by clicking the “Unsubscribe” link included at the bottom of our emails or by contacting us at hello@newmaterial.xyz.
B. CAN-SPAM Compliance
In accordance with the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) and our marketing practices, commercial communications may:
· Identify the sender by name and a physical business address
· Include accurate header information and subject lines
· Where required by law, identify the message as an advertisement or marketing communication
· Provide a clear and prominent unsubscribe mechanism in each email
· Honor opt-out requests within 10 business days
C. Transactional Communications
We may send transactional or service-related emails, such as order confirmations, purchase receipts, or account notifications. These emails are necessary to provide our Services and are not considered marketing communications.
4. How We Share Your Information
We may share your personal information in the following contexts:
A. Service Providers
We may engage service providers, vendors, contractors, or other third parties to support our operations, such as:
· Analytics providers (e.g., Google Analytics)
· Advertising networks and marketing platforms (e.g., Meta/Facebook)
· Newsletter distribution and subscriber management (e.g., Substack)
· Email service providers (e.g., Mailchimp, ConvertKit)
· Hosting providers content delivery networks, and technical infrastructure providers (e.g., GoDaddy)
· Financial service providers and payment platforms (e.g., Plaid, Stripe, PayPal, Shopify Payments, or Square) that facilitate payment processing, financial verification, and transactions
Where parties process personal information on our behalf, they are subject to applicable data protection laws and appropriate contractual obligations designed to protect personal information, including data processing and confidentiality agreements where required.
B. Legal Requirements and Safety
We may disclose information where we believe in good faith that it is necessary to:
· Comply with applicable laws, regulations, legal processes, or government requests
· Enforce our terms, policies, and other agreements
· Protect the rights, property, or safety of the Company, our users, or the public
· Detect, prevent, or investigate fraud, security issues, or other potential wrongdoing
C. Business Transfers
If the Company is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. Where required, we will provide notice of such transfers and choices you may have. Any acquiring entity will handle personal information it receives in accordance with applicable data protection laws.
D. Consent or Direction.
We may share your information for other purposes where you have consented or directed us to do so.
E. De-Identified, Aggregated, or Anonymized Information
We may share anonymized information that cannot reasonably be used to identify you or individual users, for purposes such as analytics, research, industry reporting, marketing analysis, or improving our Services.
5. Cookies and Tracking Technologies
Our Website may use cookies, web beacons, clear GIFs, pixels, device identifiers, and similar online tracking and information-gathering tools to analyze website usage, enhance your browsing experience, and support our Services.
A. Definition and Types of Cookies
“Cookies” are small text files placed on your device when you visit a website. They help websites function properly and allow site operators to understand how visitors use their services. Session cookies are temporary and expire when you close your browser, while persistent cookies remain on your device to recognize your browser and remember preferences for future visits.
We may use the following categories of cookies:
· Essential, to operate the Website and enable core functionality such as security, authentication, and network management
· Analytics and Performance, to analyze website traffic and usage patterns
· Marketing or Advertising, to measure marketing campaign effectiveness and deliver relevant advertisements on platforms
· Functional, to remember user preferences and browser settings to provide a more personalized experience
Specific cookies and similar technologies may include, by category:
· Essential: Cloudflare bot-management and security cookies (e.g., __cf_bm, cf_clearance); session and authentication cookies; cookie consent state. Durations range from session to approximately 12 months.
· Analytics and Performance: Google Analytics cookies (e.g., _ga, _ga_<id>, _gid, _gat). Retention up to approximately 26 months, depending on provider configuration.
· Marketing or Advertising: Meta Pixel cookies (e.g., _fbp, fr) used for conversion tracking and ad measurement. Durations approximately 90 days.
· Functional: Google reCAPTCHA cookies (e.g., _GRECAPTCHA) for form abuse prevention; Substack subscription cookies; email-service-provider tracking pixels (e.g., Mailchimp, ConvertKit/Kit) for measuring email engagement. Durations vary by provider.
Specific cookies and durations may change as we update our Services or as third-party providers modify their products. Our cookie consent banner reflects the cookies in use at any given time and allows you to manage non-essential cookies.
B. Consent to Cookies
You may update or withdraw your consent at any time through your browser settings. Our Website may also display a cookie consent banner to review and manage your preferences. Where required by applicable law, non-essential cookies will only be placed on your device after you have provided consent. Please note that disabling certain cookies may affect the functionality or availability of some features.
C. Tracking Technologies
We may also use tracking technologies to help us understand how users interact with our Website and Services. These technologies often work with cookies to recognize devices and track interactions across visits, such as to:
· Monitor and analyze website traffic, usage patterns, and user engagement
· Measure the effectiveness of marketing and communications
· Support analytics, advertising, and improvements to our Services
D. Do Not Track and Global Privacy Control Signals
Some web browsers, extensions, and privacy tools offer features such as “Do Not Track" (DNT) that signal a user’s preference regarding online tracking and data sharing. Where required by applicable law, we treat such approved universal signals as a request to opt out of the sale or sharing of personal information and certain forms of targeted or cross-context behavioral advertising. For example, Global Privacy Control (GPC) is a browser-based signal that communicates a user’s data sharing or processing preferences. You can learn more at https://globalprivacycontrol.org/ and https://optout.aboutads.info.
6. Third Party Services, Content, Links, and Integrations
We may use third-party platforms and service providers to help operate our Services, distribute content, analyze performance, process payments, and support marketing and communications. Where parties process personal information on our behalf, they are subject to applicable data protection laws and appropriate contractual obligations designed to protect personal information, including data processing and confidentiality agreements where required. Third parties may collect or process certain personal information under their own privacy policies. They may also use subprocessors to help deliver their services, while remaining responsible for maintaining appropriate safeguards. We do not control and are not responsible for the privacy practices of third parties. Examples may include:
A. Google Analytics and Performance Monitoring
We may use Google Analytics and similar tools to understand how visitors interact with our Services and to monitor performance. Google Analytics may collect information such as your IP address, browser type, device information, pages visited, time spent on pages, and other usage data, to generate website traffic reports and improve the Website’s functionality. You may opt out by installing the Google Analytics Opt-out Add-on or adjusting your browser privacy settings. For more information, see Google’s Privacy Policy (https://www.google.com/policies/privacy/).
B. Meta Pixel and Conversion Tracking
We may use tracking technologies such as the Meta Pixel (or Facebook Conversion Tracking) to measure marketing campaign performance, understand audience engagement, and deliver more relevant advertising. These technologies may collect information such as your IP address, browser type, device identifiers, and pages visited, and may share and process it in accordance with their own policies and practices. For more information, see Meta’s Privacy Policy (https://www.facebook.com/privacy/policy/). You may manage preferences through your account settings or industry opt-out tools, such as those provided by the Digital Advertising Alliance.
C. Substack Integration
We may distribute content through Substack, including newsletters and publications hosted at theimmaterial.substack.com. When you subscribe to our communications, information such as your email address, subscription status, and engagement data may be collected and processed through the Substack platform. Certain information, such as address book data and communications, may not be encrypted. To the extent we receive subscriber information through Substack, we manage that information in accordance with this Privacy Policy and applicable data protection laws.
Substack may independently determine the purposes and means of processing personal information to operate its platform, including distribution, hosting, analytics, interactions, and payment. Subscription payment processing by Substack is subject to its policies. You may manage your subscription preferences at any time through the unsubscribe link included in Substack emails or through your account settings. For more information, see Substack’s Terms (https://substack.com/tos) and Privacy Policy (https://substack.com/privacy).
D. Affiliate Networks
Our Website may contain affiliate links associated with platforms such as ShopMy and Amazon Associates, that process information under their own policies and practices. If you click an affiliate link, the affiliate network or platform may use cookies or similar technologies to track referral activity and collect information about your browsing and purchases. We may receive a commission for purchases made through affiliate links, but we generally do not receive personal information about individual users.
E. Email Marketing Providers
We may use email marketing providers such as Mailchimp and ConvertKit to manage subscriptions and communications.When you subscribe to our emails, the provider may collect and store information such as your email address, name, subscription preferences, and engagement data. These providers process this information to deliver newsletters, manage preferences, and analyze engagement. You may unsubscribe at any time by clicking the link included in our communications.
F. Website Hosting and Infrastructure
Infrastructure providers such as GoDaddy, Amazon Web Services, and Cloudflare host our Website and support our operations, security, and performance. These providers may collect technical information such as server logs, IP addresses, browser type, device information, and other data related to access to the Website. For more information, please review GoDaddy’s Privacy Policy (https://www.godaddy.com/legal/agreements/privacy-policy).
G. Embedded Content and Social Media Features
Our Website may include embedded content or interactive features such as videos, social media posts, or audio provided by third-party platforms and providers like YouTube, Twitter/X, Vimeo, or Spotify. Embedded content may behave as if you had visited those platforms directly and may collect personal information, use cookies or similar tracking technologies, and monitor your use. Your interactions with these features are governed by the terms and privacy policies of the companies that provide them.
H. Scheduling and Appointment Booking
Subject to availability, we may use scheduling platforms and service providers to book consultations, meetings, or other services through our Website. When you request a booking, these providers may collect information such as your name, email address, appointment details, scheduling preferences, and any other information you choose to provide. Technical information, such as IP address, browser type, and device information, may also be collected and processed in accordance with the provider’s own policies. If payment is required, processing may be handled through integrated payment providers and platforms, which may collect payment and billing information in accordance with their respective policies. For more information, see Calendly’s Privacy Policy (https://calendly.com/privacy).
I. Payment Processors and Financial Services
We may use payment processors and financial service providers to facilitate purchases of our offerings. Payment information is transmitted directly to the payment processor, and we do not store full payment card numbers or banking credentials. These providers may collect information such as billing details, payment card information, or transaction data necessary to process payments in accordance with their own policies, and we are not responsible for their privacy or security practices.
J. Future Third Party Services
In the future, we may use additional tools or service providers to support analytics, communications, marketing, infrastructure, or other aspects of our Services. These third parties may collect or process information in accordance with their own privacy policies. If future services materially affect how personal information is processed, we will update our Privacy Policy accordingly.
7. Data Retention
We retain personal information for as long as reasonably necessary to provide and operate our Services, to comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of information, applicable legal requirements, and purpose for collection. Examples of typical retention periods include:
Contact information: Until you request deletion
Email newsletter subscriber information: Until you unsubscribe, plus a reasonable period necessary to process the request
Customer inquiries and support communications: Approximately 3 years after the last interaction
Payment and transaction records: 10 years for accounting, tax, and legal compliance purposes, unless a longer retention period is required by law
Analytics data: Up to 26 months, depending on the provider’s settings and configuration
Cookies and similar tracking technologies: From session duration to 24 months
Testimonials and case studies: Until you request removal, the content is no longer used, or unless otherwise agreed upon
Server logs and technical logs: Up to 90 days for security and operational purposes
Following the applicable retention period, we may securely delete, anonymize, or aggregate the information, or retain it as necessary for legal, compliance, or legitimate business purposes.
8. Data Security
We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. While no method of electronic transmission or storage is completely secure, and absolute security cannot be guaranteed, our safeguards and security measures may include:
· Encryption of data in transit using SSL/TLS technology
· Secure authentication and access control mechanisms
· Restricted access to personal information on a need-to-know basis
· Use of HTTPS for secure data transmission
· Firewalls and other network security protections
· Regular security updates, monitoring, and vulnerability management
· Organizational and employee privacy training, and maintaining confidentiality obligations
· Periodic reviews of security practices and systems
If you create an account for our Services or otherwise access protected portions of our Website, you must maintain the security and confidentiality of your credentials and passwords, and are responsible for all activity that occurs under your account.
9. Children's Privacy
Our Services are not intended for individuals under the age of 13, and individuals under 13 should not provide personal information. If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take reasonable steps to promptly investigate and delete it as soon as practicable. If you are a parent or guardian and believe that a child has provided personal information to us, please contact us at hello@newmaterial.xyz.
10. General User Privacy & Data Requests
Depending on location and applicable law, you may exercise certain options regarding the processing of your personal data.
A. User Personal Information
· To Access and Know. You may request information about the personal data we collect, use, and share about you, including the categories, purposes, and recipients. Where required by applicable law, you may also request a copy of the data in a structured, commonly used, and machine-readable format.
· To Correct and Delete. You may request correction of inaccurate or incomplete personal information we maintain. Subject to certain legal exceptions, you may also request deletion of personal information we have collected.
· To Limit or Opt Out. You may request to limit certain uses of your personal information, including its sale or sharing for cross-context behavioral advertising, targeted marketing, or certain types of profiling or automated decision-making that produces legal or similarly significant effects. You may also request to opt out of receiving marketing communications by clicking the unsubscribe link included.
B. Submitting Data Requests
To make any of these requests, you may contact us at hello@newmaterial.xyz with "Data Request" in the subject line. Please include:
· Your full name and email address(es) associated with the service
· If relevant: account username or subscription information
· The specific request you are making
We may verify your identity before processing your request to ensure that personal information is only disclosed to the appropriate individual, and will request only the information reasonably necessary to do so. We will respond to verified requests within forty-five (45) days, unless additional time is needed due to the complexity of the request, in which case we will notify you and provide an updated timeline.
C. Appealing Request Denials
Where required by applicable law, we will explain any denial, and you may have a right to appeal. To appeal, reply to our denial or email hello@newmaterial.xyz with "Privacy Appeal" in the subject line within the applicable timeframe. Our response will include the reasons for our decision and, where applicable, contact information for your state attorney general or supervisory authority.
11. State-Specific Notices
A. California Consumer Rights
This section provides notice to California residents subject to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and related regulations.
Subject to certain legal exceptions, California residents may have the following rights regarding their personal information:
· Right to Know the category types and specific details of personal information we may collect, use, disclose, or share, including data disclosed for business purposes.
· Right to Delete personal information we have collected.
· Right to Correct inaccurate personal information that we maintain.
· Right to Opt Out of the sale or sharing of personal information for cross-context behavioral advertising.
· Right to Limit Use or Disclosure of sensitive personal information.
· Right to Non-Discrimination to receive equal treatment in the price or quality of goods or services, even if you exercise your privacy rights.
B. Categories of Personal Information Collected
In the last 12 months, our Services may have collected the following categories and examples of information:
· Identifiers: name, email address, demographic, IP address, device type, and cookies
· Commercial: transaction history, products and services purchased, or content accessed
· Internet or Network Activity: browsing history, interactions with content, clicks, and pages visited
· Geolocation Data: approximate location based on IP address
· Sensory: audio, electronic, visual, or similar information you submit, such as videos, photos, voice recordings, or recorded media
· Employment or Professional: provided in testimonials, correspondence, or case studies
· Education Level: disclosed in communications or content submissions
· Inferences, Preferences, or Interests: derived from browsing behavior or interactions
· Biometric: none collected
· Sensitive Personal Information: account log-in credentials in combination with passwords; payment account information collected through our payment processors. We do not collect or use other categories of sensitive personal information.
Categories of Sources. We collect personal information from the following categories of sources: (i) directly from you, when you contact us, subscribe to communications, create an account, submit content, or make a purchase; (ii) automatically from your device and interactions with our Services, through cookies, analytics tools, server logs, and similar technologies; and (iii) from third parties that support our Services, including analytics providers, advertising and marketing partners, content distribution platforms, email service providers, hosting and infrastructure providers, payment processors, security and fraud-prevention services, scheduling platforms, and affiliate networks.
Categories of Third Parties to Whom We Disclose. We may disclose personal information, for the business and commercial purposes described in Section 11.C, to the following categories of third parties: (i) service providers and processors that operate our Services on our behalf (including analytics, hosting and infrastructure, email and newsletter, payment processing, scheduling, customer support, and security and fraud-prevention providers); (ii) advertising, marketing, and measurement partners; (iii) content distribution platforms; (iv) affiliate networks and referral partners; (v) professional advisors and auditors; (vi) government authorities, regulators, and parties to legal proceedings, where required or permitted by law; and (vii) actual or prospective parties (and their advisors) to a corporate transaction such as a merger, acquisition, financing, reorganization, or sale of assets.
C. Business and Commercial Purposes
The Company may collect and use personal information for the following:
· Providing, maintaining, and improving our Services
· Performing Services requested by users, including fulfilling contracts or accessing content
· Communicating with users and responding to inquiries
· Marketing and advertising
· Conducting analytics to understand usage patterns and improve user experience
· Detecting, preventing, and addressing fraud, security threats, or technical issues
· Complying with legal obligations and duties
· Enforcing agreements and protecting the rights, property, and safety of our Company, users, and the public
· Any other purposes disclosed when or before personal information is collected
D. Sale and Sharing of Personal Information
The Company does not sell your personal information for money, as it may be traditionally defined. However, certain cookies, pixels, affiliate links, analytics tools, or advertising technologies may involve disclosures that are considered “sharing" or “selling" of personal information, targeted advertising, or cross-context behavioral advertising under applicable privacy laws.
Where supported, you may opt out of this type of data sharing by:
· Disabling cookies through Website cookie consent banners
· Clicking “Do Not Sell or Share My Personal Information” or “Your Privacy Choices” links
· Using a Global Privacy Control (GPC) signal through your browser or device
· Adjusting advertising preferences within your Meta/Facebook account settings
We do not knowingly sell or share the personal information of consumers under 16 years of age.
E. Exercising California Rights
To exercise any applicable privacy rights, you must submit a verifiable consumer request through our online request form, or contact us at hello@newmaterial.xyz with “California Rights Request" in the subject line. Please include:
· Your full name and email address(es) associated with the service
· If relevant: account username or subscription information
· The specific right you are exercising
We may verify your identity before processing your request and will request only the information reasonably necessary to do so. You may designate an authorized agent to submit access, deletion, or opt-out requests on your behalf. If an authorized agent submits a request, we may require proof of authorization and verification of your identity. We will respond to verified requests within forty-five (45) days and may extend that period by up to an additional forty-five (45) days if necessary due to the complexity of the request, in which case we will notify you and provide an updated timeline.
F. California Civil Code Section 1798.83 “Shine the Light" Act
California residents may request information about our disclosures of personal information to third parties for their own direct marketing purposes. The Company does not knowingly make such disclosures without providing any choice required by law.
G. Other U.S. State Residents
Residents of states with comprehensive consumer privacy laws—including, where applicable, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, New Jersey, Iowa, Tennessee, and Indiana—may have rights similar to those described in Section 10 and Section 11.A, subject to applicable legal exceptions. These rights may include the right to access, correct, delete, and obtain a copy of personal information; to opt out of the sale or sharing of personal information, targeted advertising, and certain profiling; and to appeal a denied request. To exercise these rights, contact us at hello@newmaterial.xyz with the relevant state and request type in the subject line. We will respond within the timeframe required by applicable law.
12. Notice to European Users
This section applies to users in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, and provides notice of rights and disclosures under the General Data Protection Regulation (GDPR), the UK GDPR, the Swiss Federal Act on Data Protection (FADP), and other applicable data protection laws. For users subject to the GDPR, the minimum age for digital consent is 16, unless a user’s country of residence sets a lower age, which may not be below 13. If a user is below the applicable age of digital consent, processing based on consent requires consent from a parent or legal guardian.
A. Legal Bases
Where applicable, we may process personal data on the following legal bases:
· Consent for a specific purpose, such as subscribing to communications or consenting to cookies. You may withdraw your consent at any time. Targeted advertising, retargeting, and the placement of non-essential cookies are conducted on the basis of your consent. Analytics and other measurement of our Services are conducted on the basis of our legitimate interests in understanding and improving the Services.
· Contract to provide our Services and fulfill our duties.
· Legal obligation to comply with applicable laws or processes, such as tax, accounting, or regulatory requirements.
· Legitimate interests of ours or a third party’s, provided such interests are not overridden by your rights and interests. This may include operating and improving our Services, conducting analytics, maintaining security, preventing fraud or abuse, and responding to inquiries.
· Other lawful bases where required or permitted by applicable law.
B. GDPR Rights
If you are located in one of the GDPR jurisdictions, you may have the following rights, subject to applicable legal limits and exceptions:
· Right to access and know the personal data we hold about you.
· Right to correction or rectification of inaccurate or incomplete personal data.
· Right to erasure and deletion of your personal data (“right to be forgotten”), subject to legal exceptions where retention is required to comply with legal obligations, complete transactions you have requested, resolve disputes, enforce agreements, or for other legitimate business purposes.
· Right to restrict and limit how we process your personal data in certain circumstances.
· Right to data portability and to request a copy of your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, request transmission to another controller.
· Right to object to certain processing, including direct marketing, targeted advertising, related profiling, and processing based on our legitimate interests if it relates to your particular situation. We may continue processing only if we have compelling legitimate grounds or a legal obligation to continue.
· Right not to be subject to automated decision-making that produces legal or similarly significant effects—the Company does not engage in such automated decision-making.
· Right to lodge a complaint with your local data protection authority.
C. International Data Transfer
Our Services are primarily operated in the United States. When you access or use our Services, your information may be transferred to, stored, and processed in jurisdictions where our hosting providers, service providers, or their subprocessors operate. Where required under applicable data protection laws, we rely on appropriate safeguards for international data transfers, such as Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms.
D. Exercising GDPR Rights
To exercise GDPR rights, you may contact us at hello@newmaterial.xyz with “GDPR Rights Request” in the subject line. Please include:
· Your full name and email address(es) associated with the service
· If relevant: account username or subscription information
· The specific right you are exercising
We may verify your identity before processing your request and will request only the information reasonably necessary to do so. We will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law, and may extend that period by up to two additional months if necessary. Where requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or decline to act on the request. If you believe your rights have been violated, you may lodge a complaint with your local data protection authority.
13. Data Breach Notification
In the event of a data breach involving unauthorized access to or acquisition of personal information, we will take reasonable steps to investigate and respond, particularly where the breach is likely to result in a high risk to individuals’ rights and freedoms. We will comply with applicable data breach notification laws without undue delay, which may include:
· Investigating the breach and assessing its scope, including the types of information involved and potential risks
· Providing notice to affected individuals through reasonable means, with information about the breach and steps individuals may take
· Notifying regulators where required within applicable timeframes
· Taking reasonable measures to mitigate harm and prevent similar incidents
· Cooperating with law enforcement where appropriate
In some cases, notification may be delayed as legally permitted, or as requested by law enforcement.
14. Privacy Policy Updates
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other operational factors. We encourage you to review our policies periodically to stay informed about how we use and protect your information. If we make material changes to how we collect or process personal information, we may:
Post the updated Privacy Policy with a revised “Last Updated” date;
Provide notice through our Website or by email if the changes affect your rights; or
Obtain your consent, where required.
To the extent permitted by applicable law, your continued use of our Services after any changes have been posted constitutes your acceptance of the revised Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please contact:
Mia Reyes, Owner, Material Form, LLC
Phone: (929) 551-4920
Address: [MAILING ADDRESS]
Email: hello@newmaterial.xyz