Privacy Policy

Last updated: 09.10.2025 • Applies to U.S. visitors

Company legal name, doing business as convertbathroom.com ("Company," "we," "our," or "us"), respects your privacy rights and is committed to compliance with all applicable U.S. privacy and data protection laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Gramm-Leach-Bliley Act (GLBA), the Children's Online Privacy Protection Act (COPPA), the Fair Credit Reporting Act (FCRA), the Electronic Communications Privacy Act (ECPA), and relevant state privacy laws such as Nevada’s online privacy law. This Privacy Policy outlines the types of information we collect, how we use and share that information, and the choices you have about our practices. By accessing or using our site, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our website.

Information We Collect

Anonymous & Aggregated Data

We collect general browsing and usage information, including site traffic patterns, session length, browser type, and general geographic location. This information is stored in server log files and analyzed only in aggregate, without linking it to any personally identifiable details.

Categories of Personal Information We Collect

We may collect the following categories of personal information, as defined under applicable U.S. state privacy laws:

• Identifiers:Name, mailing address, phone number, email address, Social Security number, driver’s license number, date of birth, marital status, military affiliation, and IP address.
• Customer Records Information:Employment information (employer name, job title, employment status, length of employment, work phone number, income, pay period), educational background, and prior mailing addresses.
• Financial Information:Bank account details and credit history or credit score estimates.
• Protected Class Characteristics:Age, military/veteran status, and marital status.
• Commercial Information:Records of products or services requested or considered.
• Internet or Network Activity:Domain name, browser type and version, operating system, usage data, referring URLs, marketing source or campaign, time spent on site, visit frequency, and cookie identifiers.
• Geolocation Data:Approximate geographic location derived from your device or IP address.
• Professional or Employment-Related Data:Employment details such as employer name, job title, work phone number, and income level.
• Education Information (non-public):Highest degree obtained, education level, and graduation year.

We do not collect biometric identifiers, or audio, visual, or other sensory data.

Sources of Information

We collect data from multiple sources:

• Directly from youwhen you fill out forms, submit information, or use our services.
• From third parties,including our affiliates, advertising partners, publishers, and lead generators.
• We may combine data collected from different sources for accuracy and completeness. In some cases, our service providers may also enhance or supplement the information with additional data (e.g. updated contact info) to better serve you.

How We Use Your Information

• Anonymous and Aggregated Data:Used to analyze usage patterns and improve our website functionality and services.
• Personal and Financial Data:Used to process your requests and connect you with relevant service.
• Contact Information:If you provide contact details, you consent to be contacted by us, our service providers, and marketing partners via phone, email, mail, or SMS for the purposes you would reasonably expect.(Standard messaging rates may apply for SMS.)
• Sharing with Partners:We may share your information with third parties suchaslead aggregators, or marketing partners in order to fulfill your service requests and present you with offers that may interest you.
• Use by Vendors:Trusted vendors acting on our behalf (e.g. call centers, email delivery services, cloud data storage providers) may process your information under strict contractual obligations that protect your data.
• Legal Requirements and Protection:We may disclose your information when required by law or in response to valid legal process (for example, in response to subpoenas or court orders), or as necessary to enforce our terms and protect the rights, safety, or property of our company, our users, or others.
• Business Transfers:If our business is ever sold, merged, or undergoes a reorganization, customer information may be transferred as part of that transaction (we will ensure the recipient honors the privacy commitments made in this policy).
• Additional Consent for New Uses:If we ever wish to use your data for purposes that are not reasonably related to those for which you provided it, we will obtain your consent before doing so.

Third-Party Advertisers

We may display advertisements on our site that are supported by third-party tracking tools (such as cookies or pixels provided by advertising networks). Clicking on these advertisements will direct you to the website of the third-party advertiser, which will have its own privacy practices and policies. This Privacy Policy applies only to our site, so we recommend reviewing the privacy policies of any external sites you visit via ads on our site.

Cookies & Tracking Tools

We use cookies and similar tracking technologies (such as log files and web beacons) to enhance your user experience and to monitor the performance of our website.

• Cookies:Small data files stored on your device that remember your preferences and track your use of our site. We use both persistent cookies (which remain on your device for a set period) and session cookies (which expire when you close your browser), as well as analytics cookies for site analytics.
• Log Files:Records of events on our website, including IP address, browser type, referring/exiting pages, and timestamps of your visits. We review log files to monitor site security and performance.
• Web Beacons/Pixels:Invisible images or scripts embedded on pages or emails that signal when a page is visited or an email is opened. They help us measure user engagement and the effectiveness of marketing campaigns. (These tracking pixels are part of how our site functions and cannot be individually disabled.)

You can adjust your browser settings to refuse or delete cookies. However, if you disable cookies, some features of our site may not function properly. (Note: Even if cookies are disabled, our site will still collect certain basic data via log files or as necessary to operate the site.)

Your Rights & Choices

You have certain rights and choices regarding your personal information. Subject to applicable legal requirements, you may request access to the personal information we hold about you, request corrections to any inaccurate information, or request deletion of your personal information.

Our site does not currently respond to “Do Not Track” (DNT) signals sent by browsers, due to the lack of an industry standard for compliance. We will update this practice if a uniform standard is adopted in the future.

Data Security

We implement reasonable technical, administrative, and physical safeguards to protect your data, consistent with industry standards and applicable laws. Personal and financial details are encrypted during transmission (for example, via TLS/SSL), and access to stored personal data is restricted to authorized personnel and service providers who need it for business purposes. In case of a data breach, we will notify you and the appropriate regulators as required by U.S. federal and state data breach notification laws.

Data Retention

We retain your information only as long as necessary to fulfill the purposes for which it was collected and to comply with our legal and contractual obligations. For example, if you provide your email address, we will retain it to continue providing services or updates to you unless you unsubscribe; if you do unsubscribe, we will remove your email from active mailing lists and maintain it only on an opt-out list to ensure we honor your opt-out request. Retention periods for other types of data vary depending on the nature of the information and our business needs or legal requirements.

Children’s Privacy

Our services are not directed to anyone under the age of 18. We comply with the Children’s Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently received information from a child under 13, we will delete such information from our records as quickly as possible.

California Privacy Rights (CCPA & CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).These include:

• The right to knowwhat categories of personal information we have collected about you.
• The right to knowwhether your personal information has been shared or sold, and the categories of third parties who received it.
• The right to accessthe personal information we have collected about you, andthe right to request deletionof that information (with certain exceptions under the law).
• The right to opt outof the sale or sharing of your personal information to third parties.
• The right to correctinaccurate personal information that we maintain about you.
• The right to limitthe use or disclosure of your sensitive personal information (as defined by California law).
• The right to non-discriminationfor exercising any of these privacy rights (meaning we will not deny you services or provide different quality of service just because you exercised your rights).

In accordance with California law, we provide the following additional details:

Categories of Sources

We collect personal information from a variety of sources, including:directly from you,service providers,affiliates and business partners,advertising networks and data brokers.

Retention

We retain each category of personal information as reasonably necessary to fulfill the purposes for which it was collected and as required by law. This includes retaining information to complete transactions you have requested, to comply with legal obligations (such as regulatory record-keeping requirements), to resolve disputes, or to enforce our agreements. Actual retention periods vary depending on the type of information and the context in which it was collected.

Requests to Know and Access

California residents may request that we disclose certain information about our data practices in the past 12 months. Upon a verifiable request, you may ask to receive: (1) the categories of personal information we have collected about you; (2) the categories of sources from which the personal information was collected; (3) the business or commercial purpose for collecting or sharing your personal information; (4) the categories of third parties with whom we have disclosed your personal information; and (5) the specific pieces of personal information we have collected about you.

Requests to Delete

You have the right to request that we delete personal information we have collected from you. Upon receiving a verified deletion request, we will delete your personal information from our records, unless an exception applies. We may deny a deletion request (in whole or in part) if retaining the information is necessary for us or our service providers to: complete a transaction or provide a service that you requested; detect or protect against security incidents, fraud, or illegal activity; exercise or ensure another’s exercise of free speech or another legal right; comply with a legal obligation; engage in public or peer-reviewed research in the public interest (when deletion of the data may likely render impossible or seriously impair the research); enable internal uses that are reasonably aligned with the expectations of you as our customer; or otherwise use the information internally in a lawful manner compatible with the context in which you provided it, as permitted by CCPA/CPRA.

Verification of Requests

For your security, we will verify your identity before fulfilling any request to know, access, correct, or delete personal information. The verification steps may vary depending on the sensitivity of the information and the type of request. We may ask you to provide additional information to match against our records, or require you to log into an existing account, or provide identification documents. If we cannot verify your identity, we will not be able to fulfill your request. Also, if a request is manifestly unfounded, repetitive, or excessive, we may either charge a reasonable fee or refuse to act on the request (as permitted by law).

Submitting Privacy Requests (California Residents)

If you are a California resident and wish to exercise your privacy rights, you may submit a request to us by either of the following methods:

• By mail:Please send a written request to us at the mailing address provided in the “Contact Us” section of this Policy (please label your request as “California Privacy Rights Request”).
• Online:Submit your request through the "Contact Us" form on our website (please indicate that you are a California resident exercising your CCPA/CPRA rights).

Once we receive your request, we will confirm receipt within 10 days and provide information about how we will process the request. We will respond to your request within 45 days of receiving averifiablerequest. If we require more time (up to an additional 45 days), we will inform you of the reason and extension in writing before the initial 45-day period has expired.

Nevada Privacy Rights

Nevada law allows Nevada residents to opt out of the sale of certain personal information. If you are a Nevada resident, you may request that we not sell any covered information we have collected about you by submitting a request through our website’s Contact Us form. We will respond to your request as required by Nevada SB 220 (Nevada’s online privacy law).

Other Federal Privacy Laws

In addition to the laws and rights described above, we comply with several other U.S. privacy laws that may apply to the information we collect:

• Fair Credit Reporting Act (FCRA):The FCRA is a federal law that regulates the collection and use of consumer credit information. We comply with the FCRA to the extent it applies to our services. Importantly, we arenota “consumer reporting agency,” and the services we provide donotconstitute “consumer reports” as defined in the FCRA. This means that information obtained from us should not be used to determine an individual’s eligibility for credit, insurance, employment, housing, or any other purpose covered by the FCRA. We expressly prohibit the misuse of any data we provide for such purposes. Any credit-related information we do collect (for example, a credit score estimate you provide to us) is used only in compliance with FCRA and other applicable laws.
• Electronic Communications Privacy Act (ECPA):The ECPA is a federal law that protects the privacy of electronic communications. In line with ECPA requirements, we do not intercept, monitor, or disclose the content of your electronic communications with us except as permitted by law. We maintain the confidentiality of communications such as emails or messages you send to us, and we will only access or share such communications if required to do so for legal compliance or security purposes. We are committed to adhering to ECPA’s provisions to safeguard your communications privacy.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law or changes in our business practices. If we make any material changes, we will post the updated policy on this page with a new effective date. We encourage you to review this page periodically. Your continued use of the site after any changes are posted will signify your acceptance of the updated Privacy Policy.

Push Notifications

With your consent, we may send you browser or device push notifications (for example, updates on the status of a request or marketing messages). If you have previously agreed to receive push notifications and wish to stop them, you may disable push notifications at any time in your browser settings or device settings.

Contact Us

If you have any questions about this Privacy Policy or wish to make a privacy-related request, please contact us at feedback@secureyournest.io. You may also reach us by mail at the following address:

Company name: Leif Agency Ltd.

We will respond to inquiries or requests as promptly as possible and in accordance with applicable law.