Dosh Holdings LLC, a subsidiary of Cardlytics, Inc. (the “Company,” “we,” “us,” “Dosh” and “our”) is committed to treating your personal information with respect and sensitivity. This privacy policy (this “Privacy Policy”) explains how we may collect, store, use, and disclose information when you access or use (1) our website located at www.dosh.com and all of our other websites to which this Privacy Policy is posted (collectively, the “Website”); (2) our mobile applications to which this Privacy Policy is posted (collectively, the “Application”); and (3) any services, content, and features made available by us through the Website or the Application (together with the Website and the Application, the “Services”). Our affiliates, including our parent company Cardlytics, Inc., have their own privacy policies that apply to data they collect from the products, services, and applications they provide. Any data collected pursuant to this Policy that is disclosed to our affiliates will still be treated consistently with this Policy.
‍YOUR ACCEPTANCE OF THIS PRIVACY POLICYBy accessing or using the Services, you consent to our collection, storage, use, and disclosure of your information as described in this Privacy Policy. The provisions contained in this Privacy Policy supersede all prior notices and statements regarding our privacy practices with respect to the Services. If you do not agree to every provision of this Privacy Policy, you may not access or use the Services.
‍PROTECTING CHILDREN’S PRIVACYThe Services are not directed, or intended to be attractive, to children under the age of 13. We do not knowingly collect personal information from children under the age of 13. If you are under the age of 13, do not use the Services or submit any information to us. If we learn we have collected or received personal information from a child under the age of 13 without verification of parental consent, we will delete that information. If you believe we might have any personal information from or about a child under the age of 13, please contact us.
‍TYPES OF INFORMATION WE COLLECT AND HOW WE COLLECT ITPersonal Information and Anonymous Information - When you access or use the Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household (“Personal Information”), and we may also collect information that cannot reasonably be linked to you (“Anonymous Information”). When Anonymous Information is, directly or indirectly, associated or combined with Personal Information, such Anonymous Information will be considered Personal Information for purposes of this Privacy Policy.

Information You Provide to Us. In general, you may visit the Website or download the Application without telling us who you are or sharing any Personal Information with us. When you register for an account for the Services (an “Account”), use other aspects of the Services, or communicate with us for customer service or technical support for the Services, we may ask you to provide certain Personal Information, such as your name, email address, postal address, mobile number, and payment account information. Additionally, if we are required by law for governmental and tax purposes, we may ask you to provide us or our service providers certain government identification numbers, including but not limited to your Social Security Number or Taxpayer Identification Number. We may also ask you whether you want to receive text messages relating to the Services. By providing your mobile phone number, you expressly consent to receive text messages from us relating to the Services at that number. Third-party data and message fees may apply. You may decline to provide certain Personal Information to us, but, if you do so, certain features of the Services may not be available to you or the performance of certain features of the Services may be limited or not work at all.

Information Collected from Devices. When you access or use the Services via a computer or mobile device, including, without limitation, a desktop computer, laptop, mobile phone, tablet, or other electronic device (each, a “Device”), we may collect information from your Device, such as your Device type and manufacturer, your Device operating system and version, your mobile carrier, your Device identifiers, your mobile phone number, your IP address, your browser type, your network connection type, information about the webpage that referred you to the Website or that you visited prior to the Website, and your behavior and activity on the Website and the Application. In addition, if you download the Application to your mobile Device, we may collect information from your mobile Device about your location while you are accessing or using the Application and while you are not accessing or using the Application. We may use this information to provide targeted offers to you and notify you of nearby third-party locations where you may use the Services. You may opt out of the collection of location data at any time by changing your settings on your mobile Device. However, if you do so, certain features of the Services may not be available to you or the performance of certain features of the Services may be limited or not work at all.

Information Collected from Other Third Parties. We may collect Personal Information from third-party social networks, subject their respective privacy policies and your privacy settings. We may also collect Device identifiers from third-party devices present at certain third-party locations, such as retail stores, restaurants, and other points of interest. Such devices may use wifi, near field communication (NFC), or Bluetooth low-energy (BLE) beacon technology to transmit signals about the location of your Device to us so that we may notify you via push message that you are near a location where you may use the Services.

Transaction Information. When you link an eligible credit or debit card (a “Payment Card”) to your Account, we may collect transaction information, from your Payment Card Network (e.g., Visa, Mastercard, American Express) (“Transaction Information”). Transaction Information includes certain information about your transactions, last 4 digits of your card number, and merchant name. By linking a Payment Card to your Account, you authorize: (a) us to share your Payment Card information with the third parties that enable us to provide the Services, such as the payment processor Braintree (“Third-Party Service Providers”) and your Payment Card Network so it knows you enrolled for the Services; and (b) the Payment Card Network to (i) monitor transactions on your Payment Card to identify qualifying purchases in order to determine whether you qualify for or earn an offer linked to your Payment Card in connection with the Services; and (ii) share such Transaction Information with us to provide the Services to you. You may opt-out of such transaction monitoring on the Payment Card(s) you have registered by de-linking them through the Services or by terminating your Account. Please note that if you opt-out of transaction monitoring, certain features of the Services may not be available to you or the performance of certain features of the Services may be limited or not work at all. Notwithstanding anything to the contrary in this Privacy Policy or the Terms of Service, we will use Payment Card and transaction information solely as follows: to confirm a qualifying purchase or return to match transactions to confirm whether you qualify for an offer or statement credit; to create a record of the transaction information and thereafter maintain and use data in connection with the provision of Services; to provide targeted offers that may be of interest to you; to conduct analysis for the improvement and optimization of the Services; to inform participating merchants where a transaction occurred as needed for the merchant to confirm a specific transaction occurred or points should be awarded; for example, we may share the date and amount of your purchase and the last 4 digits of your card number so the merchant can verify your purchase with its records or confirm if there is a missing or disputed transaction; to provide participating merchants aggregated and anonymized information relating specifically to registered Payment Card activity solely to allow participating merchants to assess the results of their campaign; to provide information in order to respond to a request from government authority or a payment organization involved in a transaction with you or a merchant; and to enable the sharing, exchange and use of transaction information described above and herein by and among us, the Payment Card Networks, applicable Third-Party Service Providers and applicable merchants.
‍HOW WE USE PERSONAL AND ANONYMOUS INFORMATIONWe may use Anonymous Information as described elsewhere in this Privacy Policy and for research and commercial purposes, such as to improve the Services. We may use Personal Information for our general commercial purposes including to: provide the Services and notices related thereto;• analyze, improve and customize the Services; provide customer and technical support for the Services; send you announcements, newsletters, promotional materials, and other information about the Services and third-party products and services that we think may be of interest to you; detect, prevent and investigate actual or suspected fraud, hacking, infringement, or other misconduct involving the Services;• collect fees and other amounts owed in connection with the Services; and• comply with tax and other applicable laws.
‍HOW WE SHARE PERSONAL AND ANONYMOUS INFORMATIONWe may share Anonymous Information with third parties as described elsewhere in this Privacy Policy and for our commercial purposes. We may share Personal Information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control) to help provide, maintain, and improve our Services. We do not share Personal Information with third-parties, except: if you request or authorize it; to complete a transaction or provide a service requested by you; to our Third-Party Service Providers that provide services to support the Services, such as payment processing, data analysis, email delivery, hosting, order fulfillment, infrastructure, network storage, customer service, technical support, and promotional services and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them; to comply with applicable laws, rules, and regulations, including but not limited to tax laws; to comply with governmental and regulatory requests, court orders, and subpoenas; to protect our rights, property, and safety and the rights, property, and safety of our users and others; to enforce our rights arising from any contracts entered into between you and us, including the Terms of Service; with merchants that you transact with that already have Personal Information about you for the purpose of verifying offer-qualifying transactions; and; if the disclosure is done as part of a purchase, transfer, or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, your Personal Information may be one of the transferred assets) or in the event of bankruptcy. When we disclose Personal Information to third parties or to Third Party Service Providers, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and not use it for any purpose except performing that contract. In the preceding twelve (12) months, we have not sold Personal Information or shared Personal Information for the purpose of cross-context behavioral advertising.
‍YOUR CHOICES ABOUT YOUR INFORMATIONYou may opt not to receive promotional emails from us by contacting us or by following the “unsubscribe” instructions in any promotional email you receive from us. Please note, however, that we may still send you non-promotional emails about your relationship with us. You can review and change your Account information via the Website or the Application. To terminate your Account and your right to use the Services please delete your Account via the Website or the Application and immediately discontinue all use of the Services. Please visit this link for information on how to delete your account.
‍INFORMATION YOU SHARE SOCIALLYThe Services may allow you to connect and share your actions, comments, content, and information publicly or with friends. The Company and the Payment Card Networks are not responsible for maintaining the confidentiality of any information you share publicly or with friends. In addition, the Services may allow you to connect with us on, share on, and use third-party websites, applications, and services. Please be mindful of your personal privacy needs and the privacy needs of others as you choose to connect and share information with friends and others. We cannot control the privacy or security of information you choose to make public or share with others. We also do not control the privacy practices of third parties. Please contact those websites and services directly if you want to learn about their privacy practices.
‍HOW WE PROTECT YOUR INFORMATIONWe have, and require our Third-Party Service Providers to have, administrative, technical, and physical safeguards in place in our respective physical facilities and in our respective computer systems, databases, and communications networks that are reasonably designed to protect information contained within such systems from loss, misuse, and alteration. The measures we use may include storing Personal Information on secured servers, transmitting Personal Information using encryption technologies, and auditing and reviewing our data collection and storage practices. To be clear, we do not store your Payment Card account information, and we do not have control over or responsibility for your Payment Card account information. When you provide your Payment Card account information through the Website or the Application, it is stored and/or processed by our Third-Party Service Providers in order for you to use the Services. Our contracts with these third parties require them to have administrative, technical, and physical safeguards to protect the security and confidentiality of such information. No method of electronic transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security of your Personal Information. You also play a role in protecting your Personal Information. Please safeguard your username and password for your Account and do not share them with others. If we receive instructions using your Account log-in information, we will consider that you have authorized the instructions. You agree to notify us immediately of any unauthorized use of your Account or any other breach of security related to the Services. We reserve the right, in our sole discretion, to refuse to provide the Services, terminate your Account, and to remove or edit content.

RETENTION OF PERSONAL INFORMATION
Subject to applicable law, which might, from time to time, oblige us to store your Personal Information for a certain period of time, we will retain Personal Information only for as long as necessary to provide the Services and to fulfill the purposes outlined in this Privacy Policy. In the event you or Dosh terminates your account, you agree that we may retain your data for one year from the date of termination for audit and merchant invoicing purposes. After expiry of the applicable retention periods, your Personal Information will be deleted.

LINKS TO THIRD-PARTY WEBSITES AND APPLICATIONS
When you access or use the Services, you may be directed to other websites or applications that are beyond our control. We may also allow third-party websites or applications to link to the Services. We are not responsible for the privacy practices of any third parties or the content of linked websites and applications. We encourage you to read the applicable privacy policies and terms and conditions of such parties, websites, and applications.

INFORMATION COLLECTED BY COOKIES AND SIMILAR TRACKING TECHNOLOGIES
When you access the Website or use the Services, we may, subject to your opt-out preferences, automatically collect certain information through cookies and similar technologies (including pixels, tags and web beacons) (together “cookies”). Cookies are small text files stored by your browser on your computer, phone, tablet, or other device you use to access our Website or use the Services. The cookies on our Website collect information related to the device you used to access our website such as the IP address and type of device. Cookies allow us to identify visitors, track aggregate behavior, and recognize certain types of information on your computer, such as a cookie number, time and date of a page view, and a description of the page where a cookie is placed. The cookies on our Website also may collect the following categories of information (1) IP addresses; (2) domain servers; (3) types of computers accessing the Website; (4) referring/exit websites; (5) operating systems; (6) Internet Service Providers (ISPs); (7) types of web browsers used to access the Website and (8) your geographic location information.

The length of time a cookie will stay on your browser or device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay until they expire or are deleted. The expiration time or retention period applicable to persistent cookies depends on the purpose of the cookie collection and tool used. Unless otherwise required by applicable law, we will retain any Personal Information collected through cookies only for as long as necessary to fulfill the purposes outlined in this Policy.

We will use the information we automatically collect through cookies on our Website for legitimate business purposes, including to: analyze, improve, and customize the Services and the Website and to market the Services.

We have four types of cookies on our Website: 1) strictly necessary cookies, 2) preferences cookies, 3) statistics cookies and 4) marketing cookies.

Strictly Necessary
‍These cookies are required to enable the basic features of our Website such as navigating to pages or accessing secure areas. Without these cookies our Website cannot function properly. Strictly necessary cookies are always stored on your browser as they are essential for enabling the basic functionalities of our site.

‍Preferences Cookies
‍Preferences cookies a reserved by us and our partners such as LinkedIn and Tableau. Preference cookies help us remember your choices regarding the Website (such as your preferred language and what region you are in) to provide enhanced, personal features.  For more information on how our partners use the data collected via their services please visit their respective privacy policies: LinkedIn and Tableau.

Statistics Cookies
‍Statistics cookies are served by us and our partners such as Google, LinkedIn, Twitter, Vimeo, YouTube and Stackify. Statistics cookies help us understand how you use the Website and how we can provide a better experience. The information collected from these cookies helps us analyze trends in usage of the Website. For more information on how our partners use the data collected via their services please visit their respective privacy policies: Google, LinkedIn, Twitter, YouTube, Vimeo and Stackify.

Marketing Cookies
‍This Website uses cookies served by us and our third-party partners such as LinkedIn, Tableau, YouTube, and Stackify to help us show relevant advertising to you more effectively and to measure the performance of ads. The information collected via these cookies will be used to show you better and more personal advertisements on the Websites and other sites you visit and to analyze traffic to the Website. We may share this information with our advertising partners.

For more information on how our partners use the data collected via their services please visit their respective privacy policies: LinkedIn, YouTube, Stackify and Tableau.

Your Choices Regarding Cookies
You have the right to choose whether or not to accept all cookies except strictly necessary cookies which are essential for enabling the basic functionalities of this Website.  To manage your choices regarding cookies other than strictly necessary cookies on the Website (the “non-essential cookies”), please click on our Cookie Settings pop-banner. You can also modify the settings on your browser to limit the types of cookies you encounter. Check out the documentation for your browser to learn more.

Please note that if you disable non-essential cookies certain features of the Website may be limited or may not work at all. For further information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, you can visit https://www.youradchoices.com/

Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not currently use technology that recognizes “Do Not Track” signals from your web browser due to lack of standardization regarding how that signal should be interpreted.

STATE INFORMATION AND RIGHTS
Depending on where you reside, you might be entitled to certain data protection rights. For residents of the specific states delineated below, the relevant rights will be available from the date that the state laws and regulations become effective.
CALIFORNIA RESIDENTS’ ADDITIONAL PRIVACY RIGHTSIf you are a California resident, this section applies to you. This section describes how we collect, use, and share your Personal Information in our capacity as a “business” under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2021 (the “CPRA”), and the rights you have with respect to your Personal Information. For purposes of this section, “Personal Information,” and “Sensitive Personal Information” have the meanings given in the CPRA and do not include information excluded from the CPRA’s scope. Under the CPRA, subject to exceptions, California residents who use our Services or visit our Website have the following rights regarding their data:

The right to know the categories of Personal Information we’ve collected and the categories of sources from which we got the information (see TYPES OF INFORMATION WE COLLECT AND HOW WE COLLECT IT and below); The right to know the business purposes for collecting or disclosing your Personal Information (see TYPES OF INFORMATION WE COLLECT AND HOW WE COLLECT IT and below); The right to know the categories of third parties with whom we’ve disclosed Personal Information (see HOW WE SHARE PERSONAL AND ANONYMOUS INFORMATION); The right to access the specific pieces of Personal Information we’ve collected about you; The right to request the deletion of the Personal Information we have collected about you; and The right to request the correction of inaccurate Personal Information.

Dosh does not sell or share your Personal Information with or to third parties as we understand those terms to be defined by the CPRA and its implementing regulations. Dosh does not use or disclose your Sensitive Personal Information other than to provide you with the Services and as permitted by California law.

We have collected the following categories of Personal Information from or about consumers within the last twelve (12) months:

‍Identifier:
A real name, alias, postal address, unique personal identifier, online identifier, IP address, taxpayer identification number, social security number, email address, account name, or other similar identifiers.

‍Commercial Information:
‍Products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies.

‍Internet or other similar network activity:
Information on a consumer’s interaction with a website or app.

‍Geolocation Data:
Physical location data.

We obtain Personal Information directly from you, indirectly from you via third-party service providers that you agree Dosh may receive such information from, and from internet cookies/pixels.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your explicit consent. As a California resident, you may exercise your right to know, to correct, or to delete by emailing us at legal@dosh.cash. We may require you to verify your identity prior to accessing or deleting your information. You may also designate an authorized agent to make a request to know, correct, or delete. We may deny a request from an authorized agent that does not submit proof of authorization. California residents have the right to not be discriminated against if they choose to exercise their privacy rights.

California Law also permits California residents to request certain information once per year regarding disclosure of any “personal information” (as that term is defined under California’s “Shine the Light” law) disclosed to third parties for such third parties’ direct marketing purposes. We do not currently disclose personal information protected under California’s “Shine the Light” law with third parties for their direct marketing purposes.

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) days of receipt of the request.

COLORADO RESIDENTS’ ADDITIONAL PRIVACY RIGHTS
Effective July 1, 2023
If you are a Colorado resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under the Colorado Privacy Act (“CPA”). For purposes of this section, “Personal Data,” has the meaning given in the CPA and does not include information excluded from the CPA’s scope. Under the CPA, subject to exceptions, Colorado residents have certain rights regarding their data, including, as applicable to users of Dosh Services: The right to access the specific pieces of Personal Data we’ve collected about you in a portable format; The right to request the deletion of the Personal Data we have collected about you; and The right to request that we correct inaccurate Personal Data.
‍
As a Colorado resident, you may exercise your right to know, to correct, or to delete by emailing us at legal@dosh.cash. We may require you to verify your identity prior processing your request. Colorado residents have the right to not be discriminated against if they choose to exercise their privacy rights. We endeavor to respond to a verifiable consumer requests within forty-five (45) days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) days of receipt of the request.

If we deny your request to access, correct, or delete your information, you may appeal our decision by emailing us at legal@dosh.cash with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Colorado attorney general.

CONNECTICUT RESIDENTS’ ADDITIONAL PRIVACY RIGHTS
Effective July 1, 2023
If you are a Connecticut resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under the Connecticut Data Privacy Act (“CTDPA”). For purposes of this section, “Personal Data,” has the meaning given in the CTDPA and does not include information excluded from the CTDPA’s scope. Under the CTDPA, subject to exceptions, Connecticut residents have certain rights regarding their data, including, as applicable to users of Dosh Services: The right to access the specific pieces of Personal Data we’ve collected about you in a portable format; The right to request the deletion of the Personal Data we have collected about you; and The right to request that we correct inaccurate Personal Data.

As a Connecticut resident, you may exercise your right to know, to correct, or to delete by emailing us at legal@dosh.cash. We may require you to verify your identity prior processing your request. Connecticut residents have the right to not be discriminated against if they choose to exercise their privacy rights. We endeavor to respond to a verifiable consumer requests within forty-five (45) days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) days of receipt of the request.

If we deny your request to access, correct, or delete your information, you may appeal our decision by emailing us at legal@dosh.cash with the subject “Appeal of Consumer Rights Request.” If you have concerns about the results of an appeal, you may contact the Connecticut attorney general.

UTAH RESIDENTS’ ADDITIONAL PRIVACY RIGHTS
Effective December 31, 2023
If you are a Utah resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under the Utah Consumer Privacy Act (“UCPA”). For purposes of this section, “Personal Data,” has the meaning given in the UCPA and does not include information excluded from the UCPA’s scope. Under the UCPA, subject to exceptions, Utah residents have certain rights regarding their data, including, as applicable to users of Dosh Services: The right to access the specific pieces of Personal Data we’ve collected about you; The right to obtain a copy of the Personal Data that you previously provided to us in a portable format; and The right to request the deletion of the Personal Data you provided to us.

As a Utah resident, you may exercise your right to know or to delete by emailing us at legal@dosh.cash. We may require you to verify your identity prior processing your request. Utah residents have the right to not be discriminated against if they choose to exercise their privacy rights. We endeavor to respond to verifiable consumer requests within forty-five (45) days of receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) days of receipt of the request.

VIRGINIA RESIDENTS’ ADDITIONAL PRIVACY RIGHTS
If you are a Virginia resident, this section applies to you. This section describes the rights you have with respect to your Personal Data, under Virginia’s Consumer Data Protection Act (“VCDPA”). For purposes of this section, “Personal Data,” has the meaning given in the VCDPA and does not include information excluded from the CDPA’s scope. Under the VCDPA, subject to exceptions, Virginia residents have certain rights regarding their data, including, as applicable to users of Dosh Services: The right to access the specific pieces of Personal Data we’ve collected about you; The right to request the deletion of the Personal Data we have collected about you; and The right to request that we correct inaccurate Personal Data.

As a Virginia resident, you may exercise your right to know, to correct, or to delete by emailing us at legal@dosh.cash. We may require you to verify your identity prior processing your request. Virginia residents have the right to not be discriminated against if they choose to exercise their privacy rights. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will notify you of the extension and provide an explanation of the reason for the extension in writing, and we will provide you with a response no later than ninety (90) days of receipt of the request.

If we deny your request to access, correct, or delete your information, you may appeal our decision by emailing us at legal@dosh.cash with the subject “Appeal of Consumer Rights Request.” You must appeal our decision within 45 days of your receipt of our denial. If you have concerns about the results of an appeal, you may contact the Virginia attorney general.
‍CHANGES TO THIS PRIVACY POLICYWe may revise this Privacy Policy from time to time in our sole discretion, subject to applicable law. When we revise this Privacy Policy, we will post the revised version on the Website and the Application. The revised Privacy Policy will be effective upon posting on the Website and the Application, unless otherwise set forth therein or as otherwise required by applicable law. You are free to decide whether or not to accept a revised version of this Privacy Policy, but accepting this Privacy Policy, as revised, is required for you to continue accessing and using the Services. If you do not agree to this Privacy Policy or any revised version of this Privacy Policy, your sole recourse is to terminate your access to and use of the Services. Except as otherwise expressly stated by us, your access to and use of the Services are subject to the version of this Privacy Policy in effect at the time of your access or use of the Services.
‍CONTACT USIf you have any questions regarding this Privacy Policy or the Services, please contact us.