CCPA / CPRA — California residents

Last updated: 2026-04-23

This notice supplements our Privacy Policy and applies to California residents under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Your rights

If you are a California resident you may:

Know what personal information we hold about you, including the categories, sources, purposes of use, and sub-processors we share it with.
Access a copy of your personal information in a portable, machine-readable format.
Delete your personal information, subject to the narrow legal exceptions below.
Correct inaccurate personal information.
Opt out of sale or sharing of your personal information — Confinity does not "sell" personal information in the classic sense, and does not "share" personal information for cross-context behavioural advertising. A Global Privacy Control (GPC) signal is honoured as a deemed opt-out.
Limit use of sensitive personal information. Confinity processes sensitive personal information only to operate the service you requested; we never use it for marketing inference.
Be free from retaliation for exercising these rights.

How to exercise a right

Sign-in, open Settings → Privacy, and use the Request access, Request deletion, or Request correction flow. Each request generates a receipt you can print or download. If you cannot sign in (for example because you have lost access), email privacy@confinity.com from the email on file, or from a verifiable parent/guardian account for minors. We ask for enough information to match your identity to the account and no more. We respond to verified requests inside the 45-day statutory window, plus a 45-day extension where necessary — we will email you before taking any extension.

Authorised agents

You can designate an authorised agent to make a request on your behalf. The agent must provide their written authorisation and we may separately verify the consumer's identity.

Opt-out signals

We honour the Global Privacy Control (GPC) signal. When GPC is present on a request from a California browser, we treat it as a standing opt-out of sale / sharing for that browser.

Categories of personal information

The categories we collect, the sources, the purposes, and the recipients are listed in our Privacy Policy and Sub-processors page. Please keep those pages open alongside this one if you are preparing a formal DSAR.

Legal exceptions to deletion

Even after a valid deletion request we may retain the minimum personal information required to:

Complete the transaction for which the data was collected.
Detect or prevent security incidents, fraud, or illegal activity.
Comply with a legal obligation.
Enable internal uses compatible with the context in which the information was provided.

We do not use "legitimate business purpose" as a generic excuse to retain content; any retention we do is named and bounded.

Contact

privacy@confinity.com. Mark the subject line "CCPA" so the request is routed to the DSAR queue.

Preparing the pageOne moment - fetching quietly.