Trailies LLC ("Trailies," "we," "us," "our"), a Wyoming limited liability company with its principal place of business at 8080 N Central Expressway, Suite 1700, 1034 Dallas, TX 75206, United States, provides this Privacy Policy for our websites, apps, and online services (collectively, the "Services"), including Trailies.com and the Life School subscription service.

For most data processing activities, we act as a "business" (under U.S. state privacy laws such as the CCPA/CPRA) and "controller" (under the EU/UK GDPR and Swiss data protection law). Where third-party vendors process personal information on our behalf, we bind them through data processing agreements consistent with applicable law.

This Privacy Policy includes jurisdiction-specific supplements for California (CCPA/CPRA), other U.S. states (Colorado, Connecticut, Virginia, Texas, and others), and the EU/UK/Switzerland (GDPR).

We collect personal information from the following sources:

• Directly from you: When you place an order, create an account, subscribe to Life School, complete onboarding forms, contact customer support, sign up for marketing, or otherwise interact with our Services.
• Automatically: Through cookies, pixels, SDKs, and similar tracking technologies when you visit our Site or interact with our emails. In the EU/UK/CH, non-essential tracking only occurs after you consent.
• From advertising and analytics partners: When their tags run on our Services (subject to your consent where required by law), we may receive information about your interactions with our ads on other platforms.
• From shipping carriers: Delivery confirmation and tracking updates from USPS and UPS.

4.1 Core Business Operations

• Processing and fulfilling orders (physical and digital products)
• Managing subscriptions (Life School)
• Communicating about your orders, subscriptions, and account
• Providing customer support
• Fraud prevention and security
• Legal compliance (tax records, responding to legal requests)

4.2 Analytics & Product Improvement

• Understanding how users interact with our Site and Products
• Improving our website, products, and services
• Conducting research and analysis (using de-identified or aggregated data where feasible)

4.3 Marketing & Advertising

• Sending promotional emails (subject to your consent or opt-out rights)
• Displaying targeted advertisements on third-party platforms
• Measuring ad effectiveness and campaign attribution
• Creating lookalike audiences on advertising platforms

In the EU/UK/CH: We rely on your consent for ad personalization and non-essential cookies. We implement Google Consent Mode v2 to adapt tag behavior based on your choices.

Children's data is NEVER used for marketing or advertising.

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data based on the following legal bases:

We maintain auditable consent records and provide easy withdrawal mechanisms via our Cookie Settings and unsubscribe links. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

6.1 Cookie Categories

• Strictly Necessary: Essential for site functionality (shopping cart, checkout, security). Cannot be disabled.
• Functional: Remember your preferences (language, region). Require consent in EU/UK/CH.
• Analytics: Help us understand site usage via Google Analytics. Require consent in EU/UK/CH.
• Advertising: Enable targeted ads and conversion tracking. Require consent in EU/UK/CH; opt-out available in U.S.

6.2 Consent Management

In the EU/UK/CH, non-essential cookies and identifiers are disabled by default until you provide consent through our cookie banner. Our consent management platform is TCF-compatible and Google-certified. We implement Consent Mode v2 to adjust how Google tags behave based on your consent choices.

You can view the full list of cookies and update your preferences at any time via Cookie Settings.

6.3 Browser Controls

Most browsers allow you to control cookies through settings. Note that blocking all cookies may affect site functionality. We also honor the Global Privacy Control (GPC) signal as an opt-out of sale/sharing for targeted advertising purposes.

Under California law (CCPA/CPRA) and similar state laws, allowing third-party advertising platforms to collect personal information through cookies and pixels for cross-context behavioral advertising may constitute a "sale" or "sharing" of personal information.

Categories we may "share" for targeted advertising:

• Identifiers (hashed email addresses for matching)
• Internet/network activity (browsing behavior, ad interactions)
• Inferences (interest segments)

We do NOT sell personal information in exchange for money. We do not sell or share children's personal information.

Your Opt-Out Rights: You can opt out of the sale/sharing of your personal information for targeted advertising by:

• Clicking "Your Privacy Choices" or "Do Not Sell or Share My Personal Information" on our Site
• Enabling a recognized Universal Opt-Out Mechanism such as Global Privacy Control (GPC) in your browser

We treat valid GPC signals as a "Do Not Sell or Share / Do Not Target" opt-out request for that browser, device, and any logged-in profile. We process opt-out requests promptly and do not discriminate against users who exercise their privacy rights.

9.1 What Children's Information We Collect

During Life School subscription onboarding, parents may optionally provide:

• Child's first name (to personalize story delivery, e.g., "Good morning, Emma!")
• Child's age or age range (to recommend age-appropriate content)

This information is provided by the parent/guardian, not collected directly from the child. Children do not interact with our website or input information themselves.

9.2 How We Use Children's Information

• Personalization only: We use the child's first name and age solely to customize the content experience within Life School.
• No targeted advertising: We NEVER use children's personal information for targeted advertising, behavioral profiling, or marketing purposes.
• No third-party sharing for marketing: We do not sell, share, or disclose children's information to third parties for their own marketing purposes.
• Limited sharing: Children's information may only be shared with service providers who help deliver the Life School service (e.g., email delivery platforms) under strict contractual obligations to use the data only for service delivery and to maintain appropriate security.

9.3 Data Retention for Children's Information

• We retain children's information only as long as necessary to provide the personalized service.
• Upon subscription cancellation or parental request, we delete children's information within 30 days.
• In any case, we do not retain children's information for more than 12 months after the subscription ends or the service is fulfilled.

9.4 Parental Rights

Parents and guardians have the right to:

• Review: Request access to any information we have collected about their child
• Delete: Request deletion of their child's information at any time
• Refuse: Decline to provide children's information (personalization features may be limited)
• Withdraw: Withdraw consent for future collection/use of their child's information

To exercise these rights, email support@trailies.com with subject line "Parental Rights Request" and include your account email and the child's first name.

9.5 Inadvertent Collection

If we learn that we have inadvertently collected personal information directly from a child under 13 (or the applicable age in other jurisdictions) without verifiable parental consent, we will delete that information promptly. If you believe we have collected information from a child, please contact us immediately at support@trailies.com.

9.6 Security for Children's Data

We maintain appropriate technical and organizational security measures for children's information, including access controls, encryption in transit, and limiting access to personnel who need it to provide the service.

9.7 International (EU/UK/CH)

For users in the EU, UK, and Switzerland, where we process children's data and consent is required as the legal basis, we obtain authorization from the parent or guardian where the child is below the applicable digital age of consent (which varies from 13 to 16 depending on the country).

10.1 Service Providers (Processors)

We share personal information with the following categories of service providers, who process data on our behalf under contractual obligations (including GDPR Article 28 data processing agreements and CCPA service provider terms where applicable):

10.2 Advertising Partners

We work with advertising platforms (such as Google Ads, Meta/Facebook) for measurement, attribution, and targeted advertising. These partners may receive identifiers (hashed emails), browsing behavior, and conversion events, subject to your consent/opt-out choices.

We do not transmit raw personal information in URLs. Where we share identifiers for matching purposes, we use hashing where applicable. We do not share sensitive personal information with advertising partners.

10.3 Other Disclosures

We may also disclose personal information:

• Legal Compliance: When required by law, subpoena, court order, or government request
• Rights Protection: To protect our rights, privacy, safety, or property, or that of our users or others
• Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of assets (your data may be transferred to the acquiring entity)
• With Your Consent: When you direct us to share information with a third party

Trailies is based in the United States. If you access our Services from outside the U.S., your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For EU/UK/Swiss Users: We transfer personal data to the U.S. using one or more of the following mechanisms:

• EU-U.S. Data Privacy Framework (and UK Extension / Swiss-U.S. DPF) — if/when we are certified
• Standard Contractual Clauses (SCCs) — the European Commission-approved model clauses, supplemented by additional technical and organizational measures where appropriate

We will update this section to reflect our Data Privacy Framework certification status when applicable. You may request a copy of the SCCs we use by contacting us at support@trailies.com.

We implement commercially reasonable (under U.S. law) and appropriate (under GDPR Article 32) technical and organizational security measures to protect your personal information, including:

• Encryption: SSL/TLS encryption for data in transit; encryption at rest for sensitive data where appropriate
• Access Controls: Role-based access limiting data access to authorized personnel on a need-to-know basis
• Secure Payment Processing: Payment data handled by PCI-DSS compliant processors (Stripe); we do not store full card numbers
• Monitoring: Security logging and monitoring for suspicious activity
• Vendor Due Diligence: Security assessments of key service providers
• Incident Response: Procedures for responding to and reporting data breaches as required by law

No Guarantee: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

We retain personal information for the periods disclosed in Section 2 (Notice at Collection) or, where a specific period is not stated, based on the following criteria:

• The purposes for which we collected the information
• Legal, accounting, or reporting obligations (e.g., 7-year tax record retention)
• Applicable statutes of limitations for potential legal claims
• Your relationship with us (active customer vs. inactive)
• Security and fraud prevention needs

When retention is no longer necessary, we securely delete or de-identify personal information. For deletion requests, we will delete your data within 45 days unless we have a legal obligation or legitimate basis to retain it.

We conduct profiling for marketing segmentation, product recommendations, and analytics. We do not engage in solely automated decision-making that produces legal or similarly significant effects on you (e.g., we don't auto-deny orders based on algorithmic scoring alone).

EU/UK users may object to direct marketing profiling at any time by contacting us or using the unsubscribe links in our emails.

If we offer a loyalty program, referral program, or other program that involves price or service differences in exchange for personal information, we will provide: (a) a description of material terms; (b) categories of personal information involved; (c) opt-in/out methods; and (d) a good-faith estimate of the value of the consumer's data and how we calculated it.

Currently, we do not operate such programs.

Email: We comply with CAN-SPAM, including providing our physical address and an easy unsubscribe mechanism in every commercial email. You can unsubscribe at any time by clicking the link in any email or contacting us.

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last Updated" date at the top and may provide additional notice (such as a banner on our Site or an email notification).

For changes requiring consent under applicable law (e.g., new non-essential cookies in the EU/UK/CH), we will obtain your consent before implementing those changes.

We encourage you to review this Privacy Policy periodically.