SUPPLEMENTAL PRIVACY NOTICE FOR CERTAIN STATE RESIDENTS
This Supplemental Privacy Notice for Certain State Residents (“Supplemental Policy”) applies only to information collected about users residing in California, Colorado, Connecticut, Oregon, Texas, Virginia, or Utah, or other states that provide a similar comprehensive data privacy law (referred to herein as “user(s),” “you,” or “your”) and supplements the information contained in our Privacy Policy at https://app.deyenamics.com/privacy. This Supplemental Policy provides information required under the California Consumer Privacy Act of 2018 and as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), the Colorado Privacy Act of 2021 (the “CPA”), the Connecticut Data Privacy Act of 2022 (“CDPA”), the Oregon Consumer Privacy Act of 2023 (the “OCPA”), the Texas Data Privacy and Security Act of 2023 (the “TDPSA”), the Virginia Consumer Data Protection Act of 2021 (the “VCDPA”), the Utah Consumer Privacy Act of 2022 (the “UCPA”).
This Supplemental Policy describes the practices of DeyeNAMICS, LLC, a Delaware limited liability company doing business as DeyeNAMICS™, and its related companies and divisions (“Company,” “we,” “us,” or “our”) regarding the collection, use, and disclosure of personal information and provides instructions for submitting data subject access requests. Some portions of this Supplemental Policy apply only to users of particular states and may not apply to you.
Defined Terms Specific to this Supplemental Policy:
- “User” means a natural person who is a resident of California, Colorado, Connecticut, Oregon, Texas, Virginia and Utah and to whom we offer our services. For purposes of this Supplemental Policy, this term includes natural persons who reside in California and engage with us as part of business-to-business transactions.
- “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular User or household. Personal Information includes “personal data” as that term is defined in the CPA, CDPA, OCPA, TDPSA, VCDPA and UCPA. Personal Information also includes “Sensitive Personal Information,” as defined below.
- “Provider” means the business organization (e.g., the business entity consisting of registered healthcare specialists, professionals and providers) using or accessing our Services.
- “Provider End Users” means each individual employee or agent authorized by a specific Provider to access certain of our Services on the Provider’s behalf.
- “Sensitive Personal Information” includes a User’s: (1) social security, driver’s license, state identification card, or passport number; (2) account log-in, financial account number, debit or credit card number; (3) precise geolocation; (4) racial or ethnic background, national origin, citizenship or immigration status; (5) religious beliefs; (6) union membership; (7) contents of email or text messages (except where we are the intended recipient; (8) genetic data; (9) biometric information; (10) mental or physical health conditions or diagnoses; (11) sex life, sexual orientation, or status as transgender or nonbinary; (12) status as a crime victim; (13) personal data of children under the age of 13; and (14) “sensitive data” as that term is defined in the CPA, CDPA, OCPA, TDPSA, VCDPA, and UCPA.
- “Sell,” “Sale,” or “Sold” means renting, releasing, or transferring an individual’s Personal Information to a Third Party for money or other valuable consideration, subject to certain exceptions.
- “Share” means transferring an individual’s Personal Information to a Third Party for behavioral advertising purposes, whether or not for money or other valuable consideration.
- “Third Party” means a person or organization which is not a User, Vendor, or an entity owned or controlled by us and as defined by the CCPA, CPA, CDPA, OCPA, TDPSA, VCDPA, and UCPA.
- “Vendor” means a “service provider,” “contractor,” or “processor” which collects, stores, or otherwise handles data for us, as those terms are defined in the CCPA, CPA, CDPA, OCPA, TDPSA, VCDPA, and UCPA.
These definitions apply, whether terms are capitalized or not. Other terms used in this Supplemental Policy may be defined under the CCPA, CPA, CDPA, OCPA, TDPSA, VCDPA, and UCPA and they shall have the meanings described in those statutes. If there are variations between definitions in different state laws, you will be covered by the definition that applies in the state you are a resident of.
The Personal Information We Collect and Disclose:
The chart below shows the categories of Personal Information we may collect; examples of Personal Information in each category; sources from which each category of Personal Information is collected; and the types of Vendors or Third parties with whom that category of Personal Information is shared; the business purposes for which each category of Personal Information is collected. As this chart shows, we may disclose certain Personal Information to Vendors for business purposes. We do not currently Sell or Share your Personal Information to Third Parties or Vendors.
| Categories of Personal Information and Examples | Sources of Personal Information | Categories of Recipients | Business or Commercial Purpose for Disclosure |
| Payment Information; Invoicing. | Provider End Users | Payment Processors | Processing subscription payments. You provide your payment information directly to our third-party payment processors. We will never be in receipt of your credit card information. |
| Identifiers, such as your name (first, middle and last), physical address, postal address, email address, login information; | Provider End Users | Provider End Users | To fulfill the purpose for which you provided it, e.g., Provider End User uploading Billing Information, such as Billing Address. |
| Information described in subdivision (e) Section 1798.80 of the California Civil Code such as your telephone number. | Provider End Users | Provider End Users | To fulfill the purpose for which you provided it, e.g., Provider End User uploading their telephone into their billing profile. |
| Other Personal Information, such as PHI, but only on an anonymized and de-identified basis. | Users | Companies identified | For research and development purposes. |
| Device and Online Identifiers, such as IP address, device identifiers, and identifiers associated but only on an anonymized basis. | Provider End Users; Partners with anonymized data | Analytics | To improve, monitor, personalize and protect our services. |
| Internet or other electronic network activity and web information about how you access, or interact with the services and Website, but only on an anonymized basis. | Provider End Users; Partners | Analytics | To improve, monitor, personalize and protect our services. |
Sensitive Personal Information We Collect and Disclose
| Categories of Sensitive Personal Information and Examples | Sources of Personal Information | Categories of Recipients | Business or Commercial Purpose for Disclosure |
| Payment Information; Invoicing. | Provider End Users | Payment Processors | Processing subscription payments. You provide your payment information directly to our third-party payment processors. Deynamics will never be in receipt of your credit card information. |
Retention of Data:
We intend to retain Personal Information in each category described above only for as long as necessary to fulfill the purpose for which such Personal Information was collected, or a related and compatible purpose consistent with the average user’s expectation, and to comply with applicable laws and regulations. We consider the following criteria when determining how long to retain Personal Information:
- The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your Personal Information to address issues that may arise;
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period before we can delete them); • Why we collected the Personal Information;
- The nature and sensitivity of the Personal Information and risks associated with retaining the Personal Information; and
- Whether retention is allowed by applicable law (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your Rights to Your Personal Information:
Residents of California, Colorado, Connecticut, Oregon, Texas, Virginia, and Utah, and other states with similar comprehensive consumer privacy laws, may have certain additional rights with respect to the collection and use of their Personal Information. Those rights vary by state and may or may not apply to us. As required under applicable state laws, we have provided detailed information below regarding the data subject rights that may be available to residents of California, Colorado, Connecticut, Oregon, Texas, Virginia, and Utah. Please note that each state provides different rights to their residents, and in some cases the rights may not be available to you. In some cases, these laws may not apply to us because an exemption applies, we do not meet certain thresholds for compliance, or in certain cases where the information is governed by other applicable laws such as HIPAA.
Depending on your state of residency, and whether or not the law applies to us, you may have the right to submit requests related to the Personal Information we have collected about you. You may make such a request twice in a 12-month span. Please note, there are circumstances when we may not be able to comply with your request. For example, we may not be able to verify your request, or we may find that providing a full response conflicts with other legal obligations or regulatory requirements. We will notify you if this is the case.
Right to Receive Information on Privacy Practices:
You have the right to receive the following information at or before the point of collection:
- The categories of Personal Information to be collected;
- The purposes for which the categories of Personal Information are collected or used;
- Whether or not that Personal Information is sold or shared with Third Parties or disclosed to Vendors;
- If the business collects Sensitive Personal Information, the categories of Sensitive Personal Information to be collected, the purposes for which it is collected or used, and whether that information is sold or shared; and
- The length of time the business intends to retain each category of Personal Information, or if that is not possible, the criteria used to determine that period.
We have provided such information in this Supplemental Policy, and you may request further information about our privacy practices by using the contact information provided below, or by reviewing our Privacy Policy at https://app.deyenamics.com/privacy.
Right Know and Right to Access:
You may have the right to request certain information we have collected about you. You have the right to request:
- The categories of Personal Information we collected about you;
- The categories of sources from which we collect your Personal Information;
- The purposes for which Personal Information was collected, shared, sold, or processed;
- The categories of Personal Information we shared, sold, or disclosed; and
- The categories of Vendors or Third Parties with whom we shared, sold, or disclosed Personal Information.
Right to Deletion:
You may have the right to request that we delete the Personal Information that we have collected and retained, subject to certain exceptions. Once we receive a request, we will delete (to the extent required by law) the Personal Information we retain about you and direct our Vendors to do the same. If we determine that an exception applies, we will inform you of the reason for denying the deletion request. In some cases, deletion may be accomplished through de-identification.
Please understand that if you request us to delete your Personal Information, our subsequent removal of such Personal Information may impact your ability to use our services, and may limit your use of or participation in our services that require your Personal Information.
Right to Correct:
You may have a right to request that we correct any inaccurate Personal Information we may retain about you.
Right to Information Portability:
You may have the right to request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a commonly used, machine-readable format.
Right to Opt-Out of the Sale and Sharing of Your Personal Information:
You may have the right to opt-out of the Sale and Sharing of your Personal Information with Third Parties, and the right to opt out of the processing of Personal Information for targeted advertising purposes, as defined in the CCPA, CPA, VCDPA, UCPA, and CDPA.
Please note that while you may have the right to opt-out of the Sale and Sharing of your Personal Information, we do not currently “Sell” or “Share” your Personal Information as that term is defined under the applicable state laws. To the extent we change our processing practices or new laws come into effect, we may update this Supplemental Policy.
Right to Opt-Out of Automated Decision-Making Technologies, including Profiling for Decisions That Produce Legal or Similarly Significant Effects:
Consistent with applicable law, you may have the right to opt-out of processing of Personal Information for purposes of automated decision-making technologies, including profiling in furtherance of decisions that produce legal or similarly significant effects. We do not currently use Automated Decision-Making Technologies, including profiling. To the extent we change our processing practices or new laws come into effect, we may update this Supplemental Policy
Right to Consent to or Limit the Use of Your Sensitive Personal Information:
You may have the right to consent to the use of your Sensitive Personal information in CO, CT, VA, OR, TX and UT. Separately, you have the right in CA to instruct us to limit the use and disclosure of your Sensitive Personal Information to only that which is necessary to perform the services or provide the goods reasonably expected by an average user or for specific business purposes defined by law.
We do not use Sensitive Personal Information for purposes beyond those authorized by the CCPA, or beyond your consent.
Right to Non-Discrimination:
You may have a right to exercise the above rights, and we will not discriminate against you for exercising these rights. This generally means we will not deny you goods or services, charge different prices or rates, provide a different level of service or quality of goods, or suggest that you might receive a different price or level of quality of goods. Please note that a legitimate denial of a request to access, delete, or opt-out is not discriminatory, nor is charging a fee for excessive or repetitive requests.
De-Identification:
Consistent with applicable law, we commit to maintain and use anonymized information in de-identified form and not to attempt to re-identify the information, except that we may attempt to re-identify the information solely for the purpose of determining whether its de-identification processes satisfy the requirements of the California Privacy Rights Act, or other applicable state law.
Instructions to Exercise your Rights:
If you would like to make any of the data requests listed above, please send an email to: privacy@deyenamics.com, call our customer support line: 888-240-1165 or write to us at: Deyenamics, LLC, PO Box 6066, Louisville, KY 40257.
Certain states allow you to designate an authorized agent to exercise your rights on your behalf. Such individual must have power of attorney, or be an authorized agent registered with the relevant Secretary of State.
Verification of Requests:
Only you, or someone legally authorized to act on your behalf, may make a verifiable user request related to your Personal Information. You may also make a verifiable user request on behalf of your minor child. Certain state laws require that we verify the identity of each person who makes a request to know what Personal Information we have about that person or to delete the Personal Information we have about that person.
You may request this information no more than two times in a rolling twelve-month period. When you make this request, the information provided may be limited to Personal Information we collected about you in the previous 12 months.
All requests must provide sufficient information to allow us to reasonably verify you are the person whom we collected Personal Information about or an authorized representative of such person. We will only use the information provided in a verifiable user request to verify the requestor’s identity or authority to make the request. Please describe your request with sufficient detail to allow us to properly respond to it. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
If you designate an authorized agent to exercise your rights on your behalf, we may require that you or the authorized agent: (i) verify your identity with us directly; or (ii) provide proof of your signed written permission for the authorized agent to submit a request on your behalf.
We may deny a request from an agent purportedly acting on your behalf if we request, and you or the agent do not submit, proof that the agent has been properly authorized by you to act on your behalf.
Right to Appeal:
You may have the right to appeal our decisions about your data subject requests. If you would like to appeal a decision regarding your data request, please email us at: privacy@deyenamics.com. Please state that your request is an “Appeal,” in the subject line and describe the date and nature of your original request. Under certain state laws, if we deny your appeal you may be able to submit a complaint to the state attorney general. We will provide required information for you to do so, when applicable.
Additional California Privacy Rights – Shine the Light Request:
California Civil Code § 1798.83 permits residents of California to request from us a notice disclosing: (1) the categories of personal information we have shared with third parties, if any, for the third parties’ direct marketing purposes, during the preceding calendar year, and (2) the names and addresses of those third parties.
Minors:
Our website is not intended for minors or children under 18 years of age, and no part of our services are designed or intended to attract anyone under the age of 18. We will never ask for or knowingly collect information from children, without first obtaining informed consent from a parent or legal guardian. If you are a minor under the age of 18, you are not permitted to use the services without informed consent from your parent or guardian.
Changes to Our Supplemental Policy:
We reserve the right to amend our Supplemental Policy at our discretion and at any time. When we make changes to the Supplemental Policy, we will notify you by email or through a notice on our website. Please check this page periodically for changes. If an update changes how we use your Personal Information or applicable law otherwise requires your consent, we will also seek your consent prior to such update applying to you. Upon providing notice as noted above, updates which do not require your consent will be effective regardless of whether your consent is obtained.
Additional Information:
If you would like additional information regarding our Supplemental Policy or would like to make a shine the light request, please contact us using any of the methods listed below.
Send an email to: privacy@deyenamics.com
Call our customer support line: 888-240-1165
Write to us at:
Deyenamics, LLC
PO Box 6066
Louisville, KY 40257
LAST UPDATED: February 15, 2026
