Privacy Statement for California and Applicable State Law
Last Updated: October 8, 2025
This Privacy Statement supplements the ListKit Privacy Policy and addresses the requirements of state privacy laws, including the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and the Virginia Consumer Data Protection Act (VCDPA), as well as similar laws in other states (the “State Privacy Laws”). When we use terms defined in these State Privacy Laws, we use them as those laws define them for residents of each respective state. When we refer to “personal information” in this Privacy Statement or the ListKit Privacy Policy, we mean any information that can identify, relate to, describe, or be linked—directly or indirectly—to you or your household, unless that information is aggregated, publicly available, or otherwise excluded by law (such as information collected in a commercial or employment context, or other specific exclusions).With the exception of the CCPA in California, many state privacy laws, including the CPA, CTDPA, UCPA, and VCDPA, do not apply to individuals where they are acting in a commercial or employment context. As a result, these laws may have limited applicability to ListKit’s activities and Services with respect to residents of the states where these laws are in effect.
ListKit often receives information from its Users for purposes of providing Services. This information may or may not overlap with the information used in ListKit’s services. In either case ListKit often processes data received from its Users in order to provide Services to those Users. In turn, if you would like to know what information those Users process or possess about you, you would need to contact that specific Customer to make that inquiry.
1. Personal Information Collected
We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal information"). Personal information does not include:
- Publicly available information, including from government records, through widely distributed media, or that the consumer made publicly available without restricting it to a specific audience.
- Lawfully obtained, truthful information that is a matter of public concern.
- Deidentified or aggregated consumer information.
a. Personal Information Categories Chart
The chart below identifies which categories of personal information we collected from our consumers within the last 12 months.
| Category | Examples | Collected |
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) ("California Customer Records"). | A name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, credit card number, debit card number, or any other financial information. Some personal information included in this category may overlap with other categories. | YES |
C. Protected classification characteristics under California or federal law ("Protected Classes"). | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision making, military and veteran status, or genetic information (including familial genetic information). | NO |
D. Commercial information. | Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity. | Activity on our websites, mobile apps, or other digital systems, such as internet browsing history, search history, system usage, electronic communications with us, postings on our social media sites. | YES |
G. Geolocation data. | Physical location or movements, such as the time and physical location related to use of our internet website, application, or device, and GPS location data from mobile devices of consumers who visit our websites. | YES |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
I. Professional or employment-related information. | Current or past job history. | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) ("FERPA Information"). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
L. Sensitive personal information. | Further identified in the chart below. | YES |
b. Sensitive Personal Information Categories Chart
Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. Importantly, the CCPA only treats this information as sensitive personal information when we collect or use it to infer characteristics about a consumer.
The chart below identifies which sensitive personal information categories, if any, we have collected from consumers to infer characteristics about them in the last 12 months.
| Sensitive Personal Information Category | Collected to Infer Characteristics? |
L.1. Government identifiers, such as your Social Security number (SSN), driver's license, state identification card, or passport number. | NO |
L.2. Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password. | YES |
L.3. Precise geolocation, such physical locations when visiting websites or using mobile apps. | YES |
L.4. Racial or ethnic origin. | NO |
L.5. Citizenship or immigration status. | NO |
L.6. Religious or philosophical beliefs. | NO |
L.7. Union membership. | NO |
L.8. Mail, email, or text messages not directed to the Company. | NO |
L.9. Genetic data. | NO |
L.10. Neural Data, such as information generated by measuring a consumer's central or peripheral nervous system's activity that is not inferred from nonneural information. | NO |
L.11. Unique identifying biometric information. | NO |
L.12. Health information. | NO |
L.13. Sex life or sexual orientation information. | NO |
2. Sources of Personal Information
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you, such as from the forms or other information you provide to the Company.
- Indirectly from you, such as from your interactions with the Company's websites, mobile applications, reward program participation, customer service programs.
- From our service providers, such as data analytics providers, data brokers, advertising networks.
- Information obtained from public sources.
- Direct research.
- Contributions from ListKit’s Users through our Services.
- Data provided by third-party vendors.
- Direct and indirect engagements with our Users or their agents.
- Direct acquisitions from vendors and contractual partners.
- Communications with potential customers and other business contacts.
3. How We Use Personal Information
a. Personal Information Collection, Use, and Disclosure Purposes
We may use and disclose the personal information we collect to advance the Company's business and commercial purposes, specifically to:
- Develop, offer, and provide you and our Users with our Services.
- Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or to comply with legal requirements.
- Fulfil the purposes for which you provided your personal information or that were described to you at collection, and as the CCPA otherwise permits.
- Improve our Services, marketing, or customer relationships and experiences.
- Notify you about changes to our products or services.
- Administer our systems and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
- Protect our Company, employees, or operations.
- Measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you.
- Manage your consumer relationship with us, including for:
- online account creation, maintenance, and security;
- reaching you, when needed, about your account; and
- to provide email alerts, event registrations and other notices concerning ListKit Services, or events or news, that may be of interest to the consumer.
- Perform data analytics and benchmarking.
- Administer and maintain the Company's systems and operations, including for safety purposes.
- Engage in corporate transactions requiring review of consumer records, such as for evaluating potential Company mergers and acquisitions.
- Comply with all applicable laws and regulations.
- Exercise or defend the legal rights of the Company and its employees, affiliates, Users, contractors, and agents.
- Respond to law enforcement requests and as required by applicable law or court order.
- To include in ListKit’s database of business contacts, which ListKit licenses to its Users to use for business-to-business sales, marketing, and recruiting.
b. Sensitive Personal Information Use and Disclosure Purposes
We may use or disclose sensitive personal information for the following statutorily approved reasons (Permitted SPI Purposes):
- Performing actions that are necessary for our consumer relationship and that an average consumer in a relationship with us would reasonably expect.
- Preventing, detecting, and investigating security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted personal information.
- Defending against and prosecuting those responsible for malicious, deceptive, fraudulent, or illegal actions directed at the Company.
- Ensuring physical safety.
- Short-term, transient use, such as non-personalized advertising shown as part of your current interactions with us, where we do not:
- disclose the sensitive personal information to another third party; or
- use it to build a profile about you or otherwise alter your experience outside your current interaction with the Company.
- Services performed for the Company, including maintaining or servicing accounts, processing or fulfilling transactions, verifying consumer information, processing payments, or providing financing, analytic services, storage, or similar services for the Company.
- Activities required to:
- verify or maintain the quality or safety of a product, service, or device that we own, manufacture, had manufactured, or control; or
- improve, upgrade, or enhance the service or device that we own, manufacture, had manufactured, or controlled.
- Collecting or processing sensitive personal information that we do not use for the purpose of inferring characteristics about a consumer.
We do not use or disclose sensitive personal information for purposes other than the Permitted SPI Purposes.
c. Additional Categories or Other Purposes
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If required by law, we will also seek your consent before using your personal information for a new or unrelated purpose.
We may collect, process, and disclose aggregated or deidentified consumer information for any purpose, without restriction. When we collect, process, or disclose aggregated or deidentified consumer information, we will maintain and use it in deidentified form and will not to attempt to reidentify the information, except to determine whether our deidentification processes satisfies any applicable legal requirements.
4. Disclosing, Selling, or Sharing Personal Information
a. Business Purpose Disclosures
We may disclose the personal information we collect to third parties for the business purposes described in the Personal Information Collection, Use, and Disclosure Purposes section and in the table below, such as to engage third parties to support our business functions and provide Services to our Users.
The chart below identifies the categories of entities to whom we have disclosed our consumers' personal information for a business purpose over the preceding 12 months, along with the personal information categories disclosed and the disclosure's business purposes.
Business Purposes Disclosure Recipient Category, Personal Information Category, and Purposes Chart
| Category of Personal Information | Category of Third-Party Recipients to Which ListKit “Shares” or “Sells” the Personal Information |
Identifiers | Share: Online advertising partners Sell: Users and affiliates |
Personal Information Categories Listed in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)) ("California Customer Records"). | Sales: Users and affiliates |
Internet or Other Similar Network Activity | Share: Online advertising partners |
Professional or Employment-Related Information | Sales: Users and affiliates |
Inferences | Sales: Users and affiliates |
Geolocation Data | We do not share or sell. |
Commercial Information | We do not share or sell. |
Sensitive Personal Information | We do not share or sell. |
The personal information disclosed and sold by ListKit within the identified categories is limited to information related to a consumer’s profile as an business owner or employee of its employer. No sensitive personal information (e.g., sexual orientation, race, ethnicity, religious or health-related information) is collected, shared, disclosed, or sold by ListKit for purposes of providing its Services.
Our personal information sales and/or sharing does not include information about consumers we know are under age 16.
5. Your Rights and Choices
If you are a California resident, the CCPA grants you the following rights regarding your personal information. While this section describes a consumer’s CCPA rights, those laws also apply (in slightly different forms) to residents of other applicable State Privacy Laws, which may include, Colorado, Connecticut, Utah, and Virginia.
a. Right to Know and Data Portability Requests
You have the right to request that we disclose certain information to you about our collection and use of your personal information (the "right to know"), including the specific pieces of personal information we have collected about you (a "data portability request"). Our response will cover the 12-month period preceding the request. You may make exercise your right to know twice within in any 12-month period. Once we receive your request and confirm your identity (see How to Exercise Your Rights), we will disclose to you:
- The categories of:
- personal information we collected about you; and
- sources from which we collected your personal information.
- The business or commercial purpose for collecting your personal information and, if applicable, selling or sharing your personal information.
- If applicable, the categories of persons, including third parties, to whom we disclosed your personal information, including separate disclosures identifying the categories of your personal information that we:
- disclosed for a business purpose to each category of persons; and
- sold or shared to each category of third parties.
- When your right to know submission includes a data portability request, a copy of your personal information subject to any permitted redactions.
For more on exercising this right, see Exercising the Rights to Know, Delete, or Correct.
b. Right to Delete and Right to Correct
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions and limitations (the "right to delete"). Once we receive your request and confirm your identity, we will delete your personal information from our systems unless an exception allows us to retain it. We will also notify our service providers to take appropriate action.
You also have the right to request correction of personal information we maintain about you that you believe is inaccurate (the "right to correct"). We may require you to provide documentation, if needed, to confirm your identity and support your claim that the information is inaccurate. Unless an exception applies, we will correct personal information that our review determines is inaccurate and notify our service providers to take appropriate action.
For more on exercising these rights, see Exercising the Rights to Know, Delete, or Correct.
c. Right to Limit Sensitive Personal Information Use and Disclosure to Permitted SPI Purposes
You have a right to ask businesses that use or disclose your sensitive personal information to limit those actions to just the CCPA's Permitted SPI Purposes (the "right to limit"). As we do not use or disclose sensitive personal information beyond the CCPA's Permitted SPI Purposes, we do not currently provide this consumer right.
For more on the Permitted SPI Purposes see Sensitive Personal Information Use and Disclosure Purposes.
6. Personal Information Sales or Sharing Opt-Out and Opt-In Rights
We sell personal information collected for our database to our Users. This database may contain information about consumers’ business personas including name, employer, job title, email address, phone number, social media or professional profile link, and work or educational history. This information is sold to ListKit’s Users for the purpose of business-to-business sales and marketing and recruiting and is provided subject to license agreements that limit its use to those purposes.
A consumer has the right to opt out of the sale of that consumer’s personal information by ListKit by submitting a data subject access request or contact us at hello@listkit.io to submit a request to remove the consumer’s profile or delete the consumer’s data. In order to submit a request, a consumer (to the extent permissible under applicable State Privacy Law) may be required to demonstrate that such person has control of an email inbox associated with the profile in question.
To the extent required under applicable State Privacy Law, consumers may also opt out of the collection of personal information through cookies on ListKit's website, and the sharing of such personal information with third party ad partners, by adjusting the preferences in the Cookie Settings provided on the site.
a. Right to Non-Discrimination
You have the right not to be discriminated or retaliated against for exercising any of your privacy rights under the CCPA.
7. How to Exercise Your Rights
Exercising the Rights to Know, Delete, or Correct
To exercise the right to know, data portability, delete, or correct described above, please submit a verifiable request to us by either:
- Emailing us at hello@listkit.io.
- Submitting a data subject access request form.
Please describe your request with sufficient detail so we can properly understand, evaluate, and respond to it. You or your authorized agent may only submit a request to know, including for data portability, twice within a 12-month period.
a. Exercising the Right to Opt-Out
You can submit your request to opt-out through:
- Visiting and submitting a form via the Data Subject Access Request Form.
- Emailing hello@listkit.io;
b. Verification Process and Authorized Agents
Only you, or someone legally authorized to act on your behalf, may make a request to know, delete, or correct related to your personal information. To designate an authorized agent, the consumer must provide the authorized agent with written permission to act on their behalf. We may request specific information from you or your authorized representative to confirm your or their identity before we can process your right to know, delete, or correct your personal information.
We cannot respond to your request to know, delete, or correct if we cannot verify your identity or authority to make the request and confirm the personal information relating to you.
For requests to limit or opt-out, we ask for the information necessary to complete the request, which may include, for example, the consumer's name, email address, or account username.
c. Responding to Your Requests to Know, Delete, or Correct
We will confirm receipt of your request within ten business days. If you do not receive confirmation within the ten-day timeframe, please contact us at hello@listkit.io.
We endeavor to substantively respond to a verifiable request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. We will deliver our written response to your verified email address. Our substantive response will tell you whether or not we have complied with your request. If we cannot comply with your request in whole or in part, we will explain the reason, subject to any legal or regulatory restrictions. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, deleted, or made your personal information anonymous in compliance with our record retention policies and obligations.
Any disclosures we provide will cover information for the 12-month period preceding the request's receipt date.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
d. Response and Timing on Rights to Opt-Out
In response to your request to opt-out, we will process your request, as soon as feasibly possible, but no later than 15 business days from the date we receive the request.
We may deny opt-out requests if we have a good-faith, reasonable, and documented belief that the request is fraudulent and will clearly explain our denial decision to the requestor. We may also deny a consumer’s deletion request if retaining the information is necessary for us or our service providers or Users to comply with important purposes, such as legal, auditing, accounting and security.
Once you make a request to opt-out, we will wait at least 12 months before asking you to reauthorize personal information sales or sharing. However, you may change your mind and opt back in at any time by contacting us at hello@listkit.io.
8. Contact Information
If you have any questions or comments about this policy, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law or other applicable State Privacy Laws, please do not hesitate to contact us at:
Website: listkit.io
Email: hello@listkit.io
Postal Address:
8 The Green #12710
Dover, DE 19901