Privacy Policy

This Privacy Policy describes how 42 Macro, LLC (“42 Macro,” “Company,” “we,” “us,” or “our“) collects, uses, discloses, and otherwise processes personal information in connection with our products, services, platforms, websites, mobile applications, dashboards, portals, tools, subscriptions, and other offerings (collectively, the “Services“).

If you have questions about this Privacy Policy or our privacy practices, please contact us using the details in the How to Contact Us section below.

I. Scope

This Privacy Policy applies to personal information that we collect from you, that you provide to us, or that we receive from third parties in connection with our Services. This includes personal information relating to subscribers and other individuals who interact with our Services, visitors to our websites and digital platforms, webinar and event participants, individuals who make inquiries or communicate with us, and job applicants.

This Privacy Policy does not apply to our current or former employees, contractors, or service providers acting in that capacity, or to their family members, dependents, or beneficiaries with respect to personal information we collect in the employment context. Information about our employment-related privacy practices is available in our separate employee privacy notice.

This Privacy Policy also does not apply to information that has been deidentified or aggregated, information subject to a separate privacy notice, or third-party websites, platforms, tools, or services that are not owned or controlled by 42 Macro, even if linked to or accessible through the Services.

Certain jurisdictions provide additional privacy rights or impose specific obligations. Where applicable, jurisdiction-specific information is included in the Jurisdictional Supplements section at the end of this Privacy Policy.

II. Personal Information We Collect

For purposes of this Privacy Policy, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual.

The categories of personal information we collect may include:

Identifiers and contact information, such as your name, email address, phone number, mailing address, account username, organization name, and similar identifiers.

Account and subscription information, such as account registration details, subscription plan, renewal term, billing status, account preferences, and records relating to access to subscriber-only features.

Payment and transaction information, such as transaction history, subscription status, payment confirmations, invoices, and limited payment details (such as payment tokens or the last four digits of a payment card, where provided by a payment processor). We generally do not store full payment card numbers.

Internet or other electronic network activity information, such as IP address, device identifiers, browser type, operating system, log data, pages viewed, referring URLs, clicks, session activity, and interactions with emails, videos, webinars, chats, or subscriber tools. Please see Cookies and Other Tracking Technologies below for more information.

Communications and support information, such as emails, chats, webinar questions, livestream comments, customer support requests, feedback, survey responses, and other communications you send to us.

Professional or employment-related information, such as employer, title, professional role, business contact details, and other information you provide when subscribing to the Services on behalf of a company or interacting with us in a professional capacity. If you apply for a position with us, we may also collect information relevant to evaluating your candidacy, such as resumes, employment history, education records, references, and interview materials.

Other information you choose to provide, including information submitted through forms, surveys, promotions, events, or other interactions with us.

Sensitive Personal Information

Certain privacy laws distinguish between standard personal information and information classified as “sensitive,” “special category,” or otherwise subject to heightened protections. The scope of these categories and the legal requirements applicable to them vary by jurisdiction.

We do not use or disclose sensitive personal information other than where reasonably necessary for limited purposes permitted by applicable law, such as account security, fraud prevention, payment processing, identity verification, or compliance with legal obligations.

III. How We Collect Personal Information

We may collect personal information from a variety of sources, including:

Directly from you, such as when you create an account, purchase a subscription, participate in subscriber chats or other interactive features, request support, provide feedback, apply for employment, or otherwise communicate or interact with us.

Automatically, such as when you access or use the Services or visit our website, including through cookies, pixels, web beacons, log files, and similar technologies. Please see Cookies and Other Tracking Technologies below for more information.

From third parties, such as payment processors, identity verification providers, marketing partners, analytics providers, social media platforms, email delivery vendors, customer support vendors, video hosting providers, and other service providers, as well as from business partners and publicly available sources.

IV. How We Use Personal Information

We may use personal information for the following business and commercial purposes described below:

To provide, administer, and manage the Services, including creating, administering, and maintaining accounts and subscriptions; authenticating users; processing transactions; and delivering research, reports, newsletters, emails, videos, webinars, livestreams, dashboards, chats, support tools, and other features of the Services.

Types of personal information used for these purposes may include: Identifiers and contact information; account and subscription information; payment and transaction information; internet or other electronic network activity information; communications and support information; professional or employment-related information; and other information you choose to provide.

To communicate with you, including sending transactional or administrative messages regarding your account, subscription, billing, renewals, invoices, service announcements, changes to the Services, product updates, surveys, and responses to inquiries or support requests.

To analyze and improve our services, including monitoring usage, conducting analytics, measuring engagement, troubleshooting, debugging, testing, improving existing products and services, personalizing user experiences, and developing new products, features, content, and functionality.

Types of personal information used for these purposes may include: Identifiers and contact information; account and subscription information; internet or other electronic network activity information; communications and support information; professional or employment-related information; and other information you choose to provide.

To maintain security and prevent misuse, including protecting the rights, safety, integrity, and security of the Company, our services, users, licensors, and service providers; and monitoring, detecting, investigating, preventing, and responding to fraud, unauthorized access, abuse, security incidents, scraping, circumvention, attempts to extract proprietary content, and violations of our Terms of Service or applicable law.

To comply with legal obligations and enforce rights, including complying with applicable legal, regulatory, tax, accounting, and contractual requirements; enforcing our agreements; and protecting our confidential information, intellectual property, and business operations.

For marketing and promotional purposes, including sending newsletters, offers, event invitations, and other promotional communications consistent with your preferences and applicable law. You may opt out of marketing communications at any time as described below.

For business operations and corporate transactions, including internal reporting, auditing, forecasting, business planning, financing, mergers, acquisitions, divestitures, reorganizations, or similar corporate transactions.

For employment and recruitment purposes, including to evaluate candidates for employment, manage recruitment processes, and comply with employment law requirements.

Types of personal information used for these purposes may include: Identifiers and contact information; professional or employment-related information; and other information you choose to provide.

For other purposes disclosed at collection or with your consent, where required or permitted by applicable law.

Types of personal information used for these purposes may include: Any categories of personal information relevant to the disclosed purpose or for which consent has been obtained.

V. Disclosure of Personal Information

We may disclose personal information to the categories of recipients described below for the purposes outlined in this Privacy Policy:

Service providers and professional advisors, including vendors and third parties that provide services on our behalf or support our operations, such as payment processing, subscription management, and authentication providers; website hosting, analytics, and information technology providers; email delivery, marketing, and customer relationship management providers; customer support providers; security, fraud prevention, and identity verification providers; video streaming, webinar, and content delivery providers; and professional advisors, such as lawyers, accountants, auditors, and consultants.

Business partners and similar third parties, including in connection with co-branded offerings, events, webinars, promotional campaigns, strategic collaborations, and other products or services you request or elect to participate in. These third parties act independently and are responsible for their own privacy practices. We are not responsible for how such third parties process personal information once disclosed to them, and their processing is governed by their own privacy notices.

Regulatory authorities and other government bodies where required or permitted by law, including in response to lawful requests, subpoenas, court orders or other legal processes, to comply with regulatory reporting requirements, to assist in investigations, and to protect the rights, property, or safety of the Company, our subscribers, or others.

Parties to corporate transactions, including prospective parties, their advisers, and their representatives for due diligence and transaction purposes in connection with actual or proposed corporate transactions such as mergers, acquisitions, restructurings, or asset sales. If a transaction proceeds, personal information may be transferred to the acquiring or successor entity.

Other parties, including where you have consented to the disclosure, where disclosure is necessary to protect the health or safety of any individual, where disclosure is necessary to exercise or defend legal claims, or where otherwise required or permitted by applicable law.

VI. “Selling” and “Sharing” for Cross-Context Behavioral Advertising

We do not “sell” personal information to third parties for monetary or other valuable consideration. We also do not “share” personal information with third parties for cross-context behavioral advertising or other targeted advertising purposes.

We may disclose personal information to service providers, contractors, professional advisors, and other third parties that process personal information on our behalf for the business and commercial purposes described above. These disclosures are made solely to support our operations and the Services. We do not consider these disclosures to be “sales” or “sharing” of personal information, as those terms are defined under U.S. state privacy laws; however, if any such disclosure were deemed to constitute a “sale” or “sharing” under applicable law, you may exercise any rights available to you as described in this Privacy Policy.

We do not knowingly “sell” or “share” the personal information of individuals under the age of 16, nor do we knowingly “sell” or “share” any sensitive personal information.

For more information about your rights to opt out, please see the Privacy Rights section and applicable Jurisdictional Supplements below.

VII. Cookies and Other Tracking Technologies

When you access or use our Services, we and our service providers may use cookies, pixels, tags, SDKs, log files, and similar technologies to collect information about your device, browsing activity, and interactions with the Services. These technologies help us operate the Services, authenticate users, analyze usage, improve functionality, personalize content, measure the effectiveness of communications, and maintain security.

The types of cookies we may use include:

Strictly necessary cookies, which are required for the operation of the Services and to enable core functionality, such as security, authentication, account login, navigation, and network management.

Functional cookies, which help remember your preferences and settings, such as language selections, login status, and other customization choices.

Analytics cookies, which help us understand how users interact with the Services, measure traffic and performance, troubleshoot issues, and improve the Services.

Advertising or marketing cookies, which may be used to measure the effectiveness of campaigns, limit repetitive advertisements, support referral attribution, and, where applicable, deliver more relevant promotional content.

Managing Cookies

You may have several options to manage cookies and similar trackers, including through:

Browser controls. Most web browsers allow you to control cookies through browser settings, including the ability to block, delete, or limit cookies. If you disable certain cookies, some features of the Services may not function properly.

Cookie preference tools. Where required by applicable law, we may present a cookies banner, consent manager, or similar tool that allows you to manage certain cookies preferences.

Opt-out tools. Certain third-party advertising providers participate in self-regulatory programs that offer opt-out choices for interest-based advertising. Additional information may be available through industry opt-out programs in your jurisdiction. You may also opt out by using recognized opt-out preference signals such as the Global Privacy Control (GPC), where supported.

Do Not Track signals. Some browsers transmit “Do Not Track” signals. Because there is not yet a consistent industry standard for responding to such signals, our Services may not respond to them.

Where required by applicable law, including in the EEA and UK, we will obtain your consent before placing non-essential cookies on your device. Please refer to the Jurisdictional Supplements section below for more information about your specific rights with respect to cookies and similar trackers.

VIII. Privacy Rights

You may have certain rights under applicable privacy laws regarding the collection, use, and disclosure of your personal information. These rights vary depending on the jurisdiction in which you reside and may include the following:

Right to Know. You may have the right to confirm whether we are processing your personal information and to access that information.

Right to Correct. You may have the right to correct inaccuracies in your personal information, taking into account the nature of the data and our purposes for processing.

Right to Delete. You may have the right to request deletion of personal information you have provided to us or that we have obtained about you.

Right to Data Portability. You may have the right to obtain a copy of your personal information in a portable, readily usable format, to the extent technically feasible.

Right to Opt Out of “Sales” or “Sharing”. As mentioned above, you may have the right to opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising.

Right to Opt Out of Automated Profiling. You may have the right to opt out of automated profiling that would produce legal or other similarly significant effects; however, we do not use personal information to make automated decisions in any situation where you would have a legal right to opt out.

Right to Limit Use of Sensitive Personal Information. You may have the right to request that we restrict the use of sensitive personal information; however, we already limit the use of your sensitive personal information to uses that are necessary to perform reasonably expected services or as required or permitted by law.

Right to Non-Discrimination. You may have the right under some privacy laws not to receive discriminatory treatment for exercising your rights.

Exercising Your Privacy Rights

To exercise your rights under applicable privacy law, please contact us using the details provided in the How to Contact Us section below or through any other request method we make available through the Services. We will respond within the timeframe required by applicable law, which may vary depending on your jurisdiction. Please refer to the Jurisdictional Supplements section below for more information.

When permitted by law, we may charge a reasonable fee to cover the costs of responding to a request, particularly where requests are manifestly unfounded, excessive, or repetitive. If we decline to take action on your request, we will inform you of the reasons for our decision and, where applicable, provide information about your right to appeal. If your appeal is denied, you may contact your relevant supervisory authority.

For your security and to help ensure that unauthorized third parties do not access your personal information, we may require you to verify your identity before we can act on your request. If you are requesting to exercise privacy rights on behalf of someone else (as an authorized agent), we may also require verification of your identity, as well as proof of authorization by the applicable individual.

There may be information we will not return in response to an access request, such as information that would affect the privacy of others or interfere with legal requirements. Similarly, there may be reasons why we cannot comply with a deletion request, such as the need to retain your personal information to provide you services, to complete a transaction, to comply with a legal obligation, or for other purposes permitted by applicable law. In certain circumstances, we may not collect sufficient identifiers to match information in our records with your request.

Marketing Communications

We may send you newsletters, product updates, event invitations, service announcements, and other similar marketing communications from time to time. You can opt out of receiving marketing communications from us at any time by following the unsubscribe instructions included in our marketing emails or by contacting us using the details provided in the How to Contact Us section.

Please note that even if you opt out of marketing communications, we may continue to send you transactional and service-related communications.

Cross-Context Behavioral Advertising and Personalized Advertising Choices

If you do not want us to disclose your personal information for cross-context behavioral advertising purposes, to the extent we engage in such activities, you can request to opt out by contacting us using the details provided in the How to Contact Us section or, where supported, by using recognized opt-out preference signals such as the Global Privacy Control (GPC).

Please see the Managing Cookies section above for more information.

Cookies Choices

As explained above, we may use cookies and similar tracking technologies to provide a personalized experience. Please see the Managing Cookies section above for more information about your cookie choices.

Please refer to the applicable Jurisdictional Supplements section below for more information about your specific rights under applicable privacy law.

IX. International Transfers

We are based in the United States and may collect, use, store, and otherwise process your personal information in the United States and in other jurisdictions where we or our service providers operate. The privacy and data protection laws of those jurisdictions may differ from, and in some cases may be less protective than, those of your country, state, or province of residence. Where we transfer personal information across borders, we take steps designed to implement appropriate safeguards and to comply with applicable legal requirements governing such transfers.

For individuals located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please refer to the Jurisdictional Supplements for those jurisdictions below for additional information about international transfers and the safeguards we apply.

X. Data Retention

We retain personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, as described in this Privacy Policy. In determining appropriate retention periods, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information and whether we can achieve those purposes through other means, and applicable legal, regulatory, accounting or other requirements.

In general, we retain identifiers and contact information, account and subscription information, and payment and transaction information for the duration of the subscriber relationship and for a reasonable period thereafter as needed to comply with legal, tax, and accounting obligations. Internet or other electronic network activity information is generally retained for shorter periods unless needed for security or compliance purposes. Communications and support information is retained for the duration of the subscriber relationship and a reasonable period thereafter. Professional or employment-related information is retained for the duration of the business relationship or recruitment process and as required by law. We retain sensitive personal information only for as long as necessary to fulfill the permitted purposes described in this Privacy Policy.

When personal information is no longer required for the purposes for which it was collected and we have no legal basis to retain it, we will securely delete or de-identify the information. In some circumstances, we may anonymize or de-identify personal information so that it can no longer be associated with you, in which case we may use such anonymized or de-identified information without further notice to you.

XI. Security

We implement technical, administrative, and physical security measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures may include encryption of data in transit and at rest where appropriate, access controls that limit access to personal information on a need-to-know basis, regular security assessments and testing, staff training on privacy and data security, and physical security measures at our properties and offices.

While we take reasonable steps to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

XII. Children’s Privacy

Our services are not directed at or intended for use by children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without the consent of a parent or guardian. If you believe we have collected personal information from a child without appropriate consent, please contact us so that we can take appropriate steps.

XIII. Third-Party Websites and Services

Our website may contain links to third-party websites and services that are not operated by us. This Privacy Policy does not apply to those third-party websites and services. We encourage you to review the privacy policies of any third-party websites or services you visit.

XIV. Changes to This Privacy Policy

We may modify this Privacy Policy from time to time in our sole discretion, including to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Privacy Policy on our website with a revised “Last Updated” date. We may also provide additional notice, including by email, in-product notice, or other means.

To the fullest extent permitted by law, your continued access to or use of the Services after the effective date of any revised Privacy Policy constitutes your acknowledgement and acceptance of the revised Privacy Policy.

XV. How to Contact Us

If you have questions about this Privacy Policy or our privacy practices, wish to exercise any of your privacy rights, or have concerns about how we have handled your personal information, please contact us at:

42 Macro, LLC
support@42macro.com
1 Blackfield Dr. #257, Tiburon, CA 94920

We will respond to your inquiry in accordance with applicable law and endeavor to address any concerns you may have.

XVI. Jurisdictional Supplements

The following Jurisdictional Supplements provide additional information required by the privacy laws of specific jurisdictions. If you are a resident of one of the jurisdictions listed below, the applicable Jurisdictional Supplement may apply to you in addition to the main body of the Privacy Policy.

1. EEA, Switzerland, and United Kingdom

This Jurisdictional Supplement applies to individuals located in the European Economic Area (“EEA“), Switzerland, or the United Kingdom (“UK“) and solely to the extent the General Data Protection Regulation (“GDPR“), the UK General Data Protection Regulation (“UK GDPR“), the Swiss Federal Act on Data Protection (“FADP“), and/or other EEA, UK, or Swiss data protection legislation (collectively, “European Data Protection Law“) applies to our collection, use, disclosure, or other processing of your personal data.

Data Controller

For the purposes of European Data Protection Law, 42 Macro, LLC is the controller of your personal data under this Privacy Policy. Our contact details are provided in the How to Contact Us section above.

Legal Bases for Processing

We process your personal data only when we have a valid legal basis to do so. To the extent European Data Protection Law applies, the legal bases we rely on may include the following:

Contract. We may process personal data where necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract. This includes processing to manage your account and subscription, provide access to our Services, process payments, and communicate with you.

Legitimate Interests. We may process personal data where necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests may include operating and improving our business, providing and enhancing our services, ensuring the security and safety of our business, services, and personnel, preventing fraud and enforcing our policies, marketing (where not based on consent), and conducting analytics and business development. You may contact us for more information about how we balance our legitimate interests against your rights and freedoms.

Legal Obligation. We may process personal data where necessary to comply with a legal obligation to which we are subject, such as maintaining accounting records, responding to lawful requests from authorities, and complying with health and safety requirements.

Consent. We may process personal data based on your consent where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications or the processing of certain categories of sensitive personal data. Where we rely on consent, you have the right to withdraw your consent at any time by contacting us using the details in the How to Contact Us section, without affecting the lawfulness of processing based on consent before its withdrawal.

Vital Interests. We may also process personal data where necessary to protect the vital interests of you or another person.

Special Categories of Personal Data

We may process special categories of personal data where you have given explicit consent, where processing is necessary to protect vital interests, where processing is necessary for the establishment, exercise, or defense of legal claims, or where another lawful basis under GDPR applies.

Your Rights

Under European Data Protection Law, you may have the following rights in relation to your personal data:

Right of Access. You may have the right to obtain confirmation of whether we process personal data about you and to access that data, along with certain additional information, such as the purposes of processing, the categories of personal data concerned, and the recipients to whom the data has been or will be disclosed.

Right to Rectification. You may have the right to have inaccurate personal data rectified and, taking into account the purposes of the processing, to have incomplete personal data completed.

Right to Erasure. You may have the right to have your personal data erased in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent (where consent is the legal basis), or where the data has been unlawfully processed.

Right to Restrict Processing. You may have the right to restrict our processing of your personal data in certain circumstances, such as where you contest the accuracy of the data, where processing is unlawful but you oppose erasure, or where you have objected to processing pending verification of our legitimate grounds.

Right to Data Portability. You may have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible, where processing is based on consent or contract and is carried out by automated means.

Right to Object. You may have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to processing for direct marketing, we will stop processing your data for that purpose. Where you object to processing based on legitimate interests, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

Rights Relating to Automated Decision-Making. You may have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you, except in certain circumstances permitted by law. We do not currently make solely automated decisions that produce legal or similarly significant effects.

Right to Lodge a Complaint. You may have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR or applicable data protection law. Please see the Complaints section below for further details.

To exercise any of these rights, please contact us using the details provided in the How to Contact Us section above. We will respond to your request within one month, or otherwise within the timeframe permitted by European Data Protection Law, and we may extend this period as permitted under European Data Protection Law.

International Transfers

Where we transfer your personal data outside the EEA, UK, or Switzerland, we ensure that appropriate safeguards are in place to protect your data in accordance with data protection law. These safeguards may include:

Transfers to countries that have been determined by the European Commission, UK authorities, or Swiss authorities to provide an adequate level of data protection;

Transfers subject to Standard Contractual Clauses adopted by the European Commission or UK authorities (as applicable);

Transfers to organizations in the United States that participate in the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, or the Swiss-U.S. Data Privacy Framework, as applicable; or

Other appropriate safeguards permitted by law.

You may contact us for more information about the specific safeguards we apply to international transfers of your personal data.

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can attempt to resolve your concern. You also have the right to lodge a complaint with a supervisory authority. This may be the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

For the UK, you may contact the Information Commissioner’s Office (ICO).

For the EEA, you may contact the supervisory authority in the relevant member state.

For Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC).

2. Australia

This Jurisdictional Supplement applies solely to the extent the Privacy Act 1988 (Cth) (the “Privacy Act“), Australian Privacy Principles (“APPs“), and/or other Australian data protection legislation (collectively, “Australian Data Protection Law“) applies to our collection, use, disclosure, or other processing of your personal information.

Collection and Use of Personal Information

We collect, use, and disclose personal information for the purposes described in the main body of the Privacy Policy, including to provide our Services, communicate with customers, personalize experiences, operate our business, and comply with legal obligations. Where required by Australian Data Protection Law, we will take reasonable steps at or before the time of collection (or as soon as practicable thereafter) to notify you of the matters required by Australian Data Protection Law, including the purposes of collection and the types of third parties to whom we may disclose personal information.

Collection of Sensitive Information

Under Australian Data Protection Law, certain categories of personal information are classified as “sensitive information,” including health information, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, genetic information, and biometric information and templates. We collect sensitive information only where you have consented to the collection, the collection is required or authorized by or under law (including applicable law of a foreign country), or the collection is otherwise permitted under Australian Data Protection Law (including where collection is necessary to prevent or lessen a serious threat to life, health, or safety).

Where we collect sensitive information, we do so only to the extent reasonably necessary to provide you with appropriate services and accommodate your needs.

Anonymity and Pseudonymity

You have the option of not identifying yourself, or of using a pseudonym, when dealing with us in relation to a particular matter unless it is impracticable for us to deal with you on that basis, or we are required or authorized by or under law or a court or tribunal order to deal with individuals who have identified themselves.

Direct Marketing

We may use personal information to send you direct marketing communications in accordance with applicable laws. You may opt out of receiving direct marketing communications from us at any time by using the unsubscribe mechanism included in the communication or by contacting us using the details in the How to Contact Us section. We will comply with any request to opt out of direct marketing within a reasonable period.

Access and Correction

You may have the right to request access to the personal information we hold about you and to request correction of any information that is inaccurate, out of date, incomplete, irrelevant, or misleading. To make a request, please contact us using the details provided in the How to Contact Us section. We will respond within the timeframe required by applicable law. We may charge a reasonable fee for providing access to your information (but we will not charge an excessive amount), and we will not charge you for making a request or for correcting information.

We may refuse access or correction in certain circumstances permitted by Australian Data Protection Law, such as where providing access would have an unreasonable impact on the privacy of other individuals or where the request is frivolous or vexatious. If we refuse a request, we will provide you with written reasons for the refusal and information about how to complain about our decision.

Notifiable Data Breaches

If we experience a data breach involving personal information that is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under Australian Data Protection Law, including by notifying affected individuals and the Office of the Australian Information Commissioner where required.

Complaints

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, you may lodge a complaint with us using the contact details provided. We will acknowledge your complaint and investigate and respond within the timeframes required by Australian Data Protection Law. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (“OAIC“).

Cross-Border Disclosure

We may disclose your personal information to recipients located outside Australia, including in the United States and other countries where we operate or have business relationships.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not violate Australian Data Protection Law in relation to the information, unless an exception applies under Australian Data Protection Law.

3. Canada

This Jurisdictional Supplement applies solely to the extent the Personal Information Protection and Electronic Documents Act (“PIPEDA“), the British Columbia Personal Information Protection Act (“BC PIPA“), the Alberta Personal Information Protection Act (“AB PIPA“), Quebec’s Act respecting the protection of personal information in the private sector (“Quebec Privacy Act“), and/or other Canadian federal or provincial privacy legislation (“Canadian Data Protection Law“) applies to our collection, use, disclosure, and other processing of your personal information.

We collect, use, and disclose personal information only with your knowledge and consent, except where permitted or required by law. By providing personal information to us or using our Services, you agree to our collection, use, and disclosure of that information in accordance with this Privacy Policy.

In some circumstances, your consent may be implied from your actions or the circumstances, such as when you subscribe to our Services. In other circumstances, we may seek your express consent, such as for marketing communications or the collection of sensitive information, where required.

You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. If you withdraw consent, we may not be able to provide you with certain Services or information. We will inform you of the implications of withdrawing consent when you make such a request.

Identifying Purposes

We identify the purposes for which personal information is collected at or before the time of collection. The purposes for which we collect, use, and disclose personal information are described in the How We Use Personal Information and Disclosure of Personal Information sections of this Privacy Policy.

Limiting Collection and Use

We limit the collection of personal information to that which is necessary for the purposes we have identified. We do not collect personal information indiscriminately. We use personal information only for the purposes for which it was collected, except with your consent or as permitted or required by law.

Accuracy

We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date for the purposes for which it is to be used. You can help us maintain accurate records by informing us of any changes to your personal information.

Access and Correction

You have the right to request access to the personal information we hold about you and to challenge its accuracy and completeness. To make a request, please contact us using the details provided in the How to Contact Us section. We will respond within the timeframe required by Canadian Data Protection Law. We may charge a minimal fee to cover the cost of responding to your request, which we will inform you of before processing your request.

We may refuse access in certain circumstances permitted by law, such as where the information is subject to solicitor-client privilege, where disclosure would reveal confidential commercial information, or where the information was collected in the course of an investigation. If we refuse access, we will provide you with the reasons for the refusal.

Complaints

If you have concerns about how we have handled your personal information, you may lodge a complaint with us using the contact details provided. We will investigate your complaint and respond within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with the appropriate privacy authority:

Federal: Office of the Privacy Commissioner of Canada.

British Columbia: Office of the Information and Privacy Commissioner for British Columbia.

Alberta: Office of the Information and Privacy Commissioner of Alberta.

Quebec: Commission d’accès à l’information du Québec.

British Columbia-Specific Requirements

If you are a resident of British Columbia or your personal information is collected, used, or disclosed in British Columbia, the BC PIPA applies to our handling of your personal information.

Under BC PIPA, we are required to designate an individual responsible for compliance with privacy legislation. Inquiries or complaints regarding our privacy practices in British Columbia should be directed to the contact information provided in the How to Contact Us section.

We will only collect, use, and disclose your personal information for purposes that a reasonable person would consider appropriate in the circumstances. We will make reasonable security arrangements to protect your personal information from unauthorized access, collection, use, disclosure, copying, modification, or disposal.

Before disposing of or destroying documents containing personal information, we will take reasonable steps to ensure the personal information is no longer reasonably recoverable.

Quebec-Specific Requirements (Law 25)

If you are a resident of Quebec, the Quebec Privacy Act, as modernized by An Act to modernize legislative provisions as regards the protection of personal information (commonly known as “Law 25“), applies to our handling of your personal information. To the extent required by applicable law, we conduct privacy impact assessments before undertaking projects involving the collection, use, communication, or retention of personal information that present a risk of serious injury; we implement privacy-by-default settings; we obtain express consent for the collection, use, or communication of sensitive personal information; and we take reasonable steps to ensure that personal information transferred outside Quebec receives protection equivalent to that provided under Quebec law. You have the right to be informed of the specific purposes for which your personal information is collected, the means by which it is collected, and your rights of access, rectification, and withdrawal of consent.

4. Brazil

This Jurisdictional Supplement applies solely to the extent the Lei Geral de Proteção de Dados (“LGPD“), Law No. 13,709/2018, and related regulations issued by the Autoridade Nacional de Proteção de Dados (“ANPD“) (collectively, “Brazil Data Protection Law“) applies to our collection, use, disclosure, and other processing of your personal information.

Data Controller

For the purposes of Brazil Data Protection Law, 42 Macro, LLC is the controller (controlador) of your personal data. Our contact details are provided in the How to Contact Us section above.

Legal Bases for Processing

Under Brazil Data Protection Law, we process your personal data only when we have a valid legal basis to do so. Brazil Data Protection Law recognizes the following legal bases for the processing of personal data, any of which may apply depending on the nature of the processing activity:

Consent of the data subject, which must be free, informed, and unambiguous, and provided for a specific purpose;

Compliance with a legal or regulatory obligation of the controller;

Execution of public policies provided in laws or regulations, or based on contracts, agreements, or similar instruments;

Carrying out research by research entities, ensuring, whenever possible, the anonymization of personal data;

Performance of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;

Exercise of rights in judicial, administrative, or arbitration proceedings;

Protection of life or physical safety of the data subject or a third party;

Protection of health, exclusively in procedures carried out by health professionals, health services, or sanitary authorities;

To fulfill the legitimate interests of the controller or a third party, except where the fundamental rights and freedoms of the data subject prevail; and

For the protection of credit, including credit scoring.

We primarily rely on consent, contract performance, legitimate interests, and legal or regulatory obligation as our legal bases for processing personal data of individuals located in Brazil, depending on the processing activity and the nature of the personal data involved.

Consent

Where we rely on consent as the legal basis for processing your personal data, your consent must be free, informed, and unambiguous, and provided for a specific purpose. You have the right to withdraw your consent at any time, free of charge, by contacting us using the details provided in the How to Contact Us section. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. If you withdraw consent, we may not be able to provide you with certain features of the Services that depend on the processing of your personal data.

Sensitive Personal Data

Under Brazil Data Protection Law, “sensitive personal data” includes data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical, or political organization membership, health or sexual life data, and genetic or biometric data. We process sensitive personal data only where you have provided specific and prominent consent for specific purposes, or where processing is strictly necessary for the purposes permitted under Brazil Data Protection Law, such as compliance with a legal obligation, protection of life or physical safety, or the exercise of rights in judicial proceedings.

Your Rights Under Brazil Data Protection Law

Under Brazil Data Protection Law, you have the following rights in relation to your personal data:

Confirmation and Access. You may have the right to obtain confirmation of whether we process your personal data and to access that data.

Correction. You may have the right to request the correction of incomplete, inaccurate, or outdated personal data.

Anonymization, Blocking, or Deletion. You may have the right to request the anonymization, blocking, or deletion of unnecessary or excessive personal data, or personal data processed in violation of Brazil Data Protection Law.

Data Portability. You may have the right to request the portability of your personal data to another service provider or product provider, subject to Brazil Data Protection Law and commercial and industrial secrecy.

Deletion of Data Processed with Consent. You may have the right to request the deletion of personal data processed on the basis of your consent, except where retention is permitted by law.

Information on Shared Use. You may have the right to obtain information about the public and private entities with which we have shared your personal data.

Information on Consent. You may have the right to be informed about the possibility of not providing consent and the consequences of such refusal.

Revocation of Consent. You may have the right to revoke your consent at any time, through an express manifestation, free of charge and without any conditions, by contacting us using the details provided in the How to Contact Us section.

Opposition. You may have the right to oppose the processing of your personal data where processing is carried out in reliance on a legal basis other than consent, if we are not in compliance with the provisions of Brazil Data Protection Law.

To exercise any of these rights, please contact us using the details provided in the How to Contact Us section above. We will promptly confirm receipt of your request and, where required, provide a simplified response. For detailed access requests, we will respond within 15 days of the date of the request, as required by Brazil Data Protection Law. If we are unable to comply with your request, we will provide you with the reasons for our decision.

International Data Transfers

We are based in the United States, and your personal data may be transferred to and processed in the United States or other countries where we or our service providers operate. We will only transfer personal data internationally in compliance with Brazil Data Protection Law, which permits transfers to countries or international organizations that provide an adequate level of data protection as recognized by the ANPD, where we have implemented appropriate safeguards (such as standard contractual clauses, global corporate norms, or other mechanisms approved by the ANPD), where you have provided specific and prominent prior consent to the transfer and its specific purpose, where the transfer is necessary for the performance of a contract with you, or where another legal basis under Brazil Data Protection Law applies.

Cookies and Tracking Technologies

To the extent required by Brazil Data Protection Law: (a) we will obtain your affirmative opt-in consent before placing non-essential cookies on your device when you access our Services from Brazil; and (b) we may offer you the ability to reject non-essential cookies at the time of collection and revoke your consent to cookies at any time. For more information, please see the Cookies and Other Tracking Technologies section above.

Complaints

If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can attempt to resolve your concern. You also have the right to file a complaint or petition with the Autoridade Nacional de Proteção de Dados (ANPD).

Last Updated: May 2026