Privacy Notice

Last Updated: April 7, 2026

FirstParty, Inc. (“Company,” “we,” “our,” or “us”) is committed to maintaining the privacy, confidentiality, and security of personal information entrusted to us. This Privacy Notice (“Notice") applies to Information we collect from or about you when you use or interact with our websites, products, the profiles or pages we maintain on social media platforms, (collectively, “Sites", each a “Site”), visit our locations, attend our conferences or other events, or otherwise communicate with us, including through offline channels, such as phone or mail (collectively with Sites, “Services”). Subject to applicable law, this Notice also applies to Information we collect from or about you when you submit a job application and/or seek employment opportunities with us.

When you use or interact with our Services, we may collect and process certain information about you, including information that is considered “personal information” or “personal data” under applicable law (“Information"). This Notice explains how we collect, use, and disclose Information that we receive from or about you (including in connection with our Services), how we protect your Information once it is collected, and how you can exercise your rights and choices available to you regarding your Information.

This Privacy Notice does not apply to personal information we process on behalf of clients in a processor capacity, except to the extent required by law.

Information We Collect

We collect personal information that is reasonably necessary to operate our business, deliver our services, and support our products. This includes information that individuals provide directly to us, such as when submitting inquiries through our website, engaging with us in a business context, or registering for access to our platforms. Such information may include names, professional contact details, company affiliation, job title, and the content of communications. We also collect information automatically when individuals interact with our website or digital properties. This information may include technical identifiers such as IP address, browser type, device characteristics, and data relating to usage patterns, including pages visited, session activity, and referring URLs. This data helps us understand how our website and services are used and supports ongoing improvement and security monitoring. In connection with our software products, we may collect account-related information, including user credentials, system access logs, and activity records necessary to operate and secure our platforms. We may also obtain professional or business-related information from third-party sources, including publicly available data and information provided by partners or vendors, where appropriate for business development or relationship management purposes. We do not intentionally collect sensitive personal information unless it is necessary for a specific and clearly disclosed purpose.

How We Use Personal Information

We use personal information to operate our business in a secure, efficient, and effective manner. This includes using information to provide and deliver our services and products, manage client relationships, and support the functionality and performance of our platforms. Personal information is also used to respond to inquiries, communicate with prospective and existing clients, and provide relevant updates about our offerings. We analyze information relating to usage and system performance in order to improve our website, refine our products, and enhance the overall user experience. This analysis is conducted in a manner consistent with our commitment to data minimization and proportionality. Personal information is also used to maintain the security and integrity of our systems. This includes monitoring for potential vulnerabilities, detecting unauthorized activity, and enforcing internal policies and controls designed to protect both our organization and those who interact with us. Finally, we process personal information as necessary to comply with applicable laws and regulations, meet contractual obligations, and support audits and compliance activities, including those related to SOC 2.

Disclosure of Personal Information

We do not sell, rent, or otherwise disclose personal information to third parties for independent commercial purposes. We disclose personal information only in limited and controlled circumstances. This may include disclosures that are necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests, as well as disclosures required to protect the rights, safety, and security of the Company, our clients, or others. We may also share personal information with our legal, financial, and other professional advisors, where such disclosure is necessary for the provision of advisory services and subject to appropriate confidentiality obligations. In addition, personal information may be disclosed in connection with a corporate transaction, such as a merger, acquisition, financing, or sale of all or a portion of our business or assets. In such cases, personal information would remain subject to confidentiality protections and applicable legal requirements. Outside of these circumstances, we do not disclose personal information to third parties.

Cookies and Similar Technologies

We use cookies and similar technologies to support the operation and performance of our website. These technologies enable core functionality, help us understand how users interact with our website, and support efforts to improve usability and performance. Information collected through these technologies may include device identifiers, browsing behavior, and interaction data. Users may manage cookie preferences through their browser settings. Please note that disabling certain cookies may affect the functionality of the website.

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected and to meet our legal, regulatory, and contractual obligations. Retention periods are determined based on the nature of the information, the context in which it was collected, and the requirements applicable to our business operations. We also consider the need to maintain appropriate records for audit, compliance, and dispute resolution purposes. When personal information is no longer required, it is securely deleted or anonymized in accordance with our data retention and disposal practices.

Data Security

We maintain a comprehensive information security program designed to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. Our security practices include the implementation of access controls based on least-privilege principles, encryption of data in transit and, where appropriate, at rest, and continuous monitoring of systems for potential security events. We also maintain logging and alerting mechanisms, formal change management processes, and secure development practices.

We conduct regular risk assessments and maintain oversight of third-party risks, and we provide ongoing security awareness training to our personnel. While we take reasonable and appropriate measures to safeguard personal information, no method of transmission or storage can be guaranteed to be completely secure.

Your Rights and Choices

Depending on applicable law, individuals may have certain rights with respect to their personal information. These rights may include the ability to request access to personal information we hold, request correction of inaccurate information, request deletion of personal information, or object to or restrict certain types of processing. Requests may be submitted by contacting us using the information provided below. We will respond to such requests in accordance with applicable legal requirements.

California Privacy Rights

If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights include the right to know what personal information is collected and how it is used, the right to request deletion or correction of personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under applicable law. For more detailed information about these rights and how to exercise them, please refer to our California-specific privacy notice.

International Data Transfers

Our operations are based in the United States, and personal information is processed in the United States. If you access our website or services from outside the United States, your information may be transferred to, stored, and processed in the United States in accordance with this Privacy Policy.

Children’s Privacy

Our website, services, and products are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children.

Third-Party Websites

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of such third parties, and we encourage users to review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do so, we will update the “Last Updated” date at the top of this Policy.

Contact Information

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us at security@firstparty.com.

Processing on Behalf of Clients

In the course of providing services, we may process personal information on behalf of our clients. In such cases, we act solely under client instructions and do not use such information for our own independent purposes. The handling of such data is governed by the applicable client agreements and relevant law.

California Privacy Notice

Last Updated: April 7, 2026

This California Privacy Notice (“California Notice”) supplements the information contained in the FirstParty, Inc. Privacy Notice and applies solely to residents of the State of California (“you” or “consumers”), as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the “CCPA”). This California Notice provides additional disclosures regarding our collection, use, and disclosure of personal information, as well as the rights available to California residents under applicable law. This Notice should be read together with our Privacy Notice to fully understand our data practices.

Categories of Personal Information Collected

Over the preceding twelve (12) months, we have collected, and may continue to collect, personal information within the following categories, to the extent relevant to our business operations:

Personal information may include identifiers such as name, email address, business address, telephone number, IP address, and other similar identifiers associated with an individual or device. We may also collect professional or employment-related information, including company affiliation, job title, and business contact details, as well as records of communications and interactions with us.
In connection with our website and digital properties, we collect internet or other electronic network activity information, including browsing activity, interaction data, and technical usage information. Where applicable to our products and platforms, we may also collect account credentials, system access logs, and activity records necessary to operate and secure our services.
We may derive limited inferences from the information described above, such as general preferences or engagement patterns, solely for the purpose of improving our services and business operations.
We do not intentionally collect sensitive personal information except where necessary for a specific and disclosed business purpose. Where sensitive personal information is collected, we use and disclose it only as permitted under applicable law.

Sources of Personal Information

We collect personal information directly from individuals when they interact with us, including through our website, communications, and business engagements. We also collect certain information automatically through the use of website technologies and system logs. In limited circumstances, we may obtain professional or business-related information from publicly available sources or through business interactions with partners, clients, or other organizations, where appropriate for legitimate business purposes.

Purposes for Collection and Use

We collect and use personal information for the business and commercial purposes described in our Privacy Notice. These purposes include operating and delivering our services and products, managing client relationships, responding to inquiries, improving our website and platforms, and maintaining the security and integrity of our systems. Personal information is also used to comply with legal and regulatory obligations and to support internal governance, audit, and compliance activities. Where applicable under the CCPA, these purposes correspond to recognized “business purposes,” including performing services, maintaining and improving systems, ensuring security and integrity, debugging and error detection, and conducting internal research and development.

Disclosure of Personal Information

We do not sell or share personal information as those terms are defined under the CCPA, and we have not done so in the preceding twelve (12) months. We disclose personal information only in limited circumstances, consistent with the practices described in our Privacy Policy. This includes disclosures necessary to comply with applicable law or legal process, disclosures to our professional advisors subject to confidentiality obligations, and disclosures in connection with a corporate transaction such as a merger, acquisition, or sale of assets. We do not disclose personal information to third parties for independent marketing or advertising purposes.

Retention of Personal Information

We retain personal information for the period reasonably necessary to achieve the purposes described in our Privacy Policy, unless a longer retention period is required or permitted by law. In determining retention periods, we consider the nature and sensitivity of the information, the purposes for which it was collected, and applicable legal and regulatory requirements. Personal information is securely deleted or anonymized when it is no longer required.

Your Rights Under the CCPA

Subject to certain limitations and exceptions under applicable law, California residents have the following rights:

You have the right to request access to the personal information we have collected about you, including information about the categories of personal information, the sources from which it was collected, the purposes for which it was used, and the categories of third parties to whom it has been disclosed.
You have the right to request that we correct inaccurate personal information that we maintain about you.
You have the right to request that we delete personal information that we have collected from you, subject to certain exceptions.
You have the right to request a copy of your personal information in a portable format, where technically feasible.
You have the right to opt out of the sale or sharing of personal information; however, as described above, we do not sell or share personal information.
Where applicable, you also have the right to limit the use or disclosure of sensitive personal information. We do not use sensitive personal information for purposes that would trigger this right.
You have the right not to receive discriminatory treatment for exercising your privacy rights.

Exercising Your Rights

To submit a request to exercise your rights, you may contact us at: security@firstparty.com. We may take reasonable steps to verify your identity before responding to your request. This may include requesting information sufficient to confirm your identity or your authority to act on behalf of another individual. You may designate an authorized agent to submit a request on your behalf, subject to applicable legal requirements. We may require verification of both your identity and the authority of the authorized agent. If we are unable to fulfill your request, we will provide an explanation consistent with applicable law.

Non-Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA. This means that we will not deny you services, charge different prices, or provide a different level or quality of service solely because you exercised your rights.

Changes to This California Notice

We may update this California Notice from time to time to reflect changes in our practices or applicable law. When we do so, we will update the “Last Updated” date at the top of this Notice.

Contact Information

If you have questions about this California Notice or our data practices, please contact us at security@firstparty.com.