CCPA privacy notice

Last updated: May 1, 2020

This privacy notice (“Privacy Notice”) for California Residents under the California Consumer Privacy Act of 2018 (“CCPA”) supplements the information contained in Exposebox Ltd. Privacy Policy available at: (“Privacy Policy“) and applies solely to End Users (as defined in the Privacy Policy) who reside in the State of California (“Users” or “you”), as defined under the CCPA. Any terms defined in the CCPA have the same meaning when used in this Privacy Notice. Further, this Privacy Notice is an integral part of our Privacy Policy and thus, definitions used herein but not defined herein shall have the meaning ascribed to them in our Privacy Policy.

As required under the CCPA, we will update this Privacy Notice every 12 months. The last revision date will be reflected in the “Last Updated” heading located at the top of the Privacy Notice.


Under the CCPA, “Personal Information” is defined as any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device. The categories of Personal Information that we collect (and has collected within the last 12 months) are detailed in the table below.

Please note that under the CCPA Personal Information does not include: publicly available information from government records and de-identified or aggregated consumer information, information excluded from the CCPA’s scope (e.g., health or medical information covered by applicable laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)); and information covered by certain sector-specific privacy laws (e.g., the California Financial Information Privacy Act (FIPA)).




A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier,

Internet Protocol address, email address,

account name, Social Security number, driver’s license number, passport number, or other similar identifiers.


B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description,

address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history,

bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.


C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition,

physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation,

veteran or military status, genetic information (including familial genetic information).


D. Commercial information.

Records of personal property, products or services purchased,

obtained, or considered, or other purchasing or consuming histories or tendencies.


E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information,

such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.


F. Internet or other similar network activity.

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.


G. Geolocation data.

Physical location or movements.


H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.


I. Professional or employment-related information.

Current or past job history or performance evaluations.


J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts,

class lists, student schedules, student identification codes, student financial information, or student disciplinary records.


K. Inferences drawn from other personal information.

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.



Depending on the nature of your interaction with us, we may collect the above-detailed information from you, as follows: (i) directly from you, for example, if you interact with our website or our Client’s website or application; or (ii) from our Clients.


We may use, or disclose the Personal Information we collect for one or more of the following business purposes:

  • To perform our Services and to fulfil the requirements under our agreements with our Clients.
  • To provide, support, personalize, and develop our Services, as well as to improve our Services.
  • For security and fraud detection purposes, and to maintain the safety, security, and integrity of our Services.
  • For testing, research, analysis, and product development, including to develop of our Services.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.

We will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.


We may disclose your Personal Information to our Clients, service providers and any third party for a business purpose.

We share your Personal Information with the following categories of third parties:

(i) Service providers – such as Google Cloud Services, Amazon Web Services or Mailgun.   

(ii) Clients – for performing our Services.


In the preceding twelve (12) months, the Company has disclosed the following category of Personal Information for a business purpose:

Category A: Identifiers.

Category B: Personal information categories listed in the California Customer Records statute

Category C: Protected classification characteristics under California or federal law.

Category D: Commercial information.

Category F:  Internet or other similar network activity.

Category G: Geolocation data.


In the preceding twelve (12) months, the Company has not sold Personal Information.

Note that, we are considered as the Service Provider of our Clients. Thus, in the event you are an End User, our Clients may provide you with a “Do Not Sell” link.


The CCPA provides Consumers with specific rights regarding their Personal Information.  Please review our Data Subject Rights Overview regarding your rights under applicable law.

You may exercise any or all of your above rights in relation to your Personal Information by contacting our privacy team at


The Service does not respond to Do Not Track signals. For more information about Do Not Track signals, please see:


If you have any questions or concerns regarding privacy issues, or if you wish to be provided with any other information related to our privacy practices, please contact us at:

Exposebox Ltd

121 Begin Rd., Tel Aviv, Israel