Skip to main content
AgeShield

Privacy Policy

Last Updated: March 28, 2026
AgeShield LLC (“AgeShield,” “we,” “our,” or “us”)

1. Introduction

This Privacy Policy describes how AgeShield collects, uses, discloses, and protects information in connection with our products and services. Unless otherwise stated, “information” or “personal information” refers to information that identifies, relates to, or can reasonably be associated with an individual or household.

This Privacy Policy applies to information we collect through our website (https://ageshield.bar), mobile application, web-based administration portal, emails, and other online services that link to this Privacy Policy (collectively, the “Service”), as well as from other sources described below.

This Privacy Policy does not apply to:

  • The practices of third parties we do not own or control.
  • Information collected in connection with job applications or employment with us.
  • Information that has been anonymized or, to the extent permitted by applicable law, de-identified.

For information about how we handle data on behalf of our business clients (venue operators), see Section 2: Processing on Behalf of Venue Clients below.

If you are a resident of the United States, see our US State-Specific Disclosures for additional information about your rights.

For questions about this Privacy Policy, see Section 16: Contact Us.

2. Processing on Behalf of Venue Clients

AgeShield provides identity verification, age verification, and fake ID detection products and services to business clients such as bars, nightclubs, restaurants, and vape shops (“Venue Clients”). In the course of delivering these services, we collect and process certain information on behalf of our Venue Clients (“Client Data”).

Client Data may include information extracted from government-issued identification documents, such as name, date of birth, document expiration date, document type, and ID photographs. The specific categories of Client Data collected depend on the Venue Client's configuration of our Service and the features they choose to enable.

AgeShield acts as a service provider (data processor) with respect to Client Data. Our Venue Clients determine the purposes and means of processing Client Data, including the data retention periods applicable to their venue through configurable settings in the Service. The Venue Client's own privacy policy, and not this Privacy Policy, governs their relationship with the individuals whose IDs are scanned.

Venue Client compliance obligations. Each Venue Client is solely responsible for ensuring that its use of the Service — including the collection, storage, and retention of Client Data — complies with all applicable federal, state, and local laws and regulations in the jurisdictions where it operates. This includes, without limitation, laws governing the scanning of identification documents, data retention and destruction requirements, biometric information privacy laws (such as the Illinois Biometric Information Privacy Act), and any requirements for patron notice or consent. AgeShield provides configurable tools to support Venue Client compliance but does not provide legal advice, and the availability of a feature within the Service does not constitute a representation that use of that feature is lawful in any particular jurisdiction. Venue Clients are required to accept these obligations under the terms of their service agreement with AgeShield.

If you are a patron whose ID was scanned at a venue using AgeShield and you wish to exercise privacy rights regarding that data, please contact the venue directly. If you are unable to resolve your request with the venue, you may also contact us at the address provided in Section 16: Contact Us, and we will assist where reasonably possible.

Aggregated and de-identified data. Where permitted by applicable law and our agreements with Venue Clients, we may create aggregated, de-identified, or anonymized data from Client Data. We use such data for lawful business purposes, including improving our products and services, analyzing usage trends, and enhancing our verification algorithms. We may also share anonymized or de-identified data with our identity verification technology providers for the purpose of improving document recognition accuracy, scanning performance, and fraud detection capabilities. Where we de-identify data, we maintain and use it in de-identified form and do not attempt to re-identify it.

Unsupported ID submissions. In limited circumstances, venue staff may submit photographs of identification documents that our system does not automatically recognize (for example, when a barcode fails to scan). These submissions are used exclusively for product improvement and system debugging. We retain such submissions for no longer than thirty (30) days or until the submission is no longer relevant for its intended diagnostic purpose, whichever occurs first. These submissions are stored securely and access is restricted to authorized personnel. AgeShield acts as a data controller with respect to these submissions.

3. Information We Collect

We collect the following categories of information depending on how you interact with the Service:

Information from Venue Clients (Business Accounts)

  • Contact identifiers: Name, email address, phone number, and business address of venue operators, administrators, and authorized staff.
  • Business information: Venue name, business type, number of locations, and similar organizational details.
  • Account credentials: Username, password, and other authentication information used to access the Service.
  • Payment information: Payment instrument details (such as credit or debit card number, expiration date, and security code) necessary to process subscription payments. This information is collected and processed by our third-party payment processor and is not stored on our servers.
  • Communications: Content of messages you send to us, including support requests, feedback, and inquiries.

Information from the Service (Automatic Collection)

  • Device identifiers: IP address, device type, operating system, and unique device identifiers associated with devices used to access the Service.
  • Device information: Browser type and version, operating system, screen resolution, and language and regional settings.
  • Usage data: Pages visited, features used, actions taken within the Service, timestamps, and referring and exit pages.
  • Precise location data: With your consent, the mobile application and web-based administration portal may collect precise geographic location (latitude and longitude) from the device used to access the Service. This data is used to record scan location in audit logs, to verify that the Service is being used within the United States, and for analytics purposes where applicable. Precise location data is collected only when the device user has granted location permissions.
  • Non-precise location data: General geographic location inferred from IP address, such as city or region. Non-precise location data may also be used for analytics purposes.

Information from ID Scans (Client Data)

As described in Section 2, we process the following categories of information on behalf of Venue Clients when identification documents are scanned:

  • Document data: Information extracted from identification document barcodes and visual elements via optical character recognition (OCR), which may include name, date of birth, document number, expiration date, address, and document type.
  • Photographs: Images of identification documents and ID photographs, where the Venue Client has enabled this feature.
  • Verification results: Scan outcomes such as age verification status, document authenticity assessments, and alert flags (e.g., expired documents, blacklisted individuals, or VIP designations).
  • Scan metadata: Date, time, and device associated with each scan.

Sensitive Information

Some of the information described above may be considered sensitive under applicable law, such as government-issued identification numbers, photographs from identity documents, or precise geolocation data. See our US State-Specific Disclosures for details on how we handle sensitive information.

Photographs

The Service may capture and store photographs of identification documents and ID portrait photographs on behalf of Venue Clients, depending on the Venue Client's configuration. These photographs are stored as part of Client Data and are subject to the retention periods configured by the applicable Venue Client. Venue Clients are solely responsible for ensuring that their collection and storage of ID photographs complies with all applicable laws in their jurisdiction, including any biometric information privacy laws that may apply to photographs containing facial imagery.

Future Capabilities

We may introduce additional verification features in the future. If any future capabilities involve the collection or processing of new categories of personal information — including biometric data — we will update this Privacy Policy before such features are made available and, where required by applicable law, obtain appropriate consent.

4. Sources of Information

We collect information from the following sources:

  • Directly from you. When you create an account, subscribe to our Service, contact us for support, or otherwise provide information to us.
  • From your devices. Automatically when you use our website or mobile application, through cookies, log files, and similar technologies as described in Section 5: Cookies and Tracking Technologies.
  • From Venue Client operations. Through the use of our mobile application and scanning features by authorized venue staff.
  • From third-party service providers. We may receive information from vendors who provide analytics, fraud prevention, payment processing, and identity verification services on our behalf.
  • Generated by us. We create derived information based on the data we collect, such as aggregated usage statistics and system performance metrics.

5. Cookies and Tracking Technologies

We use cookies and similar technologies on our website (https://ageshield.bar) and in our Service to collect information automatically. This section describes the types of tracking technologies we use.

Cookies

Cookies are small text files placed on your browser or device when you visit a website. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain until they expire or you delete them). Cookies may be first-party (set by us) or third-party (set by services we work with).

Analytics Tools

We use Google Analytics and may use similar analytics services to understand how visitors interact with our website. These tools use cookies and similar technologies to collect information about website usage, including pages visited, time spent on pages, and traffic sources. This helps us improve our website and Service.

For information about how Google collects and processes data, visit https://policies.google.com/technologies/partner-sites. To opt out of Google Analytics, you may install the Google Analytics Opt-Out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

Advertising Technologies

We may use advertising pixels, tags, and similar technologies from third-party advertising platforms to measure the effectiveness of our advertising campaigns and to deliver targeted advertisements. These technologies may collect information about your browsing activity across websites over time.

Your Choices

You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking cookies may affect the functionality of our website. For more information about your choices regarding tracking technologies, see Section 9: Your Privacy Choices.

6. How We Use Information

We use the information we collect for the following purposes:

  • To provide and operate the Service, including processing ID scans, delivering verification results, managing venue accounts, and providing customer support.
  • To process payments for subscriptions and related services.
  • To communicate with you, including sending transactional messages (such as account confirmations and billing notifications) and, where permitted, marketing communications about our products and services.
  • To improve our products and services, including analyzing usage patterns, diagnosing technical issues, conducting research and development, and enhancing our verification algorithms and fraud detection capabilities.
  • To ensure security and prevent fraud, including monitoring for suspicious activity, investigating potential violations of our terms, and protecting the rights, property, and safety of AgeShield, our clients, and others.

Note regarding Client Data from ID scans: Information obtained from scanning identification documents (Client Data) is used by AgeShield solely for the purposes of providing the verification service to Venue Clients, improving our scanning and fraud detection technology, ensuring security, and complying with legal obligations. Client Data is not used by AgeShield for marketing, advertising, profiling, or any purpose unrelated to identity verification and product improvement.

  • To comply with legal obligations, including responding to lawful requests from public authorities and meeting applicable regulatory requirements.
  • For analytics and measurement, including understanding how our website and Service are used and measuring the effectiveness of our marketing efforts.
  • For advertising, including delivering and measuring advertisements on third-party platforms. Some of this advertising may constitute “targeted advertising” as defined by applicable law, which involves showing you more relevant ads based on your activity over time and across non-affiliated services. See Section 9: Your Privacy Choices for opt-out information.
  • With your consent or at your direction, where you instruct us to use your information in a specific manner or where we have notified you and obtained your consent.

Non-Personal Information

We may anonymize or de-identify information so that it no longer constitutes personal information under applicable law. Where we de-identify information, we commit to maintaining and using it in de-identified form and will not attempt to re-identify it. We may use non-personal information for any lawful purpose.

7. How We Disclose Information

We disclose information to the following categories of recipients for the purposes described in this Privacy Policy:

  • Service providers. We work with third-party service providers who process information on our behalf, including cloud hosting and infrastructure providers, payment processors, analytics providers, identity verification technology providers, and customer support tools. Some of our service providers, including identity verification technology partners, are located outside of the United States and may process information in countries such as those within the European Union or Switzerland. We may share scan data, including anonymized or de-identified data, with identity verification technology providers to improve scanning accuracy, document recognition, and fraud detection capabilities. We contractually require our service providers to use personal information only to perform services for us and to maintain appropriate security safeguards, regardless of where they are located.
  • Venue Clients. We provide scan results, verification outcomes, and related data to the Venue Client on whose behalf the information was collected, in accordance with their configuration of the Service.
  • Advertising and analytics partners. We may disclose or make available certain identifiers and usage information to advertising networks, analytics providers, and similar third parties to deliver and measure advertising. See Section 9: Your Privacy Choices for opt-out options.
  • In connection with business transactions. We may disclose information in connection with any proposed or actual merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business to another entity. In such cases, the acquiring entity would be bound by the terms of this Privacy Policy with respect to previously collected information.
  • For legal and safety purposes. We may disclose information to comply with applicable law, regulation, legal process, or governmental request; to enforce our terms of service and other agreements; to protect the rights, property, or safety of AgeShield, our Venue Clients, their patrons, or others; and to detect, prevent, or address fraud, security, or technical issues. With respect to Client Data containing patron information, AgeShield requires valid legal process (such as a court order, subpoena, or warrant) before disclosing such data to law enforcement or other governmental authorities, except where we have a good-faith belief that disclosure is necessary to prevent an emergency involving danger of death or serious physical injury. Where legally permitted, we will notify the affected Venue Client of any such request before disclosure.
  • With your consent. We may disclose information where you have provided consent or at your direction.
  • Non-personal information. We may disclose aggregated, de-identified, or otherwise non-personal information for any lawful purpose.

8. Third-Party Services

Our Service may contain links to websites, applications, or services operated by third parties. We may also integrate third-party technologies into our Service, including those described in Section 5: Cookies and Tracking Technologies. Except where third parties act as our service providers under our instruction, those third parties independently determine how they collect and use your information. We encourage you to review the privacy policies of any third-party services before providing your information.

9. Your Privacy Choices

This section describes the choices available to you regarding your information.

Region-Specific Rights

If you are a resident of certain US states, you may have additional rights. See our US State-Specific Disclosures for details.

Marketing Communications

To stop receiving marketing emails from us, follow the unsubscribe instructions included in such emails, or contact us at privacy@ageshield.bar with “UNSUBSCRIBE” in the subject line. Please note that you may continue to receive transactional and account-related communications.

Account Deletion

If you have a Venue Client account with us, you may request deletion of your account by contacting us at privacy@ageshield.bar. Account deletion requests will be processed in accordance with our data retention practices and applicable law.

Browser and Device Controls

  • Cookies. You may manage cookies through your browser settings. Note that disabling cookies may affect the functionality of our website. Cookie management applies to our website only and must be configured separately for each browser you use.
  • Mobile device settings. You can reset your device's advertising identifier or limit ad tracking through your device settings. You can also stop all data collection through our mobile application by uninstalling the app.
  • Do Not Track. Our Service does not currently respond to “Do Not Track” browser signals. If we change this practice in the future, we will update this Privacy Policy accordingly.

Third-Party Opt-Out Tools

10. Data Retention

Venue Client Account Data

We retain Venue Client account information for the duration of the business relationship and for a reasonable period thereafter as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Client Data (ID Scan Data)

Retention periods for Client Data are determined by each Venue Client through configurable settings in the Service. AgeShield facilitates automatic deletion of Client Data in accordance with the retention periods configured by each Venue Client. Each Venue Client is solely responsible for selecting retention periods that comply with all applicable laws and regulations in the jurisdictions where it operates, including any state or local laws that impose maximum retention periods or specific deletion requirements for data obtained from identification document scans. AgeShield does not independently verify the legal adequacy of a Venue Client's chosen retention settings.

Unsupported ID Submissions

As described in Section 2, photographs of unsupported identification documents submitted for diagnostic purposes are retained for no longer than thirty (30) days or until no longer needed for product improvement, whichever occurs first.

General Retention Principles

We retain information for the period reasonably necessary to fulfill the purposes described in this Privacy Policy, and as required to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements. When information is no longer needed for any of these purposes, we delete or de-identify it.

11. Children

The Service is not directed toward individuals under 18 years of age. We do not knowingly collect personal information from children under 18. The nature of our Service — age verification and fake ID detection for venues serving alcohol or other age-restricted products — is inherently designed to prevent underage access rather than to collect data from minors.

If you are a parent or guardian and believe that a child under 18 has provided personal information to us, please contact us at privacy@ageshield.bar, and we will take steps to delete such information.

12. Security

We implement and maintain reasonable administrative, physical, and technical security measures designed to protect information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and secure cloud infrastructure.

Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk.

Security incident notification. In the event of an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Client Data in AgeShield's possession or control, AgeShield will notify the affected Venue Client without undue delay after becoming aware of the incident. AgeShield will make reasonable efforts to identify the cause of the incident and take steps it deems necessary and reasonable to remediate the cause to the extent remediation is within AgeShield's reasonable control. With respect to Client Data, the Venue Client is responsible for determining whether and how to notify affected individuals and relevant authorities in accordance with applicable breach notification requirements. With respect to information for which AgeShield acts as the data controller (such as Venue Client account information and unsupported ID submissions), AgeShield will directly notify affected individuals and relevant authorities where required by applicable law.

If you become aware of a security incident involving your information or your account, please notify us immediately at privacy@ageshield.bar.

13. Changes to This Privacy Policy

We may revise this Privacy Policy from time to time. Any changes will become effective upon posting of the updated Privacy Policy to our website. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

If we make material changes, we will provide additional notice, such as via email to the address associated with your account or through a prominent notice on the Service, prior to the changes taking effect.

We encourage you to review this Privacy Policy periodically. The “Last Updated” date at the top of this Privacy Policy indicates when it was most recently revised.

14. US State-Specific Disclosures

This section provides additional disclosures required under US state privacy laws.

California Residents (CCPA/CPRA)

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”), provides California residents (“consumers”) with specific rights regarding their personal information. This sub-section applies solely to California residents and supplements the information provided elsewhere in this Privacy Policy.

Categories of personal information collected. In the past twelve (12) months, we have collected the categories of personal information described in Section 3: Information We Collect, which include: identifiers (such as name, email address, IP address); commercial information (such as subscription records); internet or other electronic network activity (such as browsing history and interactions with the Service); geolocation data (both non-precise, inferred from IP address, and precise location data collected with consent for audit and geographic compliance purposes); and, where applicable, government-issued identification data processed on behalf of Venue Clients.

Sources. The sources from which we collect personal information are described in Section 4: Sources of Information.

Business and commercial purposes. The purposes for collecting and using personal information are described in Section 6: How We Use Information.

Categories of recipients. The categories of third parties to whom personal information is disclosed are described in Section 7: How We Disclose Information.

Sales, sharing, and targeted advertising. Certain disclosures of personal information to third-party advertising partners may constitute a “sale” or “share” for cross-context behavioral advertising purposes under the CCPA. The categories of personal information that may be sold or shared include: identifiers, internet or network activity, and non-precise geolocation data. The categories of third parties to whom we may sell or share personal information include advertising networks and analytics providers. We do not sell or share the personal information of consumers we know to be under 16 years of age.

Sensitive personal information. We collect, use, and disclose sensitive personal information only for purposes permitted under the CCPA, such as performing the services requested by our Venue Clients. We do not sell or share sensitive personal information.

Retention. Our retention practices are described in Section 10: Data Retention.

Profiling. We do not process personal information for profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.

Our role under the CCPA. With respect to personal information we collect for our own purposes — such as Venue Client account information, website usage data, and unsupported ID submissions used for product improvement — AgeShield acts as a “business” under the CCPA. With respect to Client Data that we process on behalf of Venue Clients (such as patron ID scan data), AgeShield acts as a “service provider” under the CCPA. As a service provider, we process Client Data only as directed by the applicable Venue Client and in accordance with our written service agreement.

Financial incentives. We do not offer financial incentives, price differences, or service differences in exchange for the collection, retention, or sale of personal information.

Your rights under the CCPA. As a California resident, you have the right to:

  • Know and access what personal information we have collected about you, including the categories of sources, the business or commercial purposes for collecting or selling personal information, the categories of third parties with whom we shared personal information, and the specific pieces of personal information collected.
  • Correct inaccurate personal information we maintain about you.
  • Delete personal information we have collected from you, subject to certain exceptions.
  • Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. To opt out, see “Exercising Your Rights” below.
  • Limit use of sensitive personal information to purposes permitted by the CCPA.
  • Non-discrimination. You have the right not to receive discriminatory treatment for exercising your CCPA rights.

Shine the Light. California Civil Code Section 1798.83 permits California residents with an established business relationship with us to request a list of categories of personal information disclosed to third parties for their direct marketing purposes during the preceding calendar year. To make this request, email privacy@ageshield.bar with “California Shine the Light Request” in the subject line.

Do Not Track. We do not currently respond to Do Not Track browser signals.

Other US State Privacy Laws (Covered States)

In addition to California, several other US states have enacted comprehensive consumer privacy laws. For purposes of this Privacy Policy, these “Covered States” currently include Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. This list is subject to change as additional states enact privacy legislation.

Residents of Covered States generally have the following rights, subject to the specific provisions of their state's law:

  • Right to know and access. You may have the right to confirm whether we are processing your personal information, to know the categories of personal information we have collected, and to access the specific pieces of personal information we hold about you.
  • Right to correct. You may have the right to request correction of inaccurate personal information.
  • Right to delete. You may have the right to request deletion of personal information we have collected from you, subject to certain legal exceptions.
  • Right to data portability. You may have the right to obtain a copy of your personal information in a portable and readily usable format.
  • Right to opt out of sales, sharing, and targeted advertising. You may have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising purposes, or the processing of your personal information for targeted advertising.
  • Right to revoke consent. Where we rely on your consent to process personal information, you may withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.
  • Right to non-discrimination. You have the right not to receive discriminatory treatment for exercising your privacy rights.
  • Right to appeal. You have the right to appeal our decision in response to your privacy request.
  • Authorized agents. You may exercise your rights through an authorized agent. We may require verification of the agent's authorization.

Additional state-specific rights:

  • Residents of Minnesota and Oregon may request a list of specific third parties to whom we have disclosed personal information.
  • Residents of Delaware and Maryland may request a list of categories of third parties to whom we have disclosed personal information.
  • Residents of Connecticut and Rhode Island may request a list of specific third parties to whom we have sold personal information.

Exercising Your Rights (All US States)

The following procedures apply to all rights requests, whether under the CCPA or other Covered State laws:

  • Verification requests (access, correction, deletion, portability): Submit a request by emailing us at privacy@ageshield.bar. We will verify your identity before processing your request. Verification may require you to confirm information associated with your account or provide additional identifying details. If we are unable to verify your identity, we may deny your request as permitted by law. We will respond to your request within the timeframe required by applicable law (for California residents, within 45 days of receipt, which may be extended by an additional 45 days where reasonably necessary).
  • Opt-out of sales, sharing, and targeted advertising: You may submit separate opt-out requests for (a) website tracking technologies and (b) other information in our systems.
    • For website tracking technologies: Enable a recognized opt-out preference signal in your browser (such as Global Privacy Control) or adjust your cookie preferences on our website. This opt-out applies only to the browser in which it is set.
    • For other information in our systems: Submit a request by emailing privacy@ageshield.bar.
  • Consent withdrawal: Contact us at privacy@ageshield.bar, specifying the consent you wish to withdraw. Note that withdrawing consent may prevent us from providing certain services.
  • Authorized agents: Authorized agents must submit requests through the methods described above. Except where prohibited by law, we may require written and signed proof of the agent's authorization. For California residents, authorized agents registered with the California Secretary of State may also submit requests on your behalf.
  • Appeals: To appeal a decision regarding your privacy request, contact us at privacy@ageshield.bar and specify the decision you wish to appeal. We will review and respond in accordance with applicable law. If we deny your appeal, we will inform you of your right to contact your state Attorney General.

Nevada Disclosures

Nevada residents may opt out of the sale of personal information to third parties. To exercise this right, follow the opt-out process described in the “Exercising Your Rights” section above.

15. International Data Transfers

AgeShield is based in the United States, and the majority of information collected through the Service is stored and processed in the United States.

However, some of our third-party service providers, including identity verification technology partners, operate in countries outside of the United States, including within the European Union, the European Economic Area, and Switzerland. In the course of providing the Service, certain information — including scan data shared for the purpose of improving document recognition and verification accuracy — may be transferred to and processed by these providers in their respective jurisdictions.

Where information is transferred outside of the United States, we take reasonable steps to ensure that our service providers maintain appropriate security safeguards and that personal information is processed in accordance with applicable law and the terms of this Privacy Policy.

If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate, and that data protection laws in those jurisdictions may differ from those in your jurisdiction.

As we expand our services to additional countries, we will update this Privacy Policy to address applicable data protection requirements in those jurisdictions.

16. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, you may contact us at:

AgeShield LLC
Email: privacy@ageshield.bar

To exercise privacy rights, please follow the instructions provided in Section 9: Your Privacy Choices and Section 14: US State-Specific Disclosures.